| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschiedene RKIT/Agent in BAcroIeHelpe 180.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.08.2012, 12:36
| #1 |
 |  Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Hallo, Antivir hat in den letzten Tagen in C:\Users\***\AppData\Roaming\BAcroIEHelpe175.dll die folgenden Viren gefunden RKIT/Agent.devb am 29.Juli RKIT/Agent.devt.1 am 31.Juli RKIT/Agent.dewf am 1.August RKIT/Agent.dewl am 4.August bei denen jeweils nach dem Klick auf "Entfernen" die Meldung nocheinmal erschien. Nach 2-3 Mal entfernen gab es dann keine Meldung mehr, nur 1-2 Tage später wiederholte sich das ganze bei den anderen Viren (siehe Liste). Nur bei dem RKIT/Agent.dewl erscheint seit gestern Abend jedes mal eine neue Meldung sobald ich auf entfernen klicke. Mein Betriebssystem ist Windows Vista 32 bit Home Premium. Ich hoffe mir kann jemand weiterhelfen. Gruß Dennis Hier sind die Logs OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.08.2012 15:18:05 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Dennis\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,51% Memory free 6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,84 Gb Total Space | 62,27 Gb Free Space | 20,49% Space Free | Partition Type: NTFS Drive D: | 149,92 Gb Total Space | 12,44 Gb Free Space | 8,30% Space Free | Partition Type: NTFS Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.05.28 12:56:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.05.08 11:05:34 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 11:05:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.29 03:57:56 | 000,016,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\4.1.10329.0\agcp.exe PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.12.06 08:48:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.11.03 00:49:23 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ========== MOD - [2012.08.01 22:48:10 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe180.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2012.08.03 11:23:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.19 10:56:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.07 18:35:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.11.03 00:49:23 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\system32\D846.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.05.08 11:05:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 11:05:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2B7F8034-8896-419E-B617-1D6B9DCE4C63}&mid=7743bdcb501947d19bc9d15067ae688a-9ec377898ad09ba0776e436fc3ac9e28ac1a7bcf&lang=en&ds=ins13&pr=sa&d=2012-02-23 11:43:40&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000&q=" FF - prefs.js..network.proxy.http: "95.65.124.199" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 12:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Dennis\AppData\Roaming\14001.008 [2012.07.31 22:36:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M] [2010.12.05 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2012.07.26 14:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions [2010.12.08 18:17:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.31 11:42:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.12 18:37:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\personas@christopher.beard [2011.12.19 14:26:36 | 000,005,508 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\searchplugins\webde-suche.xml [2012.06.11 14:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.07.31 22:36:07 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS\APPDATA\ROAMING\14001.008 [2012.02.23 12:43:19 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2012.07.26 14:33:28 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.19 10:56:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.20 13:59:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.28 12:56:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.12 19:40:16 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Codecv Class) - {63F52C44-BE4E-420C-A48E-54630AAA04ED} - C:\ProgramData\Codecv\bhoclass.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Userinit] C:\Users\Dennis\AppData\Roaming\appconf32.exe () O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AF80116-5608-4163-8B68-09FB0734EBA7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:56:12 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.05 13:56:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2012.08.05 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\UAs [2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.08.05 11:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.07.31 22:36:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.008 [2012.07.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.007 [2012.07.28 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.006 [2012.07.28 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\xmldm [2012.07.28 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\kock [2012.07.24 12:44:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.24 12:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2012.07.24 12:41:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Origin [2012.07.24 12:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.07.24 12:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2012.07.23 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012.07.20 21:52:55 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2012.07.20 21:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.07.20 21:52:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.07.20 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\OpenCandy [2012.07.20 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher [2012.07.18 18:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2012.07.18 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\SystemRequirementsLab [2012.07.17 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\et [2012.07.15 14:33:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Layer [2012.07.11 22:33:50 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Dropbox [2012.07.11 22:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.07.11 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.07.11 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Dropbox [2012.07.10 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\dt [2012.07.10 16:05:40 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\xvi32 [2012.07.10 12:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.07.10 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Origin [2012.07.10 12:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.07.09 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\4kdownload.com [2012.07.09 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2012.07.09 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Freemake [2012.07.09 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.07.09 13:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012.07.08 14:24:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\RawTherapee4.0 [2012.07.08 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raw Therapee [2012.07.08 14:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\RawTherapeeV40 [2012.07.08 11:02:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.07.08 10:30:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D [2012.07.08 10:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DDD [2012.07.08 10:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\TriDef 3D [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.05 14:58:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.05 14:58:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.05 14:51:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.05 14:22:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.05 13:55:54 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\Desktop\Defogger.exe [2012.08.05 13:54:25 | 000,000,017 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res [2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2012.08.05 11:58:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.05 11:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.05 11:58:44 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys [2012.08.05 11:02:34 | 000,001,061 | ---- | M] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk [2012.08.04 15:20:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job [2012.08.01 22:48:10 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe180.dll [2012.07.29 22:26:19 | 000,000,011 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat [2012.07.29 10:40:58 | 000,693,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.29 10:40:58 | 000,654,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.29 10:40:58 | 000,137,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.29 10:40:58 | 000,120,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.24 16:15:40 | 000,041,023 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel [2012.07.24 16:14:48 | 002,924,244 | ---- | M] () -- C:\Users\Dennis\Desktop\Test.png [2012.07.24 12:41:13 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.07.23 14:00:59 | 000,244,736 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.21 17:48:59 | 000,107,737 | ---- | M] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png [2012.07.14 22:44:52 | 000,002,032 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat [2012.07.13 13:26:27 | 000,192,711 | ---- | M] () -- C:\Users\Dennis\Desktop.jpg [2012.07.11 22:33:50 | 000,000,948 | ---- | M] () -- C:\Users\Dennis\Desktop\Dropbox.lnk [2012.07.11 22:31:01 | 000,000,958 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.08 15:09:47 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl [2012.07.08 10:38:11 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\LG 3D Game - TriDef 3D.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.05 13:56:54 | 000,050,477 | ---- | C] () -- C:\Users\Dennis\Desktop\Defogger.exe [2012.08.05 11:02:34 | 000,001,061 | ---- | C] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk [2012.08.01 22:48:10 | 000,006,400 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe180.dll [2012.07.29 22:26:19 | 000,000,011 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat [2012.07.28 23:03:19 | 000,000,017 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res [2012.07.25 10:37:45 | 026,484,387 | ---- | C] () -- C:\Users\Dennis\Desktop\TestMerkw.Sims3Pack [2012.07.24 16:15:40 | 000,041,023 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel [2012.07.24 12:41:13 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.07.21 17:35:26 | 000,107,737 | ---- | C] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png [2012.07.13 17:06:43 | 002,924,244 | ---- | C] () -- C:\Users\Dennis\Desktop\Test.png [2012.07.13 13:26:23 | 000,192,711 | ---- | C] () -- C:\Users\Dennis\Desktop.jpg [2012.07.11 22:33:50 | 000,000,948 | ---- | C] () -- C:\Users\Dennis\Desktop\Dropbox.lnk [2012.07.11 22:31:01 | 000,000,958 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.08 11:11:52 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl [2012.07.08 10:30:55 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\LG 3D Game - TriDef 3D.lnk [2012.07.06 18:09:26 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys [2012.07.03 17:16:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.11 18:24:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.10 22:13:50 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.01.10 22:13:50 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.12.31 13:38:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.07 14:53:52 | 000,002,032 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat [2010.12.05 20:23:20 | 000,026,340 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\UserTile.png [2010.12.05 17:14:45 | 000,244,736 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.05 16:14:46 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Dennis\AppData\Roaming\appconf32.exe ========== LOP Check ========== [2012.07.28 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.006 [2012.07.30 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.007 [2012.07.31 22:36:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.008 [2011.10.12 14:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Amazon [2010.12.23 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AniTuner [2012.02.23 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Audacity [2012.02.23 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BL-Soft [2011.07.02 14:02:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BreezeTree [2011.11.20 12:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Canon [2011.04.14 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2012.08.05 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dropbox [2012.07.16 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0 [2012.02.23 12:39:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Iggels [2011.09.06 15:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JavaEditor [2012.07.28 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\kock [2011.11.17 11:52:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leawo [2010.12.11 12:15:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MilkShape 3D 1.x.x [2011.12.03 13:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OnLive App [2012.07.20 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy [2012.07.10 12:48:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Origin [2011.01.10 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Suite [2010.12.05 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PeerNetworking [2011.02.18 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RawTherapee [2011.01.11 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Samsung [2010.12.05 16:14:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ScanSoft [2011.11.17 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\tiger-k [2012.02.06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TSRWorkshop [2012.07.20 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2012.08.05 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\UAs [2010.12.23 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\XMedia Recode [2012.08.05 13:39:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\xmldm [2012.08.05 11:58:03 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.04 15:20:14 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job ========== Purity Check ========== < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.08.2012 15:18:05 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,51% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 62,27 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
Drive D: | 149,92 Gb Total Space | 12,44 Gb Free Space | 8,30% Space Free | Partition Type: NTFS
Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055BFB92-6AAC-4A75-B644-1647CE4DE81B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A976BC8-9A8F-436D-A883-775624F9677D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D4AC4D9-75FF-4EAB-AE9A-9FDD6A47ABC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{1DB3102A-F882-472E-BCC0-2FF7FD966EE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{278BE7B6-0668-4D7B-BA89-EF0D3F6D6F02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3626F180-A7B5-4FB6-A71A-05C76FEE58B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{4721E6D5-118A-44C8-9E28-55DAD384A64C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{872501D2-75F6-4048-B47A-C243C86EFAFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B4DF311-D48C-4A9C-BEE5-9AB2AC23719D}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1233C36-4FDB-44AB-8574-6380D4445EF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{A3EF1A0F-D803-4704-ABC6-CAFC088B0E89}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BBABBA42-9A0C-4AE2-BF2D-38A7FFEE88D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C70D3888-43C3-428C-9785-DD3B6B714B8A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C986D0EB-AA1A-43EE-B10D-3654C4BB0744}" = rport=138 | protocol=17 | dir=out | app=system |
"{D73B9B1A-B21C-4197-AAE2-A7E4245AA210}" = lport=139 | protocol=6 | dir=in | app=system |
"{D992E784-07AA-4A62-9137-868532A6B0E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0B47CAF-D4EA-47D2-9FBE-B73BA891B066}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E80B8B71-7C90-4D52-A7CE-CA814619521A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F35CC11C-C59B-44DB-8349-5818B5EB8A6B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8809484-C787-4A48-8B89-93FA5C0E47BA}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017C3724-2D85-4B74-A7B1-63908A8AFC2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F8E31DE-F379-467A-91C3-DB288B1A7DA4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{1FE5802E-36BD-4A8C-AFBB-A0EDC4BB6F32}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{24C93F5C-F821-4207-981E-DA192D4E840D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{281E56A5-2530-4694-A46F-55F00253E649}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2FCDD9A9-E6FC-474D-ABB2-B804F3ADFE2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33001643-9F4B-40E3-8F4A-77798091A02B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{34EBCA59-E3AC-4BBD-80F7-80633E1FEEC5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war in the north\witn.exe |
"{35C4928A-6A2C-45CA-AC88-4A88F46FF812}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{367C971C-70E7-41D0-89A4-254A74D40DF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4368AF0D-DCBE-48CF-B2F0-473A6C40E60C}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe |
"{47E49893-2A23-4E65-BC90-82EC6FDC6338}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55DF598E-E409-43B2-B782-F6B08901C111}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A065633-9D8F-463E-84DA-683D28D9BC11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{638B5C87-9C3A-4A58-9F03-0B82E4577DA5}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{68430387-D081-4FDD-8A33-D8CB9F6DCCAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6DC1BD3D-4FFA-4E2F-B670-06A0EAED10B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BACA8AD-73D2-4B06-9B23-FF85294636E6}" = protocol=6 | dir=out | app=system |
"{80D7E0C5-445B-40E5-AE92-1EBA9A4227CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8659DEBF-7A8B-40E0-9080-725D6340EDFD}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8C15929B-0408-4099-9AFC-ED9FFF55B7FF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{910EB025-7456-451C-9DFB-2C0797F419EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{914B413C-4586-48CE-A5B0-EC58FCE11712}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9548854D-13F6-42B1-B8AC-1DC66D7DCFEE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war in the north\witn.exe |
"{A1D0C49E-A0AC-4862-AB66-0252AA21532A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ACD318EA-F705-4C59-B0E9-C22A3352E865}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe |
"{B03CD7D1-A1A5-4FC5-B428-D46EEC404111}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{B1D3ED54-54F2-4114-8DB5-68DDC3837DA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B52BE822-BDAE-465A-8B82-D76D063CB543}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0A95776-C465-46A5-A7AA-056B2150AB49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C204CB28-38D4-4140-8D70-FDA362B2F239}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C83AB34A-3F5C-4D01-A143-AFAB290C1634}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D776E064-2629-45E2-9BE0-F5AFE11D9BFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D98D247A-9ACD-4425-A083-E032929F5E3B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{EC3A5D78-2F31-4E60-A008-3551CA97C2AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F65B0ABB-2C98-4D27-B75D-6CBE584F7633}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FB8D7D25-DCE8-4935-BB0D-E1EA8B34AAA9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCAE38FC-7A73-466B-BF9D-AF86A0EA7EFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0A5E062A-7C76-41FB-B360-9C2EDC8C4A94}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{17530CF7-9A3E-46C3-AA9B-1A835AC52992}C:\greenfoot\greenfoot.exe" = protocol=6 | dir=in | app=c:\greenfoot\greenfoot.exe |
"TCP Query User{7196AA76-22F2-4666-A1B5-53F326D987F6}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{BE7C5B72-0B05-4D11-9AD5-5D5C0A10E5EC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D52BC37A-1B00-4B9B-A875-32001184398C}C:\program files\java\jdk1.6.0_23\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_23\jre\bin\java.exe |
"UDP Query User{18C5563E-5125-4C24-9FC2-A133D694F8CC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{609C019E-0717-48A3-875E-15641FD5AA7F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{6821028D-E9D8-46F5-A5AA-6337CCDDC4BC}C:\greenfoot\greenfoot.exe" = protocol=17 | dir=in | app=c:\greenfoot\greenfoot.exe |
"UDP Query User{A8736C23-97C9-4629-8BA2-912CA17AECC9}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{DE386183-1CF4-441D-A834-F09BAFDCEA02}C:\program files\java\jdk1.6.0_23\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_23\jre\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A56A0-AF80-4423-8C73-ADBFAB40E629}" = TSR RigFix
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D13D187-BA0B-4319-B8FE-7C3613E73278}" = QRCode
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4c, 2010.09.03
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{69A05CAD-B0AA-4586-8FDD-D4827B2652DC}" = AniTuner
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7C056FA6-E362-467B-8160-062E9474FEE5}" = SlimDX Redistributable for .NET 2.0 (September 2011)
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.8.3 x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F37DC802-9565-4B57-9F3C-2289910E34FD}_is1" = FlowBreeze Standard 2.6.0.14
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"BlueJ_is1" = BlueJ 3.0.4
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Cradle of Rome" = Cradle of Rome (remove only)
"dcmsvc_is1" = dcmsvc 1.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"experience-lge-mon-lite-bundle" = TriDef 3D Games (LG 3D Monitor/TV) 1.7.1
"Greenfoot_is1" = Greenfoot 2.0.1
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"MilkShape 3D 1.8.5" = MilkShape 3D 1.8.5
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Poker Superstars II" = Poker Superstars II (remove only)
"RealPlayer 15.0" = RealPlayer
"Replay Video Capture4.2" = Replay Video Capture
"s3oc" = s3oc - Sims3 Object Cloner
"s3pe" = s3pe - Sims3 Package Editor
"Sims 2 Wardrobe Wrangler v1.1" = Sims 2 Wardrobe Wrangler v1.1
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"STANDARDR" = Microsoft Office Standard 2007
"StarUML_is1" = StarUML 5.0.2.1570
"Steam App 32800" = The Lord of the Rings: War in the North
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual Villagers" = Virtual Villagers (remove only)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.01.2012 10:11:51 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.01.2012 10:11:51 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15672
Error - 06.01.2012 10:11:51 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15672
Error - 07.01.2012 07:08:15 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
Error - 07.01.2012 18:50:22 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
Error - 08.01.2012 07:21:35 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
Error - 08.01.2012 17:55:35 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
Error - 10.01.2012 07:43:46 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
Error - 11.01.2012 08:00:08 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
Error - 11.01.2012 12:02:25 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
[ System Events ]
Error - 23.06.2011 11:07:13 | Computer Name = Dennis-PC | Source = bowser | ID = 8003
Description =
Error - 01.07.2011 03:59:58 | Computer Name = Dennis-PC | Source = Print | ID = 6161
Description = Das Dokument Ganzseitiges Foto im Besitz von Dennis konnte nicht auf
dem Drucker Canon MP510 Printer gedruckt werden. Versuchen Sie erneut, das Dokument
zu drucken, oder starten Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe
der Spooldatei in Bytes: 136773632. Anzahl der gedruckten Bytes: 136599436. Gesamtanzahl
der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\DENNIS-PC.
Vom Druckprozessor zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion.
Error - 03.07.2011 05:12:15 | Computer Name = Dennis-PC | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Rigoberta Menchú_Sirvienta en la capital
im Besitz von Dennis konnte nicht auf dem Drucker Canon MP510 Printer gedruckt
werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten Sie den Druckspooler
erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes: 131072. Anzahl der
gedruckten Bytes: 47248. Gesamtanzahl der Seiten des Dokuments: 2. Anzahl der gedruckten
Seiten: 0. Clientcomputer: \\DENNIS-PC. Vom Druckprozessor zurückgegebener Win32-Fehlercode:
1. Unzulässige Funktion.
Error - 03.07.2011 09:18:56 | Computer Name = Dennis-PC | Source = bowser | ID = 8003
Description =
Error - 03.07.2011 11:18:40 | Computer Name = Dennis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.07.2011 um 17:17:00 unerwartet heruntergefahren.
Error - 16.07.2011 08:34:09 | Computer Name = Dennis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.07.2011 um 14:29:49 unerwartet heruntergefahren.
Error - 29.07.2011 04:36:02 | Computer Name = Dennis-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon MP510 Printer nicht unter
dem Namen Canon MP510 Printer freigeben. Fehler: 2114. Der Drucker kann nicht von
anderen Benutzern im Netzwerk verwendet werden.
Error - 14.08.2011 05:04:16 | Computer Name = Dennis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.08.2011 um 11:03:33 unerwartet heruntergefahren.
Error - 06.09.2011 09:09:42 | Computer Name = Dennis-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon MP510 Printer nicht unter
dem Namen Canon MP510 Printer freigeben. Fehler: 2114. Der Drucker kann nicht von
anderen Benutzern im Netzwerk verwendet werden.
Error - 13.09.2011 16:22:41 | Computer Name = Dennis-PC | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - the world's most famous love story-
Romeo and Juliet summary im Besitz von Dennis konnte nicht auf dem Drucker Canon
MP510 Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder
starten Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei
in Bytes: 65536. Anzahl der gedruckten Bytes: 29544. Gesamtanzahl der Seiten des
Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\DENNIS-PC. Vom
Druckprozessor zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion.
< End of report >
|
|
07.08.2012, 10:23
| #2 |
| | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Edit:
__________________Defogger hat keine Fehlermldung angezeigt. Bei GMER wurde der Pc während des Suchlaufs automatisch neu gestartet, da es laut Windows zu einem Fehler kam. Außerdem zeigt Antivir seit heute keine Fehlermeldung mehr an. Was hat das zu bedeuten? LOG File von heute: OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2012 11:35:19 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Dennis\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,45% Memory free 6,19 Gb Paging File | 4,74 Gb Available in Paging File | 76,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,84 Gb Total Space | 61,81 Gb Free Space | 20,34% Space Free | Partition Type: NTFS Drive D: | 149,92 Gb Total Space | 12,41 Gb Free Space | 8,28% Space Free | Partition Type: NTFS Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe PRC - [2012.07.19 10:56:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.05.28 12:56:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.05.08 11:05:34 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 11:05:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.12.06 08:48:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.11.03 00:49:23 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2012.08.06 22:51:23 | 000,138,808 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\14001.009\components\AcroFF009.dll MOD - [2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll MOD - [2012.07.19 10:56:05 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2012.08.03 11:23:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.19 10:56:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.07 18:35:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.11.03 00:49:23 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\D846.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.05.08 11:05:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 11:05:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2B7F8034-8896-419E-B617-1D6B9DCE4C63}&mid=7743bdcb501947d19bc9d15067ae688a-9ec377898ad09ba0776e436fc3ac9e28ac1a7bcf&lang=en&ds=ins13&pr=sa&d=2012-02-23 11:43:40&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000&q=" FF - prefs.js..network.proxy.http: "95.65.124.199" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 12:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Dennis\AppData\Roaming\14001.009 [2012.08.06 22:51:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M] [2010.12.05 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2012.07.26 14:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions [2010.12.08 18:17:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.31 11:42:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.12 18:37:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\personas@christopher.beard [2011.12.19 14:26:36 | 000,005,508 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\searchplugins\webde-suche.xml [2012.06.11 14:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.08.06 22:51:23 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS\APPDATA\ROAMING\14001.009 [2012.02.23 12:43:19 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2012.07.26 14:33:28 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.19 10:56:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.20 13:59:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.28 12:56:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.12 19:40:16 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Codecv Class) - {63F52C44-BE4E-420C-A48E-54630AAA04ED} - C:\ProgramData\Codecv\bhoclass.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Userinit] C:\Users\Dennis\AppData\Roaming\appconf32.exe () O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AF80116-5608-4163-8B68-09FB0734EBA7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:56:12 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 11:09:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.08.06 22:51:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.009 [2012.08.05 13:56:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2012.08.05 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\UAs [2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.08.05 11:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.07.31 22:36:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.008 [2012.07.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.007 [2012.07.28 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.006 [2012.07.28 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\xmldm [2012.07.28 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\kock [2012.07.24 12:44:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.24 12:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2012.07.24 12:41:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Origin [2012.07.24 12:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.07.24 12:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2012.07.23 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012.07.20 21:52:55 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2012.07.20 21:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.07.20 21:52:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.07.20 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\OpenCandy [2012.07.20 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher [2012.07.18 18:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2012.07.18 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\SystemRequirementsLab [2012.07.17 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\et [2012.07.15 14:33:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Layer [2012.07.11 22:33:50 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Dropbox [2012.07.11 22:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.07.11 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.07.11 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Dropbox [2012.07.10 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\dt [2012.07.10 16:05:40 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\xvi32 [2012.07.10 12:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.07.10 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Origin [2012.07.10 12:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.07.09 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\4kdownload.com [2012.07.09 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2012.07.09 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Freemake [2012.07.09 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.07.09 13:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012.07.08 14:24:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\RawTherapee4.0 [2012.07.08 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raw Therapee [2012.07.08 14:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\RawTherapeeV40 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.07 11:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.07 11:12:22 | 000,000,017 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res [2012.08.07 11:09:29 | 227,408,299 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.07 11:09:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.07 11:09:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 11:09:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 11:09:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.07 11:08:55 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys [2012.08.07 11:02:12 | 000,302,592 | ---- | M] () -- C:\Users\Dennis\Desktop\ecj9i2lt.exe [2012.08.07 10:52:48 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable [2012.08.07 10:51:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 10:46:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job [2012.08.06 22:51:17 | 000,179,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll [2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll [2012.08.05 13:55:54 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\Desktop\Defogger.exe [2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe [2012.08.05 11:02:34 | 000,001,061 | ---- | M] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk [2012.07.29 22:26:19 | 000,000,011 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat [2012.07.29 10:40:58 | 000,693,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.29 10:40:58 | 000,654,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.29 10:40:58 | 000,137,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.29 10:40:58 | 000,120,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.24 16:15:40 | 000,041,023 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel [2012.07.24 16:14:48 | 002,924,244 | ---- | M] () -- C:\Users\Dennis\Desktop\Test.png [2012.07.24 12:41:13 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.07.23 14:00:59 | 000,244,736 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.21 17:48:59 | 000,107,737 | ---- | M] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png [2012.07.14 22:44:52 | 000,002,032 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat [2012.07.13 13:26:27 | 000,192,711 | ---- | M] () -- C:\Users\Dennis\Desktop.jpg [2012.07.11 22:33:50 | 000,000,948 | ---- | M] () -- C:\Users\Dennis\Desktop\Dropbox.lnk [2012.07.11 22:31:01 | 000,000,958 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.08 15:09:47 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.07 11:09:00 | 227,408,299 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.08.07 11:03:26 | 000,302,592 | ---- | C] () -- C:\Users\Dennis\Desktop\ecj9i2lt.exe [2012.08.07 10:52:48 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable [2012.08.06 22:51:17 | 000,179,344 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll [2012.08.06 22:51:17 | 000,006,400 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll [2012.08.05 13:56:54 | 000,050,477 | ---- | C] () -- C:\Users\Dennis\Desktop\Defogger.exe [2012.08.05 11:02:34 | 000,001,061 | ---- | C] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk [2012.07.29 22:26:19 | 000,000,011 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat [2012.07.28 23:03:19 | 000,000,017 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res [2012.07.25 10:37:45 | 026,484,387 | ---- | C] () -- C:\Users\Dennis\Desktop\TestMerkw.Sims3Pack [2012.07.24 16:15:40 | 000,041,023 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel [2012.07.24 12:41:13 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.07.21 17:35:26 | 000,107,737 | ---- | C] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png [2012.07.13 17:06:43 | 002,924,244 | ---- | C] () -- C:\Users\Dennis\Desktop\Test.png [2012.07.13 13:26:23 | 000,192,711 | ---- | C] () -- C:\Users\Dennis\Desktop.jpg [2012.07.11 22:33:50 | 000,000,948 | ---- | C] () -- C:\Users\Dennis\Desktop\Dropbox.lnk [2012.07.11 22:31:01 | 000,000,958 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.03 17:16:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.11 18:24:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.10 22:13:50 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.01.10 22:13:50 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.12.31 13:38:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.12.07 14:53:52 | 000,002,032 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat [2010.12.05 20:23:20 | 000,026,340 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\UserTile.png [2010.12.05 17:14:45 | 000,244,736 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.05 16:14:46 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Dennis\AppData\Roaming\appconf32.exe ========== LOP Check ========== [2012.07.28 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.006 [2012.07.30 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.007 [2012.07.31 22:36:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.008 [2012.08.06 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.009 [2011.10.12 14:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Amazon [2010.12.23 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AniTuner [2012.02.23 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Audacity [2012.02.23 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BL-Soft [2011.07.02 14:02:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BreezeTree [2011.11.20 12:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Canon [2011.04.14 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2012.08.07 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dropbox [2012.07.16 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0 [2012.02.23 12:39:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Iggels [2011.09.06 15:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JavaEditor [2012.07.28 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\kock [2011.11.17 11:52:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leawo [2010.12.11 12:15:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MilkShape 3D 1.x.x [2011.12.03 13:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OnLive App [2012.07.20 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy [2012.07.10 12:48:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Origin [2011.01.10 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Suite [2010.12.05 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PeerNetworking [2011.02.18 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RawTherapee [2011.01.11 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Samsung [2010.12.05 16:14:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ScanSoft [2011.11.17 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\tiger-k [2012.02.06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TSRWorkshop [2012.07.20 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2012.08.05 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\UAs [2010.12.23 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\XMedia Recode [2012.08.05 13:39:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\xmldm [2012.08.07 10:54:11 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.07 10:46:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job ========== Purity Check ========== < End of report > Gruß Dennis Geändert von Dennis91 (07.08.2012 um 10:42 Uhr) |
|
07.08.2012, 19:54
| #3 |
| /// Helfer-Team  | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - [2012.08.06 22:51:23 | 000,138,808 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\14001.009\components\AcroFF009.dll
MOD - [2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\D846.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2B7F8034-8896-419E-B617-1D6B9DCE4C63}&mid=7743bdcb501947d19bc9d15067ae688a-9ec377898ad09ba0776e436fc3ac9e28ac1a7bcf&lang=en&ds=ins13&pr=sa&d=2012-02-23 11:43:40&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&crg=3.1010000&q="
FF - prefs.js..network.proxy.http: "95.65.124.199"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKCU..\Run: [Userinit] C:\Users\Dennis\AppData\Roaming\appconf32.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
[2012.07.20 21:52:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.07 11:02:12 | 000,302,592 | ---- | M] () -- C:\Users\Dennis\Desktop\ecj9i2lt.exe
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Dennis\AppData\Roaming\appconf32.exe
[2012.08.05 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\UAs
[2012.08.05 13:39:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\xmldm
[2012.07.28 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.006
[2012.07.28 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\kock
[2012.07.28 23:03:19 | 000,000,017 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res
[2012.07.23 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.07.20 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012.08.07 11:09:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 11:09:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 11:09:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 10:51:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.07 10:46:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job
[2012.08.06 22:51:23 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS\APPDATA\ROAMING\14001.009
[2012.08.06 22:51:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.009
[2012.08.06 22:51:17 | 000,179,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll
[2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
07.08.2012, 22:04
| #4 |
| | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Hier ist das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\Windows\system32\D846.tmp not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "LEO Eng-Deu" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: personas@christopher.beard:1.6.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000&q=" removed from keyword.URL
Prefs.js: "95.65.124.199" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dcmsvc deleted successfully.
C:\Program Files\dcmsvc\dcmsvc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
C:\Users\Dennis\AppData\Roaming\appconf32.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
C:\Users\Dennis\Desktop\ecj9i2lt.exe moved successfully.
File C:\Users\Dennis\AppData\Roaming\appconf32.exe not found.
C:\Users\Dennis\AppData\Roaming\UAs folder moved successfully.
C:\Users\Dennis\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.006\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.006 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\kock folder moved successfully.
C:\Users\Dennis\AppData\Roaming\blckdom.res moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\SweetIM\Toolbars folder moved successfully.
C:\Program Files\SweetIM folder moved successfully.
C:\Users\Dennis\AppData\Roaming\OpenCandy\3D89086F3AF042F08210C23B45E3AA0B folder moved successfully.
C:\Users\Dennis\AppData\Roaming\OpenCandy folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job moved successfully.
C:\USERS\DENNIS\APPDATA\ROAMING\14001.009\components folder moved successfully.
C:\USERS\DENNIS\APPDATA\ROAMING\14001.009 folder moved successfully.
Folder C:\Users\Dennis\AppData\Roaming\14001.009\ not found.
File C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll not found.
File C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Dennis\Desktop\cmd.bat deleted successfully.
C:\Users\Dennis\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
User: Dennis
->Temp folder emptied: 7887149159 bytes
->Temporary Internet Files folder emptied: 100433943 bytes
->Java cache emptied: 6432741 bytes
->FireFox cache emptied: 90118245 bytes
->Flash cache emptied: 198648 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 378060174 bytes
RecycleBin emptied: 17983109 bytes
Total Files Cleaned = 8.088,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
User: Dennis
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08072012_223855
Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2011.11.14 17:40:17 | 000,000,049 | R--- | M] () E:\Autorun.inf : MD5=38375BDA813BA2DD3512B6D25D343F8E
[2008.10.24 01:57:48 | 000,000,166 | R--- | M] () F:\autorun.inf : MD5=D703F7557778CBE560147F0264249970
[2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) E:\Autorun.exe : MD5=93F05DBDEA7415A4D936774493F58C38
[2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) F:\AutoRun.exe : MD5=452013213FAC34FEDCF6C60E3069BE83
[2012.08.07 22:51:37 | 000,003,072 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
[2012.08.07 22:51:37 | 000,003,072 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
Registry entries deleted on Reboot...
Schonmal vielen Dank für deine Hilfe t'john  |
|
07.08.2012, 23:24
| #5 |
| /// Helfer-Team | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
08.08.2012, 08:44
| #6 |
| | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Direkt nach dem Fix war alles wie immer. Nur Firefox hat gemeldet, dass 2 Add Ons installiert wurden. Die waren aber schon vorher installiert. Als ich ihn heute Morgen hochfahren wollte kam die zunächst die Meldung "An Windows wurde eine nicht autorisierte Veränderung am System vorgenommen" und ich konnte Windows nicht starten. Als ich den Pc dann ein zweites Mal hochfahren wollte, kam die Meldung nicht und es war alles wie immer. Bei Antivir befinden sich noch einige Viren in der Quarantäne, soll ich die löschen? Gruß Dennis Hier sind die Logs Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.08.03 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Dennis :: DENNIS-PC [Administrator] Schutz: Aktiviert 08.08.2012 09:53:22 mbam-log-2012-08-08 (09-53-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 441803 Laufzeit: 1 Stunde(n), 45 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKCR\CLSID\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dennis\AppData\Roaming\AcroIEHelpe183.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08072012_223855\C_Users\Dennis\AppData\Roaming\appconf32.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/08/2012 at 11:47:32
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium (32 bits)
# User : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Dennis\AppData\Local\Conduit
Folder Found : C:\Users\Dennis\AppData\Local\Ilivid Player
Folder Found : C:\Users\Dennis\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dennis\AppData\LocalLow\SweetIM
Folder Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\SweetPacksToolbarData
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files\Conduit
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\SweetIM
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6000.16982
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\prefs.js
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10606");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "ec2fe9070000000000000019214a8179");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15431");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "85%5F3");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8oBnIJAB&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8oBnIJAB");
Found : user_pref("extensions.incredibar_i.upn2n", "92824115243516673");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:56:22");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
*************************
AdwCleaner[R1].txt - [8881 octets] - [08/08/2012 11:47:32]
########## EOF - C:\AdwCleaner[R1].txt - [9009 octets] ##########
Gruß Dennis |
|
08.08.2012, 14:28
| #7 |
| /// Helfer-Team | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
08.08.2012, 23:31
| #8 |
| | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll So Hier sind die Logs: AdwCleaner Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/08/2012 at 18:00:49
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Dennis\AppData\Local\Conduit
Folder Deleted : C:\Users\Dennis\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Dennis\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6002.18005
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\prefs.js
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_14.0.1");
Deleted : user_pref("extensions.asktb.cbid", "^ABT");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2012.08.08+08.54.13-toolbar006iad-DE-QmllbGVmZWxkLEdlcm1hbnk%3D[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.first-launch", true);
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "ba2992cf-ae38-4345-bcbe-830b686d6cbc");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1344441632176");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Bielefeld,Germany");
Deleted : user_pref("extensions.asktb.o", "APN10395");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "2");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "F04E8BF5-17C6-43CC-84F5-B7053D582047");
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "08.08.2012 17:59:19");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.4.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.4.23930");
Deleted : user_pref("extensions.enabledAddons", "compatibility@addons.mozilla.org:1.1,personas@christopher.bea[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10606");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "ec2fe9070000000000000019214a8179");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15431");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "85%5F3");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8oBnIJAB&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8oBnIJAB");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824115243516673");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:56:22");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
*************************
AdwCleaner[R1].txt - [9010 octets] - [08/08/2012 11:47:32]
AdwCleaner[S1].txt - [14766 octets] - [08/08/2012 18:00:49]
########## EOF - C:\AdwCleaner[S1].txt - [14895 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 08.08.2012 18:08:53
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 08.08.2012 18:09:02
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> displayname gefunden: Trace.Registry.luxor amun rising!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> uninstallstring gefunden: Trace.Registry.luxor amun rising!E1
Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1
C:\Users\Dennis\AppData\Roaming\AcroIEHelpe182.dll gefunden: Trojan-Spy.Win32.Farko!E2
Gescannt 709341
Gefunden 5
Scan Ende: 09.08.2012 00:21:37
Scan Zeit: 6:12:35
C:\Users\Dennis\AppData\Roaming\AcroIEHelpe182.dll Quarantäne Trojan-Spy.Win32.Farko!E2
Key: hkey_local_machine\software\trymedia systems Quarantäne Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software Quarantäne Trace.Registry.trymedia!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> displayname Quarantäne Trace.Registry.luxor amun rising!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> uninstallstring Quarantäne Trace.Registry.luxor amun rising!E1
Quarantäne 5
 Firefox stürtzt manchmal beim Starten ab und kann dann nur im abgesicherten Modus wieder gestartet werden. Ansonsten läuft alles wie immer. Gruß Dennis |
|
09.08.2012, 07:33
| #9 |
| /// Helfer-Team | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Firefox reinstallieren bitte! Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
09.08.2012, 15:53
| #10 |
| | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Hier ist das Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f212326dfaa0e5439dea4d0b2715bc0a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 02:47:29
# local_time=2012-08-09 04:47:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 25740438 25740438 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 61319 182034343 0 0
# compatibility_mode=8192 67108863 100 0 276 276 0 0
# scanned=290197
# found=2
# cleaned=2
# scan_time=22034
C:\ProgramData\Codecv\uninstall.exe Win32/Adware.MultiPlug.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dennis\AppData\Roaming\14001.010\components\AcroFF010.dll probably a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Sind jetzt alle Viren beseitigt? Gruß Dennis |
|
09.08.2012, 17:14
| #11 |
| /// Helfer-Team | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
:Files
C:\Users\Dennis\AppData\Roaming\14*
C:\Users\Dennis\AppData\Roaming\AcroIE*
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
09.08.2012, 18:05
| #12 |
| | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Hier ist das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\Dennis\AppData\Roaming\14001.007\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.007 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.008\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.008 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.010\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.010 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\AcroIEHelpe.txt moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
User: Dennis
->Temp folder emptied: 1963131 bytes
->Temporary Internet Files folder emptied: 4068100 bytes
->Java cache emptied: 64646 bytes
->FireFox cache emptied: 69573988 bytes
->Flash cache emptied: 2898 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59952920 bytes
RecycleBin emptied: 949 bytes
Total Files Cleaned = 129,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
User: Dennis
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_185921
Files\Folders moved on Reboot...
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFDB9B.tmp not found!
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFDBD4.tmp not found!
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFE06F.tmp not found!
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFE0FA.tmp not found!
PendingFileRenameOperations files...
File C:\Users\Dennis\AppData\Local\Temp\~DFDB9B.tmp not found!
File C:\Users\Dennis\AppData\Local\Temp\~DFDBD4.tmp not found!
File C:\Users\Dennis\AppData\Local\Temp\~DFE06F.tmp not found!
File C:\Users\Dennis\AppData\Local\Temp\~DFE0FA.tmp not found!
Registry entries deleted on Reboot...
|
|
10.08.2012, 12:26
| #13 |
| /// Helfer-Team | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll TDSSKiller von Kaspersky - Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.Hier findest Du eine ausführlichere TDSSKiller Anleitung. |
|
10.08.2012, 12:41
| #14 |
| | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll TDSS Killer hat keine Viren gefunden. Nach einem Neustart wurde ich auch nicht gefragt. Hier ist das Logfile: Code:
ATTFilter 13:35:12.0617 3844 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:35:14.0641 3844 ============================================================
13:35:14.0641 3844 Current date / time: 2012/08/10 13:35:14.0641
13:35:14.0641 3844 SystemInfo:
13:35:14.0641 3844
13:35:14.0641 3844 OS Version: 6.0.6002 ServicePack: 2.0
13:35:14.0641 3844 Product type: Workstation
13:35:14.0641 3844 ComputerName: DENNIS-PC
13:35:14.0641 3844 UserName: Dennis
13:35:14.0641 3844 Windows directory: C:\Windows
13:35:14.0641 3844 System windows directory: C:\Windows
13:35:14.0641 3844 Processor architecture: Intel x86
13:35:14.0641 3844 Number of processors: 4
13:35:14.0641 3844 Page size: 0x1000
13:35:14.0641 3844 Boot type: Normal boot
13:35:14.0641 3844 ============================================================
13:35:15.0710 3844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:35:15.0726 3844 ============================================================
13:35:15.0726 3844 \Device\Harddisk0\DR0:
13:35:15.0744 3844 MBR partitions:
13:35:15.0744 3844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x25FAD800
13:35:15.0744 3844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x277AE000, BlocksNum 0x12BD7800
13:35:15.0744 3844 ============================================================
13:35:15.0817 3844 C: <-> \Device\Harddisk0\DR0\Partition0
13:35:15.0904 3844 D: <-> \Device\Harddisk0\DR0\Partition1
13:35:15.0904 3844 ============================================================
13:35:15.0904 3844 Initialize success
13:35:15.0904 3844 ============================================================
13:35:57.0549 5560 ============================================================
13:35:57.0549 5560 Scan started
13:35:57.0549 5560 Mode: Manual;
13:35:57.0549 5560 ============================================================
13:35:58.0510 5560 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:35:58.0522 5560 ACPI - ok
13:35:58.0606 5560 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:35:58.0608 5560 AdobeARMservice - ok
13:35:58.0680 5560 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:35:58.0682 5560 AdobeFlashPlayerUpdateSvc - ok
13:35:58.0717 5560 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:35:58.0727 5560 adp94xx - ok
13:35:58.0770 5560 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:35:58.0783 5560 adpahci - ok
13:35:58.0790 5560 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:35:58.0793 5560 adpu160m - ok
13:35:58.0802 5560 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:35:58.0814 5560 adpu320 - ok
13:35:58.0846 5560 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:35:58.0846 5560 AeLookupSvc - ok
13:35:58.0893 5560 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:35:58.0906 5560 AFD - ok
13:35:58.0933 5560 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
13:35:58.0935 5560 agp440 - ok
13:35:58.0956 5560 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:35:58.0958 5560 aic78xx - ok
13:35:58.0989 5560 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:35:58.0991 5560 ALG - ok
13:35:59.0014 5560 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
13:35:59.0015 5560 aliide - ok
13:35:59.0055 5560 AMD External Events Utility (b90a4332cf4c6580c845266a656de4ab) C:\Windows\system32\atiesrxx.exe
13:35:59.0064 5560 AMD External Events Utility - ok
13:35:59.0070 5560 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
13:35:59.0071 5560 amdagp - ok
13:35:59.0075 5560 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
13:35:59.0076 5560 amdide - ok
13:35:59.0082 5560 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:35:59.0084 5560 AmdK7 - ok
13:35:59.0088 5560 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:35:59.0090 5560 AmdK8 - ok
13:35:59.0454 5560 amdkmdag (7844984a5e1e6f18d93af9e9bcc65436) C:\Windows\system32\DRIVERS\atikmdag.sys
13:35:59.0659 5560 amdkmdag - ok
13:35:59.0798 5560 amdkmdap (202def509d76105b08741d36c3a7e4d7) C:\Windows\system32\DRIVERS\atikmpag.sys
13:35:59.0809 5560 amdkmdap - ok
13:35:59.0882 5560 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:35:59.0888 5560 AntiVirSchedulerService - ok
13:35:59.0921 5560 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:35:59.0927 5560 AntiVirService - ok
13:35:59.0976 5560 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:35:59.0987 5560 AntiVirWebService - ok
13:36:00.0045 5560 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:36:00.0046 5560 Appinfo - ok
13:36:00.0167 5560 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:36:00.0170 5560 Apple Mobile Device - ok
13:36:00.0221 5560 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:36:00.0223 5560 arc - ok
13:36:00.0239 5560 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:36:00.0241 5560 arcsas - ok
13:36:00.0323 5560 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:36:00.0324 5560 aspnet_state - ok
13:36:00.0358 5560 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:00.0359 5560 AsyncMac - ok
13:36:00.0385 5560 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:36:00.0385 5560 atapi - ok
13:36:00.0438 5560 AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys
13:36:00.0446 5560 AtiHDAudioService - ok
13:36:00.0502 5560 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:36:00.0516 5560 AudioEndpointBuilder - ok
13:36:00.0521 5560 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:36:00.0524 5560 Audiosrv - ok
13:36:00.0551 5560 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:36:00.0559 5560 avgntflt - ok
13:36:00.0575 5560 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:36:00.0582 5560 avipbb - ok
13:36:00.0593 5560 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:36:00.0595 5560 avkmgr - ok
13:36:00.0627 5560 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:36:00.0628 5560 Beep - ok
13:36:00.0675 5560 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:36:00.0688 5560 BFE - ok
13:36:00.0759 5560 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:36:00.0792 5560 BITS - ok
13:36:00.0885 5560 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:36:00.0896 5560 Bonjour Service - ok
13:36:00.0957 5560 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:36:00.0959 5560 bowser - ok
13:36:00.0997 5560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:36:00.0998 5560 BrFiltLo - ok
13:36:01.0002 5560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:36:01.0003 5560 BrFiltUp - ok
13:36:01.0047 5560 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:36:01.0049 5560 Browser - ok
13:36:01.0073 5560 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:36:01.0085 5560 Brserid - ok
13:36:01.0090 5560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:36:01.0092 5560 BrSerWdm - ok
13:36:01.0096 5560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:36:01.0097 5560 BrUsbMdm - ok
13:36:01.0103 5560 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:36:01.0104 5560 BrUsbSer - ok
13:36:01.0109 5560 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:36:01.0111 5560 BTHMODEM - ok
13:36:01.0154 5560 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:36:01.0156 5560 cdfs - ok
13:36:01.0194 5560 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:36:01.0196 5560 cdrom - ok
13:36:01.0258 5560 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:36:01.0259 5560 CertPropSvc - ok
13:36:01.0265 5560 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:36:01.0267 5560 circlass - ok
13:36:01.0295 5560 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:36:01.0309 5560 CLFS - ok
13:36:01.0367 5560 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:01.0369 5560 clr_optimization_v2.0.50727_32 - ok
13:36:01.0433 5560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:01.0441 5560 clr_optimization_v4.0.30319_32 - ok
13:36:01.0456 5560 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
13:36:01.0457 5560 cmdide - ok
13:36:01.0471 5560 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
13:36:01.0472 5560 Compbatt - ok
13:36:01.0475 5560 COMSysApp - ok
13:36:01.0498 5560 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:36:01.0499 5560 crcdisk - ok
13:36:01.0505 5560 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:36:01.0506 5560 Crusoe - ok
13:36:01.0540 5560 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:36:01.0547 5560 CryptSvc - ok
13:36:01.0596 5560 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:36:01.0615 5560 DcomLaunch - ok
13:36:01.0650 5560 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:36:01.0652 5560 DfsC - ok
13:36:01.0767 5560 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:36:01.0826 5560 DFSR - ok
13:36:01.0944 5560 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:36:01.0958 5560 Dhcp - ok
13:36:02.0010 5560 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:36:02.0012 5560 disk - ok
13:36:02.0045 5560 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:36:02.0051 5560 Dnscache - ok
13:36:02.0072 5560 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:36:02.0078 5560 dot3svc - ok
13:36:02.0121 5560 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:36:02.0127 5560 DPS - ok
13:36:02.0170 5560 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:36:02.0171 5560 drmkaud - ok
13:36:02.0256 5560 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:36:02.0280 5560 DXGKrnl - ok
13:36:02.0426 5560 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:36:02.0484 5560 E1G60 - ok
13:36:02.0547 5560 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:36:02.0549 5560 EapHost - ok
13:36:02.0602 5560 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:36:02.0610 5560 Ecache - ok
13:36:02.0678 5560 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:36:02.0691 5560 ehRecvr - ok
13:36:02.0718 5560 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:36:02.0724 5560 ehSched - ok
13:36:02.0735 5560 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:36:02.0736 5560 ehstart - ok
13:36:02.0766 5560 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:36:02.0778 5560 elxstor - ok
13:36:02.0820 5560 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:36:02.0837 5560 EMDMgmt - ok
13:36:02.0889 5560 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:36:02.0902 5560 EventSystem - ok
13:36:02.0929 5560 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:36:02.0936 5560 exfat - ok
13:36:02.0962 5560 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:36:02.0968 5560 fastfat - ok
13:36:02.0973 5560 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:36:02.0975 5560 fdc - ok
13:36:03.0000 5560 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:36:03.0002 5560 fdPHost - ok
13:36:03.0030 5560 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:36:03.0031 5560 FDResPub - ok
13:36:03.0074 5560 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:36:03.0076 5560 FileInfo - ok
13:36:03.0093 5560 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:36:03.0112 5560 Filetrace - ok
13:36:03.0117 5560 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:03.0118 5560 flpydisk - ok
13:36:03.0145 5560 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:36:03.0150 5560 FltMgr - ok
13:36:03.0215 5560 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:36:03.0255 5560 FontCache - ok
13:36:03.0342 5560 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:36:03.0343 5560 FontCache3.0.0.0 - ok
13:36:03.0410 5560 FreemakeVideoCapture - ok
13:36:03.0458 5560 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
13:36:03.0460 5560 FsUsbExDisk - ok
13:36:03.0487 5560 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:36:03.0488 5560 Fs_Rec - ok
13:36:03.0516 5560 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:36:03.0518 5560 gagp30kx - ok
13:36:03.0555 5560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:36:03.0556 5560 GEARAspiWDM - ok
13:36:03.0610 5560 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:36:03.0625 5560 gpsvc - ok
13:36:03.0690 5560 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:36:03.0696 5560 gupdate - ok
13:36:03.0701 5560 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:36:03.0702 5560 gupdatem - ok
13:36:03.0763 5560 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:36:03.0782 5560 HdAudAddService - ok
13:36:03.0834 5560 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:36:03.0853 5560 HDAudBus - ok
13:36:03.0916 5560 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:36:03.0917 5560 HidBth - ok
13:36:03.0921 5560 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:36:03.0922 5560 HidIr - ok
13:36:03.0956 5560 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:36:03.0958 5560 hidserv - ok
13:36:03.0988 5560 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:36:03.0989 5560 HidUsb - ok
13:36:04.0019 5560 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:36:04.0022 5560 hkmsvc - ok
13:36:04.0028 5560 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:36:04.0029 5560 HpCISSs - ok
13:36:04.0404 5560 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:36:04.0416 5560 HTTP - ok
13:36:04.0451 5560 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:36:04.0453 5560 i2omp - ok
13:36:04.0500 5560 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:36:04.0502 5560 i8042prt - ok
13:36:04.0523 5560 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
13:36:04.0535 5560 iaStor - ok
13:36:04.0562 5560 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:36:04.0576 5560 iaStorV - ok
13:36:04.0704 5560 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:36:04.0729 5560 idsvc - ok
13:36:04.0737 5560 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:36:04.0739 5560 iirsp - ok
13:36:04.0774 5560 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:36:04.0827 5560 IKEEXT - ok
13:36:05.0046 5560 IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
13:36:05.0104 5560 IntcAzAudAddService - ok
13:36:05.0246 5560 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:36:05.0246 5560 intelide - ok
13:36:05.0286 5560 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:36:05.0287 5560 intelppm - ok
13:36:05.0302 5560 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:36:05.0305 5560 IPBusEnum - ok
13:36:05.0340 5560 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:05.0341 5560 IpFilterDriver - ok
13:36:05.0381 5560 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:36:05.0395 5560 iphlpsvc - ok
13:36:05.0421 5560 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:36:05.0423 5560 IPMIDRV - ok
13:36:05.0443 5560 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:36:05.0450 5560 IPNAT - ok
13:36:05.0530 5560 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
13:36:05.0550 5560 iPod Service - ok
13:36:05.0589 5560 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:36:05.0590 5560 IRENUM - ok
13:36:05.0598 5560 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
13:36:05.0600 5560 isapnp - ok
13:36:05.0643 5560 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:36:05.0648 5560 iScsiPrt - ok
13:36:05.0655 5560 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:36:05.0657 5560 iteatapi - ok
13:36:05.0678 5560 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:36:05.0679 5560 iteraid - ok
13:36:05.0685 5560 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
13:36:05.0686 5560 JRAID - ok
13:36:05.0724 5560 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:36:05.0725 5560 kbdclass - ok
13:36:05.0755 5560 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:36:05.0756 5560 kbdhid - ok
13:36:05.0786 5560 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:05.0788 5560 KeyIso - ok
13:36:05.0818 5560 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
13:36:05.0846 5560 KSecDD - ok
13:36:05.0912 5560 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:36:05.0924 5560 KtmRm - ok
13:36:05.0970 5560 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:36:05.0985 5560 LanmanServer - ok
13:36:06.0030 5560 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:36:06.0044 5560 LanmanWorkstation - ok
13:36:06.0084 5560 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:36:06.0085 5560 lltdio - ok
13:36:06.0104 5560 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:36:06.0118 5560 lltdsvc - ok
13:36:06.0145 5560 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:36:06.0148 5560 lmhosts - ok
13:36:06.0176 5560 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:36:06.0178 5560 LSI_FC - ok
13:36:06.0187 5560 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:36:06.0189 5560 LSI_SAS - ok
13:36:06.0199 5560 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:36:06.0201 5560 LSI_SCSI - ok
13:36:06.0236 5560 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:36:06.0243 5560 luafv - ok
13:36:06.0271 5560 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
13:36:06.0273 5560 MBAMProtector - ok
13:36:06.0340 5560 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:36:06.0372 5560 MBAMService - ok
13:36:06.0410 5560 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:36:06.0413 5560 Mcx2Svc - ok
13:36:06.0432 5560 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:36:06.0434 5560 megasas - ok
13:36:06.0465 5560 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:36:06.0467 5560 MMCSS - ok
13:36:06.0482 5560 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:36:06.0484 5560 Modem - ok
13:36:06.0520 5560 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:36:06.0521 5560 monitor - ok
13:36:06.0550 5560 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:36:06.0551 5560 mouclass - ok
13:36:06.0587 5560 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:36:06.0588 5560 mouhid - ok
13:36:06.0599 5560 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:36:06.0601 5560 MountMgr - ok
13:36:06.0673 5560 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:36:06.0680 5560 MozillaMaintenance - ok
13:36:06.0724 5560 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:36:06.0726 5560 mpio - ok
13:36:06.0744 5560 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:36:06.0745 5560 mpsdrv - ok
13:36:06.0810 5560 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:36:06.0827 5560 MpsSvc - ok
13:36:06.0834 5560 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:36:06.0835 5560 Mraid35x - ok
13:36:06.0863 5560 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:36:06.0869 5560 MRxDAV - ok
13:36:06.0926 5560 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:06.0928 5560 mrxsmb - ok
13:36:06.0949 5560 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:06.0963 5560 mrxsmb10 - ok
13:36:06.0983 5560 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:06.0985 5560 mrxsmb20 - ok
13:36:07.0004 5560 msahci (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys
13:36:07.0006 5560 msahci - ok
13:36:07.0028 5560 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:36:07.0031 5560 msdsm - ok
13:36:07.0072 5560 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:36:07.0078 5560 MSDTC - ok
13:36:07.0115 5560 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:36:07.0116 5560 Msfs - ok
13:36:07.0164 5560 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:36:07.0166 5560 msisadrv - ok
13:36:07.0212 5560 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:36:07.0219 5560 MSiSCSI - ok
13:36:07.0222 5560 msiserver - ok
13:36:07.0239 5560 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:36:07.0240 5560 MSKSSRV - ok
13:36:07.0284 5560 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:07.0285 5560 MSPCLOCK - ok
13:36:07.0296 5560 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:36:07.0297 5560 MSPQM - ok
13:36:07.0335 5560 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:36:07.0342 5560 MsRPC - ok
13:36:07.0365 5560 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:36:07.0366 5560 mssmbios - ok
13:36:07.0386 5560 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:36:07.0388 5560 MSTEE - ok
13:36:07.0414 5560 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:36:07.0416 5560 Mup - ok
13:36:07.0473 5560 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:36:07.0486 5560 napagent - ok
13:36:07.0771 5560 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:36:07.0779 5560 NativeWifiP - ok
13:36:07.0811 5560 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:36:07.0829 5560 NDIS - ok
13:36:07.0875 5560 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:07.0877 5560 NdisTapi - ok
13:36:07.0892 5560 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:07.0893 5560 Ndisuio - ok
13:36:07.0909 5560 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:07.0916 5560 NdisWan - ok
13:36:07.0922 5560 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:36:07.0924 5560 NDProxy - ok
13:36:08.0069 5560 Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:36:08.0126 5560 Nero BackItUp Scheduler 3 - ok
13:36:08.0162 5560 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:36:08.0164 5560 NetBIOS - ok
13:36:08.0185 5560 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:36:08.0192 5560 netbt - ok
13:36:08.0218 5560 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:08.0220 5560 Netlogon - ok
13:36:08.0241 5560 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:36:08.0255 5560 Netman - ok
13:36:08.0332 5560 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0339 5560 NetMsmqActivator - ok
13:36:08.0343 5560 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0345 5560 NetPipeActivator - ok
13:36:08.0363 5560 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:36:08.0377 5560 netprofm - ok
13:36:08.0381 5560 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0383 5560 NetTcpActivator - ok
13:36:08.0387 5560 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0388 5560 NetTcpPortSharing - ok
13:36:08.0426 5560 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:36:08.0428 5560 nfrd960 - ok
13:36:08.0457 5560 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:36:08.0472 5560 NlaSvc - ok
13:36:08.0633 5560 NMIndexingService (9cf3e134eb0490d60fe68631a7d666a0) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:36:08.0645 5560 NMIndexingService - ok
13:36:08.0695 5560 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
13:36:08.0696 5560 npf - ok
13:36:08.0728 5560 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:36:08.0730 5560 Npfs - ok
13:36:08.0759 5560 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:36:08.0762 5560 nsi - ok
13:36:08.0774 5560 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:36:08.0775 5560 nsiproxy - ok
13:36:08.0829 5560 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:36:08.0864 5560 Ntfs - ok
13:36:08.0895 5560 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:36:08.0897 5560 ntrigdigi - ok
13:36:08.0930 5560 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:36:08.0931 5560 Null - ok
13:36:09.0367 5560 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:36:09.0599 5560 nvlddmkm - ok
13:36:09.0718 5560 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:36:09.0723 5560 nvraid - ok
13:36:09.0747 5560 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
13:36:09.0753 5560 nvrd32 - ok
13:36:09.0759 5560 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:36:09.0760 5560 nvstor - ok
13:36:09.0769 5560 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
13:36:09.0772 5560 nvstor32 - ok
13:36:09.0823 5560 nvsvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
13:36:09.0850 5560 nvsvc - ok
13:36:09.0966 5560 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:36:10.0016 5560 nvUpdatusService - ok
13:36:10.0122 5560 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
13:36:10.0136 5560 nv_agp - ok
13:36:10.0234 5560 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:36:10.0251 5560 odserv - ok
13:36:10.0287 5560 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:36:10.0289 5560 ohci1394 - ok
13:36:10.0318 5560 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:10.0326 5560 ose - ok
13:36:10.0384 5560 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:10.0410 5560 p2pimsvc - ok
13:36:10.0420 5560 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:10.0429 5560 p2psvc - ok
13:36:10.0474 5560 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
13:36:10.0476 5560 Parport - ok
13:36:10.0501 5560 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:36:10.0503 5560 partmgr - ok
13:36:10.0523 5560 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
13:36:10.0524 5560 Parvdm - ok
13:36:10.0591 5560 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:36:10.0599 5560 PcaSvc - ok
13:36:10.0640 5560 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:36:10.0641 5560 pccsmcfd - ok
13:36:10.0679 5560 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:36:10.0685 5560 pci - ok
13:36:10.0717 5560 pciide (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
13:36:10.0718 5560 pciide - ok
13:36:10.0737 5560 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:36:10.0748 5560 pcmcia - ok
13:36:10.0805 5560 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:36:10.0823 5560 PEAUTH - ok
13:36:10.0903 5560 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:36:10.0957 5560 pla - ok
13:36:11.0076 5560 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:36:11.0090 5560 PlugPlay - ok
13:36:11.0151 5560 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:11.0157 5560 PNRPAutoReg - ok
13:36:11.0165 5560 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:11.0171 5560 PNRPsvc - ok
13:36:11.0228 5560 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:36:11.0242 5560 PolicyAgent - ok
13:36:11.0320 5560 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:36:11.0322 5560 PptpMiniport - ok
13:36:11.0355 5560 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:36:11.0357 5560 Processor - ok
13:36:11.0393 5560 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:36:11.0407 5560 ProfSvc - ok
13:36:11.0434 5560 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:11.0436 5560 ProtectedStorage - ok
13:36:11.0477 5560 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) c:\Windows\system32\PSIService.exe
13:36:11.0491 5560 ProtexisLicensing - ok
13:36:11.0513 5560 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:36:11.0515 5560 PSched - ok
13:36:11.0578 5560 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:36:11.0624 5560 ql2300 - ok
13:36:11.0654 5560 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:36:11.0657 5560 ql40xx - ok
13:36:11.0691 5560 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:36:11.0705 5560 QWAVE - ok
13:36:11.0719 5560 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:36:11.0721 5560 QWAVEdrv - ok
13:36:11.0729 5560 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:36:11.0731 5560 RasAcd - ok
13:36:11.0748 5560 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:36:11.0756 5560 RasAuto - ok
13:36:11.0819 5560 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:11.0821 5560 Rasl2tp - ok
13:36:11.0853 5560 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:36:11.0867 5560 RasMan - ok
13:36:11.0888 5560 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:11.0889 5560 RasPppoe - ok
13:36:11.0902 5560 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:36:11.0904 5560 RasSstp - ok
13:36:11.0944 5560 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:36:11.0959 5560 rdbss - ok
13:36:11.0970 5560 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:11.0971 5560 RDPCDD - ok
13:36:12.0003 5560 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
13:36:12.0016 5560 rdpdr - ok
13:36:12.0041 5560 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:36:12.0042 5560 RDPENCDD - ok
13:36:12.0082 5560 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:36:12.0097 5560 RDPWD - ok
13:36:12.0128 5560 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:36:12.0131 5560 RemoteAccess - ok
13:36:12.0150 5560 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:36:12.0157 5560 RemoteRegistry - ok
13:36:12.0182 5560 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:36:12.0184 5560 RpcLocator - ok
13:36:12.0232 5560 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:36:12.0239 5560 RpcSs - ok
13:36:12.0284 5560 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:36:12.0286 5560 rspndr - ok
13:36:12.0336 5560 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:36:12.0351 5560 RTL8169 - ok
13:36:12.0383 5560 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:12.0385 5560 SamSs - ok
13:36:12.0416 5560 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:36:12.0418 5560 sbp2port - ok
13:36:12.0521 5560 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:36:12.0573 5560 SBSDWSCService - ok
13:36:12.0684 5560 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:36:12.0690 5560 SCardSvr - ok
13:36:12.0736 5560 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:36:12.0754 5560 Schedule - ok
13:36:12.0841 5560 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:36:12.0842 5560 SCPolicySvc - ok
13:36:12.0928 5560 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:36:12.0936 5560 SDRSVC - ok
13:36:12.0980 5560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:36:12.0982 5560 secdrv - ok
13:36:13.0006 5560 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:36:13.0010 5560 seclogon - ok
13:36:13.0022 5560 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:36:13.0026 5560 SENS - ok
13:36:13.0056 5560 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:36:13.0057 5560 Serenum - ok
13:36:13.0088 5560 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:36:13.0096 5560 Serial - ok
13:36:13.0136 5560 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:36:13.0138 5560 sermouse - ok
13:36:13.0230 5560 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:36:13.0242 5560 ServiceLayer - ok
13:36:13.0280 5560 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:36:13.0288 5560 SessionEnv - ok
13:36:13.0307 5560 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
13:36:13.0307 5560 sffdisk - ok
13:36:13.0311 5560 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
13:36:13.0313 5560 sffp_mmc - ok
13:36:13.0318 5560 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
13:36:13.0319 5560 sffp_sd - ok
13:36:13.0325 5560 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:36:13.0326 5560 sfloppy - ok
13:36:13.0361 5560 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:36:13.0374 5560 SharedAccess - ok
13:36:13.0411 5560 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:36:13.0425 5560 ShellHWDetection - ok
13:36:13.0432 5560 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
13:36:13.0442 5560 sisagp - ok
13:36:13.0447 5560 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:36:13.0449 5560 SiSRaid2 - ok
13:36:13.0458 5560 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:36:13.0461 5560 SiSRaid4 - ok
13:36:13.0650 5560 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:36:13.0755 5560 slsvc - ok
13:36:13.0846 5560 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:36:13.0849 5560 SLUINotify - ok
13:36:13.0904 5560 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:36:13.0906 5560 Smb - ok
13:36:13.0947 5560 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:36:13.0951 5560 SNMPTRAP - ok
13:36:13.0989 5560 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:36:13.0991 5560 spldr - ok
13:36:14.0024 5560 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:36:14.0039 5560 Spooler - ok
13:36:14.0089 5560 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:36:14.0103 5560 srv - ok
13:36:14.0134 5560 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:36:14.0139 5560 srv2 - ok
13:36:14.0164 5560 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:36:14.0171 5560 srvnet - ok
13:36:14.0211 5560 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:36:14.0224 5560 SSDPSRV - ok
13:36:14.0249 5560 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:36:14.0251 5560 ssmdrv - ok
13:36:14.0271 5560 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:36:14.0277 5560 SstpSvc - ok
13:36:14.0336 5560 Steam Client Service - ok
13:36:14.0428 5560 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:36:14.0439 5560 Stereo Service - ok
13:36:14.0503 5560 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:36:14.0525 5560 stisvc - ok
13:36:14.0566 5560 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:36:14.0567 5560 swenum - ok
13:36:14.0634 5560 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:36:14.0646 5560 swprv - ok
13:36:14.0679 5560 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:36:14.0680 5560 Symc8xx - ok
13:36:14.0686 5560 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:36:14.0688 5560 Sym_hi - ok
13:36:14.0694 5560 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:36:14.0696 5560 Sym_u3 - ok
13:36:14.0737 5560 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:36:14.0772 5560 SysMain - ok
13:36:14.0807 5560 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:36:14.0811 5560 TabletInputService - ok
13:36:14.0849 5560 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:36:14.0863 5560 TapiSrv - ok
13:36:14.0900 5560 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:36:14.0904 5560 TBS - ok
13:36:14.0969 5560 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:36:15.0016 5560 Tcpip - ok
13:36:15.0029 5560 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:36:15.0037 5560 Tcpip6 - ok
13:36:15.0084 5560 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:36:15.0085 5560 tcpipreg - ok
13:36:15.0096 5560 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:36:15.0097 5560 TDPIPE - ok
13:36:15.0112 5560 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:36:15.0113 5560 TDTCP - ok
13:36:15.0131 5560 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:36:15.0133 5560 tdx - ok
13:36:15.0168 5560 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:36:15.0170 5560 TermDD - ok
13:36:15.0201 5560 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:36:15.0245 5560 TermService - ok
13:36:15.0300 5560 TestHandler (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
13:36:15.0313 5560 TestHandler - ok
13:36:15.0369 5560 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:36:15.0373 5560 Themes - ok
13:36:15.0410 5560 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:36:15.0412 5560 THREADORDER - ok
13:36:15.0454 5560 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:36:15.0459 5560 TrkWks - ok
13:36:15.0505 5560 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:36:15.0506 5560 TrustedInstaller - ok
13:36:15.0519 5560 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:15.0521 5560 tssecsrv - ok
13:36:15.0566 5560 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:36:15.0567 5560 tunmp - ok
13:36:15.0581 5560 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:36:15.0582 5560 tunnel - ok
13:36:15.0608 5560 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:36:15.0610 5560 uagp35 - ok
13:36:15.0641 5560 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:36:15.0656 5560 udfs - ok
13:36:15.0697 5560 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:36:15.0702 5560 UI0Detect - ok
13:36:15.0725 5560 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
13:36:15.0727 5560 uliagpkx - ok
13:36:15.0755 5560 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:36:15.0759 5560 uliahci - ok
13:36:15.0769 5560 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:36:15.0772 5560 UlSata - ok
13:36:15.0796 5560 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:36:15.0810 5560 ulsata2 - ok
13:36:15.0842 5560 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:36:15.0842 5560 umbus - ok
13:36:15.0885 5560 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:36:15.0899 5560 upnphost - ok
13:36:15.0947 5560 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:36:15.0948 5560 USBAAPL - ok
13:36:15.0978 5560 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:15.0980 5560 usbccgp - ok
13:36:16.0008 5560 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:36:16.0010 5560 usbcir - ok
13:36:16.0049 5560 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:36:16.0050 5560 usbehci - ok
13:36:16.0079 5560 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:36:16.0092 5560 usbhub - ok
13:36:16.0113 5560 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:36:16.0114 5560 usbohci - ok
13:36:16.0147 5560 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:36:16.0148 5560 usbprint - ok
13:36:16.0192 5560 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:36:16.0194 5560 usbscan - ok
13:36:16.0218 5560 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:16.0220 5560 USBSTOR - ok
13:36:16.0256 5560 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:16.0257 5560 usbuhci - ok
13:36:16.0321 5560 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:36:16.0325 5560 UxSms - ok
13:36:16.0348 5560 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:36:16.0370 5560 vds - ok
13:36:16.0402 5560 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:16.0403 5560 vga - ok
13:36:16.0435 5560 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:36:16.0437 5560 VgaSave - ok
13:36:16.0461 5560 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
13:36:16.0463 5560 viaagp - ok
13:36:16.0468 5560 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:36:16.0470 5560 ViaC7 - ok
13:36:16.0487 5560 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
13:36:16.0488 5560 viaide - ok
13:36:16.0500 5560 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
13:36:16.0507 5560 viamraid - ok
13:36:16.0546 5560 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:36:16.0548 5560 volmgr - ok
13:36:16.0571 5560 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:36:16.0584 5560 volmgrx - ok
13:36:16.0651 5560 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:36:16.0665 5560 volsnap - ok
13:36:16.0697 5560 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:36:16.0710 5560 vsmraid - ok
13:36:16.0779 5560 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:36:16.0828 5560 VSS - ok
13:36:16.0853 5560 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:36:16.0867 5560 W32Time - ok
13:36:16.0919 5560 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:36:16.0920 5560 WacomPen - ok
13:36:16.0952 5560 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:16.0954 5560 Wanarp - ok
13:36:16.0957 5560 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:16.0958 5560 Wanarpv6 - ok
13:36:16.0990 5560 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:36:17.0011 5560 wcncsvc - ok
13:36:17.0048 5560 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:36:17.0052 5560 WcsPlugInService - ok
13:36:17.0059 5560 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:36:17.0060 5560 Wd - ok
13:36:17.0106 5560 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:36:17.0140 5560 Wdf01000 - ok
13:36:17.0195 5560 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:36:17.0200 5560 WdiServiceHost - ok
13:36:17.0203 5560 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:36:17.0207 5560 WdiSystemHost - ok
13:36:17.0255 5560 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:36:17.0269 5560 WebClient - ok
13:36:17.0311 5560 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:36:17.0360 5560 Wecsvc - ok
13:36:17.0399 5560 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:36:17.0404 5560 wercplsupport - ok
13:36:17.0439 5560 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:36:17.0446 5560 WerSvc - ok
13:36:17.0536 5560 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:36:17.0548 5560 WinDefend - ok
13:36:17.0556 5560 WinHttpAutoProxySvc - ok
13:36:17.0623 5560 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:36:17.0629 5560 Winmgmt - ok
13:36:17.0709 5560 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:36:17.0751 5560 WinRM - ok
13:36:17.0817 5560 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:36:17.0842 5560 Wlansvc - ok
13:36:17.0894 5560 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
13:36:17.0895 5560 WmiAcpi - ok
13:36:17.0962 5560 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:36:17.0969 5560 wmiApSrv - ok
13:36:18.0058 5560 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:36:18.0077 5560 WMPNetworkSvc - ok
13:36:18.0120 5560 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:36:18.0134 5560 WPCSvc - ok
13:36:18.0186 5560 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:36:18.0191 5560 WPDBusEnum - ok
13:36:18.0219 5560 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:36:18.0221 5560 WpdUsb - ok
13:36:18.0333 5560 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:36:18.0354 5560 WPFFontCache_v0400 - ok
13:36:18.0386 5560 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:36:18.0387 5560 ws2ifsl - ok
13:36:18.0425 5560 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
13:36:18.0429 5560 wscsvc - ok
13:36:18.0434 5560 WSearch - ok
13:36:18.0543 5560 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:36:18.0601 5560 wuauserv - ok
13:36:18.0751 5560 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:18.0758 5560 WUDFRd - ok
13:36:18.0777 5560 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:36:18.0782 5560 wudfsvc - ok
13:36:18.0811 5560 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:36:18.0961 5560 \Device\Harddisk0\DR0 - ok
13:36:18.0966 5560 Boot (0x1200) (60c152c1c32a94153609b36bd034d87f) \Device\Harddisk0\DR0\Partition0
13:36:18.0967 5560 \Device\Harddisk0\DR0\Partition0 - ok
13:36:18.0986 5560 Boot (0x1200) (48447c04deebc9084b003a64e2603414) \Device\Harddisk0\DR0\Partition1
13:36:18.0987 5560 \Device\Harddisk0\DR0\Partition1 - ok
13:36:18.0988 5560 ============================================================
13:36:18.0988 5560 Scan finished
13:36:18.0988 5560 ============================================================
13:36:19.0000 4868 Detected object count: 0
13:36:19.0000 4868 Actual detected object count: 0
13:37:19.0987 2596 ============================================================
13:37:19.0987 2596 Scan started
13:37:19.0987 2596 Mode: Manual;
13:37:19.0987 2596 ============================================================
13:37:20.0317 2596 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:37:20.0318 2596 ACPI - ok
13:37:20.0406 2596 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:37:20.0407 2596 AdobeARMservice - ok
13:37:20.0463 2596 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:37:20.0464 2596 AdobeFlashPlayerUpdateSvc - ok
13:37:20.0499 2596 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:37:20.0502 2596 adp94xx - ok
13:37:20.0521 2596 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:37:20.0523 2596 adpahci - ok
13:37:20.0533 2596 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:37:20.0533 2596 adpu160m - ok
13:37:20.0555 2596 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:37:20.0556 2596 adpu320 - ok
13:37:20.0579 2596 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:37:20.0579 2596 AeLookupSvc - ok
13:37:20.0617 2596 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:37:20.0619 2596 AFD - ok
13:37:20.0639 2596 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
13:37:20.0639 2596 agp440 - ok
13:37:20.0647 2596 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:37:20.0648 2596 aic78xx - ok
13:37:20.0680 2596 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:37:20.0681 2596 ALG - ok
13:37:20.0685 2596 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
13:37:20.0685 2596 aliide - ok
13:37:20.0730 2596 AMD External Events Utility (b90a4332cf4c6580c845266a656de4ab) C:\Windows\system32\atiesrxx.exe
13:37:20.0731 2596 AMD External Events Utility - ok
13:37:20.0740 2596 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
13:37:20.0741 2596 amdagp - ok
13:37:20.0744 2596 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
13:37:20.0745 2596 amdide - ok
13:37:20.0749 2596 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:37:20.0750 2596 AmdK7 - ok
13:37:20.0768 2596 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:37:20.0769 2596 AmdK8 - ok
13:37:21.0111 2596 amdkmdag (7844984a5e1e6f18d93af9e9bcc65436) C:\Windows\system32\DRIVERS\atikmdag.sys
13:37:21.0179 2596 amdkmdag - ok
13:37:21.0380 2596 amdkmdap (202def509d76105b08741d36c3a7e4d7) C:\Windows\system32\DRIVERS\atikmpag.sys
13:37:21.0381 2596 amdkmdap - ok
13:37:21.0440 2596 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:37:21.0441 2596 AntiVirSchedulerService - ok
13:37:21.0461 2596 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:37:21.0462 2596 AntiVirService - ok
13:37:21.0500 2596 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:37:21.0503 2596 AntiVirWebService - ok
13:37:21.0553 2596 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:37:21.0553 2596 Appinfo - ok
13:37:21.0633 2596 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:37:21.0634 2596 Apple Mobile Device - ok
13:37:21.0662 2596 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:37:21.0663 2596 arc - ok
13:37:21.0668 2596 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:37:21.0669 2596 arcsas - ok
13:37:21.0722 2596 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:37:21.0723 2596 aspnet_state - ok
13:37:21.0749 2596 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:37:21.0749 2596 AsyncMac - ok
13:37:21.0777 2596 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:37:21.0777 2596 atapi - ok
13:37:21.0813 2596 AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys
13:37:21.0814 2596 AtiHDAudioService - ok
13:37:21.0860 2596 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:21.0862 2596 AudioEndpointBuilder - ok
13:37:21.0866 2596 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:21.0868 2596 Audiosrv - ok
13:37:21.0910 2596 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:37:21.0911 2596 avgntflt - ok
13:37:21.0924 2596 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:37:21.0925 2596 avipbb - ok
13:37:21.0935 2596 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:37:21.0936 2596 avkmgr - ok
13:37:21.0959 2596 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:37:21.0959 2596 Beep - ok
13:37:21.0984 2596 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:37:21.0986 2596 BFE - ok
13:37:22.0043 2596 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:37:22.0050 2596 BITS - ok
13:37:22.0155 2596 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:37:22.0158 2596 Bonjour Service - ok
13:37:22.0224 2596 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:37:22.0225 2596 bowser - ok
13:37:22.0254 2596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:37:22.0255 2596 BrFiltLo - ok
13:37:22.0258 2596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:37:22.0258 2596 BrFiltUp - ok
13:37:22.0287 2596 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:37:22.0289 2596 Browser - ok
13:37:22.0296 2596 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:37:22.0297 2596 Brserid - ok
13:37:22.0302 2596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:37:22.0303 2596 BrSerWdm - ok
13:37:22.0306 2596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:37:22.0306 2596 BrUsbMdm - ok
13:37:22.0310 2596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:37:22.0311 2596 BrUsbSer - ok
13:37:22.0316 2596 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:37:22.0317 2596 BTHMODEM - ok
13:37:22.0350 2596 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:37:22.0350 2596 cdfs - ok
13:37:22.0385 2596 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:37:22.0386 2596 cdrom - ok
13:37:22.0416 2596 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:22.0418 2596 CertPropSvc - ok
13:37:22.0423 2596 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:37:22.0423 2596 circlass - ok
13:37:22.0452 2596 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:37:22.0455 2596 CLFS - ok
13:37:22.0499 2596 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:37:22.0500 2596 clr_optimization_v2.0.50727_32 - ok
13:37:22.0541 2596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:37:22.0543 2596 clr_optimization_v4.0.30319_32 - ok
13:37:22.0548 2596 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
13:37:22.0548 2596 cmdide - ok
13:37:22.0553 2596 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
13:37:22.0554 2596 Compbatt - ok
13:37:22.0557 2596 COMSysApp - ok
13:37:22.0572 2596 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:37:22.0573 2596 crcdisk - ok
13:37:22.0591 2596 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:37:22.0592 2596 Crusoe - ok
13:37:22.0615 2596 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:37:22.0617 2596 CryptSvc - ok
13:37:22.0663 2596 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:22.0681 2596 DcomLaunch - ok
13:37:22.0708 2596 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:37:22.0709 2596 DfsC - ok
13:37:22.0809 2596 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:37:22.0825 2596 DFSR - ok
13:37:22.0937 2596 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:37:22.0939 2596 Dhcp - ok
13:37:22.0986 2596 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:37:22.0987 2596 disk - ok
13:37:23.0011 2596 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:37:23.0012 2596 Dnscache - ok
13:37:23.0055 2596 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:37:23.0057 2596 dot3svc - ok
13:37:23.0095 2596 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:37:23.0097 2596 DPS - ok
13:37:23.0128 2596 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:37:23.0128 2596 drmkaud - ok
13:37:23.0187 2596 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:37:23.0192 2596 DXGKrnl - ok
13:37:23.0240 2596 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:37:23.0241 2596 E1G60 - ok
13:37:23.0339 2596 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:37:23.0340 2596 EapHost - ok
13:37:23.0460 2596 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:37:23.0461 2596 Ecache - ok
13:37:23.0529 2596 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:37:23.0531 2596 ehRecvr - ok
13:37:23.0560 2596 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:37:23.0561 2596 ehSched - ok
13:37:23.0569 2596 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:37:23.0569 2596 ehstart - ok
13:37:23.0591 2596 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:37:23.0594 2596 elxstor - ok
13:37:23.0660 2596 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:37:23.0666 2596 EMDMgmt - ok
13:37:23.0698 2596 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:37:23.0701 2596 EventSystem - ok
13:37:23.0730 2596 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:37:23.0731 2596 exfat - ok
13:37:23.0762 2596 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:37:23.0763 2596 fastfat - ok
13:37:23.0784 2596 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:37:23.0785 2596 fdc - ok
13:37:23.0817 2596 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:37:23.0818 2596 fdPHost - ok
13:37:23.0853 2596 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:37:23.0855 2596 FDResPub - ok
13:37:23.0891 2596 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:37:23.0892 2596 FileInfo - ok
13:37:23.0927 2596 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:37:23.0927 2596 Filetrace - ok
13:37:23.0932 2596 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:37:23.0933 2596 flpydisk - ok
13:37:23.0961 2596 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:37:23.0962 2596 FltMgr - ok
13:37:24.0014 2596 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:37:24.0020 2596 FontCache - ok
13:37:24.0101 2596 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:37:24.0101 2596 FontCache3.0.0.0 - ok
13:37:24.0159 2596 FreemakeVideoCapture - ok
13:37:24.0192 2596 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
13:37:24.0193 2596 FsUsbExDisk - ok
13:37:24.0220 2596 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:37:24.0220 2596 Fs_Rec - ok
13:37:24.0241 2596 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:37:24.0242 2596 gagp30kx - ok
13:37:24.0263 2596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:37:24.0264 2596 GEARAspiWDM - ok
13:37:24.0318 2596 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:37:24.0321 2596 gpsvc - ok
13:37:24.0381 2596 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:37:24.0382 2596 gupdate - ok
13:37:24.0385 2596 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:37:24.0386 2596 gupdatem - ok
13:37:24.0418 2596 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:37:24.0419 2596 HdAudAddService - ok
13:37:24.0468 2596 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:37:24.0472 2596 HDAudBus - ok
13:37:24.0500 2596 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:37:24.0500 2596 HidBth - ok
13:37:24.0504 2596 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:37:24.0504 2596 HidIr - ok
13:37:24.0530 2596 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:37:24.0532 2596 hidserv - ok
13:37:24.0563 2596 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:37:24.0563 2596 HidUsb - ok
13:37:24.0594 2596 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:37:24.0596 2596 hkmsvc - ok
13:37:24.0601 2596 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:37:24.0602 2596 HpCISSs - ok
13:37:24.0649 2596 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:37:24.0651 2596 HTTP - ok
13:37:24.0685 2596 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:37:24.0686 2596 i2omp - ok
13:37:24.0718 2596 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:37:24.0718 2596 i8042prt - ok
13:37:24.0739 2596 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
13:37:24.0741 2596 iaStor - ok
13:37:24.0821 2596 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:37:24.0822 2596 iaStorV - ok
13:37:24.0917 2596 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:37:24.0924 2596 idsvc - ok
13:37:24.0944 2596 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:37:24.0944 2596 iirsp - ok
13:37:24.0966 2596 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:37:24.0970 2596 IKEEXT - ok
13:37:25.0058 2596 IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
13:37:25.0073 2596 IntcAzAudAddService - ok
13:37:25.0195 2596 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:37:25.0196 2596 intelide - ok
13:37:25.0211 2596 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:37:25.0212 2596 intelppm - ok
13:37:25.0228 2596 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:37:25.0230 2596 IPBusEnum - ok
13:37:25.0240 2596 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:37:25.0241 2596 IpFilterDriver - ok
13:37:25.0281 2596 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:37:25.0284 2596 iphlpsvc - ok
13:37:25.0314 2596 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:37:25.0315 2596 IPMIDRV - ok
13:37:25.0335 2596 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:37:25.0336 2596 IPNAT - ok
13:37:25.0413 2596 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
13:37:25.0419 2596 iPod Service - ok
13:37:25.0440 2596 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:37:25.0441 2596 IRENUM - ok
13:37:25.0468 2596 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
13:37:25.0469 2596 isapnp - ok
13:37:25.0501 2596 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:37:25.0503 2596 iScsiPrt - ok
13:37:25.0508 2596 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:37:25.0508 2596 iteatapi - ok
13:37:25.0513 2596 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:37:25.0514 2596 iteraid - ok
13:37:25.0519 2596 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
13:37:25.0520 2596 JRAID - ok
13:37:25.0550 2596 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:37:25.0551 2596 kbdclass - ok
13:37:25.0581 2596 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:37:25.0581 2596 kbdhid - ok
13:37:25.0611 2596 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:25.0613 2596 KeyIso - ok
13:37:25.0643 2596 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
13:37:25.0647 2596 KSecDD - ok
13:37:25.0695 2596 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:37:25.0700 2596 KtmRm - ok
13:37:25.0746 2596 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:37:25.0749 2596 LanmanServer - ok
13:37:25.0788 2596 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:37:25.0793 2596 LanmanWorkstation - ok
13:37:25.0817 2596 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:37:25.0818 2596 lltdio - ok
13:37:25.0837 2596 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:37:25.0840 2596 lltdsvc - ok
13:37:25.0879 2596 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:37:25.0881 2596 lmhosts - ok
13:37:25.0911 2596 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:37:25.0912 2596 LSI_FC - ok
13:37:25.0917 2596 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:37:25.0918 2596 LSI_SAS - ok
13:37:25.0924 2596 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:37:25.0925 2596 LSI_SCSI - ok
13:37:25.0944 2596 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:37:25.0945 2596 luafv - ok
13:37:25.0980 2596 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
13:37:25.0980 2596 MBAMProtector - ok
13:37:26.0040 2596 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:37:26.0046 2596 MBAMService - ok
13:37:26.0069 2596 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:37:26.0071 2596 Mcx2Svc - ok
13:37:26.0076 2596 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:37:26.0077 2596 megasas - ok
13:37:26.0115 2596 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:26.0118 2596 MMCSS - ok
13:37:26.0133 2596 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:37:26.0133 2596 Modem - ok
13:37:26.0170 2596 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:37:26.0171 2596 monitor - ok
13:37:26.0200 2596 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:37:26.0201 2596 mouclass - ok
13:37:26.0229 2596 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:37:26.0230 2596 mouhid - ok
13:37:26.0267 2596 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:37:26.0268 2596 MountMgr - ok
13:37:26.0340 2596 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:37:26.0347 2596 MozillaMaintenance - ok
13:37:26.0370 2596 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:37:26.0371 2596 mpio - ok
13:37:26.0395 2596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:37:26.0397 2596 mpsdrv - ok
13:37:26.0476 2596 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:37:26.0495 2596 MpsSvc - ok
13:37:26.0526 2596 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:37:26.0527 2596 Mraid35x - ok
13:37:26.0546 2596 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:37:26.0553 2596 MRxDAV - ok
13:37:26.0594 2596 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:37:26.0601 2596 mrxsmb - ok
13:37:26.0625 2596 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:37:26.0639 2596 mrxsmb10 - ok
13:37:26.0658 2596 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:37:26.0660 2596 mrxsmb20 - ok
13:37:26.0681 2596 msahci (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys
13:37:26.0682 2596 msahci - ok
13:37:26.0703 2596 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:37:26.0705 2596 msdsm - ok
13:37:26.0742 2596 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:37:26.0754 2596 MSDTC - ok
13:37:26.0782 2596 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:37:26.0783 2596 Msfs - ok
13:37:26.0823 2596 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:37:26.0836 2596 msisadrv - ok
13:37:26.0879 2596 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:37:26.0886 2596 MSiSCSI - ok
13:37:26.0889 2596 msiserver - ok
13:37:26.0905 2596 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:37:26.0906 2596 MSKSSRV - ok
13:37:26.0935 2596 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:37:26.0936 2596 MSPCLOCK - ok
13:37:26.0946 2596 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:37:26.0947 2596 MSPQM - ok
13:37:26.0989 2596 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:37:27.0002 2596 MsRPC - ok
13:37:27.0032 2596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:37:27.0033 2596 mssmbios - ok
13:37:27.0045 2596 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:37:27.0046 2596 MSTEE - ok
13:37:27.0073 2596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:37:27.0074 2596 Mup - ok
13:37:27.0115 2596 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:37:27.0128 2596 napagent - ok
13:37:27.0172 2596 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:37:27.0179 2596 NativeWifiP - ok
13:37:27.0212 2596 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:37:27.0230 2596 NDIS - ok
13:37:27.0276 2596 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:37:27.0277 2596 NdisTapi - ok
13:37:27.0293 2596 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:37:27.0294 2596 Ndisuio - ok
13:37:27.0310 2596 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:37:27.0316 2596 NdisWan - ok
13:37:27.0322 2596 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:37:27.0334 2596 NDProxy - ok
13:37:27.0464 2596 Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:37:27.0484 2596 Nero BackItUp Scheduler 3 - ok
13:37:27.0514 2596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:37:27.0515 2596 NetBIOS - ok
13:37:27.0536 2596 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:37:27.0542 2596 netbt - ok
13:37:27.0568 2596 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:27.0570 2596 Netlogon - ok
13:37:27.0617 2596 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:37:27.0630 2596 Netman - ok
13:37:27.0708 2596 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0715 2596 NetMsmqActivator - ok
13:37:27.0719 2596 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0720 2596 NetPipeActivator - ok
13:37:27.0739 2596 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:37:27.0753 2596 netprofm - ok
13:37:27.0756 2596 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0758 2596 NetTcpActivator - ok
13:37:27.0761 2596 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0762 2596 NetTcpPortSharing - ok
13:37:27.0794 2596 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:37:27.0795 2596 nfrd960 - ok
13:37:27.0816 2596 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:37:27.0831 2596 NlaSvc - ok
13:37:27.0941 2596 NMIndexingService (9cf3e134eb0490d60fe68631a7d666a0) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:37:27.0953 2596 NMIndexingService - ok
13:37:27.0996 2596 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
13:37:27.0998 2596 npf - ok
13:37:28.0028 2596 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:37:28.0030 2596 Npfs - ok
13:37:28.0068 2596 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:37:28.0071 2596 nsi - ok
13:37:28.0082 2596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:37:28.0084 2596 nsiproxy - ok
13:37:28.0137 2596 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:37:28.0182 2596 Ntfs - ok
13:37:28.0221 2596 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:37:28.0222 2596 ntrigdigi - ok
13:37:28.0247 2596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:37:28.0248 2596 Null - ok
13:37:28.0805 2596 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:37:29.0075 2596 nvlddmkm - ok
13:37:29.0208 2596 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:37:29.0215 2596 nvraid - ok
13:37:29.0230 2596 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
13:37:29.0237 2596 nvrd32 - ok
13:37:29.0243 2596 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:37:29.0245 2596 nvstor - ok
13:37:29.0252 2596 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
13:37:29.0255 2596 nvstor32 - ok
13:37:29.0298 2596 nvsvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
13:37:29.0315 2596 nvsvc - ok
13:37:29.0405 2596 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:37:29.0441 2596 nvUpdatusService - ok
13:37:29.0545 2596 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
13:37:29.0554 2596 nv_agp - ok
13:37:29.0649 2596 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:37:29.0661 2596 odserv - ok
13:37:29.0687 2596 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:37:29.0689 2596 ohci1394 - ok
13:37:29.0711 2596 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:37:29.0719 2596 ose - ok
13:37:29.0784 2596 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:29.0819 2596 p2pimsvc - ok
13:37:29.0826 2596 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:29.0834 2596 p2psvc - ok
13:37:29.0874 2596 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
13:37:29.0876 2596 Parport - ok
13:37:29.0902 2596 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:37:29.0903 2596 partmgr - ok
13:37:29.0924 2596 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
13:37:29.0926 2596 Parvdm - ok
13:37:29.0967 2596 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:37:29.0970 2596 PcaSvc - ok
13:37:29.0998 2596 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:37:30.0000 2596 pccsmcfd - ok
13:37:30.0047 2596 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:37:30.0053 2596 pci - ok
13:37:30.0075 2596 pciide (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
13:37:30.0077 2596 pciide - ok
13:37:30.0085 2596 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:37:30.0091 2596 pcmcia - ok
13:37:30.0129 2596 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:37:30.0177 2596 PEAUTH - ok
13:37:30.0261 2596 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:37:30.0301 2596 pla - ok
13:37:30.0461 2596 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:37:30.0474 2596 PlugPlay - ok
13:37:30.0533 2596 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0541 2596 PNRPAutoReg - ok
13:37:30.0548 2596 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0554 2596 PNRPsvc - ok
13:37:30.0605 2596 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:37:30.0618 2596 PolicyAgent - ok
13:37:30.0688 2596 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:37:30.0689 2596 PptpMiniport - ok
13:37:30.0723 2596 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:37:30.0724 2596 Processor - ok
13:37:30.0760 2596 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:37:30.0774 2596 ProfSvc - ok
13:37:30.0801 2596 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:30.0803 2596 ProtectedStorage - ok
13:37:30.0836 2596 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) c:\Windows\system32\PSIService.exe
13:37:30.0850 2596 ProtexisLicensing - ok
13:37:30.0872 2596 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:37:30.0873 2596 PSched - ok
13:37:30.0922 2596 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:37:30.0958 2596 ql2300 - ok
13:37:30.0980 2596 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:37:30.0983 2596 ql40xx - ok
13:37:31.0017 2596 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:37:31.0030 2596 QWAVE - ok
13:37:31.0053 2596 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:37:31.0054 2596 QWAVEdrv - ok
13:37:31.0064 2596 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:37:31.0065 2596 RasAcd - ok
13:37:31.0074 2596 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:37:31.0081 2596 RasAuto - ok
13:37:31.0120 2596 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:37:31.0122 2596 Rasl2tp - ok
13:37:31.0154 2596 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:37:31.0192 2596 RasMan - ok
13:37:31.0213 2596 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:37:31.0215 2596 RasPppoe - ok
13:37:31.0228 2596 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:37:31.0229 2596 RasSstp - ok
13:37:31.0254 2596 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:37:31.0268 2596 rdbss - ok
13:37:31.0287 2596 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:37:31.0288 2596 RDPCDD - ok
13:37:31.0320 2596 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
13:37:31.0334 2596 rdpdr - ok
13:37:31.0358 2596 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:37:31.0359 2596 RDPENCDD - ok
13:37:31.0391 2596 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:37:31.0397 2596 RDPWD - ok
13:37:31.0428 2596 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:37:31.0431 2596 RemoteAccess - ok
13:37:31.0451 2596 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:37:31.0458 2596 RemoteRegistry - ok
13:37:31.0482 2596 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:37:31.0484 2596 RpcLocator - ok
13:37:31.0532 2596 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:31.0538 2596 RpcSs - ok
13:37:31.0576 2596 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:37:31.0578 2596 rspndr - ok
13:37:31.0619 2596 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:37:31.0635 2596 RTL8169 - ok
13:37:31.0658 2596 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:31.0661 2596 SamSs - ok
13:37:31.0691 2596 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:37:31.0694 2596 sbp2port - ok
13:37:31.0797 2596 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:37:31.0848 2596 SBSDWSCService - ok
13:37:31.0975 2596 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:37:31.0983 2596 SCardSvr - ok
13:37:32.0051 2596 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:37:32.0071 2596 Schedule - ok
13:37:32.0103 2596 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:32.0104 2596 SCPolicySvc - ok
13:37:32.0145 2596 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:37:32.0154 2596 SDRSVC - ok
13:37:32.0198 2596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:37:32.0199 2596 secdrv - ok
13:37:32.0223 2596 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:37:32.0227 2596 seclogon - ok
13:37:32.0273 2596 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:37:32.0277 2596 SENS - ok
13:37:32.0305 2596 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:37:32.0307 2596 Serenum - ok
13:37:32.0322 2596 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:37:32.0330 2596 Serial - ok
13:37:32.0370 2596 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:37:32.0371 2596 sermouse - ok
13:37:32.0455 2596 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:37:32.0468 2596 ServiceLayer - ok
13:37:32.0490 2596 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:37:32.0497 2596 SessionEnv - ok
13:37:32.0515 2596 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
13:37:32.0516 2596 sffdisk - ok
13:37:32.0520 2596 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
13:37:32.0521 2596 sffp_mmc - ok
13:37:32.0525 2596 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
13:37:32.0527 2596 sffp_sd - ok
13:37:32.0531 2596 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:37:32.0532 2596 sfloppy - ok
13:37:32.0570 2596 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:37:32.0584 2596 SharedAccess - ok
13:37:32.0620 2596 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:37:32.0633 2596 ShellHWDetection - ok
13:37:32.0640 2596 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
13:37:32.0641 2596 sisagp - ok
13:37:32.0646 2596 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:37:32.0648 2596 SiSRaid2 - ok
13:37:32.0654 2596 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:37:32.0656 2596 SiSRaid4 - ok
13:37:32.0817 2596 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:37:32.0897 2596 slsvc - ok
13:37:33.0030 2596 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:37:33.0034 2596 SLUINotify - ok
13:37:33.0089 2596 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:37:33.0090 2596 Smb - ok
13:37:33.0123 2596 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:37:33.0127 2596 SNMPTRAP - ok
13:37:33.0157 2596 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:37:33.0158 2596 spldr - ok
13:37:33.0192 2596 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:37:33.0198 2596 Spooler - ok
13:37:33.0248 2596 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:37:33.0262 2596 srv - ok
13:37:33.0293 2596 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:37:33.0298 2596 srv2 - ok
13:37:33.0364 2596 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:37:33.0372 2596 srvnet - ok
13:37:33.0411 2596 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:37:33.0425 2596 SSDPSRV - ok
13:37:33.0450 2596 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:37:33.0452 2596 ssmdrv - ok
13:37:33.0575 2596 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:37:33.0620 2596 SstpSvc - ok
13:37:33.0678 2596 Steam Client Service - ok
13:37:33.0761 2596 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:37:33.0773 2596 Stereo Service - ok
13:37:33.0823 2596 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:37:33.0842 2596 stisvc - ok
13:37:33.0875 2596 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:37:33.0877 2596 swenum - ok
13:37:33.0901 2596 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:37:33.0914 2596 swprv - ok
13:37:33.0946 2596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:37:33.0948 2596 Symc8xx - ok
13:37:33.0953 2596 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:37:33.0954 2596 Sym_hi - ok
13:37:33.0961 2596 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:37:33.0962 2596 Sym_u3 - ok
13:37:34.0004 2596 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:37:34.0022 2596 SysMain - ok
13:37:34.0066 2596 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:37:34.0071 2596 TabletInputService - ok
13:37:34.0118 2596 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:37:34.0130 2596 TapiSrv - ok
13:37:34.0168 2596 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:37:34.0171 2596 TBS - ok
13:37:34.0237 2596 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:37:34.0275 2596 Tcpip - ok
13:37:34.0286 2596 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:37:34.0293 2596 Tcpip6 - ok
13:37:34.0326 2596 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:37:34.0328 2596 tcpipreg - ok
13:37:34.0338 2596 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:37:34.0339 2596 TDPIPE - ok
13:37:34.0354 2596 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:37:34.0355 2596 TDTCP - ok
13:37:34.0373 2596 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:37:34.0375 2596 tdx - ok
13:37:34.0411 2596 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:37:34.0413 2596 TermDD - ok
13:37:34.0444 2596 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:37:34.0488 2596 TermService - ok
13:37:34.0567 2596 TestHandler (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
13:37:34.0581 2596 TestHandler - ok
13:37:34.0619 2596 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:37:34.0624 2596 Themes - ok
13:37:34.0703 2596 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:34.0705 2596 THREADORDER - ok
13:37:34.0751 2596 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:37:34.0754 2596 TrkWks - ok
13:37:34.0797 2596 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:37:34.0798 2596 TrustedInstaller - ok
13:37:34.0812 2596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:34.0813 2596 tssecsrv - ok
13:37:34.0841 2596 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:37:34.0843 2596 tunmp - ok
13:37:34.0856 2596 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:37:34.0858 2596 tunnel - ok
13:37:34.0892 2596 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:37:34.0894 2596 uagp35 - ok
13:37:34.0934 2596 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:37:34.0948 2596 udfs - ok
13:37:34.0982 2596 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:37:34.0986 2596 UI0Detect - ok
13:37:35.0009 2596 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
13:37:35.0010 2596 uliagpkx - ok
13:37:35.0022 2596 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:37:35.0031 2596 uliahci - ok
13:37:35.0042 2596 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:37:35.0043 2596 UlSata - ok
13:37:35.0051 2596 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:37:35.0054 2596 ulsata2 - ok
13:37:35.0092 2596 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:37:35.0093 2596 umbus - ok
13:37:35.0135 2596 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:37:35.0150 2596 upnphost - ok
13:37:35.0189 2596 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:37:35.0190 2596 USBAAPL - ok
13:37:35.0220 2596 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:35.0222 2596 usbccgp - ok
13:37:35.0250 2596 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:37:35.0251 2596 usbcir - ok
13:37:35.0283 2596 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:37:35.0285 2596 usbehci - ok
13:37:35.0313 2596 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:37:35.0319 2596 usbhub - ok
13:37:35.0331 2596 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:37:35.0332 2596 usbohci - ok
13:37:35.0366 2596 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:37:35.0367 2596 usbprint - ok
13:37:35.0410 2596 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:37:35.0411 2596 usbscan - ok
13:37:35.0437 2596 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:35.0438 2596 USBSTOR - ok
13:37:35.0473 2596 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:37:35.0475 2596 usbuhci - ok
13:37:35.0539 2596 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:37:35.0543 2596 UxSms - ok
13:37:35.0582 2596 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:37:35.0603 2596 vds - ok
13:37:35.0634 2596 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:35.0636 2596 vga - ok
13:37:35.0669 2596 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:37:35.0671 2596 VgaSave - ok
13:37:35.0679 2596 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
13:37:35.0681 2596 viaagp - ok
13:37:35.0687 2596 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:37:35.0689 2596 ViaC7 - ok
13:37:35.0694 2596 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
13:37:35.0696 2596 viaide - ok
13:37:35.0726 2596 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
13:37:35.0733 2596 viamraid - ok
13:37:35.0772 2596 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:37:35.0773 2596 volmgr - ok
13:37:35.0813 2596 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:37:35.0826 2596 volmgrx - ok
13:37:35.0876 2596 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:37:35.0890 2596 volsnap - ok
13:37:35.0931 2596 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:37:35.0944 2596 vsmraid - ok
13:37:36.0030 2596 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:37:36.0086 2596 VSS - ok
13:37:36.0112 2596 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:37:36.0125 2596 W32Time - ok
13:37:36.0161 2596 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:37:36.0163 2596 WacomPen - ok
13:37:36.0195 2596 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:36.0197 2596 Wanarp - ok
13:37:36.0199 2596 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:36.0200 2596 Wanarpv6 - ok
13:37:36.0264 2596 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:37:36.0279 2596 wcncsvc - ok
13:37:36.0307 2596 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:37:36.0311 2596 WcsPlugInService - ok
13:37:36.0317 2596 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:37:36.0330 2596 Wd - ok
13:37:36.0365 2596 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:37:36.0400 2596 Wdf01000 - ok
13:37:36.0420 2596 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:36.0425 2596 WdiServiceHost - ok
13:37:36.0427 2596 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:36.0431 2596 WdiSystemHost - ok
13:37:36.0547 2596 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:37:36.0587 2596 WebClient - ok
13:37:36.0629 2596 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:37:36.0677 2596 Wecsvc - ok
13:37:36.0717 2596 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:37:36.0721 2596 wercplsupport - ok
13:37:36.0740 2596 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:37:36.0746 2596 WerSvc - ok
13:37:36.0904 2596 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:37:36.0915 2596 WinDefend - ok
13:37:36.0924 2596 WinHttpAutoProxySvc - ok
13:37:36.0973 2596 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:37:36.0979 2596 Winmgmt - ok
13:37:37.0079 2596 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:37:37.0110 2596 WinRM - ok
13:37:37.0185 2596 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:37:37.0227 2596 Wlansvc - ok
13:37:37.0303 2596 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
13:37:37.0304 2596 WmiAcpi - ok
13:37:37.0338 2596 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:37:37.0345 2596 wmiApSrv - ok
13:37:37.0450 2596 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:37:37.0470 2596 WMPNetworkSvc - ok
13:37:37.0488 2596 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:37:37.0502 2596 WPCSvc - ok
13:37:37.0545 2596 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:37:37.0550 2596 WPDBusEnum - ok
13:37:37.0604 2596 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:37:37.0605 2596 WpdUsb - ok
13:37:37.0700 2596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:37:37.0705 2596 WPFFontCache_v0400 - ok
13:37:37.0745 2596 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:37:37.0746 2596 ws2ifsl - ok
13:37:37.0768 2596 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
13:37:37.0772 2596 wscsvc - ok
13:37:37.0776 2596 WSearch - ok
13:37:37.0893 2596 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:37:37.0951 2596 wuauserv - ok
13:37:38.0076 2596 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:38.0077 2596 WUDFRd - ok
13:37:38.0094 2596 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:37:38.0099 2596 wudfsvc - ok
13:37:38.0128 2596 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:37:38.0280 2596 \Device\Harddisk0\DR0 - ok
13:37:38.0283 2596 Boot (0x1200) (60c152c1c32a94153609b36bd034d87f) \Device\Harddisk0\DR0\Partition0
13:37:38.0284 2596 \Device\Harddisk0\DR0\Partition0 - ok
13:37:38.0320 2596 Boot (0x1200) (48447c04deebc9084b003a64e2603414) \Device\Harddisk0\DR0\Partition1
13:37:38.0322 2596 \Device\Harddisk0\DR0\Partition1 - ok
13:37:38.0322 2596 ============================================================
13:37:38.0322 2596 Scan finished
13:37:38.0322 2596 ============================================================
13:37:38.0327 5004 Detected object count: 0
13:37:38.0327 5004 Actual detected object count: 0
13:37:46.0068 5364 Deinitialize success
|
|
10.08.2012, 12:53
| #15 |
| /// Helfer-Team | Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
| Themen zu Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll |
| .dll, 32 bit, anderen, appdata, bacroiehelpe180.dll, betriebssystem, codecv, entferne, entfernen, folge, folgende, google earth, hoffe, home, incredibar toolbar, install.exe, liste, meldung, msiexec.exe, nvidia update, office 2007, origin, plug-in, roaming, safer networking, sweetpacks, tagen, trojan-spy.win32.farko, verschiedene, viren, vista 32 bit, visual studio, windows, windows vista |
Linear-Darstellung
