| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrojanercheckWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.11.2012, 19:15
| #1 |
 |  Trojanercheck Hallo  ich hatte die VErmutung, dass ich einen Trojaner hatte,da ich gehackt wurde in einem Mmorpg Habe deshalb Malwarebytes laufen lassen und einen Virus gefunden,den ich aber -nicht wie im Forum gesagt - bereits gelöscht habe. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Habe bereits alle Themen aus der Anleitug durchgearbeitet. Also mit Defogger ,Otl und gmer. Hier sind die Logs. Gruß, Valeri. OTL Extras logfile created on: 03.11.2012 18:00:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 37,17% Memory free 3,86 Gb Paging File | 2,44 Gb Available in Paging File | 63,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,69 Gb Total Space | 8,91 Gb Free Space | 14,69% Space Free | Partition Type: NTFS Drive D: | 237,30 Gb Total Space | 22,65 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{194F92B6-5166-4CCE-B424-82F81A9B8244}" = rport=445 | protocol=6 | dir=out | app=system | "{1EAF7512-CA7B-4B0C-83B3-1FC3ED3834C8}" = lport=445 | protocol=6 | dir=in | app=system | "{218282BC-EDB8-4CE9-8EB6-0ED6C576C2FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{332C4088-4DC5-4FF6-9B55-A228DAEE8AD0}" = rport=137 | protocol=17 | dir=out | app=system | "{348163CE-C4A9-419C-B26A-AD24A41D6AFA}" = lport=138 | protocol=17 | dir=in | app=system | "{35413F42-EF64-4FEA-B445-0DA1201556A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3B55D995-5A9E-4EAB-9437-97368F15D7F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3EDF00F2-5F06-49E4-853B-ABF25A0B1663}" = rport=139 | protocol=6 | dir=out | app=system | "{432A998C-8CA0-42CA-A2EC-74FF4674F577}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4D75F68C-D28B-4AA2-AA72-174525F830D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{70ADE8F8-E574-4256-B4FD-85F4D85969C3}" = rport=138 | protocol=17 | dir=out | app=system | "{94379A23-5DEC-48F8-AA6E-F4005298247C}" = lport=137 | protocol=17 | dir=in | app=system | "{963FC632-8086-4880-8F69-F20B323F2EAF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A8EE19EF-7890-4207-A45F-3B1AFBFD35FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B27F1B80-ECED-4BD7-8D6F-5AF33DC40078}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B90CCFEC-19C3-46FF-B9B0-7EFC7CB1CDBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C50B511C-12CC-4DDB-9999-5C1FE09D5631}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C9B0B8AE-4F87-4411-BC2D-E5E91C47E05D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D13DC87C-EB50-4FEA-AEAE-96A0C22384EA}" = lport=139 | protocol=6 | dir=in | app=system | "{D46F93D8-C4B9-4F7D-829C-D1264136E8FD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E3BFA921-AB32-4384-92EA-B10FC755C560}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F1642DF5-A5EC-446F-AF92-563CA8A23A76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18A2094A-1C32-42D7-9649-27EDCED3D2F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{281674EF-A129-4112-8936-1626D7116287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2C94AD6C-9A9E-4714-9B97-07FC39D502DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{339AF70A-F258-4A26-BBE3-ADB20A2706D9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{378E34B6-63BC-4C5F-BB25-1B72A3D09365}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{43651962-42DF-44BC-A917-482C7466FD7D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{51472ECD-41F5-4F17-BC9F-AE50428AAAE3}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{51D65E47-3CB8-42AC-8B06-1400486D3D71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{566DB6B8-5AD4-4D88-9A20-DE1D99EDD477}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{B76AE97B-F48E-4618-AEF7-200B14CD1F03}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{B7EB5C4D-2A6B-4EC4-8660-26CA116E5341}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "{C8651226-F3C8-4E8C-97DC-673F1E55179C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{D257A0C3-99EC-4462-B579-EFA36C4EDFD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D5165636-A1C5-4D75-ADE3-CB7AC06980E4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{D9E9E2C4-35AF-4A9F-9D2C-7B30757608AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{E145C08F-9385-433A-8F3C-492AD40CF22F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{E3B6CE2C-B7A2-4D04-B196-8021A84B044D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E6FE9665-9D13-4C21-A885-AD355D16D06A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E843DD68-C316-437F-8841-41F991CFB5A4}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe | "TCP Query User{2AE3B932-FA19-48E9-BFC8-18657973F741}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A6CF1B7F-066B-4A9F-B344-BEAD5E91C404}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe | "TCP Query User{AAFFFE36-818F-460C-BFE3-6345CC9740F4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C18FD6AC-FAF0-4AE9-B95F-22CF0DEDC565}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{104CC787-157D-4896-80A3-34AA0DD98274}C:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\hilo\desktop\neuer ordner (4)\teeworlds_srv.exe | "UDP Query User{27C6005C-5917-4697-9871-840BCFC13840}C:\Program Files\Java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4E6F7B5E-D7EF-488B-9AF6-C09A190192A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E1113EB5-3C6D-4D09-B4A8-A858E62D7E4B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0331FC5B-948B-8AC2-66FC-0D812EE03C47}" = ccc-core-static "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{143C595E-6E6A-D847-8D5D-B17192C13028}" = CCC Help Italian "{1784BBBA-2820-AE9B-041C-29F1F536911F}" = CCC Help English "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B26E060-5BC9-4B45-BD20-882E94CADFCF}" = VmciSockets "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4EC85AD2-5AAE-0F7D-97A2-906F094FBC2C}" = Catalyst Control Center Graphics Full New "{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding "{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64FDAF43-0317-91AF-DCC0-8FF63FA1C262}" = Catalyst Control Center Graphics Light "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CC3CCF-DEFE-6E46-FF24-EEDE75355195}" = CCC Help Spanish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8C97A120-7300-9FDB-CD8F-E035741A1156}" = ccc-core-preinstall "{8D58AC2A-6952-CCDE-14B6-505D263BE5F0}" = CCC Help Dutch "{8D58B4D9-3F0F-BFF8-498E-627059551AE5}" = Catalyst Control Center Localization All "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{8F8DC6F6-B93E-78E9-4F16-5E5AE6589EBD}" = CCC Help Chinese Traditional "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive "{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C08E956F-97FC-26E3-4523-06A7743480CA}" = Skins "{C24A79B5-4FC9-EF28-A11D-4B378B618F18}" = CCC Help Korean "{C26968D9-FA2D-10E0-79AC-9714A769EC40}" = CCC Help German "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C59D305B-4E19-A823-714D-5A393E19B898}" = CCC Help French "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CA2D75F9-19F0-74F5-2C4C-0E37C198FC6A}" = CCC Help Chinese Standard "{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3 "{CDF2602A-D09F-18CC-AC6E-216124FC975B}" = Catalyst Control Center Core Implementation "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45BEFCD-72A1-042C-D484-7F39EAC2CCD9}" = CCC Help Japanese "{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1" = PSD Viewer "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB61BE4A-1E09-CA85-F03C-A78C357CA743}" = CCC Help Swedish "{E043568C-1745-4C69-9D52-43F6E79EB03B}" = Joulemeter "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E2D2B19D-F3D0-AAE7-E94C-72435EBC8663}" = ccc-utility "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "{E838C67D-6D64-A995-F8D0-4F397D278635}" = CCC Help Portuguese "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE383F29-6C0D-EF89-C8A1-CCD87349A2E3}" = Catalyst Control Center Graphics Full Existing "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13) "2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent "Anti-Twin 2012-08-25 17.22.56" = Anti-Twin (Installation 25.08.2012) "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "avast" = avast! Free Antivirus "Avira AntiVir Desktop" = Avira Free Antivirus "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD "Defraggler" = Defraggler "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free MP3 Cutter and Editor_is1" = Free MP3 Cutter and Editor 2.6 "Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1017 "HECI" = Intel(R) Management Engine Interface "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "ManyCam" = ManyCam 3.0.80 (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NosTale(DE)_is1" = Nostale(DE) "Office14.SingleImage" = Microsoft Office Home and Business 2010 "OnScreenDisplay" = Anzeige am Bildschirm "Origin" = Origin "PhotoScape" = PhotoScape "PokerStars.eu" = PokerStars.eu "Power Management Driver" = ThinkPad Power Management Driver "Prio" = Prio "Recuva" = Recuva "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Sandboxie" = Sandboxie 3.74 (32-bit) "TeamViewer 7" = TeamViewer 7 "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Tunatic" = Tunatic "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 2.0.3 "VMware_Player" = VMware Player "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Kalydo App Nostale" = Nostale "KalydoPlayer" = Kalydo Player 4.09.00 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.05.2012 04:52:18 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 06.05.2012 04:55:49 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 04:55:50 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 14:51:06 | Computer Name = HIlo-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 694 Startzeit: 01cd2aa6b6b61679 Endzeit: 4774 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 06.05.2012 21:17:26 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 06.05.2012 21:21:16 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.05.2012 21:21:17 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.05.2012 01:15:03 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\InstallManagerApp.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.05.2012 01:18:04 | Computer Name = HIlo-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\system update\session\7yd614ww\Bin64\Setup.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ NetLimiter 3 Events ] Error - 15.10.2012 10:23:03 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 15.10.2012 10:29:23 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 19.10.2012 09:18:47 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 20.10.2012 07:12:05 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 20.10.2012 11:09:32 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 21.10.2012 04:58:41 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 07:42:18 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 09:24:40 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 30.10.2012 23:34:27 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired Error - 31.10.2012 10:21:53 | Computer Name = HIlo-PC | Source = NetLimiter 3 Service | ID = 1000 Description = Registration or trial period expired [ OSession Events ] Error - 18.04.2011 13:08:28 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 3198 seconds with 1620 seconds of active time. This session ended with a crash. Error - 18.04.2011 13:13:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 282 seconds with 240 seconds of active time. This session ended with a crash. Error - 19.04.2011 10:48:19 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 1677 seconds with 420 seconds of active time. This session ended with a crash. Error - 19.04.2011 10:54:37 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 351 seconds with 300 seconds of active time. This session ended with a crash. Error - 20.04.2011 06:57:20 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 156 seconds with 120 seconds of active time. This session ended with a crash. Error - 20.04.2011 07:27:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 309 seconds with 240 seconds of active time. This session ended with a crash. Error - 22.04.2011 07:26:13 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 92 seconds with 60 seconds of active time. This session ended with a crash. Error - 24.04.2011 13:31:09 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 197 seconds with 180 seconds of active time. This session ended with a crash. Error - 24.04.2011 13:42:25 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 569 seconds with 540 seconds of active time. This session ended with a crash. Error - 25.04.2011 14:46:48 | Computer Name = HIlo-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6334.5000. This session lasted 756 seconds with 360 seconds of active time. This session ended with a crash. [ System Events ] Error - 03.11.2012 11:30:49 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 03.11.2012 11:30:49 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 03.11.2012 12:49:57 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 03.11.2012 12:51:04 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875 Description = Treiber sfvfs02.sys konnte nicht geladen werden. Error - 03.11.2012 12:51:04 | Computer Name = HIlo-PC | Source = Application Popup | ID = 875 Description = Treiber sfdrv01.sys konnte nicht geladen werden. Error - 03.11.2012 12:51:21 | Computer Name = HIlo-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 03.11.2012 12:51:21 | Computer Name = HIlo-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 03.11.2012 12:51:23 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "avast! Antivirus" ist von folgendem Dienst abhängig: aswMonFlt. Dieser Dienst ist eventuell nicht installiert. Error - 03.11.2012 12:52:24 | Computer Name = HIlo-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ATITool sfdrv01 sfvfs02 uGuru Error - 03.11.2012 12:53:17 | Computer Name = HIlo-PC | Source = DCOM | ID = 10016 Description = < End of report > OTL logfile created on: 03.11.2012 18:00:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 37,17% Memory free 3,86 Gb Paging File | 2,44 Gb Available in Paging File | 63,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,69 Gb Total Space | 8,91 Gb Free Space | 14,69% Space Free | Partition Type: NTFS Drive D: | 237,30 Gb Total Space | 22,65 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Computer Name: HILO-PC | User Name: HIlo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.03 17:46:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012.10.30 10:07:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 10:07:02 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 10:07:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.21 15:20:54 | 000,012,656 | ---- | M] () -- C:\Programme\Prio\prio_svc.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.12 13:55:36 | 000,343,024 | ---- | M] () -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 13:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.11.13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2011.11.13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2011.03.21 15:14:38 | 001,126,400 | ---- | M] (Locktime Software) -- C:\Programme\NetLimiter 3\nlsvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.17 17:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe PRC - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2010.08.05 16:47:52 | 000,804,128 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2010.08.05 16:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2010.02.05 06:43:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe PRC - [2010.02.05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.12.05 03:38:04 | 001,242,112 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_imgproc220.dll MOD - [2010.12.05 03:38:02 | 002,010,624 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_core220.dll MOD - [2010.08.05 16:48:04 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2012.10.31 12:36:02 | 009,012,224 | ---- | M] () [Auto | Stopped] -- C:\Programme\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService) SRV - [2012.10.30 10:07:18 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 10:07:02 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.30 01:51:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 11:29:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.21 15:20:54 | 000,012,656 | ---- | M] () [Auto | Running] -- C:\Programme\Prio\prio_svc.exe -- (prio_svc) SRV - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.08.12 13:55:36 | 000,343,024 | ---- | M] () [Auto | Running] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.11.13 23:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.13 23:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.21 15:14:38 | 001,126,400 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2011.02.18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011.01.14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010.08.05 16:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.02.05 06:43:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc) SRV - [2010.02.05 06:43:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor) SRV - [2010.02.05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva393.sys -- (XDva393) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391) DRV - File not found [Unknown (0) | Boot | Unknown] -- -- (Winflash) DRV - File not found [Kernel | Boot | Stopped] -- system32\Drivers\uGuru.sys -- (uGuru) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\clwvd.sys -- (clwvd) DRV - [2012.11.03 17:56:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.10.31 16:24:43 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nhcDriver.sys -- (nhcDriverDevice) DRV - [2012.10.31 14:18:30 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cpuidlep.sys -- (cpuidlep) DRV - [2012.10.30 10:07:21 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.08 11:32:20 | 000,038,256 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.02 13:45:52 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.09.02 13:45:52 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.25 21:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.08.10 18:41:35 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012.08.10 18:41:35 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.08.10 18:41:35 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.02.22 11:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012.01.11 07:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011.11.13 23:43:26 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2011.11.13 23:42:40 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2011.11.13 23:42:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2011.11.13 21:33:56 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2011.11.13 21:33:56 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2011.08.29 22:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2011.08.29 22:01:10 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb) DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2011.03.21 15:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisPT) DRV - [2011.03.21 15:44:26 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisMP) DRV - [2011.03.21 15:44:24 | 005,281,672 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2011.01.05 00:33:30 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010.08.24 18:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.08.24 18:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.08.18 10:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2010.06.16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2010.06.16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010.02.05 10:14:14 | 000,661,448 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.12.08 14:11:40 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.09.15 13:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.09.15 12:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.09.09 16:10:16 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.09.07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.22 06:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.23 12:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.06.11 17:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009.06.02 15:39:22 | 000,737,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\A885VCap.sys -- (CXSONORA) DRV - [2006.11.10 14:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\HIlo\Desktop\Drumstepftw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 99 A5 00 12 7B CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{514EEF3A-6F99-49FD-A418-81A056B81463}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE471 IE - HKCU\..\SearchScopes\{F3C8C8B2-40FB-4AB5-B02B-5A0B0B730EE6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=60BCEAD5-A879-4FAD-A37E-0F5B240F30D2&apn_sauid=64DF60C8-6482-49FC-8E73-BB27B672CADD IE - HKCU\..\SearchScopes\{F8F7FF41-F20B-4780-9D79-F61F7F27AABF}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: welcome@toolmin.com:1.03 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\HIlo\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\HIlo\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2012.07.31 17:15:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 02:06:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.31 05:27:45 | 000,000,000 | ---D | M] [2012.02.10 22:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Extensions [2012.10.14 18:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions [2012.08.22 22:44:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.08.26 14:28:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.02 10:39:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.10.28 20:06:49 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\HIlo\AppData\Roaming\mozilla\Firefox\Profiles\ct3qyxue.default\extensions\welcome@toolmin.com [2012.10.14 18:10:36 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\extension@hidemyass.com.xpi [2012.08.27 09:17:19 | 000,572,633 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\testpilot@labs.mozilla.com.xpi [2012.04.02 10:39:39 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.10.11 22:00:03 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012.07.25 19:47:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.30 02:13:55 | 000,002,401 | ---- | M] () -- C:\Users\HIlo\AppData\Roaming\mozilla\firefox\profiles\ct3qyxue.default\searchplugins\Web Search.xml [2012.10.30 02:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.31 05:27:42 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.20 18:11:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.20 16:18:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.08.31 05:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.05 16:34:27 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.28 20:06:58 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.02.10 19:56:54 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.02 12:59:40 | 000,444,767 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15274 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C72CD9E-87F6-4CC1-A174-66E7AE539A03}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell - "" = AutoRun O33 - MountPoints2\{268e997a-eae4-11e1-8155-001e101f859f}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell - "" = AutoRun O33 - MountPoints2\{2780b61d-185b-11e0-9354-00247e6cb93c}\Shell\AutoRun\command - "" = H:\Autorun.exe O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{96d49818-e0ca-11e1-bae5-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a57c18f9-e311-11e1-9a75-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a93af5f0-f461-11e1-ad16-005056c00008}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{b0de3fb6-ebc7-11e1-bb1b-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1454-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1486-d8e1-11e1-8ef9-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c14fb-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell - "" = AutoRun O33 - MountPoints2\{cd8c1518-d8e1-11e1-8ef9-001e101f2463}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{d2e08bb5-df9d-11e1-96c7-005056c00008}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\KeePass [2012.11.02 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe 2 [2012.11.02 07:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.02 07:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.02 07:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.02 01:57:27 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Malwarebytes [2012.11.02 01:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.02 01:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.02 01:56:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.02 01:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.01 23:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer [2012.11.01 23:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\PSDViewer [2012.10.31 21:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Prio [2012.10.31 16:24:43 | 000,071,680 | ---- | C] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 16:24:37 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Notebook Hardware Control [2012.10.31 16:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATITool [2012.10.31 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abit [2012.10.31 16:03:50 | 000,050,688 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\AC2005DLL.dll [2012.10.31 16:02:07 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2012.10.31 16:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2012.10.31 16:01:59 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\InstallShield [2012.10.31 14:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CpuIdle Extreme [2012.10.30 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(DE) [2012.10.30 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\Gameforge4d [2012.10.30 15:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\GameforgeLive [2012.10.30 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Kalydo [2012.10.30 03:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.10.30 02:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012.10.30 01:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2012.10.30 01:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.10.28 16:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.10.24 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\PokerStars.EU [2012.10.24 19:56:44 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2012.10.24 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU [2012.10.23 08:58:11 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.10.23 08:40:24 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Local\{7B8087AA-02B0-4278-9F19-9CE69FC5D6A5} [2012.10.20 16:20:34 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\Avira [2012.10.20 16:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.20 16:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.20 16:16:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.20 16:16:10 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.20 16:16:10 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.20 16:16:10 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.20 16:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.20 16:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.11 00:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Freetec [2012.10.08 22:41:50 | 000,000,000 | ---D | C] -- C:\Users\HIlo\AppData\Roaming\vlc [2012.10.08 11:32:20 | 000,038,256 | ---- | C] (Xeno) -- C:\Windows\System32\drivers\prio.sys [2012.10.06 02:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.10.06 02:45:15 | 000,000,000 | ---D | C] -- C:\DRIVERS [6 C:\Users\HIlo\Desktop\*.tmp files -> C:\Users\HIlo\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 18:08:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.03 17:59:57 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 17:59:57 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 17:58:24 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 17:58:24 | 000,618,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 17:58:24 | 000,131,216 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 17:58:24 | 000,107,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 17:52:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.03 17:51:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 17:51:10 | 1555,587,072 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 17:48:45 | 000,004,014 | ---- | M] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.03 17:47:01 | 000,000,020 | ---- | M] () -- C:\Users\HIlo\defogger_reenable [2012.11.03 17:29:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 17:12:49 | 000,000,386 | ---- | M] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.03 17:12:04 | 000,000,032 | ---- | M] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.03 17:08:34 | 000,001,281 | ---- | M] () -- C:\Users\HIlo\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 15:42:18 | 001,147,932 | ---- | M] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 15:08:35 | 000,002,642 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.11.02 14:52:48 | 000,001,098 | ---- | M] () -- C:\Users\HIlo\Desktop\KeePass 2.lnk [2012.11.02 12:59:40 | 000,444,767 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.02 03:07:03 | 000,007,622 | ---- | M] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.02 01:56:52 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.01 23:13:36 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\PSD Viewer.lnk [2012.11.01 23:07:56 | 004,780,634 | ---- | M] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:54:06 | 003,245,543 | ---- | M] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 16:40:57 | 001,282,700 | ---- | M] () -- C:\Users\HIlo\Desktop\vawv9sd5uyks.png [2012.10.31 16:24:43 | 000,071,680 | ---- | M] (Notebook Hardware Control) -- C:\Windows\System32\drivers\nhcDriver.sys [2012.10.31 16:02:07 | 000,001,040 | ---- | M] () -- C:\Users\HIlo\Desktop\RightMark CPU Clock Utility.lnk [2012.10.31 15:10:48 | 001,832,789 | ---- | M] () -- C:\Users\HIlo\Desktop\fejdjasj.png [2012.10.31 14:18:30 | 000,004,484 | ---- | M] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:52:44 | 000,002,791 | ---- | M] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 12:42:00 | 003,730,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.30 10:07:21 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.30 02:06:22 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.30 01:46:53 | 000,027,556 | ---- | M] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.30 01:05:11 | 002,743,780 | ---- | M] () -- C:\Users\HIlo\Desktop\balloon.gif [2012.10.26 05:16:23 | 000,000,034 | ---- | M] () -- C:\Windows\AvastEmUpdate.ini [2012.10.24 19:56:45 | 000,001,077 | ---- | M] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.24 16:09:13 | 000,171,666 | ---- | M] () -- C:\Users\HIlo\Desktop\hhj.png [2012.10.24 00:14:58 | 000,163,051 | ---- | M] () -- C:\Users\HIlo\Desktop\files.php.jpg [2012.10.23 10:42:50 | 001,663,966 | ---- | M] () -- C:\Users\HIlo\Desktop\tzh.png [2012.10.20 17:15:12 | 008,944,820 | ---- | M] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.20 17:04:23 | 000,001,295 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube Download.lnk [2012.10.20 13:55:56 | 000,001,391 | ---- | M] () -- C:\Users\HIlo\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.08 11:32:20 | 000,038,256 | ---- | M] (Xeno) -- C:\Windows\System32\drivers\prio.sys [6 C:\Users\HIlo\Desktop\*.tmp files -> C:\Users\HIlo\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 17:45:45 | 000,000,020 | ---- | C] () -- C:\Users\HIlo\defogger_reenable [2012.11.03 17:12:04 | 000,000,032 | ---- | C] () -- C:\Users\HIlo\Desktop\bes_sw.ini [2012.11.02 17:45:56 | 000,004,014 | ---- | C] () -- C:\Users\HIlo\Desktop\NewDatabase.kdbx [2012.11.02 15:42:03 | 001,147,932 | ---- | C] () -- C:\Users\HIlo\Desktop\IMG_02112012_152823.png [2012.11.02 14:52:48 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2012.11.02 14:52:48 | 000,001,098 | ---- | C] () -- C:\Users\HIlo\Desktop\KeePass 2.lnk [2012.11.02 13:26:33 | 000,000,386 | ---- | C] () -- C:\Users\HIlo\Desktop\bes.ini [2012.11.02 13:25:07 | 000,231,936 | ---- | C] ( ) -- C:\Users\HIlo\Desktop\BES.exe [2012.11.02 07:47:51 | 000,001,281 | ---- | C] () -- C:\Users\HIlo\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 03:07:03 | 000,007,622 | ---- | C] () -- C:\Users\HIlo\AppData\Local\Resmon.ResmonCfg [2012.11.02 01:56:52 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.01 23:13:36 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\PSD Viewer.lnk [2012.11.01 23:04:47 | 004,780,634 | ---- | C] () -- C:\Users\HIlo\Desktop\ThreadDesign3.psd [2012.11.01 21:22:09 | 003,245,543 | ---- | C] () -- C:\Users\HIlo\Desktop\nlliu.png [2012.10.31 16:02:07 | 000,001,040 | ---- | C] () -- C:\Users\HIlo\Desktop\RightMark CPU Clock Utility.lnk [2012.10.31 14:18:30 | 000,004,484 | ---- | C] () -- C:\Windows\System32\drivers\cpuidlep.sys [2012.10.31 13:51:49 | 000,002,791 | ---- | C] () -- C:\Users\HIlo\Desktop\Nostale - Verknüpfung.lnk [2012.10.30 18:58:18 | 001,832,789 | ---- | C] () -- C:\Users\HIlo\Desktop\fejdjasj.png [2012.10.30 13:43:41 | 001,282,700 | ---- | C] () -- C:\Users\HIlo\Desktop\vawv9sd5uyks.png [2012.10.30 02:06:22 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.30 01:46:50 | 000,027,556 | ---- | C] () -- C:\Users\HIlo\Desktop\Mein Film.wlmp [2012.10.30 01:05:03 | 002,743,780 | ---- | C] () -- C:\Users\HIlo\Desktop\balloon.gif [2012.10.24 19:56:45 | 000,001,077 | ---- | C] () -- C:\Users\HIlo\Desktop\PokerStars.eu.lnk [2012.10.24 16:09:12 | 000,171,666 | ---- | C] () -- C:\Users\HIlo\Desktop\hhj.png [2012.10.24 00:14:32 | 000,163,051 | ---- | C] () -- C:\Users\HIlo\Desktop\files.php.jpg [2012.10.23 10:04:40 | 001,663,966 | ---- | C] () -- C:\Users\HIlo\Desktop\tzh.png [2012.10.23 08:57:28 | 000,001,286 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012.10.23 08:56:33 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012.10.20 17:15:03 | 008,944,820 | ---- | C] () -- C:\Users\HIlo\Desktop\Epic Sax Guy Saxtreme!!.mp4 [2012.10.15 15:29:22 | 1555,587,072 | -HS- | C] () -- C:\hiberfil.sys [2012.09.10 16:56:48 | 000,366,160 | ---- | C] () -- C:\Users\HIlo\IMG_0183.JPG [2012.09.10 16:56:48 | 000,294,015 | ---- | C] () -- C:\Users\HIlo\IMG_0207.JPG [2012.09.10 16:56:48 | 000,247,166 | ---- | C] () -- C:\Users\HIlo\IMG_0219.JPG [2012.09.10 16:56:48 | 000,242,912 | ---- | C] () -- C:\Users\HIlo\IMG_0156.JPG [2012.09.10 16:56:48 | 000,238,848 | ---- | C] () -- C:\Users\HIlo\IMG_0195.JPG [2012.09.10 16:56:48 | 000,219,645 | ---- | C] () -- C:\Users\HIlo\IMG_0201.JPG [2012.09.10 16:56:48 | 000,217,815 | ---- | C] () -- C:\Users\HIlo\IMG_0203.JPG [2012.09.10 16:56:48 | 000,217,283 | ---- | C] () -- C:\Users\HIlo\IMG_0220.JPG [2012.09.10 16:56:48 | 000,217,132 | ---- | C] () -- C:\Users\HIlo\IMG_0218.JPG [2012.09.10 16:56:48 | 000,214,516 | ---- | C] () -- C:\Users\HIlo\IMG_0180.JPG [2012.09.10 16:56:48 | 000,210,120 | ---- | C] () -- C:\Users\HIlo\IMG_0159.JPG [2012.09.10 16:56:48 | 000,205,347 | ---- | C] () -- C:\Users\HIlo\IMG_0181.JPG [2012.09.10 16:56:48 | 000,204,411 | ---- | C] () -- C:\Users\HIlo\IMG_0158.JPG [2012.09.10 16:56:48 | 000,203,242 | ---- | C] () -- C:\Users\HIlo\IMG_0202.JPG [2012.09.10 16:56:48 | 000,203,240 | ---- | C] () -- C:\Users\HIlo\IMG_0172.JPG [2012.09.10 16:56:48 | 000,202,540 | ---- | C] () -- C:\Users\HIlo\IMG_0200.JPG [2012.09.10 16:56:48 | 000,197,683 | ---- | C] () -- C:\Users\HIlo\IMG_0173.JPG [2012.09.10 16:56:48 | 000,192,276 | ---- | C] () -- C:\Users\HIlo\IMG_0197.JPG [2012.09.10 16:56:48 | 000,192,192 | ---- | C] () -- C:\Users\HIlo\IMG_0170.JPG [2012.09.10 16:56:48 | 000,191,185 | ---- | C] () -- C:\Users\HIlo\IMG_0164.JPG [2012.09.10 16:56:48 | 000,190,484 | ---- | C] () -- C:\Users\HIlo\IMG_0177.JPG [2012.09.10 16:56:48 | 000,190,245 | ---- | C] () -- C:\Users\HIlo\IMG_0169.JPG [2012.09.10 16:56:48 | 000,187,186 | ---- | C] () -- C:\Users\HIlo\IMG_0171.JPG [2012.09.10 16:56:48 | 000,186,537 | ---- | C] () -- C:\Users\HIlo\IMG_0178.JPG [2012.09.10 16:56:48 | 000,184,973 | ---- | C] () -- C:\Users\HIlo\IMG_0174.JPG [2012.09.10 16:56:48 | 000,178,575 | ---- | C] () -- C:\Users\HIlo\IMG_0204.JPG [2012.09.10 16:56:48 | 000,176,010 | ---- | C] () -- C:\Users\HIlo\IMG_0179.JPG [2012.09.10 16:56:48 | 000,166,273 | ---- | C] () -- C:\Users\HIlo\IMG_0206.JPG [2012.09.10 16:56:48 | 000,163,328 | ---- | C] () -- C:\Users\HIlo\IMG_0198.JPG [2012.09.10 16:56:48 | 000,157,614 | ---- | C] () -- C:\Users\HIlo\IMG_0205.JPG [2012.09.10 16:56:48 | 000,156,800 | ---- | C] () -- C:\Users\HIlo\IMG_0182.JPG [2012.09.10 16:56:48 | 000,153,109 | ---- | C] () -- C:\Users\HIlo\IMG_0167.JPG [2012.09.10 16:56:48 | 000,107,572 | ---- | C] () -- C:\Users\HIlo\IMG_0163.JPG [2012.09.10 16:56:48 | 000,097,796 | ---- | C] () -- C:\Users\HIlo\IMG_0162.JPG [2012.08.25 19:42:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.08.17 13:59:34 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini [2012.07.20 21:49:43 | 000,002,642 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.02.06 16:45:33 | 000,000,717 | ---- | C] () -- C:\Windows\QIII.INI [2011.12.04 01:48:14 | 000,000,057 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.03 21:39:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.03 21:33:43 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.05.25 18:03:27 | 000,000,990 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.19 22:31:02 | 000,003,584 | ---- | C] () -- C:\Users\HIlo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.05 16:34:37 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Weiße Edition.nds [2011.03.27 16:57:00 | 268,435,456 | ---- | C] () -- C:\Users\HIlo\Pokemon Schwarze Edition.nds [2011.01.05 02:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.04 22:56:21 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011.01.04 22:56:21 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011.01.04 21:34:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.25 08:11:32 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\.minecraft [2012.08.21 20:49:34 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ALDITALKVerbindungsassistent [2011.02.25 23:24:19 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Ashampoo [2012.10.30 02:41:57 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Audacity [2012.08.25 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Boilsoft [2011.01.04 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\CachedFiles [2011.07.30 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.12.10 23:44:10 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DAEMON Tools Lite [2012.10.20 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DVDVideoSoft [2012.08.26 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.14 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\FreeFLVConverter [2012.08.26 14:51:15 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Freemium [2011.05.17 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\GetRightToGo [2011.10.29 12:40:18 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Gomez [2012.01.02 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\GrabPro [2012.06.20 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\HandBrake [2012.10.30 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Kalydo [2012.11.03 17:48:49 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\KeePass [2011.02.14 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Leadertech [2011.10.29 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\LibreOffice [2012.07.14 03:24:26 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ManyCam [2012.07.20 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\mirkes.de [2012.08.25 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Moyea [2011.12.11 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\mp3DirectCut [2012.10.31 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Notebook Hardware Control [2012.10.30 02:02:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Opera [2012.01.02 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Orbit [2011.11.26 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Origin [2011.12.10 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\PC Suite [2011.11.06 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\PhotoScape [2011.10.24 20:49:52 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\ProgSense [2012.06.20 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Publish Providers [2012.02.05 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Samsung [2012.06.20 21:49:20 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Sony [2011.07.30 13:54:11 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.11 01:00:27 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\SumatraPDF [2012.01.01 13:13:05 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Teeworlds [2012.08.25 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\tiger-k [2012.03.17 13:34:06 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\toolplugin [2011.12.10 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\TuneUp Software [2011.01.11 17:04:56 | 000,000,000 | ---D | M] -- C:\Users\HIlo\AppData\Roaming\Update ========== Purity Check ========== < End of report > |
|
03.11.2012, 19:18
| #2 |
| | Trojanercheck und von Gmer:
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-03 19:05:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.0084000A
Running: 4tjfq2t2.exe; Driver: C:\Users\HIlo\AppData\Local\Temp\kxldipog.sys
---- System - GMER 1.0.15 ----
SSDT 97253916 ZwCreateSection
SSDT 97253920 ZwRequestWaitReplyPort
SSDT 9725391B ZwSetContextThread
SSDT 97253925 ZwSetSecurityObject
SSDT 9725392A ZwSystemDebugControl
SSDT 972538B7 ZwTerminateProcess
Code 973D5BFC ZwTraceEvent
Code 973D5BFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8303EA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830784D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8307F62C 4 Bytes [16, 39, 25, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 8307F988 4 Bytes [20, 39, 25, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8307F9CC 4 Bytes [1B, 39, 25, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 8307FA48 4 Bytes [25, 39, 25, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8307FA9C 4 Bytes [2A, 39, 25, 97]
.text ...
.text ntkrnlpa.exe!NtTraceEvent 830C8DA2 5 Bytes JMP 973D5C00
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 832550EE 5 Bytes JMP 973D5DE0
PAGE ntkrnlpa.exe!NtRequestPort + 2 83283687 5 Bytes JMP 973D5CA0
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F62C000, 0x2D5378, 0xE8000020]
.text win32k.sys!EngCTGetGammaTable + 4C65 824F5D22 5 Bytes JMP 973D55C0
.text win32k.sys!EngMapFontFileFD + 39BC 82519F51 5 Bytes JMP 973D5A20
.text win32k.sys!EngUnmapFontFileFD + 90D6 8252E5C9 5 Bytes JMP 973D5520
.text win32k.sys!EngUnmapFontFileFD + ACDE 825301D1 5 Bytes JMP 973D5660
.text win32k.sys!EngUnmapFontFileFD + 1ED07 825441FA 5 Bytes JMP 973D5700
.text win32k.sys!EngBitBlt + 1BDF 8255CEB6 5 Bytes JMP 973D53E0
.text win32k.sys!EngBitBlt + 2404 8255D6DB 5 Bytes JMP 973D5480
.text win32k.sys!EngDeleteClip + 480C 8258765B 5 Bytes JMP 973D5AC0
.text win32k.sys!PATHOBJ_vGetBounds + 3459 825ECC96 5 Bytes JMP 973D5840
.text win32k.sys!PATHOBJ_vGetBounds + 9678 825F2EB5 5 Bytes JMP 973D57A0
.text win32k.sys!EngCTGetCurrentGamma + 315D 825FE699 5 Bytes JMP 973D5B60
PAGE peauth.sys 9CC1EB9B 72 Bytes JMP 9C498E1F
---- Devices - GMER 1.0.15 ----
Device \Driver\usbhub \Device\0000008e hcmon.sys
Device \Driver\usbhub \Device\0000008f hcmon.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
AttachedDevice \Driver\tdx \Device\Tcp prio.sys (Prio Network Activity Driver/Xeno)
AttachedDevice \Driver\tdx \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp nltdi.sys
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys
Device \Driver\usbhub \Device\00000090 hcmon.sys
AttachedDevice \Driver\tdx \Device\Udp prio.sys (Prio Network Activity Driver/Xeno)
AttachedDevice \Driver\tdx \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp nltdi.sys
Device \Driver\usbhub \Device\00000089 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\ACPI_HAL \Device\0000006d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbhub \Device\0000008a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbhub \Device\0000008b hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys
Device \Driver\usbhub \Device\0000008c hcmon.sys
Device \Driver\usbhub \Device\0000008d hcmon.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ca51fb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ca51fb@000761fc7863 0x4D 0x89 0xC8 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ca51fb@fca13e2f45b1 0x77 0x79 0x54 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ca51fb@001f2013f9a4 0xAC 0xFC 0x51 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ca51fb@1436059f4744 0xD6 0x39 0xFF 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0xEE 0x94 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0xC7 0xAC 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0x2B 0x43 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBE 0xFD 0x63 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x38 0x96 0x76 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB5 0xDE 0x1F 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ca51fb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ca51fb@000761fc7863 0x4D 0x89 0xC8 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ca51fb@fca13e2f45b1 0x77 0x79 0x54 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ca51fb@001f2013f9a4 0xAC 0xFC 0x51 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ca51fb@1436059f4744 0xD6 0x39 0xFF 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0xEE 0x94 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0xC7 0xAC 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0x2B 0x43 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBE 0xFD 0x63 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x38 0x96 0x76 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB5 0xDE 0x1F 0x2D ...
---- EOF - GMER 1.0.15 ----
|
|
06.11.2012, 20:39
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojanercheck Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
|
08.11.2012, 00:30
| #4 |
| | Trojanercheck hier Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.01.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 HIlo :: HILO-PC [Administrator] Schutz: Aktiviert 02.11.2012 02:25:40 mbam-log-2012-11-02 (02-25-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 367919 Laufzeit: 2 Stunde(n), 14 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
08.11.2012, 13:22
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Ich hab dich gebeten alles sorgfältig durchzulesen Warum hast du nicht in CODE-Tags gepostet? Bitte halte dich daran Sind das alle Logs von Malwarebytes mit Funden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 19:51
| #6 |
| | Trojanercheck tut mir leid , habe ich wohl übersehen was in der Klammer stand. Ja ,dass ist alles :P |
|
08.11.2012, 20:38
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 20:50
| #8 |
| | Trojanercheck Das Programm aswMBr hat mich nicht nach der avastdefinition gefragt. Liegt wohl daran,dass ich avast bereits installiert habe oder? Soll ich den Schritt überspringen? |
|
08.11.2012, 21:10
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck nein aswMBR bitte wie o.g. ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 21:26
| #10 |
| | Trojanercheck Bei mir kam aber leider keine Anfrage zu dem Herunterladen der Definitionen. Die sind aber in dem Dosfenster angegeben : 12 Millionen. Ging davon aus ,er hat die von meiner Avastinstallation übernommen?! :O Geändert von hilo123 (08.11.2012 um 21:35 Uhr) |
|
08.11.2012, 22:13
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Nun mach doch einfach den Scan 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 22:23
| #12 |
| | Trojanercheck Habe ich bereits  Zu morgen mache ich dann auch den 2. Teil . Danke dir soweit :P Muss ich denn unbedingt alle Programm schließen,wenn ich TDSSkiller anwende? okay habe es angewendet mit allen PRogrammen geschlossen Hier die logs: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-08 20:48:21
-----------------------------
20:48:21.435 OS Version: Windows 6.1.7601 Service Pack 1
20:48:21.436 Number of processors: 2 586 0x170A
20:48:21.440 ComputerName: HILO-PC UserName: HIlo
20:48:35.235 Initialize success
20:48:38.122 AVAST engine defs: 12110800
20:55:59.815 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:55:59.831 Disk 0 Vendor: FUJITSU_MHZ2320BH_G1 0084000A Size: 305245MB BusType: 11
20:55:59.859 Disk 0 MBR read successfully
20:55:59.871 Disk 0 MBR scan
20:55:59.926 Disk 0 Windows 7 default MBR code
20:55:59.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:56:00.061 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 62144 MB offset 206848
20:56:00.092 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 242998 MB offset 127477760
20:56:00.114 Disk 0 scanning sectors +625137664
20:56:00.266 Disk 0 scanning C:\Windows\system32\drivers
20:56:21.312 Service scanning
20:57:03.813 Modules scanning
20:57:32.156 Disk 0 trace - called modules:
20:57:32.195
20:57:32.718 AVAST engine scan C:\Windows
20:57:35.002 AVAST engine scan C:\Windows\system32
21:01:27.635 AVAST engine scan C:\Windows\system32\drivers
21:01:50.411 AVAST engine scan C:\Users\HIlo
21:15:49.143 AVAST engine scan C:\ProgramData
21:21:03.310 Scan finished successfully
21:28:10.294 Disk 0 MBR has been saved successfully to "C:\Users\HIlo\Desktop\MBR.dat"
21:28:10.336 The log file has been saved successfully to "C:\Users\HIlo\Desktop\aswMBR.txt"
Code:
ATTFilter 21:34:15.0108 4056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:34:15.0633 4056 ============================================================
21:34:15.0633 4056 Current date / time: 2012/11/08 21:34:15.0633
21:34:15.0633 4056 SystemInfo:
21:34:15.0634 4056
21:34:15.0634 4056 OS Version: 6.1.7601 ServicePack: 1.0
21:34:15.0634 4056 Product type: Workstation
21:34:15.0634 4056 ComputerName: HILO-PC
21:34:15.0634 4056 UserName: HIlo
21:34:15.0635 4056 Windows directory: C:\Windows
21:34:15.0635 4056 System windows directory: C:\Windows
21:34:15.0635 4056 Processor architecture: Intel x86
21:34:15.0635 4056 Number of processors: 2
21:34:15.0635 4056 Page size: 0x1000
21:34:15.0635 4056 Boot type: Normal boot
21:34:15.0635 4056 ============================================================
21:34:18.0127 4056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:34:18.0163 4056 ============================================================
21:34:18.0163 4056 \Device\Harddisk0\DR0:
21:34:18.0163 4056 MBR partitions:
21:34:18.0163 4056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:34:18.0163 4056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7960000
21:34:18.0163 4056 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7992800, BlocksNum 0x1DA9B000
21:34:18.0163 4056 ============================================================
21:34:18.0213 4056 C: <-> \Device\Harddisk0\DR0\Partition2
21:34:18.0368 4056 D: <-> \Device\Harddisk0\DR0\Partition3
21:34:18.0443 4056 ============================================================
21:34:18.0443 4056 Initialize success
21:34:18.0443 4056 ============================================================
23:53:40.0543 1240 ============================================================
23:53:40.0558 1240 Scan started
23:53:40.0574 1240 Mode: Manual; SigCheck; TDLFS;
23:53:40.0574 1240 ============================================================
23:53:42.0852 1240 ================ Scan system memory ========================
23:53:42.0852 1240 System memory - ok
23:53:42.0867 1240 ================ Scan services =============================
23:53:43.0164 1240 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:53:43.0491 1240 !SASCORE - ok
23:53:43.0678 1240 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:53:43.0819 1240 1394ohci - ok
23:53:43.0866 1240 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:53:43.0928 1240 ACPI - ok
23:53:43.0975 1240 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:53:44.0084 1240 AcpiPmi - ok
23:53:44.0162 1240 [ 40C186D35C0E307240D6BCA399332B24 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
23:53:44.0224 1240 AcPrfMgrSvc - ok
23:53:44.0287 1240 [ 51E12E36BDEB10C0D9DBDB1FA4914800 ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
23:53:44.0334 1240 AcSvc - ok
23:53:44.0380 1240 [ A71390EE50FEFF7F799F3CB0C4A98533 ] ADMonitor C:\Windows\system32\ADMonitor.exe
23:53:44.0412 1240 ADMonitor ( UnsignedFile.Multi.Generic ) - warning
23:53:44.0412 1240 ADMonitor - detected UnsignedFile.Multi.Generic (1)
23:53:44.0552 1240 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:53:44.0583 1240 AdobeARMservice - ok
23:53:44.0646 1240 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:53:44.0677 1240 AdobeFlashPlayerUpdateSvc - ok
23:53:44.0739 1240 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:53:44.0817 1240 adp94xx - ok
23:53:44.0848 1240 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:53:44.0911 1240 adpahci - ok
23:53:44.0942 1240 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:53:44.0973 1240 adpu320 - ok
23:53:45.0020 1240 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:53:45.0176 1240 AeLookupSvc - ok
23:53:45.0223 1240 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:53:45.0332 1240 AFD - ok
23:53:45.0363 1240 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:53:45.0394 1240 agp440 - ok
23:53:45.0457 1240 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:53:45.0504 1240 aic78xx - ok
23:53:45.0660 1240 [ B95A1D7FF4F7FDE7E5E4062F4061ED6F ] ALDITALKVerbindungsassistent_Service C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
23:53:45.0753 1240 ALDITALKVerbindungsassistent_Service - ok
23:53:45.0784 1240 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:53:45.0878 1240 ALG - ok
23:53:45.0925 1240 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:53:45.0956 1240 aliide - ok
23:53:46.0018 1240 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:53:46.0112 1240 AMD External Events Utility - ok
23:53:46.0128 1240 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:53:46.0174 1240 amdagp - ok
23:53:46.0190 1240 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:53:46.0221 1240 amdide - ok
23:53:46.0252 1240 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:53:46.0330 1240 AmdK8 - ok
23:53:46.0362 1240 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:53:46.0440 1240 AmdPPM - ok
23:53:46.0486 1240 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:53:46.0518 1240 amdsata - ok
23:53:46.0533 1240 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:53:46.0580 1240 amdsbs - ok
23:53:46.0596 1240 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:53:46.0627 1240 amdxata - ok
23:53:46.0674 1240 [ 4526B5C48F44AA1A2AD9ABB0A4635F70 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:53:46.0736 1240 ApfiltrService - ok
23:53:46.0783 1240 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:53:46.0861 1240 AppID - ok
23:53:46.0908 1240 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:53:47.0017 1240 AppIDSvc - ok
23:53:47.0048 1240 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:53:47.0157 1240 Appinfo - ok
23:53:47.0188 1240 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:53:47.0235 1240 arc - ok
23:53:47.0251 1240 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:53:47.0298 1240 arcsas - ok
23:53:47.0360 1240 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
23:53:47.0391 1240 aswFsBlk - ok
23:53:47.0422 1240 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:53:47.0454 1240 aswMonFlt - ok
23:53:47.0485 1240 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
23:53:47.0516 1240 aswRdr - ok
23:53:47.0547 1240 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:53:47.0625 1240 aswSnx - ok
23:53:47.0672 1240 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:53:47.0734 1240 aswSP - ok
23:53:47.0766 1240 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:53:47.0812 1240 aswTdi - ok
23:53:47.0844 1240 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:53:48.0015 1240 AsyncMac - ok
23:53:48.0062 1240 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:53:48.0093 1240 atapi - ok
23:53:48.0296 1240 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:53:48.0624 1240 atikmdag - ok
23:53:48.0670 1240 [ 0E4BB35C5305099AC82053AC992E3E0E ] ATITool C:\Windows\system32\DRIVERS\ATITool.sys
23:53:48.0702 1240 ATITool ( UnsignedFile.Multi.Generic ) - warning
23:53:48.0702 1240 ATITool - detected UnsignedFile.Multi.Generic (1)
23:53:48.0795 1240 [ 9C4DF8D13E5EA12A747BAD0773D47B01 ] ATService C:\Windows\system32\AtService.exe
23:53:48.0920 1240 ATService - ok
23:53:48.0967 1240 [ 2540B733F644B200DBA9AA64D870DE8D ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
23:53:49.0060 1240 ATSwpWDF - ok
23:53:49.0107 1240 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:53:49.0232 1240 AudioEndpointBuilder - ok
23:53:49.0263 1240 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:53:49.0341 1240 Audiosrv - ok
23:53:49.0482 1240 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:53:49.0497 1240 avast! Antivirus - ok
23:53:49.0544 1240 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:53:49.0684 1240 AxInstSV - ok
23:53:49.0747 1240 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:53:49.0856 1240 b06bdrv - ok
23:53:49.0887 1240 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:53:49.0934 1240 b57nd60x - ok
23:53:50.0012 1240 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:53:50.0106 1240 BDESVC - ok
23:53:50.0137 1240 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:53:50.0230 1240 Beep - ok
23:53:50.0293 1240 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:53:50.0418 1240 BFE - ok
23:53:50.0480 1240 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
23:53:50.0605 1240 BITS - ok
23:53:50.0636 1240 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:53:50.0683 1240 blbdrive - ok
23:53:50.0714 1240 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:53:50.0792 1240 bowser - ok
23:53:50.0823 1240 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:53:50.0948 1240 BrFiltLo - ok
23:53:50.0979 1240 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:53:51.0057 1240 BrFiltUp - ok
23:53:51.0104 1240 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:53:51.0198 1240 Browser - ok
23:53:51.0229 1240 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:53:51.0338 1240 Brserid - ok
23:53:51.0354 1240 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:53:51.0416 1240 BrSerWdm - ok
23:53:51.0447 1240 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:53:51.0494 1240 BrUsbMdm - ok
23:53:51.0510 1240 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:53:51.0572 1240 BrUsbSer - ok
23:53:51.0634 1240 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:53:51.0900 1240 BthEnum - ok
23:53:51.0931 1240 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:53:51.0978 1240 BTHMODEM - ok
23:53:52.0024 1240 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:53:52.0071 1240 BthPan - ok
23:53:52.0118 1240 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:53:52.0212 1240 BTHPORT - ok
23:53:52.0243 1240 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:53:52.0352 1240 bthserv - ok
23:53:52.0383 1240 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:53:52.0414 1240 BTHUSB - ok
23:53:52.0477 1240 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
23:53:52.0508 1240 btusbflt - ok
23:53:52.0555 1240 [ F8B4F60768328FAA2FFE2727F66809F8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:53:52.0586 1240 btwaudio - ok
23:53:52.0617 1240 [ FA7446DD38DE84D4988D1F2EBB854589 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
23:53:52.0648 1240 btwavdt - ok
23:53:52.0742 1240 [ CE7FFC836C4F22D709ED6974F7ABD06B ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
23:53:52.0820 1240 btwdins - ok
23:53:52.0851 1240 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:53:52.0867 1240 btwl2cap - ok
23:53:52.0898 1240 [ D5862FBC1CBC0404614FD9D85C8D880E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:53:52.0914 1240 btwrchid - ok
23:53:52.0960 1240 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:53:53.0054 1240 cdfs - ok
23:53:53.0101 1240 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:53:53.0163 1240 cdrom - ok
23:53:53.0210 1240 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:53:53.0319 1240 CertPropSvc - ok
23:53:53.0335 1240 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:53:53.0397 1240 circlass - ok
23:53:53.0444 1240 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:53:53.0491 1240 CLFS - ok
23:53:53.0569 1240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:53.0616 1240 clr_optimization_v2.0.50727_32 - ok
23:53:53.0678 1240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:53:53.0740 1240 clr_optimization_v4.0.30319_32 - ok
23:53:53.0772 1240 clwvd - ok
23:53:53.0803 1240 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:53:53.0850 1240 CmBatt - ok
23:53:53.0865 1240 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:53:53.0896 1240 cmdide - ok
23:53:53.0943 1240 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:53:54.0037 1240 CNG - ok
23:53:54.0099 1240 [ 225E3E97021D72067AB359A295BF8C6F ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
23:53:54.0208 1240 CnxtHdAudService - ok
23:53:54.0240 1240 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:53:54.0286 1240 Compbatt - ok
23:53:54.0318 1240 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:53:54.0380 1240 CompositeBus - ok
23:53:54.0396 1240 COMSysApp - ok
23:53:54.0458 1240 [ 3A1DC7C08AE1AF450FFD753A0FD82F9D ] cpuidlep C:\Windows\system32\drivers\cpuidlep.sys
23:53:54.0474 1240 cpuidlep ( UnsignedFile.Multi.Generic ) - warning
23:53:54.0474 1240 cpuidlep - detected UnsignedFile.Multi.Generic (1)
23:53:54.0505 1240 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:53:54.0536 1240 crcdisk - ok
23:53:54.0583 1240 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:53:54.0676 1240 CryptSvc - ok
23:53:54.0739 1240 [ DEC7D38358F3455101CE72C4F7D19CED ] CXSONORA C:\Windows\system32\drivers\A885VCap.sys
23:53:54.0801 1240 CXSONORA ( UnsignedFile.Multi.Generic ) - warning
23:53:54.0801 1240 CXSONORA - detected UnsignedFile.Multi.Generic (1)
23:53:54.0848 1240 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:53:54.0973 1240 DcomLaunch - ok
23:53:55.0020 1240 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:53:55.0113 1240 defragsvc - ok
23:53:55.0160 1240 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:53:55.0238 1240 DfsC - ok
23:53:55.0316 1240 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe
23:53:55.0378 1240 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
23:53:55.0378 1240 DfSdkS - detected UnsignedFile.Multi.Generic (1)
23:53:55.0441 1240 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:53:55.0534 1240 Dhcp - ok
23:53:55.0566 1240 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:53:55.0659 1240 discache - ok
23:53:55.0706 1240 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:53:55.0737 1240 Disk - ok
23:53:55.0768 1240 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:53:55.0815 1240 Dnscache - ok
23:53:55.0862 1240 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:53:55.0940 1240 dot3svc - ok
23:53:55.0987 1240 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:53:56.0080 1240 DPS - ok
23:53:56.0127 1240 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:53:56.0190 1240 drmkaud - ok
23:53:56.0205 1240 [ F74F18DFF9FB2797C3DF33C75962EE2E ] dtsvc C:\Windows\system32\DTS.exe
23:53:56.0252 1240 dtsvc ( UnsignedFile.Multi.Generic ) - warning
23:53:56.0252 1240 dtsvc - detected UnsignedFile.Multi.Generic (1)
23:53:56.0299 1240 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:53:56.0392 1240 DXGKrnl - ok
23:53:56.0439 1240 EagleXNt - ok
23:53:56.0470 1240 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:53:56.0548 1240 EapHost - ok
23:53:56.0689 1240 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:53:56.0892 1240 ebdrv - ok
23:53:56.0923 1240 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:53:57.0032 1240 EFS - ok
23:53:57.0094 1240 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:53:57.0219 1240 ehRecvr - ok
23:53:57.0250 1240 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:53:57.0328 1240 ehSched - ok
23:53:57.0391 1240 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:53:57.0469 1240 elxstor - ok
23:53:57.0516 1240 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:53:57.0609 1240 ErrDev - ok
23:53:57.0687 1240 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:53:57.0812 1240 EventSystem - ok
23:53:57.0859 1240 [ E1556AF3FB0284C32896B9AC8494D9C2 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
23:53:57.0952 1240 ewusbnet - ok
23:53:57.0999 1240 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
23:53:58.0062 1240 ew_hwusbdev - ok
23:53:58.0093 1240 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:53:58.0186 1240 exfat - ok
23:53:58.0218 1240 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:53:58.0296 1240 fastfat - ok
23:53:58.0358 1240 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:53:58.0436 1240 Fax - ok
23:53:58.0467 1240 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:53:58.0514 1240 fdc - ok
23:53:58.0545 1240 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:53:58.0639 1240 fdPHost - ok
23:53:58.0670 1240 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:53:58.0764 1240 FDResPub - ok
23:53:58.0795 1240 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:53:58.0826 1240 FileInfo - ok
23:53:58.0842 1240 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:53:58.0935 1240 Filetrace - ok
23:53:58.0966 1240 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:53:59.0013 1240 flpydisk - ok
23:53:59.0044 1240 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:53:59.0091 1240 FltMgr - ok
23:53:59.0154 1240 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:53:59.0263 1240 FontCache - ok
23:53:59.0325 1240 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:53:59.0372 1240 FontCache3.0.0.0 - ok
23:53:59.0403 1240 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:53:59.0434 1240 FsDepends - ok
23:53:59.0466 1240 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:53:59.0497 1240 Fs_Rec - ok
23:53:59.0528 1240 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:53:59.0590 1240 fvevol - ok
23:53:59.0622 1240 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:53:59.0653 1240 gagp30kx - ok
23:53:59.0700 1240 [ 56B968449ADF9E0F7151B36005731721 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
23:53:59.0762 1240 GDPkIcpt - ok
23:53:59.0809 1240 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
23:53:59.0824 1240 ggflt - ok
23:53:59.0856 1240 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
23:53:59.0887 1240 ggsemc - ok
23:53:59.0934 1240 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:54:00.0058 1240 gpsvc - ok
23:54:00.0152 1240 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:54:00.0183 1240 gupdate - ok
23:54:00.0214 1240 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:54:00.0246 1240 gupdatem - ok
23:54:00.0292 1240 [ 88A6F2571405B3A4ABC4ED2F52136317 ] hcmon C:\Windows\system32\drivers\hcmon.sys
23:54:00.0308 1240 hcmon - ok
23:54:00.0339 1240 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:54:00.0417 1240 hcw85cir - ok
23:54:00.0480 1240 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:54:00.0558 1240 HdAudAddService - ok
23:54:00.0589 1240 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:54:00.0651 1240 HDAudBus - ok
23:54:00.0698 1240 [ 30D57EE84E1E169D41A6E873B549A096 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
23:54:00.0745 1240 HECI - ok
23:54:00.0760 1240 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:54:00.0823 1240 HidBatt - ok
23:54:00.0838 1240 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:54:00.0901 1240 HidBth - ok
23:54:00.0932 1240 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:54:00.0994 1240 HidIr - ok
23:54:01.0026 1240 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
23:54:01.0119 1240 hidserv - ok
23:54:01.0166 1240 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:54:01.0228 1240 HidUsb - ok
23:54:01.0260 1240 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:54:01.0353 1240 hkmsvc - ok
23:54:01.0384 1240 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:54:01.0509 1240 HomeGroupListener - ok
23:54:01.0540 1240 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:54:01.0634 1240 HomeGroupProvider - ok
23:54:01.0681 1240 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:54:01.0712 1240 HpSAMD - ok
23:54:01.0774 1240 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:54:01.0884 1240 HTTP - ok
23:54:01.0899 1240 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:54:01.0977 1240 hwdatacard - ok
23:54:01.0993 1240 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:54:02.0040 1240 hwpolicy - ok
23:54:02.0071 1240 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:54:02.0118 1240 i8042prt - ok
23:54:02.0180 1240 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:54:02.0242 1240 iaStorV - ok
23:54:02.0289 1240 [ 2D46BFA8FBCDC2998B827154724BD173 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
23:54:02.0320 1240 IBMPMDRV - ok
23:54:02.0336 1240 [ 5265DF48F072689DAC6B9B169F443578 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
23:54:02.0367 1240 IBMPMSVC - ok
23:54:02.0492 1240 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:54:02.0523 1240 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:54:02.0523 1240 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:54:02.0601 1240 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:54:02.0679 1240 idsvc - ok
23:54:02.0726 1240 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:54:02.0757 1240 iirsp - ok
23:54:02.0820 1240 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:54:02.0944 1240 IKEEXT - ok
23:54:02.0976 1240 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:54:03.0007 1240 intelide - ok
23:54:03.0038 1240 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:54:03.0100 1240 intelppm - ok
23:54:03.0132 1240 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:54:03.0225 1240 IPBusEnum - ok
23:54:03.0272 1240 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:54:03.0366 1240 IpFilterDriver - ok
23:54:03.0412 1240 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:54:03.0522 1240 iphlpsvc - ok
23:54:03.0553 1240 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:54:03.0600 1240 IPMIDRV - ok
23:54:03.0646 1240 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:54:03.0740 1240 IPNAT - ok
23:54:03.0771 1240 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:54:03.0849 1240 IRENUM - ok
23:54:03.0896 1240 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:54:03.0927 1240 isapnp - ok
23:54:03.0958 1240 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:54:04.0005 1240 iScsiPrt - ok
23:54:04.0036 1240 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:54:04.0083 1240 kbdclass - ok
23:54:04.0114 1240 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:54:04.0177 1240 kbdhid - ok
23:54:04.0192 1240 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:54:04.0239 1240 KeyIso - ok
23:54:04.0270 1240 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:54:04.0302 1240 KSecDD - ok
23:54:04.0333 1240 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:54:04.0380 1240 KSecPkg - ok
23:54:04.0411 1240 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:54:04.0504 1240 KtmRm - ok
23:54:04.0536 1240 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
23:54:04.0614 1240 LanmanServer - ok
23:54:04.0660 1240 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:54:04.0754 1240 LanmanWorkstation - ok
23:54:04.0816 1240 [ 8B5EB24FCE3926128138B769D50CEE1B ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
23:54:04.0848 1240 LENOVO.CAMMUTE - ok
23:54:04.0894 1240 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
23:54:04.0926 1240 LENOVO.MICMUTE - ok
23:54:04.0941 1240 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
23:54:04.0988 1240 lenovo.smi - ok
23:54:05.0035 1240 [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:54:05.0050 1240 LHidFilt - ok
23:54:05.0097 1240 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:54:05.0191 1240 lltdio - ok
23:54:05.0238 1240 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:54:05.0316 1240 lltdsvc - ok
23:54:05.0347 1240 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:54:05.0425 1240 lmhosts - ok
23:54:05.0456 1240 [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:54:05.0487 1240 LMouFilt - ok
23:54:05.0518 1240 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:54:05.0565 1240 LSI_FC - ok
23:54:05.0581 1240 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:54:05.0628 1240 LSI_SAS - ok
23:54:05.0643 1240 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:54:05.0690 1240 LSI_SAS2 - ok
23:54:05.0690 1240 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:54:05.0737 1240 LSI_SCSI - ok
23:54:05.0768 1240 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:54:05.0846 1240 luafv - ok
23:54:05.0877 1240 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
23:54:05.0940 1240 ManyCam - ok
23:54:06.0018 1240 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
23:54:06.0049 1240 MBAMSwissArmy - ok
23:54:06.0096 1240 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
23:54:06.0142 1240 mcaudrv_simple - ok
23:54:06.0174 1240 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:54:06.0220 1240 Mcx2Svc - ok
23:54:06.0298 1240 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:54:06.0345 1240 MDM ( UnsignedFile.Multi.Generic ) - warning
23:54:06.0345 1240 MDM - detected UnsignedFile.Multi.Generic (1)
23:54:06.0376 1240 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:54:06.0408 1240 megasas - ok
23:54:06.0454 1240 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:54:06.0501 1240 MegaSR - ok
23:54:06.0532 1240 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:54:06.0626 1240 MMCSS - ok
23:54:06.0642 1240 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:54:06.0735 1240 Modem - ok
23:54:06.0782 1240 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:54:06.0829 1240 monitor - ok
23:54:06.0860 1240 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:54:06.0891 1240 mouclass - ok
23:54:06.0922 1240 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:54:06.0985 1240 mouhid - ok
23:54:07.0016 1240 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:54:07.0063 1240 mountmgr - ok
23:54:07.0141 1240 [ EABD578C8B89862C4CC385938D59E18F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:54:07.0172 1240 MozillaMaintenance - ok
23:54:07.0203 1240 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:54:07.0234 1240 mpio - ok
23:54:07.0266 1240 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:54:07.0359 1240 mpsdrv - ok
23:54:07.0422 1240 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:54:07.0546 1240 MpsSvc - ok
23:54:07.0593 1240 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:54:07.0671 1240 MRxDAV - ok
23:54:07.0702 1240 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:54:07.0780 1240 mrxsmb - ok
23:54:07.0827 1240 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:54:07.0874 1240 mrxsmb10 - ok
23:54:07.0905 1240 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:54:07.0968 1240 mrxsmb20 - ok
23:54:07.0999 1240 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:54:08.0030 1240 msahci - ok
23:54:08.0061 1240 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:54:08.0092 1240 msdsm - ok
23:54:08.0124 1240 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:54:08.0186 1240 MSDTC - ok
23:54:08.0233 1240 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:54:08.0311 1240 Msfs - ok
23:54:08.0326 1240 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:54:08.0404 1240 mshidkmdf - ok
23:54:08.0420 1240 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:54:08.0467 1240 msisadrv - ok
23:54:08.0498 1240 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:54:08.0592 1240 MSiSCSI - ok
23:54:08.0592 1240 msiserver - ok
23:54:08.0638 1240 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:54:08.0748 1240 MSKSSRV - ok
23:54:08.0763 1240 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:54:08.0857 1240 MSPCLOCK - ok
23:54:08.0872 1240 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:54:08.0982 1240 MSPQM - ok
23:54:09.0013 1240 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:54:09.0060 1240 MsRPC - ok
23:54:09.0091 1240 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:54:09.0138 1240 mssmbios - ok
23:54:09.0153 1240 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:54:09.0231 1240 MSTEE - ok
23:54:09.0247 1240 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:54:09.0294 1240 MTConfig - ok
23:54:09.0325 1240 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:54:09.0356 1240 Mup - ok
23:54:09.0418 1240 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:54:09.0512 1240 napagent - ok
23:54:09.0543 1240 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:54:09.0590 1240 NativeWifiP - ok
23:54:09.0652 1240 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:54:09.0746 1240 NDIS - ok
23:54:09.0762 1240 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:54:09.0855 1240 NdisCap - ok
23:54:09.0886 1240 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:54:09.0964 1240 NdisTapi - ok
23:54:10.0011 1240 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:54:10.0074 1240 Ndisuio - ok
23:54:10.0105 1240 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:54:10.0198 1240 NdisWan - ok
23:54:10.0230 1240 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:54:10.0292 1240 NDProxy - ok
23:54:10.0339 1240 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:54:10.0432 1240 NetBIOS - ok
23:54:10.0479 1240 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:54:10.0573 1240 NetBT - ok
23:54:10.0588 1240 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:54:10.0635 1240 Netlogon - ok
23:54:10.0666 1240 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:54:10.0791 1240 Netman - ok
23:54:10.0807 1240 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:54:10.0900 1240 netprofm - ok
23:54:10.0932 1240 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:54:10.0963 1240 NetTcpPortSharing - ok
23:54:11.0197 1240 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
23:54:11.0571 1240 NETw5s32 - ok
23:54:11.0727 1240 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
23:54:11.0977 1240 netw5v32 - ok
23:54:12.0024 1240 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:54:12.0070 1240 nfrd960 - ok
23:54:12.0102 1240 [ 9F967A6DB0E6E0E01F898C26FEDD418B ] nhcDriverDevice C:\Windows\system32\drivers\nhcDriver.sys
23:54:12.0133 1240 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - warning
23:54:12.0133 1240 nhcDriverDevice - detected UnsignedFile.Multi.Generic (1)
23:54:12.0180 1240 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:54:12.0273 1240 NlaSvc - ok
23:54:12.0507 1240 [ 1B49B83747509B2B1D707CD4B09AA504 ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
23:54:12.0850 1240 NLNdisMP - ok
23:54:13.0069 1240 [ 1B49B83747509B2B1D707CD4B09AA504 ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
23:54:13.0303 1240 NLNdisPT - ok
23:54:13.0412 1240 [ A021DDEDD9912BCE022C4CDA410D3374 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
23:54:13.0506 1240 nlsvc ( UnsignedFile.Multi.Generic ) - warning
23:54:13.0506 1240 nlsvc - detected UnsignedFile.Multi.Generic (1)
23:54:13.0693 1240 [ 6FE26694C94F1A63AF066D7A557F69D3 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
23:54:14.0020 1240 nltdi - ok
23:54:14.0052 1240 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:54:14.0145 1240 Npfs - ok
23:54:14.0192 1240 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:54:14.0270 1240 nsi - ok
23:54:14.0301 1240 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:54:14.0395 1240 nsiproxy - ok
23:54:14.0457 1240 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:54:14.0582 1240 Ntfs - ok
23:54:14.0598 1240 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:54:14.0676 1240 Null - ok
23:54:14.0722 1240 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:54:14.0754 1240 nvraid - ok
23:54:14.0785 1240 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:54:14.0832 1240 nvstor - ok
23:54:14.0847 1240 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:54:14.0878 1240 nv_agp - ok
23:54:14.0972 1240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:54:15.0034 1240 odserv - ok
23:54:15.0081 1240 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:54:15.0128 1240 ohci1394 - ok
23:54:15.0175 1240 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:54:15.0206 1240 ose - ok
23:54:15.0237 1240 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:54:15.0346 1240 p2pimsvc - ok
23:54:15.0393 1240 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:54:15.0471 1240 p2psvc - ok
23:54:15.0502 1240 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:54:15.0534 1240 Parport - ok
23:54:15.0580 1240 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:54:15.0612 1240 partmgr - ok
23:54:15.0627 1240 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:54:15.0690 1240 Parvdm - ok
23:54:15.0705 1240 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:54:15.0768 1240 PcaSvc - ok
23:54:15.0799 1240 pccsmcfd - ok
23:54:15.0830 1240 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:54:15.0877 1240 pci - ok
23:54:15.0892 1240 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:54:15.0924 1240 pciide - ok
23:54:15.0955 1240 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:54:16.0002 1240 pcmcia - ok
23:54:16.0033 1240 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:54:16.0080 1240 pcw - ok
23:54:16.0111 1240 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:54:16.0236 1240 PEAUTH - ok
23:54:16.0345 1240 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:54:16.0501 1240 pla - ok
23:54:16.0548 1240 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:54:16.0657 1240 PlugPlay - ok
23:54:16.0704 1240 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:54:16.0750 1240 PNRPAutoReg - ok
23:54:16.0782 1240 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:54:16.0844 1240 PNRPsvc - ok
23:54:16.0875 1240 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:54:16.0984 1240 PolicyAgent - ok
23:54:17.0031 1240 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:54:17.0109 1240 Power - ok
23:54:17.0172 1240 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:54:17.0265 1240 PptpMiniport - ok
23:54:17.0281 1240 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:54:17.0328 1240 Processor - ok
23:54:17.0374 1240 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:54:17.0484 1240 ProfSvc - ok
23:54:17.0515 1240 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:54:17.0546 1240 ProtectedStorage - ok
23:54:17.0577 1240 [ 271F3E304CF2A467188EF393C8FBD2B7 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
23:54:17.0608 1240 psadd - ok
23:54:17.0624 1240 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:54:17.0702 1240 Psched - ok
23:54:17.0780 1240 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:54:17.0905 1240 ql2300 - ok
23:54:17.0920 1240 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:54:17.0967 1240 ql40xx - ok
23:54:17.0998 1240 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:54:18.0076 1240 QWAVE - ok
23:54:18.0092 1240 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:54:18.0139 1240 QWAVEdrv - ok
23:54:18.0154 1240 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:54:18.0232 1240 RasAcd - ok
23:54:18.0264 1240 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:54:18.0342 1240 RasAgileVpn - ok
23:54:18.0357 1240 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:54:18.0466 1240 RasAuto - ok
23:54:18.0498 1240 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:54:18.0576 1240 Rasl2tp - ok
23:54:18.0638 1240 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:54:18.0747 1240 RasMan - ok
23:54:18.0763 1240 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:54:18.0841 1240 RasPppoe - ok
23:54:18.0872 1240 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:54:18.0950 1240 RasSstp - ok
23:54:18.0981 1240 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:54:19.0075 1240 rdbss - ok
23:54:19.0090 1240 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:54:19.0137 1240 rdpbus - ok
23:54:19.0168 1240 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:54:19.0262 1240 RDPCDD - ok
23:54:19.0293 1240 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:54:19.0387 1240 RDPENCDD - ok
23:54:19.0402 1240 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:54:19.0496 1240 RDPREFMP - ok
23:54:19.0527 1240 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:54:19.0605 1240 RDPWD - ok
23:54:19.0636 1240 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:54:19.0683 1240 rdyboost - ok
23:54:19.0714 1240 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:54:19.0808 1240 RemoteAccess - ok
23:54:19.0839 1240 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:54:19.0933 1240 RemoteRegistry - ok
23:54:19.0964 1240 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:54:20.0026 1240 RFCOMM - ok
23:54:20.0058 1240 [ D65AC8797F0286ED269500747D6290A4 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
23:54:20.0136 1240 rimmptsk - ok
23:54:20.0151 1240 [ 49EC82B44EB93374ED9988DA7E0E0151 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:54:20.0198 1240 rimsptsk - ok
23:54:20.0214 1240 [ 3F400C3CCD0818858602DDB37B5DE719 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:54:20.0292 1240 rismxdp - ok
23:54:20.0323 1240 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:54:20.0401 1240 RpcEptMapper - ok
23:54:20.0432 1240 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:54:20.0479 1240 RpcLocator - ok
23:54:20.0526 1240 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:54:20.0604 1240 RpcSs - ok
23:54:20.0650 1240 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:54:20.0744 1240 rspndr - ok
23:54:20.0760 1240 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:54:20.0806 1240 SamSs - ok
23:54:20.0884 1240 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:54:20.0916 1240 SASDIFSV - ok
23:54:20.0947 1240 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:54:20.0978 1240 SASKUTIL - ok
23:54:21.0056 1240 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
23:54:21.0087 1240 SbieDrv - ok
23:54:21.0118 1240 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
23:54:21.0150 1240 SbieSvc - ok
23:54:21.0181 1240 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:54:21.0212 1240 sbp2port - ok
23:54:21.0274 1240 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:54:21.0384 1240 SCardSvr - ok
23:54:21.0399 1240 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:54:21.0477 1240 scfilter - ok
23:54:21.0524 1240 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:54:21.0664 1240 Schedule - ok
23:54:21.0680 1240 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:54:21.0758 1240 SCPolicySvc - ok
23:54:21.0789 1240 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:54:21.0852 1240 sdbus - ok
23:54:21.0883 1240 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:54:21.0992 1240 SDRSVC - ok
23:54:22.0008 1240 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:54:22.0086 1240 secdrv - ok
23:54:22.0117 1240 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:54:22.0210 1240 seclogon - ok
23:54:22.0242 1240 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
23:54:22.0320 1240 SENS - ok
23:54:22.0351 1240 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:54:22.0444 1240 SensrSvc - ok
23:54:22.0460 1240 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:54:22.0507 1240 Serenum - ok
23:54:22.0538 1240 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:54:22.0600 1240 Serial - ok
23:54:22.0632 1240 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:54:22.0678 1240 sermouse - ok
23:54:22.0725 1240 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:54:22.0834 1240 SessionEnv - ok
23:54:22.0881 1240 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
23:54:22.0897 1240 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
23:54:22.0897 1240 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
23:54:22.0928 1240 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:54:22.0990 1240 sffdisk - ok
23:54:23.0006 1240 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:54:23.0068 1240 sffp_mmc - ok
23:54:23.0068 1240 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:54:23.0131 1240 sffp_sd - ok
23:54:23.0193 1240 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
23:54:23.0224 1240 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
23:54:23.0224 1240 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
23:54:23.0256 1240 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:54:23.0302 1240 sfloppy - ok
23:54:23.0365 1240 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\Windows\system32\drivers\sfvfs02.sys
23:54:23.0396 1240 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
23:54:23.0396 1240 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
23:54:23.0458 1240 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:54:23.0552 1240 SharedAccess - ok
23:54:23.0599 1240 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:54:23.0708 1240 ShellHWDetection - ok
23:54:23.0770 1240 [ BC31655A03D9E9ED6F7116BAFB9B38C7 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
23:54:23.0802 1240 Shockprf - ok
23:54:23.0833 1240 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:54:23.0864 1240 sisagp - ok
23:54:23.0911 1240 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:54:23.0942 1240 SiSRaid2 - ok
23:54:23.0958 1240 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:54:24.0004 1240 SiSRaid4 - ok
23:54:24.0192 1240 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:54:24.0394 1240 Skype C2C Service - ok
23:54:24.0441 1240 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:54:24.0472 1240 SkypeUpdate - ok
23:54:24.0488 1240 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:54:24.0566 1240 Smb - ok
23:54:24.0628 1240 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:54:24.0706 1240 SNMPTRAP - ok
23:54:24.0847 1240 [ A10C0F1F8D394E7D392FAD72B7A01C1B ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
23:54:25.0034 1240 SNP2UVC ( UnsignedFile.Multi.Generic ) - warning
23:54:25.0034 1240 SNP2UVC - detected UnsignedFile.Multi.Generic (1)
23:54:25.0112 1240 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
23:54:25.0143 1240 Sony PC Companion - ok
23:54:25.0174 1240 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:54:25.0206 1240 spldr - ok
23:54:25.0252 1240 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:54:25.0362 1240 Spooler - ok
23:54:25.0502 1240 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:54:25.0736 1240 sppsvc - ok
23:54:25.0798 1240 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:54:25.0892 1240 sppuinotify - ok
23:54:25.0970 1240 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
23:54:26.0048 1240 sptd - ok
23:54:26.0079 1240 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:54:26.0173 1240 srv - ok
23:54:26.0204 1240 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:54:26.0266 1240 srv2 - ok
23:54:26.0313 1240 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:54:26.0376 1240 SrvHsfHDA - ok
23:54:26.0438 1240 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:54:26.0547 1240 SrvHsfV92 - ok
23:54:26.0578 1240 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:54:26.0656 1240 SrvHsfWinac - ok
23:54:26.0703 1240 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:54:26.0750 1240 srvnet - ok
23:54:26.0781 1240 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:54:26.0859 1240 SSDPSRV - ok
23:54:26.0875 1240 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:54:26.0953 1240 SstpSvc - ok
23:54:27.0046 1240 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
23:54:27.0078 1240 StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:54:27.0078 1240 StarOpen - detected UnsignedFile.Multi.Generic (1)
23:54:27.0109 1240 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:54:27.0156 1240 stexstor - ok
23:54:27.0202 1240 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:54:27.0312 1240 StiSvc - ok
23:54:27.0390 1240 [ 5E8261EDDFD7C1851B78E27705CD7F59 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
23:54:27.0405 1240 SUService ( UnsignedFile.Multi.Generic ) - warning
23:54:27.0405 1240 SUService - detected UnsignedFile.Multi.Generic (1)
23:54:27.0436 1240 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:54:27.0483 1240 swenum - ok
23:54:27.0530 1240 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:54:27.0624 1240 swprv - ok
23:54:27.0702 1240 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:54:27.0811 1240 SysMain - ok
23:54:28.0138 1240 [ 1D7B1AD1AEB2B7CBDFF28DA4D132E07F ] SystemStoreService C:\Program Files\Freetec\SystemStore\SystemStore.exe
23:54:28.0591 1240 SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
23:54:28.0591 1240 SystemStoreService - detected UnsignedFile.Multi.Generic (1)
23:54:28.0638 1240 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:54:28.0716 1240 TabletInputService - ok
23:54:28.0762 1240 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
23:54:28.0794 1240 taphss - ok
23:54:28.0825 1240 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:54:28.0918 1240 TapiSrv - ok
23:54:28.0950 1240 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:54:29.0059 1240 TBS - ok
23:54:29.0121 1240 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:54:29.0246 1240 Tcpip - ok
23:54:29.0308 1240 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:54:29.0386 1240 TCPIP6 - ok
23:54:29.0433 1240 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:54:29.0511 1240 tcpipreg - ok
23:54:29.0558 1240 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:54:29.0620 1240 TDPIPE - ok
23:54:29.0652 1240 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:54:29.0714 1240 TDTCP - ok
23:54:29.0745 1240 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:54:29.0823 1240 tdx - ok
23:54:30.0010 1240 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
23:54:30.0213 1240 TeamViewer7 - ok
23:54:30.0244 1240 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:54:30.0291 1240 TermDD - ok
23:54:30.0322 1240 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:54:30.0447 1240 TermService - ok
23:54:30.0463 1240 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:54:30.0525 1240 Themes - ok
23:54:30.0541 1240 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:54:30.0619 1240 THREADORDER - ok
23:54:30.0634 1240 [ C5DC9E462407B274B504DE2AA3220C2E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
23:54:30.0666 1240 TPDIGIMN - ok
23:54:30.0697 1240 [ 4B2F57221E4CA268967EED0C4F2B7726 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
23:54:30.0744 1240 TPHDEXLGSVC - ok
23:54:30.0806 1240 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\Windows\system32\DRIVERS\TPHKDRV.sys
23:54:30.0868 1240 TPHKDRV - ok
23:54:30.0900 1240 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
23:54:30.0931 1240 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
23:54:30.0931 1240 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
23:54:30.0962 1240 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
23:54:30.0978 1240 TPHKSVC - ok
23:54:31.0024 1240 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
23:54:31.0071 1240 TPM - ok
23:54:31.0118 1240 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:54:31.0212 1240 TrkWks - ok
23:54:31.0290 1240 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:54:31.0383 1240 TrustedInstaller - ok
23:54:31.0399 1240 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:31.0492 1240 tssecsrv - ok
23:54:31.0555 1240 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:54:31.0617 1240 TsUsbFlt - ok
23:54:31.0664 1240 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:54:31.0758 1240 tunnel - ok
23:54:31.0789 1240 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:54:31.0836 1240 uagp35 - ok
23:54:31.0867 1240 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:54:31.0960 1240 udfs - ok
23:54:31.0992 1240 uGuru - ok
23:54:32.0038 1240 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:54:32.0101 1240 UI0Detect - ok
23:54:32.0148 1240 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:54:32.0179 1240 uliagpkx - ok
23:54:32.0241 1240 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:54:32.0288 1240 umbus - ok
23:54:32.0319 1240 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:54:32.0366 1240 UmPass - ok
23:54:32.0397 1240 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:54:32.0506 1240 upnphost - ok
23:54:32.0538 1240 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:32.0616 1240 usbccgp - ok
23:54:32.0631 1240 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:54:32.0694 1240 usbcir - ok
23:54:32.0725 1240 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:54:32.0772 1240 usbehci - ok
23:54:32.0803 1240 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:54:32.0850 1240 usbhub - ok
23:54:32.0881 1240 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:54:32.0912 1240 usbohci - ok
23:54:32.0959 1240 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:54:33.0006 1240 usbprint - ok
23:54:33.0037 1240 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:54:33.0099 1240 usbscan - ok
23:54:33.0115 1240 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:33.0208 1240 USBSTOR - ok
23:54:33.0240 1240 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:54:33.0286 1240 usbuhci - ok
23:54:33.0333 1240 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:54:33.0380 1240 usbvideo - ok
23:54:33.0396 1240 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:54:33.0474 1240 UxSms - ok
23:54:33.0505 1240 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:54:33.0536 1240 VaultSvc - ok
23:54:33.0583 1240 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:54:33.0614 1240 vdrvroot - ok
23:54:33.0645 1240 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:54:33.0770 1240 vds - ok
23:54:33.0801 1240 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:33.0848 1240 vga - ok
23:54:33.0879 1240 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:54:33.0973 1240 VgaSave - ok
23:54:34.0004 1240 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:54:34.0051 1240 vhdmp - ok
23:54:34.0082 1240 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:54:34.0113 1240 viaagp - ok
23:54:34.0129 1240 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:54:34.0191 1240 ViaC7 - ok
23:54:34.0222 1240 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:54:34.0254 1240 viaide - ok
23:54:34.0363 1240 [ 16073F2BC424558EBD277A15188D329E ] VMAuthdService C:\Program Files\VMware\VMware Player\vmware-authd.exe
23:54:34.0378 1240 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
23:54:34.0378 1240 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
23:54:34.0441 1240 [ 15759158F7531853616B2B43AF962FCB ] vmci C:\Windows\system32\DRIVERS\vmci.sys
23:54:34.0472 1240 vmci - ok
23:54:34.0503 1240 [ 050B387296F34735D21DFA87CEC37352 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
23:54:34.0534 1240 vmkbd - ok
23:54:34.0566 1240 [ 1AFA4AF55CBEA579A4BBE4F90967F720 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:54:34.0581 1240 VMnetAdapter - ok
23:54:34.0628 1240 [ 392964A7BF46986FBD44B24A3BEC2088 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:54:34.0644 1240 VMnetBridge - ok
23:54:34.0690 1240 [ 767B32D0466EF960E2657F028ED936FC ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
23:54:34.0753 1240 VMnetDHCP - ok
23:54:34.0784 1240 [ EFFCB341824BE12E3134D4FB970A11E4 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
23:54:34.0800 1240 VMnetuserif - ok
23:54:34.0862 1240 [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb C:\Windows\system32\Drivers\vmusb.sys
23:54:34.0893 1240 vmusb - ok
23:54:34.0971 1240 [ AF76C6D3F5053459E18E4C519FB496C8 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
23:54:35.0065 1240 VMUSBArbService - ok
23:54:35.0127 1240 [ 0B55659B537065303FDE1B4AAF646F16 ] VMware NAT Service C:\Windows\system32\vmnat.exe
23:54:35.0205 1240 VMware NAT Service - ok
23:54:35.0236 1240 [ 20B24D3B2DAC84664EEFEEBF55B53008 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
23:54:35.0268 1240 vmx86 - ok
23:54:35.0299 1240 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:54:35.0330 1240 volmgr - ok
23:54:35.0377 1240 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:54:35.0439 1240 volmgrx - ok
23:54:35.0455 1240 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:54:35.0502 1240 volsnap - ok
23:54:35.0533 1240 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:54:35.0580 1240 vsmraid - ok
23:54:35.0626 1240 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:54:35.0782 1240 VSS - ok
23:54:35.0814 1240 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:54:35.0876 1240 vwifibus - ok
23:54:35.0907 1240 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:54:35.0970 1240 vwififlt - ok
23:54:36.0001 1240 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:54:36.0048 1240 vwifimp - ok
23:54:36.0094 1240 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:54:36.0219 1240 W32Time - ok
23:54:36.0235 1240 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:54:36.0313 1240 WacomPen - ok
23:54:36.0391 1240 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:54:36.0547 1240 WANARP - ok
23:54:36.0562 1240 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:54:36.0625 1240 Wanarpv6 - ok
23:54:36.0703 1240 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:54:36.0859 1240 wbengine - ok
23:54:36.0890 1240 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:54:36.0968 1240 WbioSrvc - ok
23:54:36.0999 1240 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:54:37.0093 1240 wcncsvc - ok
23:54:37.0124 1240 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:54:37.0202 1240 WcsPlugInService - ok
23:54:37.0218 1240 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:54:37.0264 1240 Wd - ok
23:54:37.0296 1240 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:54:37.0374 1240 Wdf01000 - ok
23:54:37.0389 1240 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:54:37.0483 1240 WdiServiceHost - ok
23:54:37.0514 1240 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:54:37.0561 1240 WdiSystemHost - ok
23:54:37.0592 1240 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:54:37.0670 1240 WebClient - ok
23:54:37.0701 1240 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:54:37.0795 1240 Wecsvc - ok
23:54:37.0795 1240 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:54:37.0888 1240 wercplsupport - ok
23:54:37.0920 1240 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:54:38.0044 1240 WerSvc - ok
23:54:38.0076 1240 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:54:38.0154 1240 WfpLwf - ok
23:54:38.0185 1240 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:54:38.0216 1240 WIMMount - ok
23:54:38.0294 1240 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:54:38.0403 1240 WinDefend - ok
23:54:38.0434 1240 WinHttpAutoProxySvc - ok
23:54:38.0497 1240 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:54:38.0606 1240 Winmgmt - ok
23:54:38.0684 1240 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:54:38.0840 1240 WinRM - ok
23:54:38.0887 1240 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:54:38.0934 1240 WinUsb - ok
23:54:38.0996 1240 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:54:39.0105 1240 Wlansvc - ok
23:54:39.0152 1240 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:54:39.0199 1240 WmiAcpi - ok
23:54:39.0246 1240 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:54:39.0308 1240 wmiApSrv - ok
23:54:39.0386 1240 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:54:39.0526 1240 WMPNetworkSvc - ok
23:54:39.0558 1240 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:54:39.0651 1240 WPCSvc - ok
23:54:39.0698 1240 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:54:39.0776 1240 WPDBusEnum - ok
23:54:39.0807 1240 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:54:39.0885 1240 ws2ifsl - ok
23:54:39.0916 1240 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
23:54:39.0979 1240 wscsvc - ok
23:54:40.0026 1240 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
23:54:40.0072 1240 WSDPrintDevice - ok
23:54:40.0104 1240 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
23:54:40.0150 1240 WSDScan - ok
23:54:40.0150 1240 WSearch - ok
23:54:40.0244 1240 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:54:40.0416 1240 wuauserv - ok
23:54:40.0447 1240 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:54:40.0525 1240 WudfPf - ok
23:54:40.0556 1240 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:54:40.0634 1240 WUDFRd - ok
23:54:40.0665 1240 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:54:40.0774 1240 wudfsvc - ok
23:54:40.0806 1240 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:54:40.0884 1240 WwanSvc - ok
23:54:41.0024 1240 ================ Scan global ===============================
23:54:41.0040 1240 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:54:41.0102 1240 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:54:41.0133 1240 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
23:54:41.0180 1240 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:54:41.0211 1240 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:54:41.0227 1240 [Global] - ok
23:54:41.0227 1240 ================ Scan MBR ==================================
23:54:41.0258 1240 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:54:41.0944 1240 \Device\Harddisk0\DR0 - ok
23:54:41.0944 1240 ================ Scan VBR ==================================
23:54:41.0976 1240 [ 9386CD6D32FBFA39ACEBFE9177DA31EB ] \Device\Harddisk0\DR0\Partition1
23:54:41.0976 1240 \Device\Harddisk0\DR0\Partition1 - ok
23:54:41.0991 1240 [ 2F3D7D4C6DDD1365C6B6BFADC74D8659 ] \Device\Harddisk0\DR0\Partition2
23:54:41.0991 1240 \Device\Harddisk0\DR0\Partition2 - ok
23:54:42.0022 1240 [ 575A4BBF64D756B9EB66D87426949D3D ] \Device\Harddisk0\DR0\Partition3
23:54:42.0022 1240 \Device\Harddisk0\DR0\Partition3 - ok
23:54:42.0022 1240 ============================================================
23:54:42.0022 1240 Scan finished
23:54:42.0022 1240 ============================================================
23:54:42.0054 4744 Detected object count: 19
23:54:42.0054 4744 Actual detected object count: 19
23:55:09.0556 4744 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0556 4744 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0572 4744 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0572 4744 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0572 4744 cpuidlep ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0572 4744 cpuidlep ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0572 4744 CXSONORA ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0572 4744 CXSONORA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0572 4744 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0572 4744 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0572 4744 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0572 4744 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0588 4744 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0588 4744 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0588 4744 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0588 4744 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0588 4744 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0588 4744 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0588 4744 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0588 4744 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0603 4744 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0603 4744 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0603 4744 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0603 4744 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0603 4744 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0603 4744 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0603 4744 SNP2UVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0603 4744 SNP2UVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0603 4744 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0603 4744 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0619 4744 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0619 4744 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0619 4744 SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0619 4744 SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0619 4744 TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0619 4744 TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:09.0619 4744 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:09.0619 4744 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.11.2012, 16:33
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck Ist soweit ok adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.11.2012, 22:54
| #14 |
| | TrojanercheckCode:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 22:53:25 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : HIlo - HILO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HIlo\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\DVDVideoSoftTB
Ordner Gefunden : C:\Program Files\Ilivid
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\HIlo\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\HIlo\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\HIlo\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\HIlo\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\HIlo\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\HIlo\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\HIlo\AppData\LocalLow\searchquband
Ordner Gefunden : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\CT2269050
Ordner Gefunden : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gefunden : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\Smartbar
Ordner Gefunden : C:\Users\HIlo\AppData\Roaming\Toolplugin
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B3A9A4F2-7FE3-4784-BC15-57C3BD3FAF74}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B3A9A4F2-7FE3-4784-BC15-57C3BD3FAF74}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKU\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKU\S-1-5-21-3824738219-3423491312-65945004-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=dd3ff04e-514a-4e98-b360-dd88f6e0418e&searchtype=ds&q={searchTerms}
-\\ Mozilla Firefox v3.6.28 (de)
Profilname : default
Datei : C:\Users\HIlo\AppData\Roaming\Mozilla\Firefox\Profiles\ct3qyxue.default\prefs.js
Gefunden : user_pref("CT2269050.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gefunden : user_pref("CT2269050.1000234.TWC_TMP_city", "");
Gefunden : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2269050.FirstTime", "true");
Gefunden : user_pref("CT2269050.FirstTimeFF3", "true");
Gefunden : user_pref("CT2269050.UserID", "UN01936673255226095");
Gefunden : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2269050.autoDisableScopes", -1);
Gefunden : user_pref("CT2269050.defaultSearch", "FALSE");
Gefunden : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2269050.enableAlerts", "always");
Gefunden : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2269050.isNewTabEnabled", true);
Gefunden : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Gefunden : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT2269050.openThankYouPage", "FALSE");
Gefunden : user_pref("CT2269050.openUninstallPage", "FALSE");
Gefunden : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gefunden : user_pref("CT2269050.search.searchCount", "0");
Gefunden : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1337344479394");
Gefunden : user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1337344510297");
Gefunden : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1338148463050");
Gefunden : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1337344479115");
Gefunden : user_pref("CT2269050.serviceLayer_services_login_10.10.2.10_lastUpdate", "1338148463209");
Gefunden : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1337344479600");
Gefunden : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1337344479178");
Gefunden : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1338148463475");
Gefunden : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1338148462822");
Gefunden : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1337344479051");
Gefunden : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1338148463056");
Gefunden : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1338148462931");
Gefunden : user_pref("CT2269050.settingsINI", true);
Gefunden : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gefunden : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gefunden : user_pref("CT2269050.startPage", "FALSE");
Gefunden : user_pref("CT2269050.toolbarBornServerTime", "18-5-2012");
Gefunden : user_pref("CT2269050.toolbarCurrentServerTime", "27-5-2012");
Gefunden : user_pref("CT2269050.toolbarDisabled", "true");
Gefunden : user_pref("browser.search.defaultenginename", "Search the web");
Gefunden : user_pref("browser.search.order.1", "Search the web");
Gefunden : user_pref("browser.search.selectedEngine", "Search the web");
Gefunden : user_pref("extensions.Softonic.admin", false);
Gefunden : user_pref("extensions.Softonic.aflt", "SD");
Gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
Gefunden : user_pref("extensions.Softonic.cntry", "DE");
Gefunden : user_pref("extensions.Softonic.dfltLng", "de");
Gefunden : user_pref("extensions.Softonic.dfltSrch", true);
Gefunden : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Gefunden : user_pref("extensions.Softonic.dspOld", "Search the web");
Gefunden : user_pref("extensions.Softonic.envrmnt", "production");
Gefunden : user_pref("extensions.Softonic.excTlbr", false);
Gefunden : user_pref("extensions.Softonic.hdrMd5", "85CB638C7A75A4115F780C6C2150F216");
Gefunden : user_pref("extensions.Softonic.hmpg", true);
Gefunden : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc[...]
Gefunden : user_pref("extensions.Softonic.hpOld", "hxxp://www.searchqu.com/406");
Gefunden : user_pref("extensions.Softonic.id", "e81bfb7a00000000000000247e6cb93c");
Gefunden : user_pref("extensions.Softonic.instlDay", "15474");
Gefunden : user_pref("extensions.Softonic.instlRef", "MON00015");
Gefunden : user_pref("extensions.Softonic.isdcmntcmplt", true);
Gefunden : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=[...]
Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.016:11:28");
Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.Softonic.newTab", true);
Gefunden : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
Gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gefunden : user_pref("extensions.Softonic.sg", "az");
Gefunden : user_pref("extensions.Softonic.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Gefunden : user_pref("extensions.Softonic.tlbrId", "base");
Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource[...]
Gefunden : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.5.21.016:11:28");
Gefunden : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Gefunden : user_pref("extensions.Softonic_i.dfltSrch", true);
Gefunden : user_pref("extensions.Softonic_i.dnsErr", true);
Gefunden : user_pref("extensions.Softonic_i.hmpg", true);
Gefunden : user_pref("extensions.Softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1[...]
Gefunden : user_pref("extensions.Softonic_i.newTab", true);
Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none");
Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.016:11:28");
-\\ Opera v12.10.1652.0
Datei : C:\Users\HIlo\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [15406 octets] - [09/11/2012 22:53:25]
########## EOF - C:\AdwCleaner[R1].txt - [15467 octets] ##########
|
|
10.11.2012, 01:35
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanercheck adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojanercheck |
| audacity, avira, bho, canon, converter, desktop, document, error, excel, festplatte, flash player, google, home, iexplore.exe, install.exe, jdownloader, lenovo, logfile, mp3, msvcrt, object, office 2007, origin, popup, programm, recuva, richtlinie, scan, search the web, security, senden, server, software, svchost.exe, trojaner, virus, windows |
Linear-Darstellung
