| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.12.2012, 15:49
| #1 |
 |  Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Hi Leute, mein Laptop ist seit einiger Zeit sehr langsam, sobald ich im Internet bin und google kann nicht mehr geladen werden. Zuerst hatte ich den verdacht es könnte was an der Festplatte sein. Ein Scan mit CHKDSK fand jedoch keine probleme. Bei einem Scan mit Malwarebytes: Anti-Malware wurden jedoch gleich 2 Trojaner identifiziert. Die beiden heissen "Trojan.Lameshield" und "Trojan.Agent.FSA34". Der Inhalt der Logdatei ist folgendermaßen: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.03.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Sara :: LAPTOP [Administrator] 04.12.2012 00:15:35 mbam-log-2012-12-04 (08-11-29)-Trojaner.txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 797923 Laufzeit: 4 Stunde(n), 57 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent (Trojan.Lameshield) -> Daten: C:\Windows\Temp\temp05.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\Temp\temp05.exe (Trojan.Lameshield) -> Keine Aktion durchgeführt. C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZUH283A\calc[1].exe (Trojan.Agent.FSA34) -> Keine Aktion durchgeführt. C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBW6DINH\calc[1].exe (Trojan.Agent.FSA34) -> Keine Aktion durchgeführt. C:\Users\Sara\AppData\Local\Temp\70A8.tmp (Trojan.Agent.FSA34) -> Keine Aktion durchgeführt. (Ende) Leider weiss ich jetzt nicht, was ich tun muss um die Trojaner wieder los zu werden. Ich hoffe, dass es eine Möglichkeit gibt, bei der meine Daten weitestgehend erhalten bleiben. Ich wäre euch für jede Hilfe sehr dankbar!! viele Grüße Sara |
|
10.12.2012, 16:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Hallo und
__________________ Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
11.12.2012, 22:22
| #3 |
| | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Hi,
__________________danke erstmal für die schnelle Antwort! Ich habe tatsächlich noch den Log von einem älteren Scan. Der Scan wurde mit Sophos Antivirus durchgeführt und die gefundenen Dateien befinden sich alle in der Quarantäne des Programms, konnten aber, zumindest glaube ich das, nicht wirklich entfernt werden. Den Scan hatte ich damals einige Zeit bevor die beschriebenen Probleme auftraten (Laptop im Internet extrem langsam, kann Google nicht öffnen). Die Namen der Übeltäter werden bei Sophos gelistet als: Virus/Spyware: "Shh/Updater-B", "Shh/PWSSimda-AB" Verdächtiges verhalten: "HIPS/ProcInj-001" |
|
11.12.2012, 22:29
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.12.2012, 12:43
| #5 |
| | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 sorry, ich wollte eigentlich das logfile hochladen. mein internet ist jedoch zu langsam gewesen und deswegen hat es nicht funktioniert. |
|
12.12.2012, 14:31
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Du hast wohl einen ZAccess im System. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 |
|
13.12.2012, 20:33
| #7 |
| | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Hallo, ich habe Combofix jetzt ausgeführt. Hier ist der Inhalt der log-Datei: Code:
ATTFilter ComboFix 12-12-10.01 - Sara 13.12.2012 0:19.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2814.1492 [GMT 1:00]
ausgeführt von:: c:\users\Sara\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Outdated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Enabled/Outdated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\windows\security\Database\tmp.edb
c:\windows\Temp\temp05.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-13 bis 2012-12-13 ))))))))))))))))))))))))))))))
.
.
2012-12-13 03:30 . 2012-12-13 03:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{133237FB-285B-4333-B9C1-40E4B1970C07}\offreg.dll
2012-12-12 23:42 . 2012-12-13 00:09 -------- d-----w- c:\users\Sara\AppData\Local\temp
2012-12-12 23:42 . 2012-12-12 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 23:14 . 2012-12-03 23:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-15 08:06 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 08:06 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 08:06 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 08:06 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 08:06 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 08:06 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 08:06 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 08:06 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:19 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 11:19 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 11:19 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 11:18 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 11:18 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 11:18 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 11:18 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 11:18 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 11:18 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 11:18 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 05:10 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 05:10 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 05:10 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 05:10 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 20:26 . 2011-05-07 08:01 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-06 20:25 . 2011-05-07 08:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-06 20:25 . 2011-05-13 13:43 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-05 20:07 . 2011-05-13 13:43 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-05 19:53 . 2011-05-13 13:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-04 23:10 . 2011-05-07 08:01 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-24 10:52 . 2012-06-06 16:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-24 10:52 . 2011-05-26 05:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 07:24 . 2012-10-23 07:24 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-18 05:46 . 2012-10-18 05:46 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-16 07:39 . 2012-11-27 21:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 05:56 . 2012-11-09 17:58 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{133237FB-285B-4333-B9C1-40E4B1970C07}\mpengine.dll
2012-09-29 18:54 . 2012-03-03 11:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-10 11:20 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"PopUpStopperFreeEdition"="d:\program files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2012-08-31 900160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"PDFPrint"="d:\program files\PDF24\pdf24.exe" [2012-09-06 162408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 5689;5689;c:\users\Sara\AppData\Local\Temp\5689.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 CZCanSrv;CZCanSrv;c:\program files\Common Files\Carl Zeiss\CZCanSrv.exe [x]
R3 LVMST;LVMST service;c:\windows\system32\DRIVERS\LVMST.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SaiU04E5;SaiU04E5;c:\windows\system32\DRIVERS\SaiU04E5.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MTBService_2.0.0.12;MTB2011 Server (2.0.0.12);c:\program files\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 10:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 141.44.1.9 141.44.1.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - c:\users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.explosm.net/comics/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a0,8c,7a,f0,ca,43,e0,96,d0,dc,2e,a3,85,b2,42,fe,d1,b5,0c,d6,e6,bd,74,
ec,12,61,78,62,01,f3,2f,8d,0a,5a,99,87,ff,70,3b,bd,58,68,c6,ec,d0,db,7d,5a,\
"??"=hex:a9,aa,ab,8a,7b,6c,01,f9,19,12,cd,97,76,93,be,a7
.
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:ac,40,c5,d1,a2,ce,fa,2f,51,50,fb,d0,a9,1f,27,a6,47,44,84,a6,a8,
4e,42,61,c4,31,20,57,b8,f6,fc,f5,fd,09,93,6b,15,e6,f9,6a,b4,d6,4b,5c,af,29,\
"rkeysecu"=hex:c6,a4,2b,a3,c1,c1,e8,71,88,1e,02,d3,99,8a,1b,ae
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3468)
d:\program files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\hasplms.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-13 08:46:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-13 07:45
.
Vor Suchlauf: 196.071.424 Bytes frei
Nach Suchlauf: 151.224.320 Bytes frei
.
- - End Of File - - 41DD059CD27B25DA229BD8EFA07531A5
|
|
13.12.2012, 21:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2012, 20:29
| #9 |
| | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Hallo, ich habe beide Scans ausgeführt. Der GMER scan hat sehr lange gedauert. er lief schon seit ca. 1 Woche, dann war ich über Weihnachten ein paar Tage unterwegs und habe den Scan zuhause weiterlaufen lassen. Als ich wieder nach hause kam, war der Scan leider abgebrochen. hier ist der log von diesem scan: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-31 11:11:07
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK2552GSX rev.LV010M
Running: y6m9erhm.exe; Driver: C:\Users\Sara\AppData\Local\Temp\uxldapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x82C48FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82C48FEC] ZwCreateKey [0x82C48FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x82C48FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82C48FF1] ZwOpenKey [0x82C48FF1]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82C48FFB
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C85A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBF4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82CC65F4 3 Bytes [EC, 8F, C4] {IN AL, DX ; POP ESP}
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 82CC67B4 3 Bytes [F1, 8F, C4] {INT1 ; POP ESP}
PAGE ntkrnlpa.exe!ZwResumeThread 82EBA592 1 Byte [CC] {INT 3 }
.text ataport.SYS!AtaPortGetScatterGatherList + B44 8396744E 1 Byte [CC] {INT 3 }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93A33000, 0x2D5378, 0xE8000020]
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9FD50000, 0x47E35, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9FDA4224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9FDA4000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA3010400, 0x6E6E2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA309A820] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA309A820]
.protectÿÿÿÿhardlockunknown last code section [0xA309A600, 0x512A, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA309A600, 0x512A, 0xE0000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:760] 86DB00F4
---- EOF - GMER 1.0.15 ----
Der aswMBR Scan funktionierte erst auch nicht, daher wählte ich ihn wie empfohlen none bei "AV scan" aus. So hat er funktioniert. Hier ist das log-file: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-31 20:03:35
-----------------------------
20:03:35.037 OS Version: Windows 6.1.7601 Service Pack 1
20:03:35.037 Number of processors: 2 586 0x301
20:03:35.053 ComputerName: LAPTOP UserName: Sara
20:03:51.401 Initialize success
20:04:08.140 The log file has been saved successfully to "C:\Users\Sara\Desktop\aswMBRlog1.txt"
20:04:11.604 AVAST engine defs: 12123100
20:05:03.771 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
20:05:03.771 Disk 0 Vendor: TOSHIBA_MK2552GSX LV010M Size: 238475MB BusType: 11
20:05:03.818 Disk 0 MBR read successfully
20:05:03.818 Disk 0 MBR scan
20:05:03.834 Disk 0 Windows 7 default MBR code
20:05:03.849 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:05:03.880 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 3074048
20:05:03.896 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29900 MB offset 3278848
20:05:03.927 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 206973 MB offset 64514048
20:05:03.927 Disk 0 scanning sectors +488394752
20:05:04.021 Disk 0 scanning C:\Windows\system32\drivers
20:05:40.104 Service scanning
20:05:41.804 Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
20:06:44.407 Modules scanning
20:06:54.391 Disk 0 trace - called modules:
20:06:54.422 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS >>UNKNOWN [0x8560a9b9]<<
20:06:54.438 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864241f0]
20:06:54.438 3 CLASSPNP.SYS[833d459e] -> nt!IofCallDriver -> [0x862bf3e0]
20:06:54.454 5 ACPI.sys[838113d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x862c0908]
20:06:54.469 Scan finished successfully
20:07:25.997 Disk 0 MBR has been saved successfully to "C:\Users\Sara\Desktop\MBR.dat"
20:07:26.013 The log file has been saved successfully to "C:\Users\Sara\Desktop\aswMBR.txt"
|
|
02.01.2013, 10:50
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.01.2013, 11:09
| #11 |
| | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 hi, ich hab den Scan wie beschrieben ausgeführt, ging sehr schnell. Hier ist die log-Datei: Code:
ATTFilter 11:03:19.0237 6080 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:03:19.0253 6080 ============================================================
11:03:19.0253 6080 Current date / time: 2013/01/03 11:03:19.0253
11:03:19.0253 6080 SystemInfo:
11:03:19.0253 6080
11:03:19.0253 6080 OS Version: 6.1.7601 ServicePack: 1.0
11:03:19.0253 6080 Product type: Workstation
11:03:19.0253 6080 ComputerName: LAPTOP
11:03:19.0253 6080 UserName: Sara
11:03:19.0253 6080 Windows directory: C:\Windows
11:03:19.0253 6080 System windows directory: C:\Windows
11:03:19.0253 6080 Processor architecture: Intel x86
11:03:19.0253 6080 Number of processors: 2
11:03:19.0253 6080 Page size: 0x1000
11:03:19.0253 6080 Boot type: Normal boot
11:03:19.0253 6080 ============================================================
11:03:20.0984 6080 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:03:20.0984 6080 ============================================================
11:03:20.0984 6080 \Device\Harddisk0\DR0:
11:03:20.0984 6080 MBR partitions:
11:03:20.0984 6080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x32000
11:03:20.0984 6080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x320800, BlocksNum 0x3A66000
11:03:20.0984 6080 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3D86800, BlocksNum 0x1943E800
11:03:20.0984 6080 ============================================================
11:03:21.0016 6080 C: <-> \Device\Harddisk0\DR0\Partition2
11:03:21.0047 6080 D: <-> \Device\Harddisk0\DR0\Partition3
11:03:21.0047 6080 ============================================================
11:03:21.0047 6080 Initialize success
11:03:21.0047 6080 ============================================================
11:04:18.0345 3636 ============================================================
11:04:18.0345 3636 Scan started
11:04:18.0345 3636 Mode: Manual; SigCheck; TDLFS;
11:04:18.0345 3636 ============================================================
11:04:18.0720 3636 ================ Scan system memory ========================
11:04:18.0720 3636 System memory - ok
11:04:18.0720 3636 ================ Scan services =============================
11:04:18.0923 3636 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:04:19.0094 3636 1394ohci - ok
11:04:19.0219 3636 5689 - ok
11:04:19.0281 3636 [ DCCE754E13FE7DAA579D8F906CF3B388 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:04:19.0281 3636 ACPI ( Virus.Win32.Rloader.a ) - infected
11:04:19.0281 3636 ACPI - detected Virus.Win32.Rloader.a (0)
11:04:19.0328 3636 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:04:19.0406 3636 AcpiPmi - ok
11:04:19.0547 3636 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:04:19.0687 3636 Suspicious file (NoAccess): C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe. md5: D19C4EE2AC7C47B8F5F84FFF1A789D8A
11:04:19.0687 3636 AdobeARMservice ( LockedFile.Multi.Generic ) - warning
11:04:19.0687 3636 AdobeARMservice - detected LockedFile.Multi.Generic (1)
11:04:19.0796 3636 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:04:19.0968 3636 Suspicious file (NoAccess): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. md5: 0CB0AA071C7B86A64F361DCFDF357329
11:04:19.0968 3636 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - warning
11:04:19.0968 3636 AdobeFlashPlayerUpdateSvc - detected LockedFile.Multi.Generic (1)
11:04:20.0015 3636 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:04:20.0093 3636 adp94xx - ok
11:04:20.0124 3636 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:04:20.0186 3636 adpahci - ok
11:04:20.0202 3636 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:04:20.0264 3636 adpu320 - ok
11:04:20.0311 3636 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:04:20.0358 3636 AeLookupSvc - ok
11:04:20.0436 3636 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:04:20.0498 3636 AFD - ok
11:04:20.0576 3636 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
11:04:20.0701 3636 AgereSoftModem - ok
11:04:20.0732 3636 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:04:20.0779 3636 agp440 - ok
11:04:20.0826 3636 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:04:20.0873 3636 aic78xx - ok
11:04:20.0951 3636 [ 730E9D3BB324FB1899005AEA63C6782D ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
11:04:20.0982 3636 aksfridge - ok
11:04:21.0044 3636 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:04:21.0169 3636 ALG - ok
11:04:21.0216 3636 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:04:21.0294 3636 aliide - ok
11:04:21.0341 3636 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:04:21.0403 3636 AMD External Events Utility - ok
11:04:21.0497 3636 AMD FUEL Service - ok
11:04:21.0543 3636 [ 9FE76D783A7D47965D086A220B54277B ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
11:04:21.0575 3636 AMD Reservation Manager - ok
11:04:21.0606 3636 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:04:21.0653 3636 amdagp - ok
11:04:21.0684 3636 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:04:21.0731 3636 amdide - ok
11:04:21.0793 3636 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
11:04:21.0855 3636 amdiox86 - ok
11:04:21.0887 3636 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:04:21.0980 3636 AmdK8 - ok
11:04:22.0011 3636 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:04:22.0058 3636 AmdPPM - ok
11:04:22.0105 3636 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:04:22.0152 3636 amdsata - ok
11:04:22.0183 3636 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:04:22.0245 3636 amdsbs - ok
11:04:22.0277 3636 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:04:22.0292 3636 amdxata - ok
11:04:22.0292 3636 AODDriver4.0 - ok
11:04:22.0448 3636 [ FEC0C3F9B39C5D17EC3442F244EC0474 ] appdrv01 C:\Windows\system32\Drivers\appdrv01.sys
11:04:22.0620 3636 appdrv01 - ok
11:04:22.0713 3636 appdrvrem01 - ok
11:04:22.0776 3636 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:04:22.0932 3636 AppID - ok
11:04:22.0963 3636 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:04:23.0057 3636 AppIDSvc - ok
11:04:23.0103 3636 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
11:04:23.0150 3636 Appinfo - ok
11:04:23.0197 3636 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
11:04:23.0244 3636 AppMgmt - ok
11:04:23.0291 3636 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:04:23.0369 3636 arc - ok
11:04:23.0384 3636 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:04:23.0431 3636 arcsas - ok
11:04:23.0556 3636 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:04:23.0696 3636 aspnet_state - ok
11:04:23.0712 3636 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:04:23.0852 3636 AsyncMac - ok
11:04:23.0883 3636 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:04:23.0899 3636 atapi - ok
11:04:24.0102 3636 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:04:24.0351 3636 atikmdag - ok
11:04:24.0429 3636 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:04:24.0523 3636 AudioEndpointBuilder - ok
11:04:24.0539 3636 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:04:24.0585 3636 Audiosrv - ok
11:04:24.0648 3636 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:04:24.0757 3636 AxInstSV - ok
11:04:24.0819 3636 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:04:24.0929 3636 b06bdrv - ok
11:04:24.0975 3636 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:04:25.0053 3636 b57nd60x - ok
11:04:25.0100 3636 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:04:25.0163 3636 BDESVC - ok
11:04:25.0209 3636 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:04:25.0272 3636 Beep - ok
11:04:25.0365 3636 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
11:04:25.0459 3636 BFE - ok
11:04:25.0506 3636 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
11:04:25.0584 3636 BITS - ok
11:04:25.0615 3636 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:04:25.0662 3636 blbdrive - ok
11:04:25.0709 3636 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:04:25.0740 3636 bowser - ok
11:04:25.0771 3636 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:04:25.0865 3636 BrFiltLo - ok
11:04:25.0865 3636 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:04:25.0943 3636 BrFiltUp - ok
11:04:25.0989 3636 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:04:26.0083 3636 BridgeMP - ok
11:04:26.0114 3636 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:04:26.0177 3636 Browser - ok
11:04:26.0192 3636 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:04:26.0286 3636 Brserid - ok
11:04:26.0333 3636 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:04:26.0411 3636 BrSerWdm - ok
11:04:26.0442 3636 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:04:26.0489 3636 BrUsbMdm - ok
11:04:26.0504 3636 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:04:26.0551 3636 BrUsbSer - ok
11:04:26.0582 3636 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:04:26.0629 3636 BTHMODEM - ok
11:04:26.0691 3636 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:04:26.0785 3636 bthserv - ok
11:04:26.0801 3636 catchme - ok
11:04:26.0832 3636 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:04:26.0910 3636 cdfs - ok
11:04:26.0972 3636 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:04:27.0050 3636 cdrom - ok
11:04:27.0097 3636 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:04:27.0159 3636 CertPropSvc - ok
11:04:27.0191 3636 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:04:27.0222 3636 circlass - ok
11:04:27.0269 3636 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:04:27.0300 3636 CLFS - ok
11:04:27.0378 3636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:04:27.0534 3636 clr_optimization_v2.0.50727_32 - ok
11:04:27.0690 3636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:04:27.0752 3636 clr_optimization_v4.0.30319_32 - ok
11:04:27.0768 3636 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:04:27.0815 3636 CmBatt - ok
11:04:27.0846 3636 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:04:27.0893 3636 cmdide - ok
11:04:27.0939 3636 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
11:04:27.0971 3636 CNG - ok
11:04:28.0002 3636 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:04:28.0033 3636 Compbatt - ok
11:04:28.0064 3636 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:04:28.0127 3636 CompositeBus - ok
11:04:28.0142 3636 COMSysApp - ok
11:04:28.0173 3636 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:04:28.0220 3636 crcdisk - ok
11:04:28.0267 3636 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:04:28.0314 3636 CryptSvc - ok
11:04:28.0361 3636 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
11:04:28.0470 3636 CSC - ok
11:04:28.0517 3636 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
11:04:28.0595 3636 CscService - ok
11:04:28.0657 3636 [ 3E26199DB3208FA1CF16CB89929537A9 ] CZCanSrv C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe
11:04:28.0766 3636 CZCanSrv ( UnsignedFile.Multi.Generic ) - warning
11:04:28.0766 3636 CZCanSrv - detected UnsignedFile.Multi.Generic (1)
11:04:28.0797 3636 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:04:28.0844 3636 DcomLaunch - ok
11:04:28.0875 3636 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:04:28.0969 3636 defragsvc - ok
11:04:29.0016 3636 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:04:29.0094 3636 DfsC - ok
11:04:29.0156 3636 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:04:29.0219 3636 Dhcp - ok
11:04:29.0250 3636 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:04:29.0343 3636 discache - ok
11:04:29.0375 3636 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:04:29.0406 3636 Disk - ok
11:04:29.0437 3636 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:04:29.0468 3636 Dnscache - ok
11:04:29.0515 3636 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
11:04:29.0609 3636 dot3svc - ok
11:04:29.0671 3636 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:04:29.0765 3636 DPS - ok
11:04:29.0796 3636 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:04:29.0843 3636 drmkaud - ok
11:04:29.0889 3636 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:04:29.0905 3636 dtsoftbus01 - ok
11:04:29.0967 3636 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:04:30.0014 3636 DXGKrnl - ok
11:04:30.0061 3636 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:04:30.0139 3636 EapHost - ok
11:04:30.0264 3636 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:04:30.0420 3636 ebdrv - ok
11:04:30.0467 3636 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
11:04:30.0545 3636 EFS - ok
11:04:30.0623 3636 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:04:30.0825 3636 ehRecvr - ok
11:04:30.0857 3636 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:04:30.0966 3636 ehSched - ok
11:04:31.0028 3636 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:04:31.0106 3636 elxstor - ok
11:04:31.0137 3636 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:04:31.0184 3636 ErrDev - ok
11:04:31.0231 3636 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:04:31.0293 3636 EventSystem - ok
11:04:31.0293 3636 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:04:31.0387 3636 exfat - ok
11:04:31.0418 3636 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:04:31.0465 3636 fastfat - ok
11:04:31.0527 3636 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:04:31.0590 3636 Fax - ok
11:04:31.0621 3636 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:04:31.0668 3636 fdc - ok
11:04:31.0699 3636 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:04:31.0761 3636 fdPHost - ok
11:04:31.0777 3636 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:04:31.0824 3636 FDResPub - ok
11:04:31.0839 3636 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:04:31.0871 3636 FileInfo - ok
11:04:31.0902 3636 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:04:31.0964 3636 Filetrace - ok
11:04:32.0042 3636 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:04:32.0151 3636 FLEXnet Licensing Service - ok
11:04:32.0183 3636 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:04:32.0229 3636 flpydisk - ok
11:04:32.0261 3636 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:04:32.0276 3636 FltMgr - ok
11:04:32.0354 3636 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
11:04:32.0417 3636 FontCache - ok
11:04:32.0479 3636 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:04:32.0510 3636 FontCache3.0.0.0 - ok
11:04:32.0526 3636 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:04:32.0573 3636 FsDepends - ok
11:04:32.0604 3636 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:04:32.0635 3636 Fs_Rec - ok
11:04:32.0666 3636 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:04:32.0697 3636 fvevol - ok
11:04:32.0760 3636 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:04:32.0791 3636 gagp30kx - ok
11:04:32.0853 3636 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:04:32.0963 3636 gpsvc - ok
11:04:33.0025 3636 [ A9D587E31DBEE3E9BD97FEFECE0BA874 ] hardlock C:\Windows\system32\drivers\hardlock.sys
11:04:33.0072 3636 hardlock - ok
11:04:33.0087 3636 hasplms - ok
11:04:33.0119 3636 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:04:33.0197 3636 hcw85cir - ok
11:04:33.0259 3636 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:04:33.0337 3636 HdAudAddService - ok
11:04:33.0368 3636 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:04:33.0399 3636 HDAudBus - ok
11:04:33.0446 3636 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:04:33.0509 3636 HidBatt - ok
11:04:33.0524 3636 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:04:33.0571 3636 HidBth - ok
11:04:33.0602 3636 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:04:33.0649 3636 HidIr - ok
11:04:33.0680 3636 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
11:04:33.0758 3636 hidserv - ok
11:04:33.0821 3636 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:04:33.0883 3636 HidUsb - ok
11:04:33.0914 3636 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:04:33.0977 3636 hkmsvc - ok
11:04:34.0023 3636 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:04:34.0086 3636 HomeGroupListener - ok
11:04:34.0133 3636 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:04:34.0164 3636 HomeGroupProvider - ok
11:04:34.0211 3636 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:04:34.0304 3636 HpSAMD - ok
11:04:34.0367 3636 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:04:34.0413 3636 HTTP - ok
11:04:34.0460 3636 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:04:34.0476 3636 hwpolicy - ok
11:04:34.0538 3636 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:04:34.0616 3636 i8042prt - ok
11:04:34.0647 3636 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:04:34.0710 3636 iaStorV - ok
11:04:34.0788 3636 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:04:34.0991 3636 idsvc - ok
11:04:35.0084 3636 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:04:35.0131 3636 iirsp - ok
11:04:35.0193 3636 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
11:04:35.0271 3636 IKEEXT - ok
11:04:35.0318 3636 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:04:35.0381 3636 intelide - ok
11:04:35.0381 3636 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:04:35.0443 3636 intelppm - ok
11:04:35.0474 3636 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:04:35.0583 3636 IPBusEnum - ok
11:04:35.0630 3636 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:04:35.0724 3636 IpFilterDriver - ok
11:04:35.0786 3636 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:04:35.0849 3636 iphlpsvc - ok
11:04:35.0895 3636 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:04:35.0958 3636 IPMIDRV - ok
11:04:35.0973 3636 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:04:36.0051 3636 IPNAT - ok
11:04:36.0083 3636 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:04:36.0129 3636 IRENUM - ok
11:04:36.0161 3636 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:04:36.0207 3636 isapnp - ok
11:04:36.0239 3636 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:04:36.0301 3636 iScsiPrt - ok
11:04:36.0332 3636 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:04:36.0395 3636 kbdclass - ok
11:04:36.0426 3636 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:04:36.0504 3636 kbdhid - ok
11:04:36.0519 3636 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
11:04:36.0535 3636 KeyIso - ok
11:04:36.0582 3636 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:04:36.0613 3636 KSecDD - ok
11:04:36.0629 3636 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:04:36.0660 3636 KSecPkg - ok
11:04:36.0691 3636 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:04:36.0785 3636 KtmRm - ok
11:04:36.0831 3636 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
11:04:36.0894 3636 LanmanServer - ok
11:04:36.0925 3636 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:04:36.0987 3636 LanmanWorkstation - ok
11:04:37.0034 3636 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:04:37.0097 3636 lltdio - ok
11:04:37.0128 3636 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:04:37.0221 3636 lltdsvc - ok
11:04:37.0237 3636 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:04:37.0284 3636 lmhosts - ok
11:04:37.0331 3636 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:04:37.0377 3636 LSI_FC - ok
11:04:37.0377 3636 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:04:37.0455 3636 LSI_SAS - ok
11:04:37.0455 3636 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:04:37.0502 3636 LSI_SAS2 - ok
11:04:37.0533 3636 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:04:37.0596 3636 LSI_SCSI - ok
11:04:37.0627 3636 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:04:37.0705 3636 luafv - ok
11:04:37.0799 3636 [ 0C944E4F596780F7CD26686E577EF606 ] LVMST C:\Windows\system32\DRIVERS\LVMST.sys
11:04:37.0923 3636 LVMST - ok
11:04:38.0001 3636 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
11:04:38.0064 3636 MBAMSwissArmy - ok
11:04:38.0095 3636 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:04:38.0157 3636 Mcx2Svc - ok
11:04:38.0189 3636 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:04:38.0220 3636 megasas - ok
11:04:38.0251 3636 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:04:38.0298 3636 MegaSR - ok
11:04:38.0329 3636 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:04:38.0423 3636 MMCSS - ok
11:04:38.0438 3636 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:04:38.0501 3636 Modem - ok
11:04:38.0532 3636 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:04:38.0579 3636 monitor - ok
11:04:38.0625 3636 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:04:38.0688 3636 mouclass - ok
11:04:38.0719 3636 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:04:38.0781 3636 mouhid - ok
11:04:38.0813 3636 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:04:38.0828 3636 mountmgr - ok
11:04:38.0859 3636 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
11:04:38.0937 3636 mpio - ok
11:04:38.0953 3636 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:04:39.0015 3636 mpsdrv - ok
11:04:39.0093 3636 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:04:39.0187 3636 MpsSvc - ok
11:04:39.0218 3636 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:04:39.0312 3636 MRxDAV - ok
11:04:39.0374 3636 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:04:39.0437 3636 mrxsmb - ok
11:04:39.0484 3636 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:04:39.0515 3636 mrxsmb10 - ok
11:04:39.0546 3636 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:04:39.0577 3636 mrxsmb20 - ok
11:04:39.0608 3636 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:04:39.0640 3636 msahci - ok
11:04:39.0671 3636 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:04:39.0718 3636 msdsm - ok
11:04:39.0749 3636 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:04:39.0811 3636 MSDTC - ok
11:04:39.0858 3636 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:04:39.0920 3636 Msfs - ok
11:04:39.0952 3636 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:04:39.0998 3636 mshidkmdf - ok
11:04:40.0030 3636 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:04:40.0045 3636 msisadrv - ok
11:04:40.0092 3636 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:04:40.0186 3636 MSiSCSI - ok
11:04:40.0186 3636 msiserver - ok
11:04:40.0232 3636 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:04:40.0326 3636 MSKSSRV - ok
11:04:40.0326 3636 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:04:40.0388 3636 MSPCLOCK - ok
11:04:40.0420 3636 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:04:40.0498 3636 MSPQM - ok
11:04:40.0513 3636 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:04:40.0544 3636 MsRPC - ok
11:04:40.0576 3636 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:04:40.0607 3636 mssmbios - ok
11:04:40.0638 3636 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:04:40.0700 3636 MSTEE - ok
11:04:40.0763 3636 [ 4C7447EEE8DB5952913F9CCB9D0586CE ] MTBService_2.0.0.12 C:\Program Files\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe
11:04:40.0778 3636 MTBService_2.0.0.12 ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0778 3636 MTBService_2.0.0.12 - detected UnsignedFile.Multi.Generic (1)
11:04:40.0810 3636 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:04:40.0872 3636 MTConfig - ok
11:04:40.0903 3636 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:04:40.0919 3636 Mup - ok
11:04:40.0966 3636 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:04:41.0059 3636 napagent - ok
11:04:41.0122 3636 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:04:41.0153 3636 NativeWifiP - ok
11:04:41.0215 3636 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:04:41.0262 3636 NDIS - ok
11:04:41.0293 3636 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:04:41.0371 3636 NdisCap - ok
11:04:41.0418 3636 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:04:41.0512 3636 NdisTapi - ok
11:04:41.0543 3636 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:04:41.0590 3636 Ndisuio - ok
11:04:41.0621 3636 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:04:41.0683 3636 NdisWan - ok
11:04:41.0730 3636 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:04:41.0808 3636 NDProxy - ok
11:04:41.0855 3636 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:04:41.0917 3636 NetBIOS - ok
11:04:41.0948 3636 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:04:42.0042 3636 NetBT - ok
11:04:42.0058 3636 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
11:04:42.0073 3636 Netlogon - ok
11:04:42.0136 3636 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:04:42.0198 3636 Netman - ok
11:04:42.0229 3636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0385 3636 NetMsmqActivator - ok
11:04:42.0401 3636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0416 3636 NetPipeActivator - ok
11:04:42.0432 3636 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:04:42.0479 3636 netprofm - ok
11:04:42.0494 3636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0510 3636 NetTcpActivator - ok
11:04:42.0510 3636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:04:42.0526 3636 NetTcpPortSharing - ok
11:04:42.0572 3636 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:04:42.0604 3636 nfrd960 - ok
11:04:42.0650 3636 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:04:42.0713 3636 NlaSvc - ok
11:04:42.0744 3636 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:04:42.0791 3636 Npfs - ok
11:04:42.0822 3636 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:04:42.0884 3636 nsi - ok
11:04:42.0900 3636 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:04:42.0978 3636 nsiproxy - ok
11:04:43.0056 3636 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:04:43.0134 3636 Ntfs - ok
11:04:43.0165 3636 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:04:43.0274 3636 Null - ok
11:04:43.0306 3636 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:04:43.0352 3636 nvraid - ok
11:04:43.0384 3636 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:04:43.0477 3636 nvstor - ok
11:04:43.0508 3636 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:04:43.0555 3636 nv_agp - ok
11:04:43.0649 3636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:04:43.0774 3636 odserv - ok
11:04:43.0789 3636 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:04:43.0867 3636 ohci1394 - ok
11:04:43.0914 3636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:04:43.0976 3636 ose - ok
11:04:44.0023 3636 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:04:44.0101 3636 p2pimsvc - ok
11:04:44.0117 3636 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:04:44.0164 3636 p2psvc - ok
11:04:44.0195 3636 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:04:44.0242 3636 Parport - ok
11:04:44.0273 3636 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:04:44.0288 3636 partmgr - ok
11:04:44.0304 3636 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:04:44.0366 3636 Parvdm - ok
11:04:44.0398 3636 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:04:44.0429 3636 PcaSvc - ok
11:04:44.0460 3636 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
11:04:44.0491 3636 pci - ok
11:04:44.0507 3636 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:04:44.0522 3636 pciide - ok
11:04:44.0554 3636 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:04:44.0600 3636 pcmcia - ok
11:04:44.0632 3636 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:04:44.0647 3636 pcw - ok
11:04:44.0694 3636 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:04:44.0756 3636 PEAUTH - ok
11:04:44.0819 3636 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:04:44.0912 3636 PeerDistSvc - ok
11:04:45.0022 3636 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
11:04:45.0146 3636 pla - ok
11:04:45.0193 3636 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:04:45.0256 3636 PlugPlay - ok
11:04:45.0302 3636 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:04:45.0349 3636 PNRPAutoReg - ok
11:04:45.0380 3636 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:04:45.0412 3636 PNRPsvc - ok
11:04:45.0458 3636 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:04:45.0521 3636 PolicyAgent - ok
11:04:45.0568 3636 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
11:04:46.0082 3636 Power - ok
11:04:46.0145 3636 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:04:46.0238 3636 PptpMiniport - ok
11:04:46.0254 3636 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:04:46.0316 3636 Processor - ok
11:04:46.0379 3636 [ 18D9789A4664BF417EEA944D2776091A ] prodrv06 C:\Windows\System32\drivers\prodrv06.sys
11:04:46.0800 3636 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
11:04:46.0800 3636 prodrv06 - detected UnsignedFile.Multi.Generic (1)
11:04:46.0847 3636 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
11:04:46.0940 3636 ProfSvc - ok
11:04:46.0972 3636 [ 8CC9671A7ED2902E747EE0892E1C8575 ] prohlp02 C:\Windows\system32\drivers\prohlp02.sys
11:04:46.0987 3636 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
11:04:46.0987 3636 prohlp02 - detected UnsignedFile.Multi.Generic (1)
11:04:47.0065 3636 [ 960BCE3ED38761B446AABAC06C76BADF ] prosync1 C:\Windows\system32\drivers\prosync1.sys
11:04:47.0096 3636 prosync1 ( UnsignedFile.Multi.Generic ) - warning
11:04:47.0096 3636 prosync1 - detected UnsignedFile.Multi.Generic (1)
11:04:47.0112 3636 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:04:47.0143 3636 ProtectedStorage - ok
11:04:47.0190 3636 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:04:47.0268 3636 Psched - ok
11:04:47.0315 3636 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:04:47.0408 3636 ql2300 - ok
11:04:47.0440 3636 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:04:47.0518 3636 ql40xx - ok
11:04:47.0564 3636 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:04:47.0642 3636 QWAVE - ok
11:04:47.0658 3636 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:04:47.0720 3636 QWAVEdrv - ok
11:04:47.0736 3636 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:04:47.0798 3636 RasAcd - ok
11:04:47.0845 3636 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:04:47.0892 3636 RasAgileVpn - ok
11:04:47.0939 3636 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:04:48.0017 3636 RasAuto - ok
11:04:48.0032 3636 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:04:48.0126 3636 Rasl2tp - ok
11:04:48.0173 3636 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:04:48.0251 3636 RasMan - ok
11:04:48.0282 3636 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:04:48.0376 3636 RasPppoe - ok
11:04:48.0407 3636 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:04:48.0469 3636 RasSstp - ok
11:04:48.0500 3636 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:04:48.0578 3636 rdbss - ok
11:04:48.0610 3636 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:04:48.0641 3636 rdpbus - ok
11:04:48.0688 3636 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:04:48.0797 3636 RDPCDD - ok
11:04:48.0844 3636 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:04:48.0906 3636 RDPDR - ok
11:04:48.0922 3636 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:04:49.0015 3636 RDPENCDD - ok
11:04:49.0031 3636 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:04:49.0093 3636 RDPREFMP - ok
11:04:49.0140 3636 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:04:49.0202 3636 RDPWD - ok
11:04:49.0265 3636 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:04:49.0296 3636 rdyboost - ok
11:04:49.0327 3636 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:04:49.0436 3636 RemoteAccess - ok
11:04:49.0483 3636 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:04:49.0577 3636 RemoteRegistry - ok
11:04:49.0592 3636 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:04:49.0670 3636 RpcEptMapper - ok
11:04:49.0717 3636 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:04:49.0764 3636 RpcLocator - ok
11:04:49.0780 3636 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
11:04:49.0842 3636 RpcSs - ok
11:04:49.0889 3636 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:04:49.0951 3636 rspndr - ok
11:04:50.0014 3636 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
11:04:50.0060 3636 RTL8167 - ok
11:04:50.0092 3636 [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
11:04:50.0154 3636 RTL8187B - ok
11:04:50.0185 3636 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:04:50.0263 3636 s3cap - ok
11:04:50.0310 3636 [ AE82E97D54D1A7C50883D27583ECB05B ] SaiU04E5 C:\Windows\system32\DRIVERS\SaiU04E5.sys
11:04:50.0404 3636 SaiU04E5 - ok
11:04:50.0419 3636 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
11:04:50.0450 3636 SamSs - ok
11:04:50.0528 3636 [ A0540477B5283DD06642A184756C63FF ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
11:04:50.0560 3636 SAVAdminService - ok
11:04:50.0606 3636 [ E2C05310219E327E232291543C348B73 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
11:04:50.0653 3636 SAVOnAccess - ok
11:04:50.0716 3636 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
11:04:50.0731 3636 SAVService - ok
11:04:50.0778 3636 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:04:50.0840 3636 sbp2port - ok
11:04:50.0887 3636 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:04:50.0965 3636 SCardSvr - ok
11:04:50.0996 3636 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:04:51.0059 3636 scfilter - ok
11:04:51.0121 3636 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:04:51.0215 3636 Schedule - ok
11:04:51.0246 3636 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:04:51.0293 3636 SCPolicySvc - ok
11:04:51.0324 3636 [ 4F21774E1259A546B992D9EAACDFD778 ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
11:04:51.0418 3636 sdcfilter - ok
11:04:51.0464 3636 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:04:51.0574 3636 SDRSVC - ok
11:04:51.0620 3636 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:04:51.0683 3636 secdrv - ok
11:04:51.0730 3636 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:04:51.0792 3636 seclogon - ok
11:04:51.0808 3636 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
11:04:51.0870 3636 SENS - ok
11:04:51.0901 3636 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:04:51.0995 3636 SensrSvc - ok
11:04:52.0026 3636 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:04:52.0088 3636 Serenum - ok
11:04:52.0088 3636 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:04:52.0151 3636 Serial - ok
11:04:52.0166 3636 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:04:52.0213 3636 sermouse - ok
11:04:52.0276 3636 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:04:52.0369 3636 SessionEnv - ok
11:04:52.0416 3636 [ 56250672235BBE54BA8A4963B1AC997C ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
11:04:52.0432 3636 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
11:04:52.0447 3636 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
11:04:52.0478 3636 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:04:52.0556 3636 sffdisk - ok
11:04:52.0572 3636 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:04:52.0634 3636 sffp_mmc - ok
11:04:52.0666 3636 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:04:52.0697 3636 sffp_sd - ok
11:04:52.0744 3636 [ 462AEE0EA0481EA8BD45CAC876A4CCC4 ] sfhlp01 C:\Windows\system32\drivers\sfhlp01.sys
11:04:52.0759 3636 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
11:04:52.0759 3636 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
11:04:52.0806 3636 [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
11:04:52.0837 3636 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
11:04:52.0837 3636 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
11:04:52.0868 3636 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:04:52.0915 3636 sfloppy - ok
11:04:52.0993 3636 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 C:\Windows\system32\drivers\sfsync02.sys
11:04:53.0009 3636 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
11:04:53.0009 3636 sfsync02 - detected UnsignedFile.Multi.Generic (1)
11:04:53.0071 3636 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:04:53.0134 3636 SharedAccess - ok
11:04:53.0180 3636 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:04:53.0243 3636 ShellHWDetection - ok
11:04:53.0274 3636 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:04:53.0321 3636 sisagp - ok
11:04:53.0352 3636 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:04:53.0399 3636 SiSRaid2 - ok
11:04:53.0414 3636 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:04:53.0446 3636 SiSRaid4 - ok
11:04:53.0508 3636 [ E407A8EEA2FD4BF560C05C0EBF1793B3 ] SKMScan C:\Windows\system32\DRIVERS\skmscan.sys
11:04:53.0570 3636 SKMScan - ok
11:04:53.0758 3636 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:04:53.0836 3636 Skype C2C Service - ok
11:04:53.0914 3636 [ EF3B592545676301CDEB7C2609EED7BF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:04:54.0803 3636 Suspicious file (NoAccess): C:\Program Files\Skype\Updater\Updater.exe. md5: EF3B592545676301CDEB7C2609EED7BF
11:04:54.0803 3636 SkypeUpdate ( LockedFile.Multi.Generic ) - warning
11:04:54.0803 3636 SkypeUpdate - detected LockedFile.Multi.Generic (1)
11:04:54.0865 3636 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:04:54.0959 3636 Smb - ok
11:04:55.0006 3636 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:04:55.0037 3636 SNMPTRAP - ok
11:04:55.0084 3636 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
11:04:55.0146 3636 Suspicious file (NoAccess): C:\Program Files\Sophos\AutoUpdate\ALsvc.exe. md5: 8A12AB5DE877B8F97D5EE70E16A5C9B2
11:04:55.0146 3636 Sophos AutoUpdate Service ( LockedFile.Multi.Generic ) - warning
11:04:55.0146 3636 Sophos AutoUpdate Service - detected LockedFile.Multi.Generic (1)
11:04:55.0240 3636 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
11:04:55.0271 3636 Sophos Web Control Service - ok
11:04:55.0302 3636 [ F2B7BD04146B3E6A895A1919E1F5DA89 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
11:04:55.0349 3636 SophosBootDriver - ok
11:04:55.0380 3636 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:04:55.0396 3636 spldr - ok
11:04:55.0442 3636 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
11:04:55.0520 3636 Spooler - ok
11:04:55.0645 3636 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:04:55.0770 3636 sppsvc - ok
11:04:55.0817 3636 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:04:55.0895 3636 sppuinotify - ok
11:04:55.0926 3636 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:04:55.0988 3636 srv - ok
11:04:56.0020 3636 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:04:56.0051 3636 srv2 - ok
11:04:56.0066 3636 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:04:56.0082 3636 srvnet - ok
11:04:56.0113 3636 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:04:56.0191 3636 SSDPSRV - ok
11:04:56.0207 3636 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:04:56.0269 3636 SstpSvc - ok
11:04:56.0300 3636 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:04:56.0347 3636 stexstor - ok
11:04:56.0410 3636 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:04:56.0441 3636 StiSvc - ok
11:04:56.0488 3636 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:04:56.0519 3636 storflt - ok
11:04:56.0550 3636 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
11:04:56.0597 3636 StorSvc - ok
11:04:56.0612 3636 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:04:56.0659 3636 storvsc - ok
11:04:56.0753 3636 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
11:04:56.0800 3636 swenum - ok
11:04:56.0971 3636 [ 6A91F997BB4B569BF993801017E7122C ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
11:04:57.0049 3636 swi_service - ok
11:04:57.0190 3636 [ B4882758DFBF19E33E50F503AD3C26B9 ] swi_update C:\ProgramData\Sophos\Web Intelligence\swi_update.exe
11:04:57.0314 3636 Suspicious file (NoAccess): C:\ProgramData\Sophos\Web Intelligence\swi_update.exe. md5: B4882758DFBF19E33E50F503AD3C26B9
11:04:57.0314 3636 swi_update ( LockedFile.Multi.Generic ) - warning
11:04:57.0314 3636 swi_update - detected LockedFile.Multi.Generic (1)
11:04:57.0361 3636 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:04:57.0439 3636 swprv - ok
11:04:57.0517 3636 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:04:57.0580 3636 SysMain - ok
11:04:57.0611 3636 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:04:57.0689 3636 TabletInputService - ok
11:04:57.0720 3636 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:04:57.0767 3636 TapiSrv - ok
11:04:57.0814 3636 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:04:57.0907 3636 TBS - ok
11:04:57.0970 3636 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:04:58.0032 3636 Tcpip - ok
11:04:58.0079 3636 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:04:58.0141 3636 TCPIP6 - ok
11:04:58.0172 3636 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:04:58.0219 3636 tcpipreg - ok
11:04:58.0266 3636 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:04:58.0344 3636 TDPIPE - ok
11:04:58.0360 3636 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:04:58.0406 3636 TDTCP - ok
11:04:58.0453 3636 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:04:58.0516 3636 tdx - ok
11:04:58.0531 3636 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:04:58.0578 3636 TermDD - ok
11:04:58.0625 3636 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
11:04:58.0703 3636 TermService - ok
11:04:58.0750 3636 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:04:58.0796 3636 Themes - ok
11:04:58.0812 3636 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:04:58.0843 3636 THREADORDER - ok
11:04:58.0859 3636 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:04:58.0921 3636 TrkWks - ok
11:04:58.0984 3636 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:04:59.0077 3636 TrustedInstaller - ok
11:04:59.0124 3636 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:04:59.0202 3636 tssecsrv - ok
11:04:59.0280 3636 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:04:59.0358 3636 TsUsbFlt - ok
11:04:59.0420 3636 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:04:59.0483 3636 tunnel - ok
11:04:59.0530 3636 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:04:59.0561 3636 TVALZ - ok
11:04:59.0592 3636 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:04:59.0639 3636 uagp35 - ok
11:04:59.0670 3636 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:04:59.0764 3636 udfs - ok
11:04:59.0795 3636 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:04:59.0842 3636 UI0Detect - ok
11:04:59.0873 3636 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:04:59.0920 3636 uliagpkx - ok
11:04:59.0951 3636 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
11:05:00.0013 3636 umbus - ok
11:05:00.0044 3636 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:05:00.0107 3636 UmPass - ok
11:05:00.0154 3636 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
11:05:00.0247 3636 UmRdpService - ok
11:05:00.0278 3636 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:05:00.0341 3636 upnphost - ok
11:05:00.0388 3636 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:05:00.0466 3636 usbccgp - ok
11:05:00.0512 3636 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:05:00.0575 3636 usbcir - ok
11:05:00.0590 3636 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:05:00.0622 3636 usbehci - ok
11:05:00.0653 3636 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:05:00.0715 3636 usbhub - ok
11:05:00.0746 3636 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:05:00.0809 3636 usbohci - ok
11:05:00.0840 3636 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:05:00.0887 3636 usbprint - ok
11:05:00.0918 3636 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:05:00.0980 3636 USBSTOR - ok
11:05:00.0996 3636 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:05:01.0027 3636 usbuhci - ok
11:05:01.0058 3636 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:05:01.0136 3636 UxSms - ok
11:05:01.0152 3636 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
11:05:01.0168 3636 VaultSvc - ok
11:05:01.0214 3636 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:05:01.0230 3636 vdrvroot - ok
11:05:01.0292 3636 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:05:01.0386 3636 vds - ok
11:05:01.0417 3636 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:05:01.0480 3636 vga - ok
11:05:01.0495 3636 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:05:01.0558 3636 VgaSave - ok
11:05:01.0604 3636 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:05:01.0682 3636 vhdmp - ok
11:05:01.0698 3636 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:05:01.0760 3636 viaagp - ok
11:05:01.0776 3636 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:05:01.0854 3636 ViaC7 - ok
11:05:01.0885 3636 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:05:01.0932 3636 viaide - ok
11:05:01.0948 3636 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:05:01.0979 3636 vmbus - ok
11:05:01.0994 3636 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:05:02.0057 3636 VMBusHID - ok
11:05:02.0072 3636 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:05:02.0088 3636 volmgr - ok
11:05:02.0119 3636 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:05:02.0150 3636 volmgrx - ok
11:05:02.0166 3636 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:05:02.0197 3636 volsnap - ok
11:05:02.0260 3636 [ 3B98AB9849754CB88265111422441DF7 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:05:02.0306 3636 vpnagent - ok
11:05:02.0353 3636 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
11:05:02.0400 3636 vpnva - ok
11:05:02.0431 3636 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:05:02.0478 3636 vsmraid - ok
11:05:02.0540 3636 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:05:02.0665 3636 VSS - ok
11:05:02.0681 3636 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:05:02.0743 3636 vwifibus - ok
11:05:02.0774 3636 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:05:02.0884 3636 W32Time - ok
11:05:02.0915 3636 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:05:02.0962 3636 WacomPen - ok
11:05:03.0008 3636 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:05:03.0102 3636 WANARP - ok
11:05:03.0102 3636 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:05:03.0149 3636 Wanarpv6 - ok
11:05:03.0258 3636 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:05:03.0414 3636 WatAdminSvc - ok
11:05:03.0476 3636 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
11:05:03.0570 3636 wbengine - ok
11:05:03.0617 3636 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:05:03.0695 3636 WbioSrvc - ok
11:05:03.0726 3636 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:05:03.0804 3636 wcncsvc - ok
11:05:03.0820 3636 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:05:03.0882 3636 WcsPlugInService - ok
11:05:03.0913 3636 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:05:03.0960 3636 Wd - ok
11:05:04.0022 3636 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:05:04.0054 3636 Wdf01000 - ok
11:05:04.0085 3636 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:05:04.0163 3636 WdiServiceHost - ok
11:05:04.0178 3636 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:05:04.0210 3636 WdiSystemHost - ok
11:05:04.0256 3636 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
11:05:04.0303 3636 WebClient - ok
11:05:04.0319 3636 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:05:04.0412 3636 Wecsvc - ok
11:05:04.0444 3636 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:05:04.0522 3636 wercplsupport - ok
11:05:04.0568 3636 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:05:04.0631 3636 WerSvc - ok
11:05:04.0678 3636 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:05:04.0740 3636 WfpLwf - ok
11:05:04.0756 3636 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:05:04.0787 3636 WIMMount - ok
11:05:04.0865 3636 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:05:04.0927 3636 WinDefend - ok
11:05:04.0943 3636 WinHttpAutoProxySvc - ok
11:05:05.0021 3636 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:05:05.0083 3636 Winmgmt - ok
11:05:05.0161 3636 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
11:05:05.0286 3636 WinRM - ok
11:05:05.0348 3636 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:05:05.0442 3636 WinUsb - ok
11:05:05.0504 3636 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:05:05.0567 3636 Wlansvc - ok
11:05:05.0614 3636 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:05:05.0645 3636 WmiAcpi - ok
11:05:05.0692 3636 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:05:05.0754 3636 wmiApSrv - ok
11:05:05.0863 3636 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:05:05.0941 3636 WMPNetworkSvc - ok
11:05:05.0988 3636 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:05:06.0035 3636 WPCSvc - ok
11:05:06.0066 3636 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:05:06.0128 3636 WPDBusEnum - ok
11:05:06.0144 3636 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:05:06.0222 3636 ws2ifsl - ok
11:05:06.0238 3636 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
11:05:06.0269 3636 wscsvc - ok
11:05:06.0284 3636 WSearch - ok
11:05:06.0378 3636 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:05:06.0440 3636 wuauserv - ok
11:05:06.0472 3636 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:05:06.0534 3636 WudfPf - ok
11:05:06.0565 3636 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:05:06.0628 3636 WUDFRd - ok
11:05:06.0659 3636 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:05:06.0737 3636 wudfsvc - ok
11:05:06.0768 3636 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:05:06.0815 3636 WwanSvc - ok
11:05:06.0846 3636 ================ Scan global ===============================
11:05:06.0877 3636 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:05:06.0940 3636 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:05:06.0986 3636 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:05:07.0033 3636 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:05:07.0096 3636 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:05:07.0252 3636 [Global] - ok
11:05:07.0252 3636 ================ Scan MBR ==================================
11:05:07.0376 3636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:05:08.0734 3636 \Device\Harddisk0\DR0 - ok
11:05:08.0734 3636 ================ Scan VBR ==================================
11:05:08.0780 3636 [ 8D2C2F5811176A4DBB8A9C7DCE240F90 ] \Device\Harddisk0\DR0\Partition1
11:05:08.0780 3636 \Device\Harddisk0\DR0\Partition1 - ok
11:05:08.0796 3636 [ 5139FE6B57A371C333FCF340FCDF8641 ] \Device\Harddisk0\DR0\Partition2
11:05:08.0796 3636 \Device\Harddisk0\DR0\Partition2 - ok
11:05:08.0812 3636 [ FAD4D69119429126C899D8DCB67F076F ] \Device\Harddisk0\DR0\Partition3
11:05:08.0827 3636 \Device\Harddisk0\DR0\Partition3 - ok
11:05:08.0827 3636 ============================================================
11:05:08.0827 3636 Scan finished
11:05:08.0827 3636 ============================================================
11:05:08.0843 5272 Detected object count: 15
11:05:08.0843 5272 Actual detected object count: 15
11:05:45.0097 5272 ACPI ( Virus.Win32.Rloader.a ) - skipped by user
11:05:45.0097 5272 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip
11:05:45.0097 5272 AdobeARMservice ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0097 5272 AdobeARMservice ( LockedFile.Multi.Generic ) - User select action: Skip
11:05:45.0113 5272 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - User select action: Skip
11:05:45.0113 5272 CZCanSrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272 CZCanSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0113 5272 MTBService_2.0.0.12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272 MTBService_2.0.0.12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0113 5272 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0113 5272 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0113 5272 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0128 5272 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0128 5272 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0128 5272 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0128 5272 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0128 5272 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0144 5272 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:45.0144 5272 SkypeUpdate ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272 SkypeUpdate ( LockedFile.Multi.Generic ) - User select action: Skip
11:05:45.0144 5272 Sophos AutoUpdate Service ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272 Sophos AutoUpdate Service ( LockedFile.Multi.Generic ) - User select action: Skip
11:05:45.0144 5272 swi_update ( LockedFile.Multi.Generic ) - skipped by user
11:05:45.0144 5272 swi_update ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
03.01.2013, 12:34
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2013, 00:11
| #13 |
| | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 heyho, Der Scan liefert mir folgende log-datei: Code:
ATTFilter # AdwCleaner v2.104 - Datei am 04/01/2013 um 00:08:12 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Sara - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sara\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gefunden : C:\Users\Sara\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v4.0 (de)
Datei : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Facemoods Search");
Gefunden : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gefunden : user_pref("extensions.facemoods.firstRun", false);
Gefunden : user_pref("extensions.facemoods.lastActv", "20");
*************************
AdwCleaner[R1].txt - [1985 octets] - [04/01/2013 00:08:12]
########## EOF - C:\AdwCleaner[R1].txt - [2045 octets] ##########
|
|
04.01.2013, 00:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.01.2013, 00:06
| #15 |
| | Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 hey, hier sind die log-files: adw cleaner Code:
ATTFilter # AdwCleaner v2.104 - Datei am 04/01/2013 um 08:55:35 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Sara - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sara\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v4.0 (de)
Datei : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\prefs.js
C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\cd3m5jn7.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "Facemoods Search");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "20");
*************************
AdwCleaner[R1].txt - [2106 octets] - [04/01/2013 00:08:12]
AdwCleaner[S1].txt - [1986 octets] - [04/01/2013 08:55:35]
########## EOF - C:\AdwCleaner[S1].txt - [2046 octets] ##########
Code:
ATTFilter OTL logfile created on: 08.01.2013 00:22:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sara\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 35,71% Memory free 5,49 Gb Paging File | 3,37 Gb Available in Paging File | 61,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,20 Gb Total Space | 0,04 Gb Free Space | 0,15% Space Free | Partition Type: NTFS Drive D: | 202,12 Gb Total Space | 5,12 Gb Free Space | 2,53% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sara\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) PRC - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) PRC - C:\Programme\Carl Zeiss\MTB 2011 - 2.0.0.12\MTB Server Console\MTBService.exe (Carl Zeiss) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.) PRC - D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7aa9acfc261048862a5e93c3be494763\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b0c89de727ba3d9160a77cc47638f759\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll () ========== Services (SafeList) ========== SRV - (MTBService_2.0.0.12) -- C:\Program Files\Carl Zeiss\MTB 2011 File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe () SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe () SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe () SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe () SRV - (Sophos Web Control Service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (CZCanSrv) -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe (Carl Zeiss MicroImaging GmbH) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (appdrvrem01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Sara\AppData\Local\Temp\catchme.sys File not found DRV - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found DRV - (5689) -- C:\Users\Sara\AppData\Local\Temp\5689.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited) DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc) DRV - (appdrv01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology) DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (SaiU04E5) -- C:\Windows\System32\drivers\SaiU04E5.sys (Saitek) DRV - (LVMST) -- C:\Windows\System32\drivers\LVMST.sys (Animation Technologies Inc.) DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology) DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology) DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sara\Desktop IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 A9 C6 2E 52 FC CB 01 [binary data] IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.explosm.net/comics/" FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.0.3 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= " FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.09.07 12:59:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.16 17:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Extensions [2012.12.13 00:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions [2012.04.25 22:26:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.10.11 21:28:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sara\AppData\Roaming\mozilla\Firefox\Profiles\cd3m5jn7.default\extensions\ich@maltegoetz.de [2012.12.13 00:10:27 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011.10.31 18:43:35 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.21 22:19:22 | 000,001,330 | ---- | M] () -- C:\Users\Sara\AppData\Roaming\mozilla\firefox\profiles\cd3m5jn7.default\searchplugins\wikipedia-en.xml O1 HOSTS File: ([2012.12.13 00:44:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [PDFPrint] d:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000..\Run: [PopUpStopperFreeEdition] D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.44.1.9 141.44.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DEAF9CC-1C04-4C18-97A5-A0FC19BC5A7B}: DhcpNameServer = 192.168.48.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B452B358-AAC2-4317-98EA-D4CD4DC4AEF3}: DhcpNameServer = 141.44.1.9 141.44.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 00:15:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe [2013.01.03 11:00:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe [2013.01.03 03:00:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.01.03 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.01.03 03:00:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.01.03 03:00:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.01.03 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.01.03 03:00:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.01.03 03:00:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.01.03 03:00:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.01.02 03:06:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.01.02 03:06:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.01.01 18:14:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.01 18:14:28 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.01.01 18:14:28 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.01.01 18:14:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.01 18:14:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.01 18:14:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.01.01 18:14:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.01.01 18:14:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.01 18:14:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.01.01 18:14:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.01 18:14:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.01 18:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.01.01 18:14:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.01.01 18:13:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.12.31 23:39:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.31 12:46:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\handyfotos [2012.12.13 23:31:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe [2012.12.13 00:44:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.12.13 00:42:04 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\temp [2012.12.13 00:16:35 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.12.13 00:10:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.13 00:10:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.13 00:09:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.13 00:08:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.13 00:04:35 | 005,011,065 | R--- | C] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe [4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.08 00:15:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe [2013.01.07 23:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.07 23:40:19 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.07 23:40:19 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.07 23:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.07 23:32:03 | 2212,892,672 | -HS- | M] () -- C:\hiberfil.sys [2013.01.04 00:02:55 | 000,551,997 | ---- | M] () -- C:\Users\Sara\Desktop\adwcleaner.exe [2013.01.03 11:00:45 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe [2013.01.02 19:49:55 | 445,378,435 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.02 03:24:18 | 000,317,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.31 12:42:34 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.31 12:42:34 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.31 12:42:34 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.31 12:42:34 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.13 23:31:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe [2012.12.13 23:31:10 | 000,302,592 | ---- | M] () -- C:\Users\Sara\Desktop\y6m9erhm.exe [2012.12.13 00:44:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.13 00:04:49 | 005,011,065 | R--- | M] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe [2012.12.10 19:15:33 | 000,145,918 | ---- | M] () -- C:\Users\Sara\Desktop\Reportf9895b92-03f7-4954-9db5-861ede88b884.pdf [4 C:\Users\Sara\Desktop\*.tmp files -> C:\Users\Sara\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.04 00:02:32 | 000,551,997 | ---- | C] () -- C:\Users\Sara\Desktop\adwcleaner.exe [2013.01.02 19:49:55 | 445,378,435 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.13 23:31:02 | 000,302,592 | ---- | C] () -- C:\Users\Sara\Desktop\y6m9erhm.exe [2012.12.13 00:10:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.13 00:10:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.13 00:10:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.13 00:10:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.13 00:10:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.10 19:15:31 | 000,145,918 | ---- | C] () -- C:\Users\Sara\Desktop\Reportf9895b92-03f7-4954-9db5-861ede88b884.pdf [2012.08.23 08:41:06 | 000,000,218 | ---- | C] () -- C:\Users\Sara\.recently-used.xbel [2012.07.09 20:15:21 | 000,004,221 | ---- | C] () -- C:\Users\Sara\.Dendroscope.def [2012.07.07 20:21:10 | 000,000,660 | ---- | C] () -- C:\Users\Sara\.jalview_properties [2012.07.07 16:36:27 | 000,011,301 | ---- | C] () -- C:\Users\Sara\gsview32.ini [2012.02.02 16:53:19 | 000,072,192 | ---- | C] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.21 08:33:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.20 17:56:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.16 16:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.01.2013 00:22:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sara\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 35,71% Memory free
5,49 Gb Paging File | 3,37 Gb Available in Paging File | 61,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 0,04 Gb Free Space | 0,15% Space Free | Partition Type: NTFS
Drive D: | 202,12 Gb Total Space | 5,12 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Sara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5972C7EF-A198-44D3-9582-958E344AAB37}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{709A6FC5-7FD4-4375-9D2F-84C5A1A63E17}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{82F7A8E9-8BC2-421E-A543-AE20EFD92E43}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{2A856DD4-9864-4A5C-B8C6-5C22E6FF4191}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{322E4640-D753-4773-8B70-0672F3BFC397}D:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{53BBB37E-01D7-431F-946B-EAB6B15D6F2B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00659A90-8645-C0C1-FA31-2AA63016E48A}" = CCC Help Chinese Standard
"{0681606A-13CD-4365-9B19-684B577FA9E9}_is1" = TreeView 1.6.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0ABA6238-1A62-FFC6-9ACC-4DB9FEFB6A6E}" = CCC Help Spanish
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1966341E-0539-4698-ADEA-278A91CFCCC8}" = NIS-Elements Viewer 4.0 (build 770)
"{1F4FC05D-DEE6-AD4C-5CC6-31D642343F09}" = AMD Fuel
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{36C36970-394C-40C4-E11B-7CF635AFB989}" = CCC Help Hungarian
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FAF398F-CCD0-AC9F-2345-A473D1AE077B}" = CCC Help Chinese Traditional
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEBF3CF-1119-3902-4D37-A9274DDB54E1}" = CCC Help Danish
"{4F3A978C-35D6-8FDF-4D00-50F5D659D3BB}" = CCC Help German
"{4FD59143-0B17-CCC6-CEFD-C745955A70C7}" = CCC Help Korean
"{528EE462-2993-51F9-9F68-7C9F9BD7DCC3}" = CCC Help Italian
"{60C5FF36-67E1-6B1D-781F-579C30BE41AA}" = CCC Help French
"{69C302CE-8972-1637-6857-F73A08052054}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{72F77561-7DD8-4D01-6698-16DFDCCBCED6}" = CCC Help Czech
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{84123D75-4CD1-8E59-3B05-4928F122FCC2}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D261060-84D3-FCF3-177D-969A30DB7FAA}" = Catalyst Control Center InstallProxy
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}" = AK vs DR
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE46F22-B053-4F67-81AA-50FFF822684D}" = ZEN 2011 x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A04C0520-4B34-4A58-ADC6-EFF04BB0C4D6}" = Stalingrad
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{ABE130EB-EC1A-0500-B607-D1AA01082308}" = CCC Help Thai
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACBA6D88-0035-E98C-A678-BF60D063ECA1}" = CCC Help Dutch
"{B2DB5CE2-5A7B-B321-3C29-F54D235C811F}" = CCC Help Norwegian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC1E438B-1292-C544-D333-6D9E7D9D8726}" = ATI Catalyst Install Manager
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD99FD27-BC00-07F3-91A3-E130C4CE78F5}" = CCC Help Turkish
"{CDF450C8-4B6E-1ED1-6F2D-E68597E154FE}" = CCC Help Finnish
"{E3E77710-D43D-79AD-8701-45A498760A9F}" = ccc-utility
"{E5A8A937-0D7F-9E53-820B-F28FD400026D}" = CCC Help Swedish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84E8B79-E754-81D8-BBD6-BC8C622AE382}" = CCC Help Portuguese
"{FAED5381-DDC7-7002-07A8-CC45828D84DA}" = CCC Help Greek
"{FB04F74B-20AF-D902-250F-EBC2F7C6D5D4}" = CCC Help Japanese
"{FCB29739-3E50-4B12-B459-116ADDC60221}" = Soldiers - Heroes of World War II
"01730370C5F33FD3683B6B55F72D58B76FF402AC" = Windows-Treiberpaket - Carl Zeiss MicroImaging GmbH (tvmcam) Image (10/06/2010 8.2.0.0)
"1489-3350-5074-6281" = JDownloader 0.9
"3637-0812-9190-9529" = Dendroscope 3.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BH - RT" = Blitzkrieg Anthology: BH - RT
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Blitzkrieg 2" = Blitzkrieg 2
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darkest Hour.A Hearts Of Iron Game_is1" = Darkest Hour.A Hearts Of Iron Game
"D-Day" = D-Day
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 9.05" = GPL Ghostscript
"Green Devils" = Green Devils
"GSview 5.0" = GSview 5.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.2
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Moscow to Berlin" = Moscow to Berlin : Red Siege
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Panzerkrieg Bundle" = Panzerkrieg Bundle
"pdfsam" = pdfsam
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Peter Games Officers" = Peter Games Officers
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"Sudden Strike II" = Sudden Strike II
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"Write-N-Cite" = Write-N-Cite
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4287022602-421796987-3888165550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jalview" = Jalview
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.01.2013 06:13:02 | Computer Name = Laptop | Source = Software Protection Platform Service | ID = 8211
Description = Fehler bei der Aktualisierung der Windows-Lizenz- und Product Key-Tokens:
0x80070070.
Error - 01.01.2013 11:17:46 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
Error - 02.01.2013 09:21:31 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.01.2013 06:43:40 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.01.2013 03:42:45 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8193
Description =
Error - 04.01.2013 04:22:40 | Computer Name = Laptop | Source = System Restore | ID = 8211
Description =
Error - 04.01.2013 19:25:41 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.01.2013 03:16:09 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.01.2013 18:34:47 | Computer Name = Laptop | Source = MsiInstaller | ID = 11609
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 06.01.2013 09:19:19 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
617 Invoked Function: AddRoute Return Code: -33095642 (0xFE070026) Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_ALREADY_EXISTS
the
interface appears to be available
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
601 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 07.01.2013 18:32:44 | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ Media Center Events ]
Error - 04.12.2012 14:41:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:22 - Fehler beim Herstellen der Internetverbindung. 19:41:22
- Serververbindung konnte nicht hergestellt werden..
Error - 04.12.2012 14:41:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:41:27 - Fehler beim Herstellen der Internetverbindung. 19:41:27
- Serververbindung konnte nicht hergestellt werden..
Error - 04.12.2012 18:09:32 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:32 - Fehler beim Herstellen der Internetverbindung. 23:09:32
- Serververbindung konnte nicht hergestellt werden..
Error - 04.12.2012 18:09:43 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 23:09:37 - Fehler beim Herstellen der Internetverbindung. 23:09:37
- Serververbindung konnte nicht hergestellt werden..
Error - 05.12.2012 14:52:24 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:24 - Fehler beim Herstellen der Internetverbindung. 19:52:24
- Serververbindung konnte nicht hergestellt werden..
Error - 05.12.2012 14:52:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:52:29 - Fehler beim Herstellen der Internetverbindung. 19:52:29
- Serververbindung konnte nicht hergestellt werden..
Error - 06.12.2012 14:24:49 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:49 - Fehler beim Herstellen der Internetverbindung. 19:24:49
- Serververbindung konnte nicht hergestellt werden..
Error - 06.12.2012 14:25:06 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 19:24:54 - Fehler beim Herstellen der Internetverbindung. 19:24:54
- Serververbindung konnte nicht hergestellt werden..
Error - 06.12.2012 15:25:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:10 - Fehler beim Herstellen der Internetverbindung. 20:25:10
- Serververbindung konnte nicht hergestellt werden..
Error - 06.12.2012 15:25:22 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 20:25:15 - Fehler beim Herstellen der Internetverbindung. 20:25:15
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 13.06.2011 12:22:10 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9491
seconds with 1440 seconds of active time. This session ended with a crash.
Error - 28.01.2012 11:33:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 22347 seconds with 12060 seconds of active time. This session ended with
a crash.
Error - 23.02.2012 06:02:05 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1725
seconds with 840 seconds of active time. This session ended with a crash.
Error - 15.07.2012 17:30:43 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36624
seconds with 10860 seconds of active time. This session ended with a crash.
Error - 07.08.2012 08:00:38 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2906
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 08.08.2012 15:41:28 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 113224
seconds with 20220 seconds of active time. This session ended with a crash.
Error - 14.08.2012 20:44:42 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 132496
seconds with 28860 seconds of active time. This session ended with a crash.
Error - 14.08.2012 21:06:16 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1254
seconds with 1080 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.01.2013 18:31:57 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
Error - 07.01.2013 18:31:57 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
Error - 07.01.2013 18:32:02 | Computer Name = Laptop | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
Error - 07.01.2013 18:32:09 | Computer Name = Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 07.01.2013 18:32:09 | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.01.2013 18:32:47 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "5689" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 07.01.2013 18:33:07 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%5
Error - 07.01.2013 18:33:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 07.01.2013 18:33:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06 prohlp02 prosync1 sfdrv01 sfhlp01 sfsync02
Error - 07.01.2013 18:33:16 | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =
< End of report >
VIELEN DANK NOCHMAL FÜR DIE HILFE!! |
|
| Themen zu Trojaner: Trojan.Lameshield, Trojan.Agent.FSA34 |
| administrator, anti-malware, appdata, autostart, chkdsk, code, dateien, explorer, festplatte, folge, google, ide, internet, langsam, laptop, logdatei, malwarebytes, microsoft, nicht mehr, scan, sehr langsam, software, temp, trojan.agent.fsa34, trojan.lameshield, trojaner, verdacht |
Linear-Darstellung
