| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.10.2012, 12:22
| #1 |
 |  Bundespolizei Trojaner Hallo, als ich heute im Internet gesurft habe, hat sich plötzlich mein laptop gesperrt. Auf der erschienenen Seite ist vom System der automatischen Informationskontrolle die Rede. Außerdem befindet sich das Zeichen der Bundespolizei auf der Ansicht. Gegen eine Zahlung von 100 Euro würde die Sperrung wieder aufgehoben. Bei der Suche im Internet bin ich schnell auf diese web-site gestoßen. Hab mir einige verwandte Themen angeschaut. Habe den laptop im gesicherten Modus gestartet, kann aber nicht auf das Internet zugreifen. Ich wäre euch sehr dankbar, wenn ihr mir bei meinem Problem behilflich sein könntet.  |
|
26.10.2012, 14:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
26.10.2012, 16:42
| #3 |
| | Bundespolizei Trojaner Schon mal danke soweit!
__________________Habe jetzt die otl und die extra Textdatei. |
|
26.10.2012, 21:45
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Bitte ein Log mit CF machen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.10.2012, 03:53
| #5 |
| | Bundespolizei Trojaner im Anhang gibts die entstandene Textdatei. viele Grüße. |
|
27.10.2012, 14:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Bitte die Logs nur als Anhang posten und dann gezippt wenn sie sonst zu groß sind! Die nächsten Logs bitte direkt in den Beitrag! Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\programdata\cgilxbkpqlmaowl
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Bundespolizei Trojaner |
|
27.10.2012, 15:08
| #7 |
| | Bundespolizei Trojaner Nachdem ich das CFSkript erstellt und auf die cofi.exe gezogen habe, kommt folgende Meldung: Achtung!! ComboFix hat festgestellt das folgende Real-Time-Scanner aktiv sind: antivirus: Avira Desktop antispyware: Avira Desktop Ich bekomme diesen Avira Desktop irgendwie nicht deaktiviert. Hab vorübergehend Avira komplett deinstalliert und alles was ich gefunden habe entfernt. Die Fehlermeldung taucht trotzdem auf. |
|
27.10.2012, 19:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Wenn es deinstalliert ist kannst du die Meldung ignorieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2012, 22:38
| #9 |
| | Bundespolizei Trojaner die Meldung war wieder da, hab aber Combofix ausgeführt. [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-26.05 - *** 27.10.2012 23:08:49.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4092.3393 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cgilxbkpqlmaowl
c:\programdata\cgilxbkpqlmaowl\btn-green.png
c:\programdata\cgilxbkpqlmaowl\corners-btn.png
c:\programdata\cgilxbkpqlmaowl\corners1.png
c:\programdata\cgilxbkpqlmaowl\corners2.png
c:\programdata\cgilxbkpqlmaowl\corners3.png
c:\programdata\cgilxbkpqlmaowl\corners4.png
c:\programdata\cgilxbkpqlmaowl\de-flag.png
c:\programdata\cgilxbkpqlmaowl\de-image.png
c:\programdata\cgilxbkpqlmaowl\ie6-7.css
c:\programdata\cgilxbkpqlmaowl\jquery.main.js
c:\programdata\cgilxbkpqlmaowl\main.html
c:\programdata\cgilxbkpqlmaowl\McAfee.png
c:\programdata\cgilxbkpqlmaowl\pays-de.png
c:\programdata\cgilxbkpqlmaowl\steps-de.png
c:\programdata\cgilxbkpqlmaowl\steps-en.png
c:\programdata\cgilxbkpqlmaowl\style.css
c:\programdata\cgilxbkpqlmaowl\tabs.png
c:\programdata\cgilxbkpqlmaowl\wait.html
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-27 bis 2012-10-27 ))))))))))))))))))))))))))))))
.
.
2012-10-27 21:18 . 2012-10-27 21:18 -------- d-----w- c:\users\***\AppData\Local\temp
2012-10-27 21:18 . 2012-10-27 21:18 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-10-27 21:18 . 2012-10-27 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 10:00 . 2012-10-25 10:00 -------- d-----w- c:\users\***\AppData\Local\Chromium
2012-10-24 06:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57D95206-7EAD-4DE9-BE3F-8C898C6AB8FF}\mpengine.dll
2012-10-10 21:08 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 21:08 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 21:08 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 21:08 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 21:08 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 21:08 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 21:08 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 21:08 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 21:08 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 21:08 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 21:08 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 01:08 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-08-24 11:15 . 2012-09-26 01:03 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-26 01:03 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-26 01:03 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-26 01:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-26 01:03 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-26 01:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-26 01:03 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-26 01:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-26 01:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-26 01:03 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-26 01:03 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-26 01:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-26 01:03 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-26 01:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-26 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-26 01:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-26 01:03 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-26 01:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-26 01:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-26 01:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-26 01:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-26 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
c:\program files (x86)\DealPly\DealPlyIE.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-07-09 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-06-27 89088]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-27 c:\windows\Tasks\DMEPeriodicTask.job
- c:\program files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 06:17]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 16:19]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 16:19]
.
2012-10-23 c:\windows\Tasks\HPCeeScheduleFor***.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-31 13:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-23 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-06-27 443904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:64667
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100616090253
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Zeit der Fertigstellung: 2012-10-27 23:21:41
ComboFix-quarantined-files.txt 2012-10-27 21:21
ComboFix2.txt 2012-10-27 02:35
.
Vor Suchlauf: 17 Verzeichnis(se), 86.373.990.400 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 86.254.006.272 Bytes frei
.
- - End Of File - - 35279649FDC7FB0DF53670AB3FE9E96B
[\code] |
|
27.10.2012, 23:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2012, 00:23
| #11 |
| | Bundespolizei Trojaner an dieser Stelle schon mal vielen dank für die gute Hilfe! Vor allem, dass die einzelnen Schritte detailliert erklärt sind und von euch auch anschaulich dargestellt werden!  hier die aswMBR Textdatei: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-28 01:16:59
-----------------------------
01:16:59.567 OS Version: Windows x64 6.0.6002 Service Pack 2
01:16:59.567 Number of processors: 2 586 0xF0D
01:16:59.567 ComputerName: ***-PC UserName: ***
01:17:00.861 Initialize success
01:17:10.315 AVAST engine defs: 12102701
01:17:25.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:17:25.431 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40F Size: 238475MB BusType: 3
01:17:25.431 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
01:17:25.431 Disk 1 Vendor: Hitachi_HTS543225L9A300 FBEOC40F Size: 238475MB BusType: 3
01:17:25.447 Disk 0 MBR read successfully
01:17:25.447 Disk 0 MBR scan
01:17:25.447 Disk 0 unknown MBR code
01:17:25.463 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228312 MB offset 63
01:17:25.494 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10159 MB offset 467585024
01:17:25.525 Disk 0 scanning C:\Windows\system32\drivers
01:17:38.364 Service scanning
01:18:12.902 Modules scanning
01:18:12.902 Disk 0 trace - called modules:
01:18:12.933 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:18:12.949 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e46060]
01:18:12.949 3 CLASSPNP.SYS[fffffa6000a4ac33] -> nt!IofCallDriver -> [0xfffffa8004e441d0]
01:18:12.949 5 hpdskflt.sys[fffffa60019e80ee] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c144b0]
01:18:12.965 Scan finished successfully
01:18:40.109 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
01:18:40.124 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 01:31:26.0162 1828 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
01:31:26.0427 1828 ============================================================
01:31:26.0427 1828 Current date / time: 2012/10/28 01:31:26.0427
01:31:26.0427 1828 SystemInfo:
01:31:26.0427 1828
01:31:26.0427 1828 OS Version: 6.0.6002 ServicePack: 2.0
01:31:26.0427 1828 Product type: Workstation
01:31:26.0427 1828 ComputerName: ***-PC
01:31:26.0427 1828 UserName: ***
01:31:26.0427 1828 Windows directory: C:\Windows
01:31:26.0427 1828 System windows directory: C:\Windows
01:31:26.0427 1828 Running under WOW64
01:31:26.0427 1828 Processor architecture: Intel x64
01:31:26.0427 1828 Number of processors: 2
01:31:26.0427 1828 Page size: 0x1000
01:31:26.0427 1828 Boot type: Safe boot with network
01:31:26.0427 1828 ============================================================
01:31:27.0551 1828 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:31:29.0766 1828 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:31:29.0781 1828 ============================================================
01:31:29.0781 1828 \Device\Harddisk0\DR0:
01:31:29.0781 1828 MBR partitions:
01:31:29.0781 1828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDEC7C1
01:31:29.0781 1828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BDEC800, BlocksNum 0x13D7800
01:31:29.0781 1828 \Device\Harddisk1\DR1:
01:31:29.0781 1828 MBR partitions:
01:31:29.0781 1828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
01:31:29.0781 1828 ============================================================
01:31:29.0781 1828 C: <-> \Device\Harddisk0\DR0\Partition1
01:31:29.0813 1828 D: <-> \Device\Harddisk1\DR1\Partition1
01:31:29.0859 1828 E: <-> \Device\Harddisk0\DR0\Partition2
01:31:29.0859 1828 ============================================================
01:31:29.0859 1828 Initialize success
01:31:29.0859 1828 ============================================================
01:32:03.0649 1552 ============================================================
01:32:03.0649 1552 Scan started
01:32:03.0649 1552 Mode: Manual; SigCheck; TDLFS;
01:32:03.0649 1552 ============================================================
01:32:04.0117 1552 ================ Scan system memory ========================
01:32:04.0117 1552 System memory - ok
01:32:04.0117 1552 ================ Scan services =============================
01:32:04.0257 1552 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
01:32:04.0351 1552 Accelerometer - ok
01:32:04.0398 1552 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:32:04.0413 1552 ACPI - ok
01:32:04.0476 1552 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:32:04.0538 1552 adp94xx - ok
01:32:04.0538 1552 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:32:04.0569 1552 adpahci - ok
01:32:04.0569 1552 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:32:04.0585 1552 adpu160m - ok
01:32:04.0601 1552 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:32:04.0616 1552 adpu320 - ok
01:32:04.0663 1552 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:32:04.0819 1552 AeLookupSvc - ok
01:32:04.0913 1552 [ 7F66523A27754AFCFECAE2F5EB643A4A ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe
01:32:04.0991 1552 AESTFilters - ok
01:32:05.0069 1552 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
01:32:05.0131 1552 AFD - ok
01:32:05.0193 1552 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:32:05.0209 1552 agp440 - ok
01:32:05.0256 1552 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:32:05.0271 1552 aic78xx - ok
01:32:05.0287 1552 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
01:32:05.0474 1552 ALG - ok
01:32:05.0537 1552 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
01:32:05.0537 1552 aliide - ok
01:32:05.0552 1552 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
01:32:05.0552 1552 amdide - ok
01:32:05.0583 1552 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:32:05.0646 1552 AmdK8 - ok
01:32:05.0708 1552 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
01:32:05.0786 1552 Appinfo - ok
01:32:05.0802 1552 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
01:32:05.0817 1552 arc - ok
01:32:05.0833 1552 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:32:05.0849 1552 arcsas - ok
01:32:05.0895 1552 aspnet_state - ok
01:32:05.0927 1552 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:32:05.0973 1552 AsyncMac - ok
01:32:06.0020 1552 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
01:32:06.0036 1552 atapi - ok
01:32:06.0114 1552 ATICDSDr - ok
01:32:06.0176 1552 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:32:06.0239 1552 AudioEndpointBuilder - ok
01:32:06.0254 1552 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:32:06.0332 1552 AudioSrv - ok
01:32:06.0410 1552 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
01:32:06.0707 1552 BCM43XV - ok
01:32:06.0738 1552 Beep - ok
01:32:06.0800 1552 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
01:32:06.0863 1552 BFE - ok
01:32:06.0941 1552 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
01:32:07.0175 1552 BITS - ok
01:32:07.0221 1552 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:32:07.0284 1552 blbdrive - ok
01:32:07.0331 1552 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:32:07.0393 1552 bowser - ok
01:32:07.0424 1552 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:32:07.0471 1552 BrFiltLo - ok
01:32:07.0502 1552 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:32:07.0533 1552 BrFiltUp - ok
01:32:07.0596 1552 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
01:32:07.0658 1552 Browser - ok
01:32:07.0674 1552 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
01:32:07.0752 1552 Brserid - ok
01:32:07.0799 1552 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:32:07.0877 1552 BrSerWdm - ok
01:32:07.0908 1552 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:32:07.0986 1552 BrUsbMdm - ok
01:32:07.0986 1552 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:32:08.0048 1552 BrUsbSer - ok
01:32:08.0095 1552 [ 86F46C41F773DA5A4A1D221C9201E3B8 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
01:32:08.0126 1552 BthEnum - ok
01:32:08.0173 1552 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:32:08.0220 1552 BTHMODEM - ok
01:32:08.0251 1552 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:32:08.0313 1552 BthPan - ok
01:32:08.0360 1552 [ 422D812E231EC3A25F43A881061BE5A0 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
01:32:08.0423 1552 BTHPORT - ok
01:32:08.0454 1552 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
01:32:08.0516 1552 BthServ - ok
01:32:08.0547 1552 [ 1C24ADB844A910DAA2E2732E83A8F3D4 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
01:32:08.0594 1552 BTHUSB - ok
01:32:08.0610 1552 catchme - ok
01:32:08.0641 1552 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:32:08.0688 1552 cdfs - ok
01:32:08.0750 1552 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:32:08.0797 1552 cdrom - ok
01:32:08.0875 1552 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
01:32:08.0906 1552 CertPropSvc - ok
01:32:08.0937 1552 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:32:09.0000 1552 circlass - ok
01:32:09.0047 1552 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
01:32:09.0078 1552 CLFS - ok
01:32:09.0125 1552 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:32:09.0156 1552 clr_optimization_v2.0.50727_32 - ok
01:32:09.0234 1552 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:32:09.0249 1552 clr_optimization_v2.0.50727_64 - ok
01:32:09.0359 1552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:32:09.0405 1552 clr_optimization_v4.0.30319_32 - ok
01:32:09.0437 1552 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:32:09.0468 1552 clr_optimization_v4.0.30319_64 - ok
01:32:09.0499 1552 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:32:09.0561 1552 CmBatt - ok
01:32:09.0593 1552 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:32:09.0593 1552 cmdide - ok
01:32:09.0702 1552 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
01:32:09.0717 1552 Com4QLBEx - ok
01:32:09.0733 1552 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:32:09.0733 1552 Compbatt - ok
01:32:09.0749 1552 COMSysApp - ok
01:32:09.0764 1552 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:32:09.0780 1552 crcdisk - ok
01:32:09.0827 1552 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:32:09.0889 1552 CryptSvc - ok
01:32:10.0029 1552 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:32:10.0076 1552 cvhsvc - ok
01:32:10.0154 1552 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
01:32:10.0217 1552 DcomLaunch - ok
01:32:10.0263 1552 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:32:10.0326 1552 DfsC - ok
01:32:10.0466 1552 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
01:32:11.0106 1552 DFSR - ok
01:32:11.0199 1552 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:32:11.0262 1552 Dhcp - ok
01:32:11.0309 1552 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
01:32:11.0324 1552 disk - ok
01:32:11.0371 1552 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:32:11.0402 1552 Dnscache - ok
01:32:11.0418 1552 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
01:32:11.0480 1552 dot3svc - ok
01:32:11.0558 1552 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
01:32:11.0605 1552 Dot4 - ok
01:32:11.0652 1552 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:32:11.0699 1552 Dot4Print - ok
01:32:11.0714 1552 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
01:32:11.0761 1552 dot4usb - ok
01:32:11.0808 1552 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
01:32:11.0870 1552 DPS - ok
01:32:11.0933 1552 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:32:11.0979 1552 drmkaud - ok
01:32:12.0042 1552 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:32:12.0089 1552 DXGKrnl - ok
01:32:12.0120 1552 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
01:32:12.0182 1552 E1G60 - ok
01:32:12.0260 1552 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
01:32:12.0323 1552 EapHost - ok
01:32:12.0369 1552 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
01:32:12.0385 1552 Ecache - ok
01:32:12.0432 1552 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:32:12.0463 1552 ehRecvr - ok
01:32:12.0494 1552 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
01:32:12.0525 1552 ehSched - ok
01:32:12.0557 1552 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
01:32:12.0619 1552 ehstart - ok
01:32:12.0650 1552 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:32:12.0681 1552 elxstor - ok
01:32:12.0728 1552 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:32:12.0869 1552 EMDMgmt - ok
01:32:12.0915 1552 [ 3A70DC8951B995C73A22B9A23210833E ] enecir C:\Windows\system32\DRIVERS\enecir.sys
01:32:12.0978 1552 enecir - ok
01:32:13.0009 1552 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:32:13.0071 1552 ErrDev - ok
01:32:13.0134 1552 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
01:32:13.0181 1552 EventSystem - ok
01:32:13.0227 1552 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
01:32:13.0274 1552 exfat - ok
01:32:13.0274 1552 ezSharedSvc - ok
01:32:13.0337 1552 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:32:13.0383 1552 fastfat - ok
01:32:13.0446 1552 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:32:13.0493 1552 fdc - ok
01:32:13.0524 1552 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
01:32:13.0571 1552 fdPHost - ok
01:32:13.0602 1552 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
01:32:13.0680 1552 FDResPub - ok
01:32:13.0695 1552 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:32:13.0711 1552 FileInfo - ok
01:32:13.0742 1552 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:32:13.0773 1552 Filetrace - ok
01:32:13.0805 1552 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:32:13.0836 1552 flpydisk - ok
01:32:13.0883 1552 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:32:13.0898 1552 FltMgr - ok
01:32:13.0976 1552 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
01:32:14.0132 1552 FontCache - ok
01:32:14.0179 1552 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:32:14.0195 1552 FontCache3.0.0.0 - ok
01:32:14.0241 1552 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:32:14.0304 1552 Fs_Rec - ok
01:32:14.0351 1552 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:32:14.0366 1552 gagp30kx - ok
01:32:14.0444 1552 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
01:32:14.0460 1552 GameConsoleService - ok
01:32:14.0522 1552 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
01:32:14.0569 1552 gpsvc - ok
01:32:14.0694 1552 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:32:14.0709 1552 gupdate - ok
01:32:14.0725 1552 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:32:14.0741 1552 gupdatem - ok
01:32:14.0772 1552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:32:14.0787 1552 gusvc - ok
01:32:14.0850 1552 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:32:14.0912 1552 HdAudAddService - ok
01:32:14.0975 1552 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:32:15.0053 1552 HDAudBus - ok
01:32:15.0084 1552 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:32:15.0146 1552 HidBth - ok
01:32:15.0193 1552 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:32:15.0240 1552 HidIr - ok
01:32:15.0271 1552 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
01:32:15.0333 1552 hidserv - ok
01:32:15.0380 1552 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:32:15.0427 1552 HidUsb - ok
01:32:15.0474 1552 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
01:32:15.0521 1552 hkmsvc - ok
01:32:15.0583 1552 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
01:32:15.0614 1552 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
01:32:15.0614 1552 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
01:32:15.0661 1552 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:32:15.0677 1552 HpCISSs - ok
01:32:15.0692 1552 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
01:32:15.0708 1552 hpdskflt - ok
01:32:15.0895 1552 [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
01:32:15.0911 1552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
01:32:15.0911 1552 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
01:32:15.0942 1552 [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
01:32:15.0973 1552 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
01:32:15.0973 1552 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
01:32:16.0020 1552 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
01:32:16.0082 1552 HpqKbFiltr - ok
01:32:16.0160 1552 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
01:32:16.0176 1552 hpqwmiex - ok
01:32:16.0191 1552 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv C:\Windows\system32\Hpservice.exe
01:32:16.0254 1552 hpsrv - ok
01:32:16.0301 1552 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
01:32:16.0363 1552 HSFHWAZL - ok
01:32:16.0425 1552 [ E6CD7F641916484B0141D191A390D866 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
01:32:16.0613 1552 HSF_DPV - ok
01:32:16.0659 1552 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:32:16.0737 1552 HTTP - ok
01:32:16.0800 1552 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:32:16.0815 1552 i2omp - ok
01:32:16.0831 1552 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:32:16.0878 1552 i8042prt - ok
01:32:16.0909 1552 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:32:16.0925 1552 iaStorV - ok
01:32:16.0987 1552 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:32:17.0018 1552 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:32:17.0018 1552 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:32:17.0127 1552 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:32:17.0159 1552 idsvc - ok
01:32:17.0190 1552 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:32:17.0205 1552 iirsp - ok
01:32:17.0268 1552 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
01:32:17.0330 1552 IKEEXT - ok
01:32:17.0377 1552 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
01:32:17.0377 1552 intelide - ok
01:32:17.0393 1552 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:32:17.0455 1552 intelppm - ok
01:32:17.0471 1552 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:32:17.0533 1552 IPBusEnum - ok
01:32:17.0595 1552 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:32:17.0642 1552 IpFilterDriver - ok
01:32:17.0689 1552 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:32:17.0767 1552 iphlpsvc - ok
01:32:17.0767 1552 IpInIp - ok
01:32:17.0814 1552 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:32:17.0845 1552 IPMIDRV - ok
01:32:17.0876 1552 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:32:17.0923 1552 IPNAT - ok
01:32:17.0939 1552 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:32:18.0001 1552 IRENUM - ok
01:32:18.0048 1552 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:32:18.0048 1552 isapnp - ok
01:32:18.0095 1552 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:32:18.0110 1552 iScsiPrt - ok
01:32:18.0126 1552 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:32:18.0141 1552 iteatapi - ok
01:32:18.0157 1552 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:32:18.0173 1552 iteraid - ok
01:32:18.0219 1552 [ B0D2C287C3D65036D927016959142517 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
01:32:18.0266 1552 JMCR - ok
01:32:18.0297 1552 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:32:18.0313 1552 kbdclass - ok
01:32:18.0344 1552 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:32:18.0391 1552 kbdhid - ok
01:32:18.0438 1552 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
01:32:18.0485 1552 KeyIso - ok
01:32:18.0531 1552 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:32:18.0563 1552 KSecDD - ok
01:32:18.0578 1552 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:32:18.0641 1552 ksthunk - ok
01:32:18.0703 1552 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
01:32:18.0781 1552 KtmRm - ok
01:32:18.0843 1552 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
01:32:18.0859 1552 LanmanServer - ok
01:32:18.0906 1552 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:32:18.0984 1552 LanmanWorkstation - ok
01:32:19.0062 1552 [ 984ECB68ED2A2B2E6A544E87E24FBA2D ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:32:19.0062 1552 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
01:32:19.0062 1552 LightScribeService - detected UnsignedFile.Multi.Generic (1)
01:32:19.0093 1552 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:32:19.0140 1552 lltdio - ok
01:32:19.0202 1552 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:32:19.0265 1552 lltdsvc - ok
01:32:19.0280 1552 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:32:19.0343 1552 lmhosts - ok
01:32:19.0374 1552 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:32:19.0389 1552 LSI_FC - ok
01:32:19.0389 1552 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:32:19.0405 1552 LSI_SAS - ok
01:32:19.0421 1552 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:32:19.0436 1552 LSI_SCSI - ok
01:32:19.0452 1552 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
01:32:19.0514 1552 luafv - ok
01:32:19.0577 1552 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:32:19.0592 1552 Mcx2Svc - ok
01:32:19.0686 1552 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
01:32:19.0701 1552 megasas - ok
01:32:19.0920 1552 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
01:32:19.0951 1552 MegaSR - ok
01:32:20.0013 1552 Microsoft SharePoint Workspace Audit Service - ok
01:32:20.0029 1552 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
01:32:20.0091 1552 MMCSS - ok
01:32:20.0123 1552 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
01:32:20.0169 1552 Modem - ok
01:32:20.0201 1552 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:32:20.0263 1552 monitor - ok
01:32:20.0294 1552 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:32:20.0310 1552 mouclass - ok
01:32:20.0325 1552 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:32:20.0372 1552 mouhid - ok
01:32:20.0388 1552 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:32:20.0388 1552 MountMgr - ok
01:32:20.0403 1552 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
01:32:20.0419 1552 mpio - ok
01:32:20.0435 1552 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:32:20.0481 1552 mpsdrv - ok
01:32:20.0528 1552 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
01:32:20.0591 1552 MpsSvc - ok
01:32:20.0637 1552 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:32:20.0653 1552 Mraid35x - ok
01:32:20.0684 1552 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:32:20.0731 1552 MRxDAV - ok
01:32:20.0762 1552 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:32:20.0793 1552 mrxsmb - ok
01:32:20.0840 1552 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:32:20.0887 1552 mrxsmb10 - ok
01:32:20.0903 1552 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:32:20.0949 1552 mrxsmb20 - ok
01:32:20.0996 1552 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
01:32:21.0012 1552 msahci - ok
01:32:21.0027 1552 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:32:21.0043 1552 msdsm - ok
01:32:21.0059 1552 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
01:32:21.0121 1552 MSDTC - ok
01:32:21.0152 1552 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:32:21.0215 1552 Msfs - ok
01:32:21.0261 1552 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:32:21.0261 1552 msisadrv - ok
01:32:21.0293 1552 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:32:21.0355 1552 MSiSCSI - ok
01:32:21.0355 1552 msiserver - ok
01:32:21.0402 1552 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:32:21.0464 1552 MSKSSRV - ok
01:32:21.0495 1552 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:32:21.0558 1552 MSPCLOCK - ok
01:32:21.0589 1552 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:32:21.0651 1552 MSPQM - ok
01:32:21.0683 1552 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:32:21.0698 1552 MsRPC - ok
01:32:21.0714 1552 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:32:21.0729 1552 mssmbios - ok
01:32:21.0761 1552 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:32:21.0823 1552 MSTEE - ok
01:32:21.0854 1552 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
01:32:21.0854 1552 Mup - ok
01:32:21.0917 1552 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
01:32:21.0979 1552 napagent - ok
01:32:22.0041 1552 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:32:22.0057 1552 NativeWifiP - ok
01:32:22.0119 1552 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:32:22.0213 1552 NDIS - ok
01:32:22.0244 1552 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:32:22.0291 1552 NdisTapi - ok
01:32:22.0322 1552 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:32:22.0369 1552 Ndisuio - ok
01:32:22.0416 1552 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:32:22.0478 1552 NdisWan - ok
01:32:22.0509 1552 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:32:22.0556 1552 NDProxy - ok
01:32:22.0619 1552 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:32:22.0650 1552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
01:32:22.0650 1552 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
01:32:22.0697 1552 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:32:22.0743 1552 NetBIOS - ok
01:32:22.0790 1552 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:32:22.0837 1552 netbt - ok
01:32:22.0868 1552 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
01:32:22.0884 1552 Netlogon - ok
01:32:22.0899 1552 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
01:32:22.0946 1552 Netman - ok
01:32:22.0962 1552 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
01:32:23.0024 1552 netprofm - ok
01:32:23.0071 1552 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:32:23.0087 1552 NetTcpPortSharing - ok
01:32:23.0211 1552 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
01:32:23.0976 1552 NETw5v64 - ok
01:32:24.0007 1552 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:32:24.0023 1552 nfrd960 - ok
01:32:24.0038 1552 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
01:32:24.0101 1552 NlaSvc - ok
01:32:24.0132 1552 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:32:24.0179 1552 Npfs - ok
01:32:24.0210 1552 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
01:32:24.0257 1552 nsi - ok
01:32:24.0303 1552 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:32:24.0366 1552 nsiproxy - ok
01:32:24.0444 1552 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:32:24.0553 1552 Ntfs - ok
01:32:24.0569 1552 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
01:32:24.0631 1552 Null - ok
01:32:24.0693 1552 [ 9733F305FA84AAF84E7FB09C0B345ADB ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x64.sys
01:32:24.0725 1552 NVENETFD - ok
01:32:24.0771 1552 [ 73B0ABBCA290A5709A193C3B6877D34E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:32:24.0787 1552 NVHDA - ok
01:32:25.0161 1552 [ FD39B98FF1BB8ED3848781497E9D02E0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:32:25.0723 1552 nvlddmkm - ok
01:32:25.0754 1552 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:32:25.0770 1552 nvraid - ok
01:32:25.0785 1552 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:32:25.0801 1552 nvstor - ok
01:32:25.0817 1552 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:32:25.0832 1552 nv_agp - ok
01:32:25.0848 1552 NwlnkFlt - ok
01:32:25.0848 1552 NwlnkFwd - ok
01:32:25.0926 1552 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:32:25.0973 1552 ohci1394 - ok
01:32:26.0019 1552 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:32:26.0035 1552 ose - ok
01:32:26.0238 1552 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:32:27.0018 1552 osppsvc - ok
01:32:27.0080 1552 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:32:27.0158 1552 p2pimsvc - ok
01:32:27.0174 1552 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
01:32:27.0205 1552 p2psvc - ok
01:32:27.0252 1552 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
01:32:27.0314 1552 Parport - ok
01:32:27.0361 1552 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:32:27.0377 1552 partmgr - ok
01:32:27.0408 1552 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
01:32:27.0439 1552 PcaSvc - ok
01:32:27.0486 1552 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
01:32:27.0501 1552 pci - ok
01:32:27.0533 1552 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
01:32:27.0548 1552 pciide - ok
01:32:27.0564 1552 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:32:27.0579 1552 pcmcia - ok
01:32:27.0611 1552 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:32:27.0704 1552 PEAUTH - ok
01:32:27.0798 1552 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:32:27.0923 1552 PerfHost - ok
01:32:28.0001 1552 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
01:32:28.0235 1552 pla - ok
01:32:28.0281 1552 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:32:28.0313 1552 PlugPlay - ok
01:32:28.0344 1552 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
01:32:28.0375 1552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
01:32:28.0375 1552 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
01:32:28.0406 1552 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:32:28.0515 1552 PNRPAutoReg - ok
01:32:28.0531 1552 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:32:28.0609 1552 PNRPsvc - ok
01:32:28.0671 1552 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:32:28.0796 1552 PolicyAgent - ok
01:32:28.0843 1552 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:32:28.0890 1552 PptpMiniport - ok
01:32:28.0937 1552 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
01:32:28.0983 1552 Processor - ok
01:32:29.0030 1552 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
01:32:29.0093 1552 ProfSvc - ok
01:32:29.0108 1552 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
01:32:29.0124 1552 ProtectedStorage - ok
01:32:29.0155 1552 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:32:29.0186 1552 PSched - ok
01:32:29.0217 1552 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:32:29.0280 1552 ql2300 - ok
01:32:29.0327 1552 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:32:29.0342 1552 ql40xx - ok
01:32:29.0420 1552 [ 26F65F22527515990532209BAFF78DEA ] QPCapSvc C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
01:32:29.0436 1552 QPCapSvc - ok
01:32:29.0467 1552 [ 511E9DDC22A63E5109C7F221F85DEB3D ] QPSched C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
01:32:29.0467 1552 QPSched - ok
01:32:29.0498 1552 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
01:32:29.0545 1552 QWAVE - ok
01:32:29.0576 1552 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:32:29.0592 1552 QWAVEdrv - ok
01:32:29.0607 1552 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:32:29.0670 1552 RasAcd - ok
01:32:29.0701 1552 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
01:32:29.0763 1552 RasAuto - ok
01:32:29.0795 1552 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:32:29.0841 1552 Rasl2tp - ok
01:32:29.0873 1552 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
01:32:29.0919 1552 RasMan - ok
01:32:29.0966 1552 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:32:30.0029 1552 RasPppoe - ok
01:32:30.0060 1552 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:32:30.0075 1552 RasSstp - ok
01:32:30.0138 1552 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:32:30.0153 1552 rdbss - ok
01:32:30.0185 1552 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:32:30.0216 1552 RDPCDD - ok
01:32:30.0247 1552 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:32:30.0294 1552 rdpdr - ok
01:32:30.0309 1552 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:32:30.0341 1552 RDPENCDD - ok
01:32:30.0387 1552 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:32:30.0434 1552 RDPWD - ok
01:32:30.0465 1552 [ 431723F23D0E065BEF502389E8FFDC10 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
01:32:30.0497 1552 Recovery Service for Windows - ok
01:32:30.0528 1552 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:32:30.0575 1552 RemoteAccess - ok
01:32:30.0621 1552 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:32:30.0668 1552 RemoteRegistry - ok
01:32:30.0715 1552 [ F228CE2F778503CECB2B27097B5B3139 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:32:30.0762 1552 RFCOMM - ok
01:32:30.0840 1552 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
01:32:30.0855 1552 RichVideo - ok
01:32:30.0918 1552 [ F913517BB2F3A73EC6B9B65E5DC7B420 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
01:32:30.0965 1552 RMCAST - ok
01:32:30.0996 1552 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
01:32:31.0027 1552 RpcLocator - ok
01:32:31.0074 1552 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
01:32:31.0121 1552 RpcSs - ok
01:32:31.0167 1552 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:32:31.0199 1552 rspndr - ok
01:32:31.0261 1552 [ A2CBE070FBA458357ACEF41C3F3906CA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
01:32:31.0323 1552 RTL8169 - ok
01:32:31.0339 1552 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
01:32:31.0339 1552 SamSs - ok
01:32:31.0355 1552 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:32:31.0370 1552 sbp2port - ok
01:32:31.0417 1552 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:32:31.0448 1552 SCardSvr - ok
01:32:31.0511 1552 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
01:32:31.0698 1552 Schedule - ok
01:32:31.0745 1552 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:32:31.0776 1552 SCPolicySvc - ok
01:32:31.0807 1552 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
01:32:31.0869 1552 sdbus - ok
01:32:31.0916 1552 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:32:31.0979 1552 SDRSVC - ok
01:32:31.0994 1552 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
01:32:32.0041 1552 seclogon - ok
01:32:32.0072 1552 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
01:32:32.0119 1552 SENS - ok
01:32:32.0166 1552 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
01:32:32.0228 1552 Serenum - ok
01:32:32.0259 1552 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
01:32:32.0337 1552 Serial - ok
01:32:32.0353 1552 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:32:32.0400 1552 sermouse - ok
01:32:32.0431 1552 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
01:32:32.0493 1552 SessionEnv - ok
01:32:32.0509 1552 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:32:32.0571 1552 sffdisk - ok
01:32:32.0603 1552 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:32:32.0649 1552 sffp_mmc - ok
01:32:32.0696 1552 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:32:32.0743 1552 sffp_sd - ok
01:32:32.0774 1552 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:32:32.0852 1552 sfloppy - ok
01:32:32.0915 1552 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
01:32:32.0946 1552 Sftfs - ok
01:32:33.0039 1552 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:32:33.0071 1552 sftlist - ok
01:32:33.0086 1552 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:32:33.0102 1552 Sftplay - ok
01:32:33.0164 1552 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:32:33.0164 1552 Sftredir - ok
01:32:33.0227 1552 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
01:32:33.0227 1552 Sftvol - ok
01:32:33.0242 1552 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:32:33.0258 1552 sftvsa - ok
01:32:33.0305 1552 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:32:33.0383 1552 SharedAccess - ok
01:32:33.0445 1552 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:32:33.0507 1552 ShellHWDetection - ok
01:32:33.0523 1552 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:32:33.0539 1552 SiSRaid2 - ok
01:32:33.0570 1552 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:32:33.0570 1552 SiSRaid4 - ok
01:32:33.0679 1552 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
01:32:33.0819 1552 slsvc - ok
01:32:33.0866 1552 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:32:33.0897 1552 SLUINotify - ok
01:32:33.0944 1552 [ 327383124D31AC398B98F4AE300421E8 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
01:32:33.0944 1552 SmartDefragDriver - ok
01:32:34.0007 1552 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:32:34.0053 1552 Smb - ok
01:32:34.0100 1552 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:32:34.0147 1552 SNMPTRAP - ok
01:32:34.0194 1552 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
01:32:34.0194 1552 spldr - ok
01:32:34.0256 1552 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
01:32:34.0334 1552 Spooler - ok
01:32:34.0381 1552 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
01:32:34.0459 1552 srv - ok
01:32:34.0506 1552 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:32:34.0568 1552 srv2 - ok
01:32:34.0615 1552 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:32:34.0662 1552 srvnet - ok
01:32:34.0709 1552 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:32:34.0740 1552 SSDPSRV - ok
01:32:34.0771 1552 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:32:34.0818 1552 SstpSvc - ok
01:32:34.0911 1552 [ F50811D2C2CE6C482F900E74DC2BB6C1 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe
01:32:34.0943 1552 STacSV - ok
01:32:34.0989 1552 [ 8298C6E15AB8AD4565E4BE79A4A0BED5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
01:32:35.0036 1552 STHDA - ok
01:32:35.0083 1552 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
01:32:35.0145 1552 stisvc - ok
01:32:35.0177 1552 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:32:35.0192 1552 swenum - ok
01:32:35.0239 1552 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
01:32:35.0301 1552 swprv - ok
01:32:35.0333 1552 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:32:35.0333 1552 Symc8xx - ok
01:32:35.0395 1552 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:32:35.0395 1552 Sym_hi - ok
01:32:35.0426 1552 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:32:35.0442 1552 Sym_u3 - ok
01:32:35.0504 1552 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:32:35.0520 1552 SynTP - ok
01:32:35.0582 1552 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
01:32:35.0645 1552 SysMain - ok
01:32:35.0691 1552 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:32:35.0723 1552 TabletInputService - ok
01:32:35.0769 1552 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:32:35.0832 1552 TapiSrv - ok
01:32:35.0863 1552 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
01:32:35.0925 1552 TBS - ok
01:32:36.0003 1552 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:32:36.0097 1552 Tcpip - ok
01:32:36.0128 1552 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:32:36.0300 1552 Tcpip6 - ok
01:32:36.0362 1552 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:32:36.0425 1552 tcpipreg - ok
01:32:36.0456 1552 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:32:36.0487 1552 TDPIPE - ok
01:32:36.0503 1552 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:32:36.0565 1552 TDTCP - ok
01:32:36.0612 1552 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:32:36.0659 1552 tdx - ok
01:32:36.0705 1552 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:32:36.0721 1552 TermDD - ok
01:32:36.0768 1552 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
01:32:36.0877 1552 TermService - ok
01:32:36.0908 1552 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
01:32:36.0924 1552 Themes - ok
01:32:36.0971 1552 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
01:32:37.0002 1552 THREADORDER - ok
01:32:37.0033 1552 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
01:32:37.0064 1552 TrkWks - ok
01:32:37.0127 1552 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:32:37.0173 1552 TrustedInstaller - ok
01:32:37.0220 1552 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:32:37.0267 1552 tssecsrv - ok
01:32:37.0283 1552 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:32:37.0329 1552 tunmp - ok
01:32:37.0361 1552 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:32:37.0407 1552 tunnel - ok
01:32:37.0423 1552 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:32:37.0439 1552 uagp35 - ok
01:32:37.0485 1552 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:32:37.0532 1552 udfs - ok
01:32:37.0579 1552 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:32:37.0610 1552 UI0Detect - ok
01:32:37.0641 1552 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:32:37.0657 1552 uliagpkx - ok
01:32:37.0688 1552 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:32:37.0704 1552 uliahci - ok
01:32:37.0719 1552 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:32:37.0735 1552 UlSata - ok
01:32:37.0751 1552 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:32:37.0766 1552 ulsata2 - ok
01:32:37.0782 1552 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:32:37.0844 1552 umbus - ok
01:32:37.0875 1552 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
01:32:37.0938 1552 upnphost - ok
01:32:38.0000 1552 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:32:38.0031 1552 usbccgp - ok
01:32:38.0078 1552 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:32:38.0156 1552 usbcir - ok
01:32:38.0203 1552 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:32:38.0250 1552 usbehci - ok
01:32:38.0297 1552 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:32:38.0343 1552 usbhub - ok
01:32:38.0375 1552 [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:32:38.0421 1552 usbohci - ok
01:32:38.0468 1552 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:32:38.0499 1552 usbprint - ok
01:32:38.0531 1552 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:32:38.0593 1552 usbscan - ok
01:32:38.0624 1552 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:32:38.0671 1552 USBSTOR - ok
01:32:38.0702 1552 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:32:38.0733 1552 usbuhci - ok
01:32:38.0749 1552 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:32:38.0811 1552 usbvideo - ok
01:32:38.0874 1552 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
01:32:38.0905 1552 UxSms - ok
01:32:38.0952 1552 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
01:32:38.0999 1552 vds - ok
01:32:39.0030 1552 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:32:39.0061 1552 vga - ok
01:32:39.0092 1552 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:32:39.0139 1552 VgaSave - ok
01:32:39.0170 1552 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
01:32:39.0186 1552 viaide - ok
01:32:39.0233 1552 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:32:39.0248 1552 volmgr - ok
01:32:39.0295 1552 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:32:39.0311 1552 volmgrx - ok
01:32:39.0373 1552 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:32:39.0389 1552 volsnap - ok
01:32:39.0420 1552 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:32:39.0435 1552 vsmraid - ok
01:32:39.0513 1552 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
01:32:39.0732 1552 VSS - ok
01:32:39.0779 1552 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
01:32:39.0841 1552 W32Time - ok
01:32:39.0888 1552 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:32:39.0935 1552 WacomPen - ok
01:32:40.0013 1552 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:32:40.0059 1552 Wanarp - ok
01:32:40.0059 1552 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:32:40.0075 1552 Wanarpv6 - ok
01:32:40.0153 1552 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:32:40.0200 1552 wcncsvc - ok
01:32:40.0231 1552 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:32:40.0293 1552 WcsPlugInService - ok
01:32:40.0325 1552 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
01:32:40.0340 1552 Wd - ok
01:32:40.0371 1552 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:32:40.0403 1552 Wdf01000 - ok
01:32:40.0434 1552 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:32:40.0496 1552 WdiServiceHost - ok
01:32:40.0512 1552 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:32:40.0543 1552 WdiSystemHost - ok
01:32:40.0605 1552 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
01:32:40.0621 1552 WebClient - ok
01:32:40.0683 1552 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:32:40.0746 1552 Wecsvc - ok
01:32:40.0761 1552 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:32:40.0793 1552 wercplsupport - ok
01:32:40.0808 1552 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
01:32:40.0855 1552 WerSvc - ok
01:32:40.0917 1552 [ B5C348B265178FB9EE55ADDB3929485D ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
01:32:40.0995 1552 winachsf - ok
01:32:41.0027 1552 WinDefend - ok
01:32:41.0027 1552 WinHttpAutoProxySvc - ok
01:32:41.0089 1552 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:32:41.0136 1552 Winmgmt - ok
01:32:41.0229 1552 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
01:32:41.0339 1552 WinRM - ok
01:32:41.0385 1552 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:32:41.0432 1552 Wlansvc - ok
01:32:41.0479 1552 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:32:41.0526 1552 WmiAcpi - ok
01:32:41.0573 1552 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:32:41.0604 1552 wmiApSrv - ok
01:32:41.0619 1552 WMPNetworkSvc - ok
01:32:41.0635 1552 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:32:41.0697 1552 WPCSvc - ok
01:32:41.0744 1552 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:32:41.0822 1552 WPDBusEnum - ok
01:32:41.0963 1552 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:32:42.0119 1552 WPFFontCache_v0400 - ok
01:32:42.0165 1552 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:32:42.0212 1552 ws2ifsl - ok
01:32:42.0259 1552 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
01:32:42.0275 1552 wscsvc - ok
01:32:42.0290 1552 WSearch - ok
01:32:42.0399 1552 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:32:42.0524 1552 wuauserv - ok
01:32:42.0555 1552 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:32:42.0602 1552 WUDFRd - ok
01:32:42.0649 1552 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:32:42.0680 1552 wudfsvc - ok
01:32:42.0696 1552 ================ Scan global ===============================
01:32:42.0727 1552 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
01:32:42.0789 1552 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:32:42.0805 1552 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:32:42.0852 1552 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
01:32:42.0867 1552 [Global] - ok
01:32:42.0867 1552 ================ Scan MBR ==================================
01:32:42.0883 1552 [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
01:32:43.0242 1552 \Device\Harddisk0\DR0 - ok
01:32:43.0242 1552 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
01:32:43.0663 1552 \Device\Harddisk1\DR1 - ok
01:32:43.0663 1552 ================ Scan VBR ==================================
01:32:43.0679 1552 [ 70083A21E923025F6084D132A16337F1 ] \Device\Harddisk0\DR0\Partition1
01:32:43.0679 1552 \Device\Harddisk0\DR0\Partition1 - ok
01:32:43.0679 1552 [ 7A65ADACB2EF1CC1C1A3EA68E1F38B88 ] \Device\Harddisk0\DR0\Partition2
01:32:43.0679 1552 \Device\Harddisk0\DR0\Partition2 - ok
01:32:43.0679 1552 [ 7B7D2EB5CFE21CD2E729E098A2D262F3 ] \Device\Harddisk1\DR1\Partition1
01:32:43.0679 1552 \Device\Harddisk1\DR1\Partition1 - ok
01:32:43.0694 1552 ============================================================
01:32:43.0694 1552 Scan finished
01:32:43.0694 1552 ============================================================
01:32:43.0710 1992 Detected object count: 7
01:32:43.0710 1992 Actual detected object count: 7
01:34:42.0535 1992 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:42.0535 1992 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:42.0535 1992 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:42.0535 1992 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:42.0551 1992 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:42.0551 1992 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:42.0566 1992 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:42.0566 1992 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:42.0566 1992 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:42.0566 1992 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:42.0582 1992 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:42.0582 1992 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:42.0582 1992 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:42.0582 1992 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:38:38.0235 0172 Deinitialize success
Geändert von joejoe (28.10.2012 um 01:06 Uhr) |
|
28.10.2012, 11:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Sollte ok sein. Eine Kontrolle bitte: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2012, 13:35
| #13 |
| | Bundespolizei Trojaner otl Textdatei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 12:44:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 77,87% Memory free 8,16 Gb Paging File | 7,48 Gb Available in Paging File | 91,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,96 Gb Total Space | 79,69 Gb Free Space | 35,74% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 232,76 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 9,92 Gb Total Space | 1,74 Gb Free Space | 17,54% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe (IDT, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe () SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation) DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DDF02204-49F2-4F36-869F-00E875485BD5} IE:64bit: - HKLM\..\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{DDF02204-49F2-4F36-869F-00E875485BD5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {DDF02204-49F2-4F36-869F-00E875485BD5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{DDF02204-49F2-4F36-869F-00E875485BD5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-notebook.de.msn.com/ IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes,DefaultScope = {DDF02204-49F2-4F36-869F-00E875485BD5} IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{6D84442D-3F58-45F1-B8BF-E757A99EE015}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{DDF02204-49F2-4F36-869F-00E875485BD5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64667 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.05 11:54:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.09 08:44:52 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.10.27 22:18:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Programme\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100616090253 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45C8EDD2-7E76-4FC6-A0F4-8704E5F773F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D08D492D-7E2E-46D3-B3FC-0CC2AFEB1A57}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 12:04:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.28 00:30:41 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.10.28 00:05:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.10.27 22:28:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.27 22:21:43 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.27 22:21:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2012.10.27 02:58:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.27 02:58:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.27 02:58:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.27 02:45:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.27 02:45:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.27 02:40:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012.10.27 02:38:48 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.10.25 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium [2012.10.10 22:08:35 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 22:08:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.10 22:08:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 22:08:17 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2009.02.11 02:48:34 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009.02.11 02:48:34 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009.02.11 02:48:33 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009.02.11 02:48:33 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009.02.11 02:48:33 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe ========== Files - Modified Within 30 Days ========== [2012.10.28 12:05:40 | 001,476,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.28 12:05:40 | 000,639,036 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.28 12:05:40 | 000,604,966 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.28 12:05:40 | 000,131,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.28 12:05:40 | 000,108,040 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.28 12:04:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.28 12:01:04 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.10.28 12:00:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 00:30:41 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.10.28 00:18:40 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2012.10.28 00:05:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.10.27 22:18:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.27 03:05:43 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.27 03:04:46 | 000,122,140 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.10.27 03:04:06 | 000,122,140 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.10.27 03:02:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job [2012.10.27 03:01:53 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 03:01:53 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 02:39:12 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.10.27 02:17:07 | 000,389,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.26 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.10.26 15:17:52 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.10.26 14:52:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.26 12:02:14 | 000,000,732 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2012.10.26 10:49:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.26 10:20:02 | 000,076,362 | ---- | M] () -- C:\ProgramData\doigeissuslpntv [2012.10.26 10:02:00 | 000,002,786 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml [2012.10.23 14:31:19 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2012.10.23 13:47:53 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 06:06:24 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2012.10.01 00:22:06 | 000,002,641 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word 2010.lnk ========== Files Created - No Company Name ========== [2012.10.28 00:18:40 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2012.10.27 02:58:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.27 02:58:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.27 02:58:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.27 02:58:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.27 02:58:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.26 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.10.26 15:17:52 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.10.26 12:00:17 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2012.10.26 10:19:57 | 000,076,362 | ---- | C] () -- C:\ProgramData\doigeissuslpntv [2012.10.01 00:24:46 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2012.08.15 22:34:56 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.07.26 19:46:34 | 000,007,831 | ---- | C] () -- C:\Users\***\AppData\Roaming\AC79.590 [2011.06.30 14:28:40 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.01.12 18:30:08 | 001,506,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.03 22:48:17 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.04.12 22:55:42 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.04 01:42:41 | 000,017,043 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.11.16 17:33:58 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2008.12.18 04:33:43 | 000,000,255 | ---- | C] () -- C:\ProgramData\hpqp.ini [2008.12.18 04:24:16 | 000,122,140 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.18 04:23:47 | 000,122,140 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll < End of report > und die extra Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 12:44:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 77,87% Memory free
8,16 Gb Paging File | 7,48 Gb Available in Paging File | 91,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,96 Gb Total Space | 79,69 Gb Free Space | 35,74% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,76 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 9,92 Gb Total Space | 1,74 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = CB FB BF 25 13 5C CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BBDBA1A-42F7-4A1B-82E6-D7F782151AAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{43782FA8-5197-477D-87CF-0381172FC190}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C8F77D8-1DD2-4E1A-BDA1-3DC413065372}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5B932F9E-0DD9-441E-9095-4C224632B005}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5C51103B-C035-475B-B2E2-4E83F4AA6D35}" = rport=138 | protocol=17 | dir=out | app=system |
"{7703538E-265F-4868-8527-A98D57C2A00A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7936C297-8292-48A1-9C25-A5A27A6029D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D8FCD0C-571F-4B48-827C-AD948C350D54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B71DD9DD-B321-46D7-82CA-ADA53E888E68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBD0DBDC-DF41-49E1-9618-40BB03DCC89F}" = rport=445 | protocol=6 | dir=out | app=system |
"{C33338F9-FC98-4166-94B2-3C63A7AB8355}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D4AC9710-7134-468B-9D8A-538ADC7CAB07}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECA3E3D2-01F7-4883-AD65-6C98025457A1}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008995CC-5A9E-4627-A126-E0C47C44C7F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{07BFBFF6-FCDE-43FA-B592-94EA8E92E852}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{0AC11E62-8782-4507-A942-9E68A3EE00A8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{0DF00548-3063-443B-B8A0-0455F10F1B49}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14D9A01C-1D15-4850-9213-30F8A6D85567}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{18672603-CEA1-4007-B556-C7EE2161F57B}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{1F105E07-E920-4968-B944-8A39AC67CB16}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2669174D-5993-4C46-B3A5-5FFA2237A3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{3F3D3CEF-571F-4B64-A5C5-E031D9E447DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{41D35DB1-6DA6-4A70-B877-4A167C770B2C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44F7AD11-D1E1-4C18-92B6-2E964AD09677}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{483D1EFC-8424-48EC-8E7E-B11B2C5F9B58}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{4AAB8E22-25FF-4E1E-8850-A89556A88FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{59A8DD44-706F-4BA8-B23E-72F9B0CB07B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72C03377-8997-4053-ACC6-E4455985783A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7623D488-E217-44D1-9F64-526F3F096901}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{807EECDC-D9B3-4EEF-B0D3-BF3A144BAF8E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{82D2DAC7-5F13-41D5-9CBB-DA30FEB94172}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8D152F12-0488-4536-8586-F6B824EBD17A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{940E87A7-1032-4318-9D99-47E9950E2675}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A2BCFF56-9698-483E-80CB-5AC1E636C2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A6643F7F-9FBC-405A-9F03-F6FCA10EED75}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{A6FD56D1-092C-49FE-9E4A-8B495C13D69E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AE741504-0A95-4B4F-8C28-90D257B46E4E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEF505A5-E73E-4D7B-80B6-358D45A984E7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{C0539A82-7328-4223-A82E-41123137D0D6}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{CC818065-1863-4595-B708-4A537110202C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{D514A9D8-B6E0-455F-B175-E099606BF179}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{D84D1EA5-9997-45DB-B727-700460EBB77B}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{D986D292-184F-48DA-9454-632979FFD49A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{DD63300C-E801-4075-9CA8-C018228C8DE8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{EE1D87B3-BFDA-47D3-9FA7-AB86D1A871A3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{FBA84557-998C-4A16-96A8-10CA297FBE6C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FC50104C-68D4-406A-B32E-4533C226B7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{1D30CB12-4C79-4EEA-A6BC-931FD5B5246E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{723E6D62-682C-4DA1-82EF-F5BB53237862}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{86596855-948C-4F85-B57C-DF53364EEF35}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{43544B1F-C19A-493F-AAF2-2456A9A00A96}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{7157D426-9298-4537-BEC9-949B86D9E926}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{BB69281E-0176-42B8-8663-5FF3ACFDA236}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{ECC9CBF3-108D-4640-BE4D-1DF2E3899FDF}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41FD02E2-2867-4CDA-A88E-5C1EB68ED594}_is1" = LOST PLANET 2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{83E8A5D2-39E5-40AD-8C79-DA5AF45A86A7}" = HS Energieberater 7 Plus
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201101
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_6" = AIM
"AOL Toolbar" = AOL Toolbar 5.0
"DartPro_is1" = DartPro 2.9.0.0
"DealPly" = DealPly
"FormatFactory" = FormatFactory 2.60
"Google Chrome" = Google Chrome
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Smart Defrag 2_is1" = Smart Defrag 2
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.12.2010 05:40:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x354, Anwendungsstartzeit
01cb913bb0eae8f0.
Error - 01.12.2010 09:26:35 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.12.2010 09:46:34 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x12fc, Anwendungsstartzeit
01cb915e286ef1cf.
Error - 01.12.2010 16:07:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.12.2010 16:09:17 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x127c, Anwendungsstartzeit
01cb919391d63f76.
Error - 02.12.2010 04:18:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.12.2010 04:26:47 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x504, Anwendungsstartzeit
01cb91faa3c8ca8c.
Error - 02.12.2010 12:09:44 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.12.2010 12:11:33 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x1294, Anwendungsstartzeit
01cb923b72edfd74.
Error - 02.12.2010 19:32:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.10.2012 19:01:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.10.2012 19:01:39 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:32 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:42 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:47 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:51 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:02:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.10.2012 07:02:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.10.2012 07:02:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28.10.2012 07:02:53 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
28.10.2012, 13:39
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2012.10.26 10:20:02 | 000,076,362 | ---- | M] () -- C:\ProgramData\doigeissuslpntv
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2012, 13:39
| #15 |
| | Bundespolizei Trojaner otl datei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 12:44:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 77,87% Memory free 8,16 Gb Paging File | 7,48 Gb Available in Paging File | 91,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,96 Gb Total Space | 79,69 Gb Free Space | 35,74% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 232,76 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 9,92 Gb Total Space | 1,74 Gb Free Space | 17,54% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe (IDT, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe () SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation) DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DDF02204-49F2-4F36-869F-00E875485BD5} IE:64bit: - HKLM\..\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{DDF02204-49F2-4F36-869F-00E875485BD5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {DDF02204-49F2-4F36-869F-00E875485BD5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{DDF02204-49F2-4F36-869F-00E875485BD5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-notebook.de.msn.com/ IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes,DefaultScope = {DDF02204-49F2-4F36-869F-00E875485BD5} IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{6D84442D-3F58-45F1-B8BF-E757A99EE015}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\SearchScopes\{DDF02204-49F2-4F36-869F-00E875485BD5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64667 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.05 11:54:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.09 08:44:52 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.10.27 22:18:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Programme\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100616090253 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45C8EDD2-7E76-4FC6-A0F4-8704E5F773F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D08D492D-7E2E-46D3-B3FC-0CC2AFEB1A57}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 12:04:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.28 00:30:41 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.10.28 00:05:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.10.27 22:28:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.27 22:21:43 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.27 22:21:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2012.10.27 02:58:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.27 02:58:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.27 02:58:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.27 02:45:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.27 02:45:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.27 02:40:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012.10.27 02:38:48 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.10.25 11:00:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium [2012.10.10 22:08:35 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 22:08:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.10 22:08:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 22:08:17 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2009.02.11 02:48:34 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe [2009.02.11 02:48:34 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe [2009.02.11 02:48:33 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe [2009.02.11 02:48:33 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe [2009.02.11 02:48:33 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe ========== Files - Modified Within 30 Days ========== [2012.10.28 12:05:40 | 001,476,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.28 12:05:40 | 000,639,036 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.28 12:05:40 | 000,604,966 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.28 12:05:40 | 000,131,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.28 12:05:40 | 000,108,040 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.28 12:04:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.28 12:01:04 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.10.28 12:00:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 00:30:41 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.10.28 00:18:40 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2012.10.28 00:05:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.10.27 22:18:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.27 03:05:43 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.27 03:04:46 | 000,122,140 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.10.27 03:04:06 | 000,122,140 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.10.27 03:02:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job [2012.10.27 03:01:53 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 03:01:53 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 02:39:12 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.10.27 02:17:07 | 000,389,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.26 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.10.26 15:17:52 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.10.26 14:52:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.26 12:02:14 | 000,000,732 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2012.10.26 10:49:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.26 10:20:02 | 000,076,362 | ---- | M] () -- C:\ProgramData\doigeissuslpntv [2012.10.26 10:02:00 | 000,002,786 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml [2012.10.23 14:31:19 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2012.10.23 13:47:53 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.04 06:06:24 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2012.10.01 00:22:06 | 000,002,641 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word 2010.lnk ========== Files Created - No Company Name ========== [2012.10.28 00:18:40 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2012.10.27 02:58:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.27 02:58:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.27 02:58:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.27 02:58:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.27 02:58:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.26 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.10.26 15:17:52 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.10.26 12:00:17 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2012.10.26 10:19:57 | 000,076,362 | ---- | C] () -- C:\ProgramData\doigeissuslpntv [2012.10.01 00:24:46 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2012.08.15 22:34:56 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2011.07.26 19:46:34 | 000,007,831 | ---- | C] () -- C:\Users\***\AppData\Roaming\AC79.590 [2011.06.30 14:28:40 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.01.12 18:30:08 | 001,506,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.03 22:48:17 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.04.12 22:55:42 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.04 01:42:41 | 000,017,043 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.11.16 17:33:58 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2008.12.18 04:33:43 | 000,000,255 | ---- | C] () -- C:\ProgramData\hpqp.ini [2008.12.18 04:24:16 | 000,122,140 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.18 04:23:47 | 000,122,140 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll < End of report > und die extra datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 12:44:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 77,87% Memory free
8,16 Gb Paging File | 7,48 Gb Available in Paging File | 91,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,96 Gb Total Space | 79,69 Gb Free Space | 35,74% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,76 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Drive E: | 9,92 Gb Total Space | 1,74 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = CB FB BF 25 13 5C CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BBDBA1A-42F7-4A1B-82E6-D7F782151AAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{43782FA8-5197-477D-87CF-0381172FC190}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C8F77D8-1DD2-4E1A-BDA1-3DC413065372}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5B932F9E-0DD9-441E-9095-4C224632B005}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5C51103B-C035-475B-B2E2-4E83F4AA6D35}" = rport=138 | protocol=17 | dir=out | app=system |
"{7703538E-265F-4868-8527-A98D57C2A00A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7936C297-8292-48A1-9C25-A5A27A6029D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D8FCD0C-571F-4B48-827C-AD948C350D54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B71DD9DD-B321-46D7-82CA-ADA53E888E68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBD0DBDC-DF41-49E1-9618-40BB03DCC89F}" = rport=445 | protocol=6 | dir=out | app=system |
"{C33338F9-FC98-4166-94B2-3C63A7AB8355}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D4AC9710-7134-468B-9D8A-538ADC7CAB07}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECA3E3D2-01F7-4883-AD65-6C98025457A1}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008995CC-5A9E-4627-A126-E0C47C44C7F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{07BFBFF6-FCDE-43FA-B592-94EA8E92E852}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{0AC11E62-8782-4507-A942-9E68A3EE00A8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{0DF00548-3063-443B-B8A0-0455F10F1B49}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14D9A01C-1D15-4850-9213-30F8A6D85567}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{18672603-CEA1-4007-B556-C7EE2161F57B}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{1F105E07-E920-4968-B944-8A39AC67CB16}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2669174D-5993-4C46-B3A5-5FFA2237A3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{3F3D3CEF-571F-4B64-A5C5-E031D9E447DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{41D35DB1-6DA6-4A70-B877-4A167C770B2C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44F7AD11-D1E1-4C18-92B6-2E964AD09677}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{483D1EFC-8424-48EC-8E7E-B11B2C5F9B58}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{4AAB8E22-25FF-4E1E-8850-A89556A88FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{59A8DD44-706F-4BA8-B23E-72F9B0CB07B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72C03377-8997-4053-ACC6-E4455985783A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7623D488-E217-44D1-9F64-526F3F096901}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{807EECDC-D9B3-4EEF-B0D3-BF3A144BAF8E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{82D2DAC7-5F13-41D5-9CBB-DA30FEB94172}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8D152F12-0488-4536-8586-F6B824EBD17A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{940E87A7-1032-4318-9D99-47E9950E2675}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A2BCFF56-9698-483E-80CB-5AC1E636C2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A6643F7F-9FBC-405A-9F03-F6FCA10EED75}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{A6FD56D1-092C-49FE-9E4A-8B495C13D69E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AE741504-0A95-4B4F-8C28-90D257B46E4E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEF505A5-E73E-4D7B-80B6-358D45A984E7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{C0539A82-7328-4223-A82E-41123137D0D6}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{CC818065-1863-4595-B708-4A537110202C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{D514A9D8-B6E0-455F-B175-E099606BF179}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{D84D1EA5-9997-45DB-B727-700460EBB77B}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{D986D292-184F-48DA-9454-632979FFD49A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{DD63300C-E801-4075-9CA8-C018228C8DE8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{EE1D87B3-BFDA-47D3-9FA7-AB86D1A871A3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{FBA84557-998C-4A16-96A8-10CA297FBE6C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FC50104C-68D4-406A-B32E-4533C226B7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{1D30CB12-4C79-4EEA-A6BC-931FD5B5246E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{723E6D62-682C-4DA1-82EF-F5BB53237862}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{86596855-948C-4F85-B57C-DF53364EEF35}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{43544B1F-C19A-493F-AAF2-2456A9A00A96}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{7157D426-9298-4537-BEC9-949B86D9E926}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{BB69281E-0176-42B8-8663-5FF3ACFDA236}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{ECC9CBF3-108D-4640-BE4D-1DF2E3899FDF}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41FD02E2-2867-4CDA-A88E-5C1EB68ED594}_is1" = LOST PLANET 2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{83E8A5D2-39E5-40AD-8C79-DA5AF45A86A7}" = HS Energieberater 7 Plus
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201101
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_6" = AIM
"AOL Toolbar" = AOL Toolbar 5.0
"DartPro_is1" = DartPro 2.9.0.0
"DealPly" = DealPly
"FormatFactory" = FormatFactory 2.60
"Google Chrome" = Google Chrome
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Smart Defrag 2_is1" = Smart Defrag 2
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3199875374-2253840244-534159947-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.12.2010 05:40:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x354, Anwendungsstartzeit
01cb913bb0eae8f0.
Error - 01.12.2010 09:26:35 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.12.2010 09:46:34 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x12fc, Anwendungsstartzeit
01cb915e286ef1cf.
Error - 01.12.2010 16:07:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.12.2010 16:09:17 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x127c, Anwendungsstartzeit
01cb919391d63f76.
Error - 02.12.2010 04:18:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.12.2010 04:26:47 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x504, Anwendungsstartzeit
01cb91faa3c8ca8c.
Error - 02.12.2010 12:09:44 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.12.2010 12:11:33 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqSTE08.exe, Version 82.0.173.0, Zeitstempel
0x457ce7be, fehlerhaftes Modul hpqsti08.dll, Version 82.0.173.0, Zeitstempel 0x457ce8ce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000e482, Prozess-ID 0x1294, Anwendungsstartzeit
01cb923b72edfd74.
Error - 02.12.2010 19:32:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.10.2012 19:01:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.10.2012 19:01:39 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:32 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:42 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:47 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:01:51 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 28.10.2012 07:02:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.10.2012 07:02:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.10.2012 07:02:13 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28.10.2012 07:02:53 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
| Themen zu Bundespolizei Trojaner |
| automatische, automatischen, befindet, bundespolizei, dankbar, euro, gestartet, gesurft, heute, interne, internet, laptop, modus, plötzlich, problem, schnell, seite, sperrung, suche, system, system der automatischen informationskontrolle, theme, themen, troja, trojaner, würde, zahlung, zeichen |
Linear-Darstellung
