| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Jumi.exe greift in Registry auf seltsame Einträge zuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.10.2012, 15:46
| #16 |
 |  Jumi.exe greift in Registry auf seltsame Einträge zu Das Teil ist bloss Spielerei. War halt ganz lustig die Fliege mit dem iPhone zu steuern. Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-842925246-2111687655-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-842925246-2111687655-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\JumiController deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:doiQhU3YjJxJKbf8lMsOEUygjVb deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:z4u9skAubaRu7EGsxdDY0WvpAE1 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9A870F8B deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DDE29E40 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:63238B95 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:39413AC3 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2BE9FEFC deleted successfully.
ADS C:\Programme\WindowsUpdate:HfJb5GxVYpYitYcbbQRU deleted successfully.
ADS C:\Programme\Gemeinsame Dateien\Microsoft Shared:anC5GqHbUg2ZZ0Pc3 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8C35AEA7 deleted successfully.
ADS C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\19gTfbHEg1SR5uq:qeTb5H4YxriJz6CgyDDj deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\19gTfbHEg1SR5uq folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
E:\Downloads\cmd.bat deleted successfully.
E:\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: User
->Temp folder emptied: 277292852 bytes
->Temporary Internet Files folder emptied: 9959917 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82093358 bytes
->Google Chrome cache emptied: 412996291 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1272246 bytes
User: Administrator
->Temp folder emptied: 35736 bytes
->Temporary Internet Files folder emptied: 62608 bytes
->Java cache emptied: 26941638 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56562 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 294564 bytes
->Flash cache emptied: 343 bytes
User: NetworkService
->Temp folder emptied: 734 bytes
->Temporary Internet Files folder emptied: 896700 bytes
->Google Chrome cache emptied: 6992135 bytes
->Flash cache emptied: 343 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 288083 bytes
%systemroot%\System32 .tmp files removed: 182987518 bytes
%systemroot%\System32\dllcache .tmp files removed: 185498120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59877 bytes
RecycleBin emptied: 1584075438 bytes
Total Files Cleaned = 2'644.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10182012_161317
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_82c.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
18.10.2012, 16:12
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Jumi.exe greift in Registry auf seltsame Einträge zu Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
18.10.2012, 16:32
| #18 |
| | Jumi.exe greift in Registry auf seltsame Einträge zu Voilà:
__________________Code:
ATTFilter 17:29:24.0203 4980 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:29:24.0390 4980 ============================================================
17:29:24.0390 4980 Current date / time: 2012/10/18 17:29:24.0390
17:29:24.0390 4980 SystemInfo:
17:29:24.0390 4980
17:29:24.0390 4980 OS Version: 5.1.2600 ServicePack: 3.0
17:29:24.0390 4980 Product type: Workstation
17:29:24.0390 4980 ComputerName: ADRIAN-OFFICE
17:29:24.0390 4980 UserName: User
17:29:24.0390 4980 Windows directory: C:\WINDOWS
17:29:24.0390 4980 System windows directory: C:\WINDOWS
17:29:24.0390 4980 Processor architecture: Intel x86
17:29:24.0390 4980 Number of processors: 2
17:29:24.0390 4980 Page size: 0x1000
17:29:24.0390 4980 Boot type: Normal boot
17:29:24.0390 4980 ============================================================
17:29:27.0656 4980 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:29:27.0656 4980 ============================================================
17:29:27.0656 4980 \Device\Harddisk0\DR0:
17:29:27.0656 4980 MBR partitions:
17:29:27.0656 4980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10E75276
17:29:27.0671 4980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10E752F4, BlocksNum 0xC34F28D
17:29:27.0671 4980 ============================================================
17:29:27.0703 4980 C: <-> \Device\Harddisk0\DR0\Partition1
17:29:27.0750 4980 E: <-> \Device\Harddisk0\DR0\Partition2
17:29:27.0765 4980 ============================================================
17:29:27.0765 4980 Initialize success
17:29:27.0765 4980 ============================================================
17:30:11.0812 5264 ============================================================
17:30:11.0812 5264 Scan started
17:30:11.0812 5264 Mode: Manual; SigCheck; TDLFS;
17:30:11.0812 5264 ============================================================
17:30:12.0171 5264 ================ Scan system memory ========================
17:30:12.0187 5264 System memory - ok
17:30:12.0187 5264 ================ Scan services =============================
17:30:12.0281 5264 Abiosdsk - ok
17:30:12.0296 5264 abp480n5 - ok
17:30:12.0328 5264 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:30:13.0750 5264 ACPI - ok
17:30:13.0781 5264 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:30:13.0921 5264 ACPIEC - ok
17:30:13.0968 5264 [ 73685E15EF8B0BD9C30F1AF413F13D49 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
17:30:13.0984 5264 adfs - ok
17:30:14.0015 5264 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
17:30:14.0156 5264 ADM8511 - ok
17:30:14.0203 5264 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:30:14.0218 5264 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:30:14.0218 5264 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:30:14.0296 5264 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:30:14.0312 5264 AdobeFlashPlayerUpdateSvc - ok
17:30:14.0328 5264 adpu160m - ok
17:30:14.0359 5264 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:30:14.0515 5264 aec - ok
17:30:14.0531 5264 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:30:14.0593 5264 AFD - ok
17:30:14.0609 5264 Aha154x - ok
17:30:14.0609 5264 aic78u2 - ok
17:30:14.0609 5264 aic78xx - ok
17:30:14.0656 5264 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:30:14.0812 5264 Alerter - ok
17:30:14.0828 5264 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:30:14.0921 5264 ALG - ok
17:30:14.0937 5264 AliIde - ok
17:30:14.0937 5264 amsint - ok
17:30:14.0984 5264 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:15.0000 5264 Apple Mobile Device - ok
17:30:15.0031 5264 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:30:15.0125 5264 AppMgmt - ok
17:30:15.0125 5264 asc - ok
17:30:15.0125 5264 asc3350p - ok
17:30:15.0140 5264 asc3550 - ok
17:30:15.0171 5264 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
17:30:15.0250 5264 AsIO - ok
17:30:15.0281 5264 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
17:30:15.0312 5264 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
17:30:15.0312 5264 Aspi32 - detected UnsignedFile.Multi.Generic (1)
17:30:15.0390 5264 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:30:15.0484 5264 aspnet_state - ok
17:30:15.0515 5264 [ F5C2CCDB273A546E9C3A15250F1D9165 ] asuskbnt C:\WINDOWS\system32\drivers\atkkbnt.sys
17:30:15.0546 5264 asuskbnt ( UnsignedFile.Multi.Generic ) - warning
17:30:15.0546 5264 asuskbnt - detected UnsignedFile.Multi.Generic (1)
17:30:15.0578 5264 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:30:15.0750 5264 AsyncMac - ok
17:30:15.0765 5264 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:30:15.0921 5264 atapi - ok
17:30:15.0921 5264 Atdisk - ok
17:30:15.0953 5264 [ FD2C83A58FEAB0751E723B1676BDBF46 ] ATKKeyboardService C:\WINDOWS\ATKKBService.exe
17:30:15.0968 5264 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - warning
17:30:15.0968 5264 ATKKeyboardService - detected UnsignedFile.Multi.Generic (1)
17:30:15.0984 5264 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:30:16.0140 5264 Atmarpc - ok
17:30:16.0187 5264 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:30:16.0328 5264 AudioSrv - ok
17:30:16.0343 5264 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:30:16.0500 5264 audstub - ok
17:30:16.0546 5264 [ 05C6AE36DD944F612D3516E473BEAF00 ] bdftdif_bs C:\Programme\BitDefender\TrafficLight\bdftdif.sys
17:30:16.0562 5264 bdftdif_bs - ok
17:30:16.0593 5264 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:30:16.0734 5264 Beep - ok
17:30:16.0781 5264 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:30:17.0187 5264 BITS - ok
17:30:17.0203 5264 BlueletAudio - ok
17:30:17.0234 5264 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:30:17.0265 5264 Bonjour Service - ok
17:30:17.0296 5264 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:30:17.0390 5264 Browser - ok
17:30:17.0421 5264 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
17:30:17.0437 5264 BrPar ( UnsignedFile.Multi.Generic ) - warning
17:30:17.0437 5264 BrPar - detected UnsignedFile.Multi.Generic (1)
17:30:17.0468 5264 [ F5450206CC6FCE8E2DF351C44E3FAABD ] bsserv C:\Programme\BitDefender\TrafficLight\bsserv.exe
17:30:17.0484 5264 bsserv - ok
17:30:17.0484 5264 BT - ok
17:30:17.0500 5264 Btcsrusb - ok
17:30:17.0500 5264 BTHidEnum - ok
17:30:17.0500 5264 BTHidMgr - ok
17:30:17.0531 5264 [ 51B19730DAAD0D8792BC0D6FA7A49F83 ] CAMTOOLS C:\WINDOWS\system32\DRIVERS\CAMTOOLS.sys
17:30:17.0546 5264 CAMTOOLS ( UnsignedFile.Multi.Generic ) - warning
17:30:17.0546 5264 CAMTOOLS - detected UnsignedFile.Multi.Generic (1)
17:30:17.0578 5264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:30:17.0703 5264 cbidf2k - ok
17:30:17.0750 5264 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:30:17.0890 5264 CCDECODE - ok
17:30:17.0890 5264 cd20xrnt - ok
17:30:17.0906 5264 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:30:18.0046 5264 Cdaudio - ok
17:30:18.0078 5264 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:30:18.0218 5264 Cdfs - ok
17:30:18.0234 5264 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:30:18.0390 5264 Cdrom - ok
17:30:18.0390 5264 Changer - ok
17:30:18.0421 5264 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:30:18.0562 5264 CiSvc - ok
17:30:18.0593 5264 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:30:18.0734 5264 ClipSrv - ok
17:30:18.0781 5264 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:18.0859 5264 clr_optimization_v2.0.50727_32 - ok
17:30:18.0890 5264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:19.0234 5264 clr_optimization_v4.0.30319_32 - ok
17:30:19.0234 5264 CmdIde - ok
17:30:19.0234 5264 COMSysApp - ok
17:30:19.0250 5264 Cpqarray - ok
17:30:19.0265 5264 cpuz135 - ok
17:30:19.0296 5264 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:30:19.0453 5264 CryptSvc - ok
17:30:19.0453 5264 dac2w2k - ok
17:30:19.0453 5264 dac960nt - ok
17:30:19.0500 5264 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:30:19.0578 5264 DcomLaunch - ok
17:30:19.0609 5264 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:30:19.0765 5264 Dhcp - ok
17:30:19.0812 5264 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:30:19.0953 5264 Disk - ok
17:30:19.0968 5264 dmadmin - ok
17:30:20.0015 5264 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:30:20.0218 5264 dmboot - ok
17:30:20.0265 5264 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:30:20.0406 5264 dmio - ok
17:30:20.0437 5264 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:30:20.0609 5264 dmload - ok
17:30:20.0640 5264 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:30:20.0781 5264 dmserver - ok
17:30:20.0796 5264 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:30:20.0937 5264 DMusic - ok
17:30:20.0968 5264 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:30:21.0078 5264 Dnscache - ok
17:30:21.0109 5264 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:30:21.0265 5264 Dot3svc - ok
17:30:21.0265 5264 dpti2o - ok
17:30:21.0296 5264 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:30:21.0437 5264 drmkaud - ok
17:30:21.0453 5264 DVDRC - ok
17:30:21.0484 5264 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:30:21.0625 5264 EapHost - ok
17:30:21.0640 5264 efbDisk - ok
17:30:21.0656 5264 [ 6F41DA43AA4806A7BDBB2F9A8B05023E ] EIO C:\WINDOWS\system32\drivers\EIO.sys
17:30:21.0671 5264 EIO ( UnsignedFile.Multi.Generic ) - warning
17:30:21.0671 5264 EIO - detected UnsignedFile.Multi.Generic (1)
17:30:21.0703 5264 [ 676404927734CD79D1C20A22B8E76CCA ] Ekauio C:\WINDOWS\system32\DRIVERS\ekauio.sys
17:30:21.0718 5264 Ekauio ( UnsignedFile.Multi.Generic ) - warning
17:30:21.0718 5264 Ekauio - detected UnsignedFile.Multi.Generic (1)
17:30:21.0750 5264 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:30:21.0875 5264 ERSvc - ok
17:30:21.0906 5264 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:30:21.0953 5264 Eventlog - ok
17:30:21.0984 5264 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
17:30:22.0015 5264 EventSystem - ok
17:30:22.0046 5264 [ D92AFAE1AF76AB9CC31B479DE74A1D4D ] evserial C:\WINDOWS\system32\DRIVERS\evserial.sys
17:30:22.0062 5264 evserial - ok
17:30:22.0093 5264 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:30:22.0250 5264 Fastfat - ok
17:30:22.0281 5264 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:30:22.0328 5264 FastUserSwitchingCompatibility - ok
17:30:22.0359 5264 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
17:30:22.0515 5264 Fax - ok
17:30:22.0531 5264 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:30:22.0687 5264 Fdc - ok
17:30:22.0718 5264 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:30:22.0875 5264 Fips - ok
17:30:22.0937 5264 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:30:22.0984 5264 FLEXnet Licensing Service - ok
17:30:23.0015 5264 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:30:23.0218 5264 Flpydisk - ok
17:30:23.0250 5264 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:30:23.0390 5264 FltMgr - ok
17:30:23.0453 5264 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:23.0468 5264 FontCache3.0.0.0 - ok
17:30:23.0484 5264 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:30:23.0625 5264 Fs_Rec - ok
17:30:23.0656 5264 [ 47B9CF937AC479046DA289BD5A769CE9 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
17:30:23.0671 5264 FTDIBUS - ok
17:30:23.0687 5264 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:30:23.0828 5264 Ftdisk - ok
17:30:23.0843 5264 [ 216B9A2191676034999785C7F94FA5D6 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
17:30:23.0859 5264 FTSER2K - ok
17:30:23.0890 5264 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:30:23.0906 5264 GEARAspiWDM - ok
17:30:23.0937 5264 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
17:30:23.0953 5264 giveio ( UnsignedFile.Multi.Generic ) - warning
17:30:23.0953 5264 giveio - detected UnsignedFile.Multi.Generic (1)
17:30:23.0953 5264 GMSIPCI - ok
17:30:23.0984 5264 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:30:24.0187 5264 Gpc - ok
17:30:24.0265 5264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate1c98787d26b2d06 C:\Programme\Google\Update\GoogleUpdate.exe
17:30:24.0281 5264 gupdate1c98787d26b2d06 - ok
17:30:24.0281 5264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
17:30:24.0296 5264 gupdatem - ok
17:30:24.0343 5264 [ 156D0E674372EA396FD2760AB54C362F ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
17:30:24.0359 5264 gusvc - ok
17:30:24.0390 5264 [ C1CC0C9742B881C42F1CC628E6F9EBD1 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
17:30:24.0468 5264 Hardlock - ok
17:30:24.0500 5264 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:30:24.0640 5264 HDAudBus - ok
17:30:24.0687 5264 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:30:24.0843 5264 helpsvc - ok
17:30:24.0875 5264 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:30:25.0015 5264 HidServ - ok
17:30:25.0046 5264 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:30:25.0187 5264 HidUsb - ok
17:30:25.0218 5264 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:30:25.0343 5264 hkmsvc - ok
17:30:25.0390 5264 [ A80AF2D645B8FE555448C491DF9647F6 ] hotcore C:\WINDOWS\system32\drivers\hotcore.sys
17:30:25.0406 5264 hotcore ( UnsignedFile.Multi.Generic ) - warning
17:30:25.0406 5264 hotcore - detected UnsignedFile.Multi.Generic (1)
17:30:25.0406 5264 hpn - ok
17:30:25.0500 5264 [ 390920E11D7729A7B98799EBE20E38FB ] hpqcxs08 C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
17:30:25.0531 5264 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:30:25.0531 5264 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:30:25.0562 5264 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:30:25.0625 5264 HTTP - ok
17:30:25.0656 5264 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:30:25.0796 5264 HTTPFilter - ok
17:30:25.0812 5264 i2omgmt - ok
17:30:25.0812 5264 i2omp - ok
17:30:25.0875 5264 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:30:26.0031 5264 i8042prt - ok
17:30:26.0093 5264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:30:26.0093 5264 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:30:26.0093 5264 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:30:26.0156 5264 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:26.0203 5264 idsvc - ok
17:30:26.0218 5264 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:30:26.0359 5264 Imapi - ok
17:30:26.0390 5264 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
17:30:26.0546 5264 ImapiService - ok
17:30:26.0546 5264 ini910u - ok
17:30:26.0671 5264 [ 001AACA6ED0E6B00FC5B8FAF74977E81 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:30:26.0921 5264 IntcAzAudAddService - ok
17:30:26.0937 5264 IntelIde - ok
17:30:26.0968 5264 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:30:27.0125 5264 intelppm - ok
17:30:27.0156 5264 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:30:27.0296 5264 Ip6Fw - ok
17:30:27.0328 5264 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:30:27.0468 5264 IpFilterDriver - ok
17:30:27.0515 5264 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:30:27.0671 5264 IpInIp - ok
17:30:27.0687 5264 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:30:27.0843 5264 IpNat - ok
17:30:27.0890 5264 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Programme\iPod\bin\iPodService.exe
17:30:27.0921 5264 iPod Service - ok
17:30:27.0953 5264 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:30:28.0093 5264 IPSec - ok
17:30:28.0093 5264 IrCOMM2k - ok
17:30:28.0140 5264 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:30:28.0234 5264 IRENUM - ok
17:30:28.0250 5264 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:30:28.0390 5264 isapnp - ok
17:30:28.0421 5264 [ 39A2F7EBCB6817C4A016B544921C7982 ] iteatapi C:\WINDOWS\system32\DRIVERS\iteatapi.sys
17:30:28.0453 5264 iteatapi - ok
17:30:28.0531 5264 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
17:30:28.0562 5264 JavaQuickStarterService - ok
17:30:28.0562 5264 Jukebox3 - ok
17:30:28.0593 5264 [ EE894427AC0B2B2C2C8B32CB78357DAE ] jumi C:\WINDOWS\system32\DRIVERS\jumi.sys
17:30:28.0609 5264 jumi - ok
17:30:28.0640 5264 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:30:28.0781 5264 Kbdclass - ok
17:30:28.0812 5264 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:30:28.0953 5264 kbdhid - ok
17:30:28.0984 5264 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:30:29.0125 5264 kmixer - ok
17:30:29.0140 5264 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:30:29.0218 5264 KSecDD - ok
17:30:29.0234 5264 [ 0C6E346CDE730CF1356DD69AD6E9BC42 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
17:30:29.0250 5264 L8042Kbd - ok
17:30:29.0265 5264 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:30:29.0312 5264 lanmanserver - ok
17:30:29.0328 5264 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:30:29.0359 5264 lanmanworkstation - ok
17:30:29.0390 5264 [ CA63FE81705AD660E482BEF210BF2C73 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
17:30:29.0406 5264 LBeepKE - ok
17:30:29.0421 5264 lbrtfdc - ok
17:30:29.0500 5264 [ AB097D0F93B30A6D79D430422AC6A7E8 ] LBTServ C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
17:30:29.0515 5264 LBTServ - ok
17:30:29.0546 5264 [ B68309F25C5787385DA842EB5B496958 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
17:30:29.0578 5264 LHidFilt - ok
17:30:29.0687 5264 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:30:29.0812 5264 LiveUpdate - ok
17:30:29.0875 5264 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:30:30.0015 5264 LmHosts - ok
17:30:30.0031 5264 [ 63D3B1D3CD267FCC186A0146B80D453B ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
17:30:30.0046 5264 LMouFilt - ok
17:30:30.0078 5264 [ 0C62957912D4DF1E4BA9795E6BE3ED38 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
17:30:30.0093 5264 LUsbFilt - ok
17:30:30.0125 5264 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Programme\Microsoft Fix it Center\Matsvc.exe
17:30:30.0171 5264 MatSvc - ok
17:30:30.0203 5264 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
17:30:30.0234 5264 MDM - ok
17:30:30.0312 5264 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:30:30.0546 5264 Messenger - ok
17:30:30.0578 5264 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:30:30.0734 5264 mnmdd - ok
17:30:30.0765 5264 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:30:30.0921 5264 mnmsrvc - ok
17:30:30.0953 5264 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:30:31.0093 5264 Modem - ok
17:30:31.0125 5264 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:30:31.0312 5264 Mouclass - ok
17:30:31.0328 5264 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:30:31.0484 5264 mouhid - ok
17:30:31.0515 5264 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:30:31.0687 5264 MountMgr - ok
17:30:31.0734 5264 [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:30:31.0750 5264 MozillaMaintenance - ok
17:30:31.0781 5264 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
17:30:31.0937 5264 MPE - ok
17:30:31.0937 5264 mraid35x - ok
17:30:31.0953 5264 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:30:32.0109 5264 MRxDAV - ok
17:30:32.0140 5264 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:30:32.0234 5264 MRxSmb - ok
17:30:32.0265 5264 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:30:32.0406 5264 MSDTC - ok
17:30:32.0421 5264 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:30:32.0750 5264 Msfs - ok
17:30:32.0765 5264 MSIServer - ok
17:30:32.0765 5264 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:30:33.0046 5264 MSKSSRV - ok
17:30:33.0109 5264 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:30:33.0328 5264 MSPCLOCK - ok
17:30:33.0343 5264 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:30:33.0609 5264 MSPQM - ok
17:30:33.0640 5264 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:30:33.0953 5264 mssmbios - ok
17:30:33.0968 5264 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:30:34.0359 5264 MSTEE - ok
17:30:34.0406 5264 [ 283CD3E86F98A18EB0566DF56D99FD90 ] MTSBDA C:\WINDOWS\system32\Drivers\MtsBda.sys
17:30:34.0437 5264 MTSBDA - ok
17:30:34.0468 5264 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:30:34.0546 5264 MTsensor - ok
17:30:34.0578 5264 [ CDA98C3A905DA0E5A773BE412BB190B3 ] MtsHID C:\WINDOWS\system32\drivers\MtsHID.sys
17:30:34.0609 5264 MtsHID - ok
17:30:34.0640 5264 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:30:34.0703 5264 Mup - ok
17:30:34.0734 5264 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:30:34.0890 5264 NABTSFEC - ok
17:30:34.0953 5264 [ 07B2740CF3294B98380B9E1BF8AB05B8 ] NanoServiceMain C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe
17:30:34.0984 5264 NanoServiceMain - ok
17:30:35.0031 5264 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:30:35.0546 5264 napagent - ok
17:30:35.0562 5264 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:30:35.0703 5264 NDIS - ok
17:30:35.0718 5264 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:30:35.0875 5264 NdisIP - ok
17:30:35.0906 5264 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:30:35.0968 5264 NdisTapi - ok
17:30:36.0000 5264 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:30:36.0156 5264 Ndisuio - ok
17:30:36.0171 5264 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:30:36.0312 5264 NdisWan - ok
17:30:36.0359 5264 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:30:36.0437 5264 NDProxy - ok
17:30:36.0468 5264 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
17:30:36.0484 5264 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:30:36.0484 5264 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:30:36.0500 5264 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:30:36.0671 5264 NetBIOS - ok
17:30:36.0703 5264 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:30:36.0843 5264 NetBT - ok
17:30:36.0875 5264 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:30:37.0046 5264 NetDDE - ok
17:30:37.0046 5264 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:30:37.0187 5264 NetDDEdsdm - ok
17:30:37.0234 5264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:30:37.0375 5264 Netlogon - ok
17:30:37.0421 5264 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:30:37.0562 5264 Netman - ok
17:30:37.0593 5264 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:30:37.0609 5264 NetTcpPortSharing - ok
17:30:37.0640 5264 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:30:37.0687 5264 Nla - ok
17:30:37.0734 5264 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:30:37.0875 5264 nm - ok
17:30:37.0906 5264 [ CFEE15A88280D369672DA0E378BBC702 ] NNSALPC C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys
17:30:37.0921 5264 NNSALPC - ok
17:30:37.0953 5264 [ 2708799ADC223C4412341F0C68D032E3 ] NNSHTTP C:\WINDOWS\system32\DRIVERS\NNSHttp.sys
17:30:37.0968 5264 NNSHTTP - ok
17:30:37.0984 5264 [ 533F19056B98D9CCE466B64186905BC1 ] NNSIDS C:\WINDOWS\system32\DRIVERS\NNSIds.sys
17:30:38.0000 5264 NNSIDS - ok
17:30:38.0031 5264 [ 5F7A83B1FC6CAE3E46B215F5E5C759E9 ] NNSNAHS C:\WINDOWS\system32\DRIVERS\NNSNAHS.sys
17:30:38.0046 5264 NNSNAHS - ok
17:30:38.0078 5264 [ 1F054C5CA627FCD3983538D74574016B ] NNSPICC C:\WINDOWS\system32\DRIVERS\NNSPicc.sys
17:30:38.0093 5264 NNSPICC - ok
17:30:38.0109 5264 [ 1ABA7D70E4F029892A381C75EE144C16 ] NNSPIHS C:\WINDOWS\system32\DRIVERS\NNSPihs.sys
17:30:38.0140 5264 NNSPIHS - ok
17:30:38.0140 5264 [ 5F8C023775B8F4A0A8FFC93DD0A27285 ] NNSPOP3 C:\WINDOWS\system32\DRIVERS\NNSPop3.sys
17:30:38.0171 5264 NNSPOP3 - ok
17:30:38.0187 5264 [ CA541CE4A1FC034EEC8CFD6C155B9D30 ] NNSPROT C:\WINDOWS\system32\DRIVERS\NNSProt.sys
17:30:38.0218 5264 NNSPROT - ok
17:30:38.0250 5264 [ 938E8CCC7AC5922F2E3DBDF3E7A3035C ] NNSPRV C:\WINDOWS\system32\DRIVERS\NNSPrv.sys
17:30:38.0281 5264 NNSPRV - ok
17:30:38.0312 5264 [ 2458E950F0A0DD9AD08385209B5E1702 ] NNSSMTP C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys
17:30:38.0328 5264 NNSSMTP - ok
17:30:38.0343 5264 [ 75D990651236A570C4C80ED56BFB4009 ] NNSSTRM C:\WINDOWS\system32\DRIVERS\NNSStrm.sys
17:30:38.0375 5264 NNSSTRM - ok
17:30:38.0390 5264 [ 9D526B79E7D438056ED7D382AB94019A ] NNSTLSC C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys
17:30:38.0406 5264 NNSTLSC - ok
17:30:38.0453 5264 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
17:30:38.0468 5264 NPF - ok
17:30:38.0515 5264 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:30:38.0671 5264 Npfs - ok
17:30:38.0703 5264 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:30:38.0859 5264 Ntfs - ok
17:30:38.0890 5264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:30:39.0031 5264 NtLmSsp - ok
17:30:39.0078 5264 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:30:39.0234 5264 NtmsSvc - ok
17:30:39.0250 5264 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:30:39.0375 5264 Null - ok
17:30:39.0656 5264 [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:30:40.0218 5264 nv - ok
17:30:40.0250 5264 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:30:40.0281 5264 NVSvc - ok
17:30:40.0375 5264 [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:30:40.0500 5264 nvUpdatusService - ok
17:30:40.0531 5264 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:30:40.0671 5264 NwlnkFlt - ok
17:30:40.0687 5264 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:30:40.0843 5264 NwlnkFwd - ok
17:30:40.0906 5264 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:30:40.0921 5264 ose - ok
17:30:40.0968 5264 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:30:41.0109 5264 Parport - ok
17:30:41.0140 5264 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:30:41.0265 5264 PartMgr - ok
17:30:41.0296 5264 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:30:41.0437 5264 ParVdm - ok
17:30:41.0468 5264 [ CC054BA693B054BDF135E034B5EADB59 ] PC Monitor C:\Programme\PC Monitor\PCMonitorSrv.exe
17:30:41.0500 5264 PC Monitor - ok
17:30:41.0515 5264 PCASp50 - ok
17:30:41.0531 5264 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:30:41.0687 5264 PCI - ok
17:30:41.0687 5264 PCIDump - ok
17:30:41.0718 5264 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:30:41.0828 5264 PCIIde - ok
17:30:41.0859 5264 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:30:42.0000 5264 Pcmcia - ok
17:30:42.0000 5264 PDCOMP - ok
17:30:42.0000 5264 PDFRAME - ok
17:30:42.0015 5264 PDRELI - ok
17:30:42.0015 5264 PDRFRAME - ok
17:30:42.0015 5264 perc2 - ok
17:30:42.0015 5264 perc2hib - ok
17:30:42.0062 5264 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
17:30:42.0078 5264 pfc ( UnsignedFile.Multi.Generic ) - warning
17:30:42.0078 5264 pfc - detected UnsignedFile.Multi.Generic (1)
17:30:42.0093 5264 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:30:42.0109 5264 PlugPlay - ok
17:30:42.0156 5264 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
17:30:42.0171 5264 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:30:42.0171 5264 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:30:42.0187 5264 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:30:42.0375 5264 PnkBstrA - ok
17:30:42.0390 5264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:30:42.0718 5264 PolicyAgent - ok
17:30:43.0343 5264 PORTMON - ok
17:30:43.0406 5264 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:30:43.0687 5264 PptpMiniport - ok
17:30:43.0703 5264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:30:43.0859 5264 ProtectedStorage - ok
17:30:43.0890 5264 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:30:44.0046 5264 PSched - ok
17:30:44.0093 5264 [ 8ABBC5F1492BFDE63FEAE2718A630E5C ] PSINAflt C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
17:30:44.0125 5264 PSINAflt - ok
17:30:44.0140 5264 [ D92FD5186C6ED7A0CFE5E4FA69CFEF59 ] PSINFile C:\WINDOWS\system32\DRIVERS\PSINFile.sys
17:30:44.0171 5264 PSINFile - ok
17:30:44.0187 5264 [ C24FA396FF16D8C671D9E5807A0BC8B7 ] PSINKNC C:\WINDOWS\system32\DRIVERS\psinknc.sys
17:30:44.0218 5264 PSINKNC - ok
17:30:44.0234 5264 [ C52B3E1631CFA5E3BBDE6D2558C0CC72 ] PSINProc C:\WINDOWS\system32\DRIVERS\PSINProc.sys
17:30:44.0250 5264 PSINProc - ok
17:30:44.0281 5264 [ 0E4C4813C2AA327229F387E3921E69C3 ] PSINProt C:\WINDOWS\system32\DRIVERS\PSINProt.sys
17:30:44.0296 5264 PSINProt - ok
17:30:44.0312 5264 [ 476769481841007583875023F7ECC4CA ] PSKMAD C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
17:30:44.0328 5264 PSKMAD - ok
17:30:44.0375 5264 [ 0C234A4A2FBAB98E5E1BAFAF3E3E403A ] PsSdk41 C:\WINDOWS\system32\Drivers\pssdk41.sys
17:30:44.0390 5264 PsSdk41 - ok
17:30:44.0421 5264 [ C8EB36910D3BD582891977E80925E21E ] PSSDK42 C:\WINDOWS\system32\Drivers\pssdk42.sys
17:30:44.0437 5264 PSSDK42 - ok
17:30:44.0453 5264 [ 98A9D3236C6301503571DE79B86E8538 ] PSUAService C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe
17:30:44.0468 5264 PSUAService - ok
17:30:44.0484 5264 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:30:44.0625 5264 Ptilink - ok
17:30:44.0656 5264 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:30:44.0671 5264 PxHelp20 - ok
17:30:44.0671 5264 ql1080 - ok
17:30:44.0687 5264 Ql10wnt - ok
17:30:44.0687 5264 ql12160 - ok
17:30:44.0703 5264 ql1240 - ok
17:30:44.0703 5264 ql1280 - ok
17:30:44.0718 5264 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:30:44.0859 5264 RasAcd - ok
17:30:44.0890 5264 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:30:45.0046 5264 RasAuto - ok
17:30:45.0078 5264 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:30:45.0218 5264 Rasl2tp - ok
17:30:45.0265 5264 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:30:45.0390 5264 RasMan - ok
17:30:45.0421 5264 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:30:45.0546 5264 RasPppoe - ok
17:30:45.0578 5264 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:30:45.0703 5264 Raspti - ok
17:30:45.0734 5264 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:30:45.0859 5264 Rdbss - ok
17:30:45.0875 5264 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:30:46.0000 5264 RDPCDD - ok
17:30:46.0015 5264 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:30:46.0156 5264 rdpdr - ok
17:30:46.0203 5264 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:30:46.0281 5264 RDPWD - ok
17:30:46.0312 5264 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:30:46.0453 5264 RDSessMgr - ok
17:30:46.0468 5264 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:30:46.0609 5264 redbook - ok
17:30:46.0640 5264 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:30:46.0781 5264 RemoteAccess - ok
17:30:46.0812 5264 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:30:46.0937 5264 RemoteRegistry - ok
17:30:46.0968 5264 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
17:30:47.0078 5264 ROOTMODEM - ok
17:30:47.0140 5264 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Programme\WinPcap\rpcapd.exe
17:30:47.0156 5264 rpcapd - ok
17:30:47.0171 5264 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:30:47.0296 5264 RpcLocator - ok
17:30:47.0328 5264 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:30:47.0359 5264 RpcSs - ok
17:30:47.0375 5264 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:30:47.0500 5264 RSVP - ok
17:30:47.0515 5264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:30:47.0640 5264 SamSs - ok
17:30:47.0687 5264 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:30:47.0812 5264 SCardSvr - ok
17:30:47.0843 5264 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:30:48.0000 5264 Schedule - ok
17:30:48.0015 5264 [ CDD052BE4065E005E695158308D1D64A ] SCM_DVB C:\WINDOWS\system32\DRIVERS\alphac.sys
17:30:48.0031 5264 SCM_DVB ( UnsignedFile.Multi.Generic ) - warning
17:30:48.0031 5264 SCM_DVB - detected UnsignedFile.Multi.Generic (1)
17:30:48.0078 5264 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:30:48.0156 5264 Secdrv - ok
17:30:48.0203 5264 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:30:48.0359 5264 seclogon - ok
17:30:48.0390 5264 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:30:48.0531 5264 SENS - ok
17:30:48.0546 5264 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:30:48.0671 5264 serenum - ok
17:30:48.0703 5264 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:30:48.0843 5264 Serial - ok
17:30:48.0875 5264 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:30:49.0015 5264 Sfloppy - ok
17:30:49.0218 5264 [ 60427355B02A6A1808F1831FF0F0D9E2 ] SGFXMgr C:\Programme\SGFX\sgfxmgr.exe
17:30:49.0437 5264 SGFXMgr ( UnsignedFile.Multi.Generic ) - warning
17:30:49.0437 5264 SGFXMgr - detected UnsignedFile.Multi.Generic (1)
17:30:49.0500 5264 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:30:49.0625 5264 SharedAccess - ok
17:30:49.0640 5264 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:30:49.0671 5264 ShellHWDetection - ok
17:30:49.0703 5264 [ 4BD319BF5A4A273AE776AFB9F1107D25 ] silabenm C:\WINDOWS\system32\DRIVERS\silabenm.sys
17:30:49.0796 5264 silabenm - ok
17:30:49.0812 5264 [ 12C48D71CFD011D59FBA28027341CC12 ] silabser C:\WINDOWS\system32\DRIVERS\silabser.sys
17:30:49.0859 5264 silabser - ok
17:30:49.0859 5264 Simbad - ok
17:30:49.0890 5264 [ FF0E0D6B57102832DF3E2892175B5A70 ] SIoctl c:\windows\system32\drivers\sioctl.sys
17:30:49.0890 5264 SIoctl ( UnsignedFile.Multi.Generic ) - warning
17:30:49.0890 5264 SIoctl - detected UnsignedFile.Multi.Generic (1)
17:30:49.0906 5264 SIWIO - ok
17:30:50.0046 5264 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:30:50.0187 5264 Skype C2C Service - ok
17:30:50.0250 5264 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
17:30:50.0265 5264 SkypeUpdate - ok
17:30:50.0281 5264 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:30:50.0421 5264 SLIP - ok
17:30:50.0468 5264 [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto C:\WINDOWS\system32\DRIVERS\Soluto.sys
17:30:50.0484 5264 Soluto - ok
17:30:50.0562 5264 [ 3971E30B64AF2EF61F8F68E41586517B ] SolutoService C:\Programme\Soluto\SolutoService.exe
17:30:50.0609 5264 SolutoService - ok
17:30:50.0609 5264 Sparrow - ok
17:30:50.0625 5264 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
17:30:50.0656 5264 speedfan - ok
17:30:50.0671 5264 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:30:50.0812 5264 splitter - ok
17:30:50.0843 5264 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:30:50.0859 5264 Spooler - ok
17:30:50.0890 5264 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:30:50.0984 5264 sr - ok
17:30:51.0015 5264 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
17:30:51.0093 5264 srservice - ok
17:30:51.0125 5264 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:30:51.0203 5264 Srv - ok
17:30:51.0234 5264 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:30:51.0312 5264 SSDPSRV - ok
17:30:51.0343 5264 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:30:51.0359 5264 ssmdrv - ok
17:30:51.0375 5264 Steam Client Service - ok
17:30:51.0390 5264 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:30:51.0531 5264 StillCam - ok
17:30:51.0562 5264 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:30:51.0718 5264 stisvc - ok
17:30:51.0750 5264 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:30:51.0890 5264 streamip - ok
17:30:51.0906 5264 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:30:52.0031 5264 swenum - ok
17:30:52.0046 5264 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:30:52.0187 5264 swmidi - ok
17:30:52.0187 5264 SwPrv - ok
17:30:52.0203 5264 symc810 - ok
17:30:52.0203 5264 symc8xx - ok
17:30:52.0203 5264 sym_hi - ok
17:30:52.0218 5264 sym_u3 - ok
17:30:52.0234 5264 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:30:52.0375 5264 sysaudio - ok
17:30:52.0406 5264 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:30:52.0531 5264 SysmonLog - ok
17:30:52.0687 5264 [ 1FF41723B6CF6EF0D2456691B75131BB ] TabletServicePen C:\Programme\Tablet\Pen\Pen_Tablet.exe
17:30:52.0921 5264 TabletServicePen - ok
17:30:52.0953 5264 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:30:53.0093 5264 TapiSrv - ok
17:30:53.0125 5264 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:30:53.0156 5264 Tcpip - ok
17:30:53.0187 5264 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:30:53.0328 5264 TDPIPE - ok
17:30:53.0343 5264 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:30:53.0500 5264 TDTCP - ok
17:30:53.0609 5264 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
17:30:53.0734 5264 TeamViewer7 - ok
17:30:53.0750 5264 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
17:30:53.0812 5264 teamviewervpn - ok
17:30:53.0828 5264 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:30:53.0984 5264 TermDD - ok
17:30:54.0031 5264 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:30:54.0171 5264 TermService - ok
17:30:54.0187 5264 [ 7DF8712159FD1B4812D730519808F282 ] TfBulk C:\WINDOWS\system32\DRIVERS\TfBulk.sys
17:30:54.0218 5264 TfBulk ( UnsignedFile.Multi.Generic ) - warning
17:30:54.0218 5264 TfBulk - detected UnsignedFile.Multi.Generic (1)
17:30:54.0234 5264 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:30:54.0250 5264 Themes - ok
17:30:54.0281 5264 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:30:54.0359 5264 TlntSvr - ok
17:30:54.0406 5264 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
17:30:54.0421 5264 TomTomHOMEService - ok
17:30:54.0437 5264 TosIde - ok
17:30:54.0468 5264 [ C17EA46C3326A951DC3B8E883D661E0C ] TouchServicePen C:\Programme\Tablet\Pen\Pen_TouchService.exe
17:30:54.0515 5264 TouchServicePen - ok
17:30:54.0531 5264 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:30:54.0671 5264 TrkWks - ok
17:30:54.0703 5264 [ F3996987080426D4E87ECD9D4FE373AF ] TTHID C:\WINDOWS\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys
17:30:54.0718 5264 TTHID - ok
17:30:54.0750 5264 [ 6567467622AB8EDE565255B3069C9FC1 ] TTUSB2BDA C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys
17:30:54.0765 5264 TTUSB2BDA ( UnsignedFile.Multi.Generic ) - warning
17:30:54.0765 5264 TTUSB2BDA - detected UnsignedFile.Multi.Generic (1)
17:30:54.0796 5264 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:30:54.0937 5264 Udfs - ok
17:30:54.0968 5264 [ 2C90C6AB5C3BCECA23D800BBFEC25460 ] UDST7000BDA C:\WINDOWS\system32\Drivers\UDST7000BDA.sys
17:30:55.0000 5264 UDST7000BDA - ok
17:30:55.0031 5264 [ BED5ED6B9179C3743736556F4A0FD460 ] UDST7000HID C:\WINDOWS\system32\drivers\UDST7000HID.sys
17:30:55.0046 5264 UDST7000HID - ok
17:30:55.0078 5264 [ 328762250DDF538CF007CF692DD6E934 ] UDXTTM6010 C:\WINDOWS\system32\DRIVERS\UDXTTM6010.sys
17:30:55.0109 5264 UDXTTM6010 - ok
17:30:55.0125 5264 ultra - ok
17:30:55.0156 5264 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
17:30:55.0156 5264 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
17:30:55.0156 5264 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
17:30:55.0187 5264 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:30:55.0343 5264 Update - ok
17:30:55.0375 5264 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:30:55.0468 5264 upnphost - ok
17:30:55.0515 5264 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:30:55.0640 5264 UPS - ok
17:30:55.0671 5264 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:30:55.0718 5264 USBAAPL - ok
17:30:55.0750 5264 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:30:55.0875 5264 usbaudio - ok
17:30:55.0906 5264 [ 8D6A64FBD6A2F5C404564A652FA762D0 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
17:30:55.0906 5264 usbbus ( UnsignedFile.Multi.Generic ) - warning
17:30:55.0906 5264 usbbus - detected UnsignedFile.Multi.Generic (1)
17:30:55.0921 5264 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:30:56.0046 5264 usbccgp - ok
17:30:56.0078 5264 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:30:56.0218 5264 usbehci - ok
17:30:56.0250 5264 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:30:56.0375 5264 usbhub - ok
17:30:56.0406 5264 [ 2ADFBC1B0DC33E0BADF871921EE0051F ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
17:30:56.0406 5264 USBModem ( UnsignedFile.Multi.Generic ) - warning
17:30:56.0406 5264 USBModem - detected UnsignedFile.Multi.Generic (1)
17:30:56.0421 5264 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:30:56.0562 5264 usbprint - ok
17:30:56.0578 5264 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:30:56.0718 5264 usbscan - ok
17:30:56.0750 5264 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
17:30:56.0875 5264 usbser - ok
17:30:56.0906 5264 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:30:57.0031 5264 USBSTOR - ok
17:30:57.0062 5264 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:30:57.0187 5264 usbuhci - ok
17:30:57.0234 5264 [ EF3F7E498AD2E617FDCBEE939A258015 ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
17:30:57.0265 5264 VBoxNetAdp - ok
17:30:57.0296 5264 [ 0E6574175245ACFE0410947E415F408F ] VBoxNetFlt C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
17:30:57.0312 5264 VBoxNetFlt - ok
17:30:57.0343 5264 [ 8ADAA94B516C7CB6962846E527FBCBFA ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
17:30:57.0359 5264 VBoxUSBMon - ok
17:30:57.0375 5264 VComm - ok
17:30:57.0375 5264 VcommMgr - ok
17:30:57.0390 5264 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:30:57.0531 5264 VgaSave - ok
17:30:57.0546 5264 ViaIde - ok
17:30:57.0578 5264 [ 2D8D84D0B90C9055C0B83050D8A17A89 ] VirtualFD E:\Downloads\vfd21-050404\vfd.sys
17:30:57.0625 5264 VirtualFD ( UnsignedFile.Multi.Generic ) - warning
17:30:57.0625 5264 VirtualFD - detected UnsignedFile.Multi.Generic (1)
17:30:57.0656 5264 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:57.0796 5264 VolSnap - ok
17:30:57.0828 5264 [ 53F064EDEC4A0B7D4281E9E87813F90A ] VSBC C:\WINDOWS\system32\DRIVERS\evsbc.sys
17:30:57.0843 5264 VSBC - ok
17:30:57.0875 5264 [ 1C8A783E90C34D205596F1AB4A97E261 ] vsbus C:\WINDOWS\system32\DRIVERS\vsb.sys
17:30:57.0890 5264 vsbus ( UnsignedFile.Multi.Generic ) - warning
17:30:57.0890 5264 vsbus - detected UnsignedFile.Multi.Generic (1)
17:30:57.0906 5264 [ 3377DAA1CB8CAC46A538C236F5F3D58F ] vserial C:\WINDOWS\system32\DRIVERS\vserial.sys
17:30:57.0921 5264 vserial ( UnsignedFile.Multi.Generic ) - warning
17:30:57.0921 5264 vserial - detected UnsignedFile.Multi.Generic (1)
17:30:57.0953 5264 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:30:58.0046 5264 VSS - ok
17:30:58.0078 5264 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
17:30:58.0203 5264 W32Time - ok
17:30:58.0250 5264 [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
17:30:58.0281 5264 wacmoumonitor - ok
17:30:58.0296 5264 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
17:30:58.0312 5264 wacommousefilter - ok
17:30:58.0343 5264 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
17:30:58.0359 5264 wacomvhid - ok
17:30:58.0390 5264 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:58.0531 5264 Wanarp - ok
17:30:58.0546 5264 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:30:58.0593 5264 Wdf01000 - ok
17:30:58.0593 5264 WDICA - ok
17:30:58.0625 5264 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:58.0750 5264 wdmaud - ok
17:30:58.0781 5264 [ F455C0358F8E4CC52AD53BF1971E21E9 ] wDokan C:\WINDOWS\system32\drivers\wdokan.sys
17:30:58.0812 5264 wDokan - ok
17:30:58.0843 5264 [ 30BB82F9BC3E3A577F6247A8B0F697DD ] wDokanMounter C:\Programme\Wuala Dokan\mounter.exe
17:30:58.0859 5264 wDokanMounter ( UnsignedFile.Multi.Generic ) - warning
17:30:58.0859 5264 wDokanMounter - detected UnsignedFile.Multi.Generic (1)
17:30:58.0890 5264 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:30:59.0031 5264 WebClient - ok
17:30:59.0078 5264 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
17:30:59.0078 5264 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
17:30:59.0093 5264 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
17:30:59.0140 5264 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:30:59.0281 5264 winmgmt - ok
17:30:59.0312 5264 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:30:59.0375 5264 WmdmPmSN - ok
17:30:59.0406 5264 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:30:59.0468 5264 Wmi - ok
17:30:59.0515 5264 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:30:59.0640 5264 WmiApSrv - ok
17:30:59.0703 5264 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
17:30:59.0781 5264 WMPNetworkSvc - ok
17:30:59.0796 5264 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
17:30:59.0828 5264 WpdUsb - ok
17:30:59.0937 5264 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:30:59.0984 5264 WPFFontCache_v0400 - ok
17:31:00.0000 5264 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:31:00.0125 5264 WS2IFSL - ok
17:31:00.0171 5264 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:31:00.0296 5264 wscsvc - ok
17:31:00.0312 5264 WSearch - ok
17:31:00.0343 5264 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:31:00.0484 5264 WSTCODEC - ok
17:31:00.0531 5264 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:31:00.0671 5264 wuauserv - ok
17:31:00.0703 5264 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:31:00.0750 5264 WudfPf - ok
17:31:00.0765 5264 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:31:00.0796 5264 WudfRd - ok
17:31:00.0828 5264 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:31:00.0875 5264 WudfSvc - ok
17:31:00.0921 5264 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:31:01.0093 5264 WZCSVC - ok
17:31:01.0125 5264 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:31:01.0265 5264 xmlprov - ok
17:31:01.0296 5264 [ 4322C32CED8C4772E039616DCBF01D3F ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:31:01.0359 5264 yukonwxp - ok
17:31:01.0375 5264 ================ Scan global ===============================
17:31:01.0421 5264 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:31:01.0453 5264 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:01.0468 5264 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
17:31:01.0515 5264 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:31:01.0515 5264 [Global] - ok
17:31:01.0515 5264 ================ Scan MBR ==================================
17:31:01.0531 5264 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:31:01.0796 5264 \Device\Harddisk0\DR0 - ok
17:31:01.0796 5264 ================ Scan VBR ==================================
17:31:01.0796 5264 [ 456CA77C12C3CEA4E646484D8F481506 ] \Device\Harddisk0\DR0\Partition1
17:31:01.0796 5264 \Device\Harddisk0\DR0\Partition1 - ok
17:31:01.0796 5264 [ 5C788847F8D83BB55FCE6C96D9BDE2EA ] \Device\Harddisk0\DR0\Partition2
17:31:01.0796 5264 \Device\Harddisk0\DR0\Partition2 - ok
17:31:01.0812 5264 ============================================================
17:31:01.0812 5264 Scan finished
17:31:01.0812 5264 ============================================================
17:31:01.0953 5188 Detected object count: 28
17:31:01.0953 5188 Actual detected object count: 28
17:31:15.0625 5188 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0625 5188 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0625 5188 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0625 5188 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0625 5188 asuskbnt ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0625 5188 asuskbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0625 5188 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0625 5188 ATKKeyboardService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0625 5188 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0625 5188 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0625 5188 CAMTOOLS ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0625 5188 CAMTOOLS ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0625 5188 EIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0625 5188 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 Ekauio ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 Ekauio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 hotcore ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 hotcore ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0640 5188 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0640 5188 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 SCM_DVB ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 SCM_DVB ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 SGFXMgr ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 SGFXMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 SIoctl ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 SIoctl ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 TfBulk ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 TfBulk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 TTUSB2BDA ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 TTUSB2BDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 usbbus ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 usbbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 USBModem ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 USBModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0656 5188 VirtualFD ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0656 5188 VirtualFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0671 5188 vsbus ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0671 5188 vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0671 5188 vserial ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0671 5188 vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0671 5188 wDokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0671 5188 wDokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:15.0671 5188 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:15.0671 5188 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:39.0078 3804 Deinitialize success
|
|
18.10.2012, 19:11
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jumi.exe greift in Registry auf seltsame Einträge zu Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2012, 09:14
| #20 |
| | Jumi.exe greift in Registry auf seltsame Einträge zu OK hier das Log: Code:
ATTFilter ComboFix 12-10-18.03 - User 19.10.2012 9:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1031.18.2047.1207 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\_ctypes.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\_elementtree.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\_hashlib.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\_socket.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\_ssl.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\pyexpat.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\pysqlite2._sqlite.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\python26.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\pythoncom26.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\pywintypes26.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\select.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\unicodedata.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32api.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32com.shell.shell.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32crypt.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32event.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32file.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32inet.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32pdh.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32process.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\win32security.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\windows._cacheinvalidation.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wx._controls_.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wx._core_.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wx._gdi_.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wx._html2.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wx._misc_.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wx._windows_.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wx._wizard.pyd
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wxbase293u_net_vc.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wxbase293u_vc.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wxmsw293u_adv_vc.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wxmsw293u_core_vc.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wxmsw293u_html_vc.dll
c:\dokume~1\User\LOKALE~1\Temp\_MEI34602\wxmsw293u_webview_vc.dll
c:\dokume~1\User\LOKALE~1\Temp\swtlib-32\swt-gdip-win32-3707.dll
c:\dokume~1\User\LOKALE~1\Temp\swtlib-32\swt-win32-3707.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\_ctypes.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\_elementtree.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\_hashlib.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\_socket.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\_ssl.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\pyexpat.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\pysqlite2._sqlite.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\python26.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\pythoncom26.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\pywintypes26.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\select.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\unicodedata.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32api.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32com.shell.shell.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32crypt.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32event.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32file.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32inet.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32pdh.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32process.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\win32security.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\windows._cacheinvalidation.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wx._controls_.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wx._core_.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wx._gdi_.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wx._html2.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wx._misc_.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wx._windows_.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wx._wizard.pyd
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wxbase293u_net_vc.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wxbase293u_vc.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wxmsw293u_adv_vc.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wxmsw293u_core_vc.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wxmsw293u_html_vc.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\_MEI34602\wxmsw293u_webview_vc.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\swtlib-32\swt-gdip-win32-3707.dll
c:\dokumente und einstellungen\User\Lokale Einstellungen\Temp\swtlib-32\swt-win32-3707.dll
c:\dokumente und einstellungen\User\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\programme\compact
c:\programme\compact\Extension Renamer\App.ico
c:\programme\compact\Extension Renamer\AssemblyInfo.cs
c:\programme\compact\Extension Renamer\CompactLibrary.dll
c:\programme\compact\Extension Renamer\Extension Renamer.exe
c:\programme\compact\Extension Renamer\extIcon.ico
c:\programme\compact\Extension Renamer\extRename.csproj
c:\programme\compact\Extension Renamer\extRenamer.cs
c:\programme\compact\Extension Renamer\extRenamer.resx
c:\programme\Internet Explorer\SET116.tmp
c:\programme\Internet Explorer\SET11A.tmp
c:\programme\Internet Explorer\SET11B.tmp
c:\programme\Internet Explorer\SET4BA.tmp
c:\programme\Internet Explorer\SET4BE.tmp
c:\programme\Internet Explorer\SET4BF.tmp
c:\programme\Internet Explorer\SET4C.tmp
c:\programme\Internet Explorer\SET50.tmp
c:\programme\Internet Explorer\SET51.tmp
c:\programme\Internet Explorer\SET8C.tmp
c:\programme\Internet Explorer\SET90.tmp
c:\programme\Internet Explorer\SET91.tmp
c:\programme\Internet Explorer\SETF4.tmp
c:\programme\Internet Explorer\SETF8.tmp
c:\programme\Internet Explorer\SETF9.tmp
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-19 bis 2012-10-19 ))))))))))))))))))))))))))))))
.
.
2012-10-18 15:21 . 2011-03-10 17:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-10-18 08:28 . 2012-10-18 08:29 -------- d-----w- c:\programme\SGFX
2012-10-18 08:28 . 2012-10-18 08:28 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\SMSC
2012-10-16 11:57 . 2012-10-16 11:57 -------- d-----w- c:\programme\ESET
2012-09-25 15:57 . 2012-10-02 08:23 -------- d-----w- c:\programme\Jumi
2012-09-24 10:17 . 2012-09-24 10:17 -------- d-----w- c:\windows\system32\wbem\Framework
2012-09-24 09:47 . 2012-10-15 08:27 -------- d-----w- c:\programme\PC Monitor
2012-09-24 09:34 . 2012-09-24 09:34 -------- d-----w- c:\programme\PC Monitor Dashboard
2012-09-21 10:21 . 2012-09-21 11:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2012-09-20 10:30 . 2012-09-20 10:37 -------- d-----w- c:\dokumente und einstellungen\User\Anwendungsdaten\vlc
2012-09-19 13:27 . 2012-09-21 11:42 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared
2012-09-19 13:27 . 2012-09-21 10:21 -------- d-----w- c:\programme\Symantec
2012-09-19 13:08 . 2012-09-19 13:13 -------- d-----w- C:\backup_landolt
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 16:33 . 2012-10-18 16:33 22106 ----a-w- C:\TDSSKiller.2.8.13.0_18.10.2012_17.29.24_log.zip
2012-10-15 10:18 . 2012-04-18 16:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 10:18 . 2011-05-24 09:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 16:04 . 2012-02-29 12:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 16:05 . 2011-01-31 09:10 569 ----a-w- c:\windows\uninstallstickies.bat
2012-08-31 08:21 . 2012-08-31 08:22 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 08:21 . 2012-02-20 12:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-31 08:21 . 2012-06-14 15:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 08:21 . 2010-04-23 08:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:05 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 14:32 . 2011-12-15 08:41 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2008-05-07 10:04 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2008-05-07 10:04 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01 . 2008-01-29 11:02 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 12:01 . 2008-01-29 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-09 12:22 . 2010-03-09 12:22 6661320 ----a-w- c:\programme\Gemeinsame Dateien\lpuninstall.exe
2009-05-04 14:24 . 2009-05-04 14:25 454656 ----a-w- c:\programme\putty.exe
2012-10-04 13:26 . 2012-10-04 13:24 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1499FE7-129D-4B6E-B681-DDF21E14172C}]
2012-10-18 16:56 51176 ----a-w- e:\itools\Plugin\iToolsBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 14:51 556056 ----a-w- c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 14:51 556056 ----a-w- c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 14:51 556056 ----a-w- c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07 559104 ----a-w- c:\programme\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 14:51 556056 ----a-w- c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 14:51 556056 ----a-w- c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 14:51 556056 ----a-w- c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 14:51 556056 ----a-w- c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Growl"="c:\programme\Growl for Windows\Growl.exe" [2012-03-21 3817472]
"Facebook Update"="c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe" [2012-07-23 138096]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"FileHippo.com"="c:\programme\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"GoogleDriveSync"="c:\programme\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"49B70E52B1DFEA569026EA1423E2B1DF7697BAC7._service_run"="c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" [2012-10-17 1242136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"EvtMgr6"="c:\programme\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-10-05 611712]
"ToolBoxFX"="c:\programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-03-26 53248]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2012-04-18 421888]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"PSUAMain"="c:\programme\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"PC Monitor Operations"="c:\programme\PC Monitor\pcmontask.exe" [2012-10-12 125288]
"SgfxConfig"="c:\programme\SGFX\sgfxconfig.exe" [2011-10-10 1522176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="c:\programme\Skype\Phone\IEPlugin\unins000.exe" [2007-03-27 674138]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Install LastPass FF RunOnce.lnk - c:\programme\Gemeinsame Dateien\lpuninstall.exe [2010-3-9 6661320]
.
c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\
jAnrufmonitor 5.0.lnk - c:\programme\jAnrufmonitor\jam.exe [2012-1-20 45056]
Miranda IM.lnk - c:\programme\Miranda IM\miranda32.exe [2012-9-25 828500]
Stickies.lnk - c:\programme\Stickies\stickies.exe [2011-1-31 1134592]
TimeLeft.lnk - c:\programme\TimeLeft3\TimeLeft.exe [2008-9-3 1940264]
Verknüpfung mit druckerfix.lnk - C:\druckerfix.bat [2007-3-21 134]
Wuala.lnk - c:\dokumente und einstellungen\User\Anwendungsdaten\Wuala\Roaming\Wuala.exe [2010-8-13 453552]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Comrade.exe"=c:\programme\GameSpy\Comrade\Comrade.exe
"EA Core"="c:\programme\Electronic Arts\EADM\Core.exe" -silent
"msnmsgr"="c:\programme\MSN Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LanguageShortcut"=c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programme\\Kathrein\\DVRManager\\UFS822.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Dokumente und Einstellungen\\User\\Lokale Einstellungen\\Anwendungsdaten\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Dokumente und Einstellungen\\User\\Lokale Einstellungen\\Anwendungsdaten\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programme\\Duolabs\\QBoxHD_Updater v.1.0.4\\QBOXHD Updater.exe"=
"c:\\smargotest\\newcsgui\\NewcsGui1_2mod01\\newcs.exe"=
"c:\\Programme\\PSPad editor\\PSPad.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Growl for Windows\\Growl.exe"=
"c:\\Programme\\Eureqa Software\\Eureqa\\eureqa_server.exe"=
"c:\\Programme\\ICQ7.0\\ICQ.exe"=
"c:\\Programme\\ICQ7.0\\aolload.exe"=
"c:\\Programme\\NetMeeting\\conf.exe"=
"c:\\Dokumente und Einstellungen\\User\\Anwendungsdaten\\Wuala\\Roaming\\Wuala.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Subvein\\Subvein.exe"=
"c:\\Programme\\Duolabs\\QBoxHD_Updater v.1.1.0\\QBOXHD Updater.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Stickies\\stickies.exe"=
"c:\\Programme\\LevelOne\\Installation Wizard\\InstallationWizard.exe"=
"c:\\Programme\\MusicBrainz Picard\\picard.exe"=
"c:\\Programme\\Miranda IM\\miranda32.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\CrypTool 2\\CrypWin.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Dokumente und Einstellungen\\User\\Anwendungsdaten\\Spotify\\spotify.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Dokumente und Einstellungen\\User\\Lokale Einstellungen\\Anwendungsdaten\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programme\\Soluto\\SolutoCleanup.exe"=
"c:\\Programme\\Soluto\\Soluto.exe"=
"c:\\Programme\\Soluto\\SolutoService.exe"=
"c:\\Programme\\Soluto\\SolutoConsole.exe"=
"c:\\Programme\\Soluto\\SolutoUpdateService.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Jumi\\jumi.exe"=
"e:\\Downloads\\mcam_v0339\\mca_loader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5720:TCP"= 5720:TCP:Jumi Controller
"5720:UDP"= 5720:UDP:Jumi Controller
.
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [29.02.2012 10:02 30820]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [15.12.2011 09:41 51144]
R1 bdftdif_bs;bdftdif_bs;c:\programme\BitDefender\TrafficLight\bdftdif.sys [25.02.2011 15:38 130640]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [27.06.2012 15:51 82472]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [27.06.2012 15:51 120744]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [27.06.2012 15:51 122664]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [27.06.2012 15:51 93992]
R1 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [27.06.2012 15:51 51496]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [27.06.2012 15:51 104104]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [27.06.2012 15:51 286376]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [27.06.2012 15:51 153000]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [27.06.2012 15:51 106536]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [12.07.2012 11:18 206632]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [27.06.2012 15:51 92840]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [13.07.2012 07:02 179112]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20.05.2008 13:10 91440]
R2 bsserv;BitDefender TrafficLight Service;c:\programme\BitDefender\TrafficLight\bsserv.exe [11.04.2011 11:55 24384]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [07.04.2009 13:45 12416]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [14.08.2009 09:46 10448]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe [13.07.2012 06:57 140064]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [13.12.2011 17:48 2253120]
R2 PC Monitor;PC Monitor;c:\programme\PC Monitor\PCMonitorSrv.exe [23.09.2012 18:01 420200]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [13.07.2012 07:02 149032]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [13.07.2012 07:02 101544]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [13.07.2012 07:02 114728]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [13.07.2012 07:02 120616]
R2 PSUAService;Panda Product Service;c:\programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe [13.07.2012 07:15 36640]
R2 SGFXMgr;SGFX Manager;c:\programme\SGFX\sgfxmgr.exe [08.12.2011 23:53 4239872]
R2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.08.2012 13:33 3064000]
R2 TabletServicePen;TabletServicePen;c:\programme\Tablet\Pen\Pen_Tablet.exe [12.04.2012 15:11 5554552]
R2 TeamViewer7;TeamViewer 7;c:\programme\TeamViewer\Version7\TeamViewer_Service.exe [31.08.2012 15:02 2754984]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [23.01.2012 05:43 92592]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\programme\Tablet\Pen\Pen_TouchService.exe [12.04.2012 15:12 451960]
R2 wDokan;wDokan;c:\windows\system32\drivers\wdokan.sys [11.08.2010 15:56 72184]
R2 wDokanMounter;wDokanMounter;c:\programme\Wuala Dokan\mounter.exe [11.08.2010 15:56 22016]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [03.06.2010 16:07 13112]
R3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [09.09.2011 13:54 38536]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [18.10.2012 16:21 46280]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [29.06.2009 12:58 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [03.10.2011 16:49 116016]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [18.02.2010 15:32 26448]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12.04.2012 15:11 10752]
S1 efbDisk;efbDisk; [x]
S2 gupdate1c98787d26b2d06;Google Update-Dienst (gupdate1c98787d26b2d06);c:\programme\Google\Update\GoogleUpdate.exe [14.09.2011 10:46 136176]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S2 SolutoService;Soluto PCGenome Core Service;c:\programme\Soluto\SolutoService.exe [28.08.2012 15:38 598032]
S3 ADM8511;ADMtek ADM8511/AN986-USB-Fast Ethernetkonvertierer;c:\windows\system32\drivers\ADM8511.SYS [13.10.2009 11:14 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18.04.2012 17:16 250808]
S3 CAMTOOLS;Camtools;c:\windows\system32\drivers\CAMTOOLS.sys [13.06.2007 17:44 9856]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [18.02.2010 15:32 52944]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [14.09.2011 10:46 136176]
S3 IrCOMM2k;Virtueller Infrarot-Kommunikationsanschluß;c:\windows\system32\DRIVERS\ircomm2k.sys --> c:\windows\system32\DRIVERS\ircomm2k.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\programme\Microsoft Fix it Center\Matsvc.exe [13.06.2011 22:09 267568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [25.04.2012 14:00 115168]
S3 MTSBDA;TechniSat SkyStar HD2;c:\windows\system32\drivers\MtsBda.sys [11.02.2010 15:42 265744]
S3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [11.02.2010 15:42 23568]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [28.01.2011 02:27 35088]
S3 PORTMON;PORTMON;\??\e:\downloads\SysinternalsSuite\PORTMSYS.SYS --> e:\downloads\SysinternalsSuite\PORTMSYS.SYS [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [27.03.2009 15:46 36928]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [06.10.2009 10:50 38976]
S3 SCM_DVB;SCM DVB_CA_Module;c:\windows\system32\drivers\alphac.sys [11.11.2008 14:07 7711]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [11.05.2010 15:36 43520]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [11.05.2010 15:36 63488]
S3 SIoctl;SIoctl;c:\windows\system32\drivers\sioctl.sys [27.08.2009 09:44 6400]
S3 SIWIO;SIWIO;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.01.2008 10:12 25088]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.05.2007 21:11 13312]
S3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\drivers\Cinergy_Hybrid-Stick_HID.sys [11.06.2010 13:54 21752]
S3 TTUSB2BDA;TechniSat BDA USB 2.0 Driver;c:\windows\system32\drivers\ttusb2bda.sys [14.09.2007 09:46 401024]
S3 UDST7000BDA;
ST7000BDA.FriendlyName%;c:\windows\system32\drivers\UDST7000BDA.sys [08.09.2010 09:41 433168]
S3 UDST7000HID;TechniSat - HID Driver;c:\windows\system32\drivers\UDST7000HID.sys [07.04.2010 09:45 23568]
S3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\drivers\UDXTTM6010.sys [11.06.2010 13:54 762232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 10:18]
.
2012-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-10-19 c:\windows\Tasks\chkdsk.job
- c:\windows\system32\chkdsk.exe [2006-02-28 12:00]
.
2012-10-19 c:\windows\Tasks\ConfigExec.job
- c:\programme\Microsoft Fix it Center\MatsApi.dll [2011-06-13 21:09]
.
2012-10-19 c:\windows\Tasks\DataUpload.job
- c:\programme\Microsoft Fix it Center\MatsApi.dll [2011-06-13 21:09]
.
2012-10-15 c:\windows\Tasks\defrag c.job
- c:\windows\system32\defrag.exe [2006-02-28 06:52]
.
2012-10-16 c:\windows\Tasks\defrag e.job
- c:\windows\system32\defrag.exe [2006-02-28 06:52]
.
2012-10-17 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\programme\Defraggler\df.exe [2012-06-06 13:14]
.
2012-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-2111687655-839522115-1003Core.job
- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2011-07-07 08:38]
.
2012-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-842925246-2111687655-839522115-1003UA.job
- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2011-07-07 08:38]
.
2012-10-18 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 09:23]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-09-14 09:46]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-09-14 09:46]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-2111687655-839522115-1003Core.job
- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-05-24 09:17]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-2111687655-839522115-1003UA.job
- c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-05-24 09:17]
.
2012-10-19 c:\windows\Tasks\User_Feed_Synchronization-{71A75AF1-91AA-4E48-92AC-66D2D0F5E0F1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://satonline.ch/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI45B7~1\Office14\EXCEL.EXE/3000
Trusted Zone: secunia.com\psi
TCP: DhcpNameServer = 77.245.176.98 77.245.176.99
TCP: Interfaces\{096955B2-F836-4E91-8467-3BC3EA02BFF2}: NameServer = 192.168.0.2
DPF: {075B975E-4FFE-4491-9DDA-C8D367ECFE1E} - hxxp://192.168.0.111/adm/DDCAlertCfg.cab
DPF: {D4A5D384-6C53-4F3A-8A4F-5BA0D6A654A9} - hxxp://192.168.0.111/img/DDCViewer.cab
FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\qyyipvgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.satonline.ch/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8CD8EA48-D284-477E-B6DF-85D1E39D855F} - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-19 10:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="4D478BFAB115D7F1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933A6A0AC4980AC79334BBA300F5A98C20E1C82BBAB262F5BB7290CA504C9FD2F54819212CAD82D7B8C046E0C024C5772BF4274039BA10E3781EF9ECB619E25EEF768FD3A3312D75E7842894691B63816806E34C300196C3578EBD526A995C2B4C88B66DBE3DC93C5BC407D2EF695E9C13A8435BD3D810F2A434ACF868DBB5233CAFE2AF57AFEACE5DB1C8E135A0631CA8B4C4232AAF0CEAC3C9CF73EB140DE6436BD008E886206B80AD8D64C5D4CE3CA4470796914A3979771D413A6AFF88A83F524ECAE959515FA305CC133924F6EA06A814CACB97A690A26CD369B94608A902AF34E611A49E52EE8F011A4FE99CD6DB872004BD0795867D0434E7B6091A74FA55253B885D39597874559839F5998981B19AF1800C60DD61BD3982B0ACC41496F4900C7B73056BF0E6D02B5E362F34CB333C7E863B0C3C2E406A89078F8C5C8C346AB29887A6F73B65CCA23ACAB9C75D75F0A988C254DDBBEC1E4990A1E3C5F139903F742763A456DEE41B9D2CFDFC691208D867D390D93F15388B31069BD61FE7984D52108A50A52634C6CA00DA1361EDD3A952FA37B2276EA21544EAAF6E660000567D83BB2D9BADA24B0D5475A7FEFE3502B8EC126037C9C1371FDD729CAC2A82C540EBCF892AE5DD5FEA485149E2BE05FB2F8132B7465611488CC892BAD6557744ADC5E22566AD4C15634F2EFD629E84E1BC53B407A49952F98DB7C6474BACF30F85196EC88DF0E9B371F5C9E2E78F25656BA81ACDA707AC3A43F91D247EC3B8096EDFEAB5232BDEDA8F5B6E7EEDADB05DA94D24EA2DAB20335024E0891D427DED9A8D4C322B9F815333A972927C4E03EA403BE931FBB47F5D41EDB280403069601EB7BB02983BAC1E463BB5029DF26B431ABF8036477A5759407856E12BAACC74B16777FDAD0E0784E5D00DF890B34F383A35933C9AA1C3186A1BC26F47454E47EF8F25372152E910706E770A45674D922F9DB4FE923E1ABC34518B1A8DA1A38E35ABC616BF949BAA7B01CAC1887B818182CA09A25628C3B67C04E066C4E80DA46F3C6F588DABB75CD2565D34519B23373B06C679CA09A8C11D4BD2C44606CBDF773256D4EC874939B1DB2B853B77907C76D251FB948EB1CE3B4E6C2F9DBA624CB7C133B84874641B64818442CC40ABFAABED8BCA57543BD080CEE7998395C279CA36FE4B991E77948CA4CEFFCD6C25F38763551507DCB18A9F59C16EF292131C473BA85BE11F10DFCB9284C383667BB0DD61000ED6510A67805DF72958F6782A66A9ACA29E7E4218821ADFB94E01F7F4C18DF83F3E80136263D487BDF030AAF27F9D976D12B212E20FE7EB58C08"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\wdokannp.dll
.
- - - - - - - > 'lsass.exe'(804)
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(6092)
c:\programme\Google\Drive\googledrivesync32.dll
c:\programme\Wuala OverlayIcons\OverlayIcon.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Stickies\shook70.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\wdokannp.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programme\Tablet\Pen\Pen_TouchUser.exe
c:\programme\SGFX\sgfxagt.exe
c:\programme\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\fxssvc.exe
c:\programme\TeamViewer\Version7\TeamViewer.exe
c:\programme\TeamViewer\Version7\tv_w32.exe
c:\windows\RTHDCPL.EXE
c:\programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\javaw.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-19 10:10:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-19 09:10
.
Vor Suchlauf: 44 Verzeichnis(se), 75'581'763'584 Bytes frei
Nach Suchlauf: 47 Verzeichnis(se), 75'852'369'920 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 1BD87F6D79B4304DA06AE3047BE70BC7
|
|
19.10.2012, 10:56
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jumi.exe greift in Registry auf seltsame Einträge zu Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> Jumi.exe greift in Registry auf seltsame Einträge zu |
|
19.10.2012, 11:50
| #22 |
| | Jumi.exe greift in Registry auf seltsame Einträge zu OK, hier das GMER Log Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-19 12:50:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 WDC_WD2500AAJS-00L7A0 rev.01.03E01
Running: z44vrk3p.exe; Driver: C:\DOKUME~1\Adi\LOKALE~1\Temp\fgryypod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for for XP32/Panda Security, S.L.) ZwTerminateProcess [0xB39786B0]
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB796A3C0, 0x95AECA, 0xE8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB347C400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB351E420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB351E420]
.protectÿÿÿÿhardlockunknown last code section [0xB351E200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB351E200, 0x5049, 0xE0000020]
? C:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Ip NNSPihs.sys (Process Info Hook Server/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp NNSPihs.sys (Process Info Hook Server/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp NNSPihs.sys (Process Info Hook Server/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp NNSPihs.sys (Process Info Hook Server/Panda Security, S.L.)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV 4D478BFAB115D7F1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933A6A0AC4980AC79334BBA300F5A98C20E1C82BBAB262F5BB7290CA504C9FD2F54819212CAD82D7B8C046E0C024C5772BF4274039BA10E3781EF9ECB619E25EEF768FD3A3312D75E7842894691B63816806E34C300196C3578EBD526A995C2B4C88B66DBE3DC93C5BC407D2EF695E9C13A8435BD3D810F2A434ACF868DBB5233CAFE2AF57AFEACE5DB1C8E135A0631CA8B4C4232AAF0CEAC3C9CF73EB140DE6436BD008E886206B80AD8D64C5D4CE3CA4470796914A3979771D413A6AFF88A83F524ECAE959515FA305CC133924F6EA06A814CACB97A690A26CD369B94608A902AF34E611A49E52EE8F011A4FE99CD6DB872004BD0795867D0434E7B6091A74FA55253B885D39597874559839F5998981B19AF1800C60DD61BD3982B0ACC41496F4900C7B73056BF0E6D02B5E362F34CB333C7E863B0C3C2E406A89078F8C5C8C346AB29887A6F73B65CCA23ACAB9C75D75F0A988C254DDBBEC1E4990A1E3C5F139903F742763A456DEE41B9D2CFDFC691208D867D390D93F15388B31069BD61FE7984D52108A50A52634C6CA00DA1361EDD3A952FA37B2276EA21544EAAF6E660000567D83BB2D9BADA24B0D5475A7FE
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E984FC2-D558-2898-3695-7EE8C7ADE641}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E984FC2-D558-2898-3695-7EE8C7ADE641}@iagbjamaaoogiolfgg 0x63 0x61 0x61 0x6C ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:56:11 on 19.10.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Google Inc. Google Chrome 23.0.1271.40 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl "Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) "Avira AntiVir PersonalEdition Classic " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) "Bamboo" - "Wacom Technology, Corp." - C:\Programme\Tablet\Pen\Consumer_CPL.exe "CplMCDec" - "MainConcept AG" - C:\WINDOWS\System32\CplMCDec.cpl "CplMCDec_x86" - ? - C:\WINDOWS\SysWOW64\CplMCDec.cpl (File not found) "PavCPL" - ? - C:\WINDOWS\system32\pavcpl.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP2.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "%Jumi%" (jumi) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\System32\DRIVERS\jumi.sys " ST7000BDA.FriendlyName%" (UDST7000BDA) - "TechniSat Digital S.A." - C:\WINDOWS\System32\Drivers\UDST7000BDA.sys "adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys "AsIO" (AsIO) - ? - C:\WINDOWS\System32\drivers\AsIO.sys (File found, but it contains no detailed information) "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys "bdftdif_bs" (bdftdif_bs) - "BitDefender LLC" - C:\Programme\BitDefender\TrafficLight\bdftdif.sys "Bluetooth Audio Service" (BlueletAudio) - ? - C:\WINDOWS\System32\DRIVERS\blueletaudio.sys (File not found) "Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\DRIVERS\vbtenum.sys (File not found) "Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\WINDOWS\System32\Drivers\BTHidMgr.sys (File not found) "Bluetooth PAN Network Adapter" (BT) - ? - C:\WINDOWS\System32\DRIVERS\btnetdrv.sys (File not found) "Bluetooth USB For Bluetooth Service" (Btcsrusb) - ? - C:\WINDOWS\System32\Drivers\btcusb.sys (File not found) "Bluetooth VComm Manager Service" (VcommMgr) - ? - C:\WINDOWS\System32\Drivers\VcommMgr.sys (File not found) "BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys "Camtools" (CAMTOOLS) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\CAMTOOLS.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cinergy Hybrid-Stick BDA service" (UDXTTM6010) - ? - C:\WINDOWS\System32\DRIVERS\UDXTTM6010.sys "Cinergy Hybrid-Stick HID service" (TTHID) - "DTV-DVB" - C:\WINDOWS\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys "cpuz135" (cpuz135) - ? - C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys (File not found) "DVDRC" (DVDRC) - ? - C:\WINDOWS\System32\drivers\DVDRC.sys (File not found) "efbDisk" (efbDisk) - ? - C:\WINDOWS\system32\drivers\efbDisk.sys (File not found) "EIO" (EIO) - "ASUSTeK Computer Inc." - C:\WINDOWS\system32\drivers\EIO.sys "Ekahau NDIS Usermode I/O Protocol" (Ekauio) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\ekauio.sys "ELTIMA Virtual Serial Ports Driver" (vserial) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vserial.sys "Enhanced Display Driver Helper Service" (asuskbnt) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\System32\drivers\atkkbnt.sys "fgryypod" (fgryypod) - ? - C:\DOKUME~1\user\LOKALE~1\Temp\fgryypod.sys (Hidden registry entry, rootkit activity | File not found) "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "GMSIPCI" (GMSIPCI) - ? - D:\INSTALL\GMSIPCI.SYS (File not found) "hotcore" (hotcore) - "Paragon Software Group" - C:\WINDOWS\System32\drivers\hotcore.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "Jukebox3" (Jukebox3) - ? - C:\WINDOWS\System32\DRIVERS\ctpdusb.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "LGE Mobile Composite USB Device" (usbbus) - "LG Electronics Inc." - C:\WINDOWS\System32\DRIVERS\lgusbbus.sys "LGE Mobile USB Modem" (USBModem) - "LG Electronics Inc." - C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys "Logitech Beep Suppression Driver" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys "Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys "mbr" (mbr) - ? - C:\DOKUME~1\user\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\WINDOWS\System32\drivers\npf.sys "NNSAlpc" (NNSALPC) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys "NNSHttp" (NNSHTTP) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSHttp.sys "NNSids" (NNSIDS) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSIds.sys "NNSPicc" (NNSPICC) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSPicc.sys "NNSPihs" (NNSPIHS) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSPihs.sys "NNSPop3" (NNSPOP3) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSPop3.sys "NNSProt" (NNSPROT) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSProt.sys "NNSPrv" (NNSPRV) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSPrv.sys "NNSSmtp" (NNSSMTP) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys "NNSStrm" (NNSSTRM) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSStrm.sys "NNSTlsc" (NNSTLSC) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys "PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\Drivers\PCASp50.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PORTMON" (PORTMON) - ? - E:\Downloads\SysinternalsSuite\PORTMSYS.SYS (File not found) "PSINAflt" (PSINAflt) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINAflt.sys "PSINFile" (PSINFile) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINFile.sys "PSINKNC" (PSINKNC) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\psinknc.sys "PSINProc" (PSINProc) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINProc.sys "PSINProt" (PSINProt) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINProt.sys "PSKMAD" (PSKMAD) - "Panda Security" - C:\WINDOWS\System32\DRIVERS\PSKMAD.sys "PsSdk41" (PsSdk41) - "microOLAP Technologies LTD" - C:\WINDOWS\system32\Drivers\pssdk41.sys "PSSDK42" (PSSDK42) - "microOLAP Technologies LTD" - C:\WINDOWS\system32\Drivers\pssdk42.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SCM DVB_CA_Module" (SCM_DVB) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\alphac.sys "SIoctl" (SIoctl) - "FarStone Technology, Inc." - c:\windows\system32\drivers\sioctl.sys "SIWIO" (SIWIO) - ? - C:\WINDOWS\TEMP\SiwIo.sys (File not found) "Soluto" (Soluto) - "Soluto LTD." - C:\WINDOWS\System32\DRIVERS\Soluto.sys "speedfan" (speedfan) - "Almico Software" - C:\WINDOWS\System32\speedfan.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TechniSat - HID Driver" (UDST7000HID) - "TechniSat Digital S.A." - C:\WINDOWS\System32\drivers\UDST7000HID.sys "TechniSat BDA USB 2.0 Driver" (TTUSB2BDA) - "TechnoTrend AG" - C:\WINDOWS\System32\DRIVERS\ttusb2bda.sys "TechniSat Mantis BDA HID Driver" (MtsHID) - "TechniSat Provide" - C:\WINDOWS\System32\drivers\MtsHID.sys "TechniSat SkyStar HD2" (MTSBDA) - "TechniSat Provide" - C:\WINDOWS\System32\Drivers\MtsBda.sys "TfBulk" (TfBulk) - "Topfield (visit www.topfield.co.kr)" - C:\WINDOWS\System32\DRIVERS\TfBulk.sys "Virtual Serial Bus Enumerator" (vsbus) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vsb.sys "Virtual Serial Bus Enumerator (Eltima Software)" (VSBC) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\evsbc.sys "Virtual Serial port driver" (VComm) - ? - C:\WINDOWS\System32\DRIVERS\VComm.sys (File not found) "Virtual Serial Ports Driver (Eltima Softwate)" (evserial) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\evserial.sys "VirtualBox Bridged Networking Service" (VBoxNetFlt) - "Oracle Corporation" - C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys "VirtualBox Host-Only Ethernet Adapter" (VBoxNetAdp) - "Oracle Corporation" - C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys "VirtualBox USB Monitor Driver" (VBoxUSBMon) - "Oracle Corporation" - C:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys "VirtualFD" (VirtualFD) - "Ken Kato" - E:\Downloads\vfd21-050404\vfd.sys "Virtueller Infrarot-Kommunikationsanschluß" (IrCOMM2k) - ? - C:\WINDOWS\System32\DRIVERS\ircomm2k.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "wDokan" (wDokan) - ? - C:\WINDOWS\system32\drivers\wdokan.sys "WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} "WOT Protocol" - "Against Intuition Oy" - C:\Programme\WOT\WOT.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Corporation" - C:\PROGRAMME\FOXIT SOFTWARE\Foxit Reader\Shell Extensions\FoxitPrevhost.exe {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\Programme\IZArc\IZArcCM.dll {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - C:\Programme\IZArc\IZArcCM.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {44176360-2BBF-4EC1-93CE-384B8681A0BC} "SDECon32" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} "XnViewShell Class" - ? - C:\Programme\XnView\ShellEx\XnViewShellExt.dll Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Notizbuch" - ? - C:\Programme\Google\Google Notebook\gnotes1.0.2.19--829265261.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "WOT" - "Against Intuition Oy" - C:\Programme\WOT\WOT.dll <binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? - (File not found | COM-object registry key not found) <binary data> "{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {075B975E-4FFE-4491-9DDA-C8D367ECFE1E} "AlertCfg Control" - ? - C:\WINDOWS\system32\DDCALE~1.OCX / hxxp://192.168.0.111/adm/DDCAlertCfg.cab {238F6F83-B8B4-11CF-8771-00A024541EE3} "Citrix ICA Client" - "Citrix Systems, Inc." - C:\Progra~1\Citrix\icaweb32\WFICA.OCX / hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "Installation Support" - "Yahoo! Inc." - C:\Programme\Yahoo!\Common\Yinsthelper.dll / C:\Programme\Yahoo!\Common\Yinsthelper.dll {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.5.0_14" - ? - C:\Programme\Java\jre1.5.0_14\bin\npjpi150_14.dll (File not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340442498046 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir_1166636.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_287.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab {D4A5D384-6C53-4F3A-8A4F-5BA0D6A654A9} "Viewer Control" - ? - C:\WINDOWS\system32\DDCVIE~1.OCX / hxxp://192.168.0.111/img/DDCViewer.cab {0D41B8C5-2599-4893-8183-00195EC8D5F9} "{0D41B8C5-2599-4893-8183-00195EC8D5F9}" - ? - (File not found | COM-object registry key not found) / hxxp://support.asus.com/common/asusTek_sys_ctrl.cab {27527D31-447B-11D5-A46E-0001023B4289} "{27527D31-447B-11D5-A46E-0001023B4289}" - ? - (File not found | COM-object registry key not found) / hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} "{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}" - ? - (File not found | COM-object registry key not found) / hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab {5ED80217-570B-4DA9-BF44-BE107C0EC166} "{5ED80217-570B-4DA9-BF44-BE107C0EC166}" - ? - (File not found | COM-object registry key not found) / hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab {87BE3784-6977-4E84-AA08-55A96B9CEAC5} "{87BE3784-6977-4E84-AA08-55A96B9CEAC5}" - ? - (File not found | COM-object registry key not found) / hxxp://192.168.0.253/bl_camera.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}" - ? - (File not found | COM-object registry key not found) / hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} "{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}" - ? - (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Add to TimeLeft Auction Watch" - ? - C:\Programme\TimeLeft3\TLIntergIE.html {21196042-830F-419f-A594-F9D456A6C29A} "Add to TimeLeft Auction Watch" - ? - (File not found | COM-object registry key not found) {9999A076-A9E2-4C99-8A2B-632FC9429223} "Bonjour" - ? - (File not found | COM-object registry key not found) {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found | COM-object registry key not found) "ICQ7" - "ICQ, LLC." - C:\Programme\ICQ7.0\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {71576546-354D-41c9-AAE8-31F2EC22BF0D} "WOT" - "Against Intuition Oy" - C:\Programme\WOT\WOT.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} "&Google Notebook" - ? - C:\Programme\Google\Google Notebook\gnotes1.0.2.19--829265261.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E1499FE7-129D-4B6E-B681-DDF21E14172C} "BHOImpl Class" - "iTools.hk" - E:\iTools\Plugin\iToolsBHO.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} "WOT Helper" - "Against Intuition Oy" - C:\Programme\WOT\WOT.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "49B70E52B1DFEA569026EA1423E2B1DF7697BAC7._service_run" - "Google Inc." - "C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" --type=service "Facebook Update" - "Facebook Inc." - "C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "FileHippo.com" - "FileHippo.com" - "C:\Programme\FileHippo.com\UpdateChecker.exe" /background "GoogleDriveSync" - "Google" - "C:\Programme\Google\Drive\googledrivesync.exe" /autostart "Growl" - "element code project" - C:\Programme\Growl for Windows\Growl.exe "Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized "TomTomHOME.exe" - "TomTom" - "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart "EvtMgr6" - "Logitech, Inc." - C:\Programme\Logitech\SetPointP\SetPoint.exe /launchGaming "HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "PC Monitor Operations" - "MMSOFT Design Ltd." - "C:\Programme\PC Monitor\pcmontask.exe" "PSUAMain" - "Panda Security, S.L." - "C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SgfxConfig" - ? - "C:\Programme\SGFX\sgfxconfig.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "ToolBoxFX" - "HP" - "C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll "WDokanNP" - ? - C:\WINDOWS\System32\wdokannp.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL "HP DriverMon LJ3390" - "Hewlett-Packard" - C:\WINDOWS\system32\hppaecpm.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\hptcpmon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "ATK Keyboard Service" (ATKKeyboardService) - "ASUSTeK COMPUTER INC." - C:\WINDOWS\ATKKBService.exe "BitDefender TrafficLight Service" (bsserv) - "BitDefender" - C:\Programme\BitDefender\TrafficLight\bsserv.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update-Dienst (gupdate1c98787d26b2d06)" (gupdate1c98787d26b2d06) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jqs.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Automated Troubleshooting Service" (MatSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Fix it Center\Matsvc.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Panda Cloud Antivirus Service" (NanoServiceMain) - "Panda Security, S.L." - C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe "Panda Product Service" (PSUAService) - "Panda Security, S.L." - C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe "PC Monitor" (PC Monitor) - "MMSOFT Design Ltd." - C:\Programme\PC Monitor\PCMonitorSrv.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Programme\WinPcap\rpcapd.exe "SGFX Manager" (SGFXMgr) - "SMSC" - C:\Programme\SGFX\sgfxmgr.exe "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe "Soluto PCGenome Core Service" (SolutoService) - "Soluto" - C:\Programme\Soluto\SolutoService.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe "TabletServicePen" (TabletServicePen) - "Wacom Technology, Corp." - C:\Programme\Tablet\Pen\Pen_Tablet.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe "Wacom Consumer Touch Service" (TouchServicePen) - "Wacom Technology, Corp." - C:\Programme\Tablet\Pen\Pen_TouchService.exe "wDokanMounter" (wDokanMounter) - ? - C:\Programme\Wuala Dokan\mounter.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-19 12:58:50
-----------------------------
12:58:50.453 OS Version: Windows 5.1.2600 Service Pack 3
12:58:50.453 Number of processors: 2 586 0x407
12:58:50.453 ComputerName: ADRIAN-OFFICE UserName: Adi
12:58:51.609 Initialize success
13:17:07.062 AVAST engine defs: 12101900
13:19:19.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
13:19:19.281 Disk 0 Vendor: WDC_WD2500AAJS-00L7A0 01.03E01 Size: 238475MB BusType: 3
13:19:19.281 Disk 0 MBR read successfully
13:19:19.281 Disk 0 MBR scan
13:19:19.328 Disk 0 Windows XP default MBR code
13:19:19.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 138474 MB offset 63
13:19:19.328 Disk 0 Partition - 00 0F Extended LBA 99998 MB offset 283595445
13:19:19.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 283595508
13:19:19.359 Disk 0 scanning sectors +488392065
13:19:19.437 Disk 0 scanning C:\WINDOWS\system32\drivers
13:19:34.546 Service scanning
13:19:38.968 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
13:19:56.671 Modules scanning
13:20:06.484 Disk 0 trace - called modules:
13:20:06.515 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
13:20:06.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac80ab8]
13:20:06.531 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x8acaab00]
13:20:09.906 AVAST engine scan C:\WINDOWS
13:20:19.437 AVAST engine scan C:\WINDOWS\system32
13:24:54.109 AVAST engine scan C:\WINDOWS\system32\drivers
13:25:11.640 AVAST engine scan C:\Dokumente und Einstellungen\User
13:41:35.109 AVAST engine scan C:\Dokumente und Einstellungen\All Users
13:44:55.875 Scan finished successfully
13:54:12.171 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\User\Desktop\MBR.dat"
13:54:12.171 The log file has been saved successfully to "C:\Dokumente und Einstellungen\User\Desktop\aswMBR.txt"
|
|
19.10.2012, 14:36
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jumi.exe greift in Registry auf seltsame Einträge zuCode:
ATTFilter "%Jumi%" (jumi) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\System32\DRIVERS\jumi.sys
Wenn nicht, mit OSAM deaktivieren und löschen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2012, 15:30
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jumi.exe greift in Registry auf seltsame Einträge zu Ja einiges musste entfernt werden aber ich weiß nicht ob das durch deinen jumi unbedingt gekommen ist Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.10.2012, 10:07
| #26 |
| | Jumi.exe greift in Registry auf seltsame Einträge zu OK SUPERAntiSpyware scheint noch was gefunden zu haben: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/19/2012 at 07:57 PM
Application Version : 5.6.1012
Core Rules Database Version : 9436
Trace Rules Database Version: 7248
Scan type : Complete Scan
Total Scan Time : 03:19:09
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 1031
Memory threats detected : 0
Registry items scanned : 43244
Registry threats detected : 0
File items scanned : 323067
File threats detected : 111
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\User\Cookies\0WZZEIZN.txt [ /invitemedia.com ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QYYIPVGF.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QYYIPVGF.DEFAULT\COOKIES.SQLITE ]
.findpeopleonplus.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.blogads.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.idgenterprise.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.interdiscount.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interdiscount.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interdiscount.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.protectmediaonline.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.protectmediaonline.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymediakabelbwforum.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.click-business.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.click-business.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gettyimages.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.examinercom.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.led-discount.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.led-discount.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.digital-eliteboard.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.digital-eliteboard.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
webstat.delti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.satmedia.info [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.satmedia.info [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.digital-eliteboard.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.digital-eliteboard.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dream-multimedia-tv.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dream-multimedia-tv.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dream-multimedia-tv.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dream-multimedia-tv.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracker.vinsight.de [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.whatsapp.filshmedia.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.whatsapp.filshmedia.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mapinsight.teleatlas.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mapinsight.teleatlas.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaserver.digitec.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.ch [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\User\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\NETWORKSERVICE\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-Dropper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A5CB7995-834E-4D72-BAAF-ADD9881761D2}\RP1280\A0252715.EXE
Trojan.Agent/Gen-Multi
C:\WINDOWS\SYSTEM32\COOLXPCHECK.OCX
C:\WINDOWS\SYSTEM32\COOLXPOPTION.OCX
NotHarmful.Sysinternals Bluescreen Screen Saver
E:\DOWNLOADS\BLUESCREEN\SYSINTERNALSBLUESCREEN.SCR
ZIP ARCHIVE( E:\DOWNLOADS\BLUESCREEN.ZIP )/SYSINTERNALSBLUESCREEN.SCR
E:\DOWNLOADS\BLUESCREEN.ZIP
PUP.CNETInstaller
E:\DOWNLOADS\CNET2_MAILATTACHMENTDOWNLOADERINSTALL_ZIP.EXE
Adware.Somoto
E:\DOWNLOADS\IZARCINSTALL.EXE
|
|
21.10.2012, 12:11
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jumi.exe greift in Registry auf seltsame Einträge zu Das sind viele Fehlalarme bei gewesen Sieht ok aus, da wurden ansonsten nur Cookies gefunden, die können alle weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 08:35
| #28 |
| | Jumi.exe greift in Registry auf seltsame Einträge zu OK hier noch das Malwarebytes Log. Wenn soweit alles i.O. ist werd ich noch die Cookies rausschmeissen. Und ein entsprechendes Hostfile hole. Vielen Dank für die grossartige Unterstützung! Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.20.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-PC 20.10.2012 11:13:37 mbam-log-2012-10-22 (09-24-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 519733 Laufzeit: 2 Stunde(n), 20 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Programme\Cain\Abel64.exe (HackTool.Cain) -> Keine Aktion durchgeführt. C:\Programme\DVBViewer TE2\update.exe (Spyware.Zbot) -> Keine Aktion durchgeführt. E:\Downloads\IZArcInstall.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. (Ende) |
|
22.10.2012, 11:31
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Jumi.exe greift in Registry auf seltsame Einträge zu Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Jumi.exe greift in Registry auf seltsame Einträge zu |
| antivirus, cloud, cloud antivirus, einträge, festplatte, greift, interne, internet, jumi.exe, jumitech, microsoft, monitor, nichts, panda, platte, process, programm, registry, seltsame, software, starke, steuern, version, virtuelle, windows, woche, wochen, zugriff |
Linear-Darstellung
