| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Generic28.BVLH und Crypt.AXUH an Board :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.12.2012, 22:37
| #1 |
 |  Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hallo zusammen! Schonmal Danke voraus, dass ihr euch Zeit für mein Problem nehmt! Montag ist mir aufgefallen, dass das System einfach absolut unrund läuft, als ich Oblivion mal wieder installieren wollte. Der Rechner war sehr langsam, die Installation min 1 mal abgebrochen und das Spiel ist an untypischen Stellen abgestürzt. Der Tastmanager lies sich gar nicht öffnen, bzw blitzte kurz auf, schloss sich aber direkt wieder. Auch nach mehreren Neustarts gleiches Phänomen. Dachte erst, okay, vielleicht liegts mit der Installation quer - System zurückgesetzt auf den Zeitpunkt vor der Installation. Immernoch kein Taskmanager! Das hat mich dann stutzig gemacht. Sobald eine Anwendung etwas mehr Speicher fraß, weil was nicht rundlief, fror der ganze PC ein. Dienstag konnte ich dann wenigstens noch in den abgesicherten Modus wenn ich ihn wieder hochfuhr. Ab Mittwoch hats während dem Systemstart ausser "F12" um ins Bootmenü oder "Del" für Bios gar nichts erkannt. Ich kann nicht mehr über die Pfeiltasten navigieren oder über "Esc" oder "Enter" was bestätigen oder abbrechen. (USB Tastatur) AVG hat dann Mittwoch 2 Trojaner entdeckt nachdem Ad-Aware nämlich nix fand. (jetzt weiß ich auch, warum ich nie was von dem Programm gehört hab, bevor mein Ex mir das beim Neuaufsetzten damals da drauf gepappt hat) Gefunden wurden eben Generic28.BVLH und Crypt.AXUH Als Ort gab es an: Für Generic28 C:\Windows\SysWOW64\rundll32.exe (2840) C:\Program Files (x86)\Internet Explorer\iexplore.exe (2908) Für Crypt: C:\Windows\SysWOW64\rundll32.exe (2840) Angeblich entfernt, beim Kontrollscan waren sie direkt wieder da, bzw Crypt war weg, Generic immer wieder da (3 Scans...) Plötzlich jammerte der PC dann beim Hochfahren das C:\Users\Michi\AppData\Local\Temp\0_0u_i.exe nicht gefunden und gestartet werden konnte. Beim Lesen über Generic bin ich über die Ansage und ne eeewig lange Liste gestolpert, welche Dateien man manuell alles löschen sollte. Sehr viel auch in Ordnern von Temp Dateien. Das hab ich mich so nicht getraut. Einzig die temporären Daten unter Windows/Temp und eben AppData/Temp hatte ich dann mal kollektiv ausgefegt. Und schwubbs: Die Meldung ploppte nicht mehr auf. Scan mit AVG: Nichts gefunden, Antivir: nichts gefunden. EDIT: Ich hab immer nur ein Programm laufen gehabt. Sobald ich weitere Virenscanner benutzt habe, waren die anderen komplett beendet um Konflikte zu vermeiden. Tipp von nem Freund: "TrojanRemover" verwies dann doch nochmal auf die Datei. Nach nem Neustart hing sich die Kiste dann ganz auf, sobalds sie eine Verbindung zum Neztwerk herstellen wollte. EDIT: War sogar sowild, das es ne Zeitüberschreitung beim Ausführen von Strg+Alt+Entf gab und ich die Kiste hart ausschalten sollte!! Das Windows mir das mal rät ôO Heute nach der Arbeit dann nochmal ohne Lan-Verbindung hochgefahren: Ging! TrojanRemover nochmal seinen FastScan gemacht. Soweit gut - nichts gefunden PC ist seitdem noch nicht neugestartet worden, da ich froh war, ans Internet zu kommen für weitere Hilfe. Dann bin ich über euer Bord gestolpert. Lange Rede, kurzer Sinn: Bin ich das miese Vieh wirklich los? Hier die Logfiles von OTL: Code:
ATTFilter OTL logfile created on: 14.12.2012 21:38:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,37% Memory free 8,00 Gb Paging File | 6,43 Gb Available in Paging File | 80,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76,59 Gb Total Space | 29,32 Gb Free Space | 38,28% Space Free | Partition Type: NTFS Drive D: | 275,41 Gb Total Space | 263,09 Gb Free Space | 95,53% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 61,66 Mb Free Space | 61,66% Space Free | Partition Type: NTFS Drive F: | 22,67 Gb Total Space | 22,58 Gb Free Space | 99,57% Space Free | Partition Type: NTFS Drive G: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.14 21:33:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe PRC - [2012.10.29 17:33:28 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.10.27 09:49:59 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.03.29 11:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.10.21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.12 19:25:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.07 20:43:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.29 11:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.05.17 17:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.11 15:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011.04.29 13:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE) DRV:64bit: - [2011.04.05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:64bit: - [2011.04.05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis) DRV:64bit: - [2011.04.05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.04.29 13:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 7E 7E 03 88 D7 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9A21F002-B57C-4B44-8AEC-F78DAE5C3959}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_ptnrs=%5EAGY&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3&apn_dtid=%5EYYYYYY%5EYY%5ENL&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 11:09:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.11 11:09:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.07 20:43:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.30 21:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2012.12.13 21:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions [2012.12.13 21:06:35 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions\toolbar@ask.com [2012.12.13 21:06:35 | 000,002,344 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\n3ze8381.default-1355223939464\searchplugins\askcom.xml [2012.12.11 11:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.11 11:09:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.03 11:45:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009.08.14 11:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009.08.14 11:33:30 | 000,091,480 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009.08.14 11:33:26 | 000,020,824 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 16:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2007.03.16 16:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2007.03.16 16:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2009.08.14 11:35:40 | 000,427,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009.08.14 11:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.06.26 17:41:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 07:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.26 17:41:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 17:41:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 17:41:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 17:41:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [Spotify] C:\Users\Michi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F544E0B-93CF-4601-940A-6CF30D3BAFAE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.14 12:08:11 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{27c5938d-977c-11e1-ba14-001fd05d8c26}\Shell - "" = AutoRun O33 - MountPoints2\{27c5938d-977c-11e1-ba14-001fd05d8c26}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{e5bbf3e7-92f0-11e1-96ff-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e5bbf3e7-92f0-11e1-96ff-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009.07.14 12:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 21:32:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2012.12.14 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012.12.13 22:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.13 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\Simply Super Software [2012.12.13 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Simply Super Software [2012.12.13 22:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.12.13 22:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.12.13 22:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.12.13 21:09:58 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Avira [2012.12.13 21:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.13 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.12.13 21:05:22 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.13 21:05:22 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.13 21:05:22 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.13 21:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.13 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.13 20:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.12.13 20:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.12.13 20:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2012.12.12 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited [2012.12.12 19:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.12.12 19:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2012.12.12 19:19:09 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Nero_AG [2012.12.12 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Nero [2012.12.12 19:18:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Nero [2012.12.12 19:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.12.12 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.12.12 19:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.12.12 19:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.12.12 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\AVG2013 [2012.12.12 17:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.12.12 17:46:40 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\TuneUp Software [2012.12.12 17:44:54 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.12.12 17:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.12.12 17:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.12.12 17:37:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\MFAData [2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Avg2013 [2012.12.11 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\image win 7 [2012.12.11 12:54:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\win 7 [2012.12.11 12:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net [2012.12.11 12:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roadkil.Net [2012.12.11 12:51:24 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\isopuzzle [2012.12.11 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2012.12.11 12:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart File Advisor [2012.12.11 12:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects [2012.12.11 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\ImgBurn [2012.12.11 12:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.12.11 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.12.11 12:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\Alte Firefox-Daten [2012.12.11 11:12:04 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\adaware [2012.12.10 23:10:32 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\ElevatedDiagnostics [2012.12.10 18:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Improved [2012.12.10 18:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oblivion Improved [2012.12.10 17:03:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.12.09 20:31:13 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\oblivion [2012.12.09 20:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager [2012.12.09 20:22:03 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\my games [2012.12.09 19:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks [2012.12.09 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks [2012.12.09 18:59:09 | 000,000,000 | RH-D | C] -- C:\Users\Michi\AppData\Roaming\SecuROM [2012.11.29 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\TeamViewer [2012.11.29 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012.11.19 21:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation ========== Files - Modified Within 30 Days ========== [2012.12.14 21:35:34 | 000,000,000 | ---- | M] () -- C:\Users\Michi\defogger_reenable [2012.12.14 21:33:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2012.12.14 21:32:16 | 000,065,416 | ---- | M] () -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.12.14 21:31:32 | 000,050,477 | ---- | M] () -- C:\Users\Michi\Desktop\Defogger.exe [2012.12.14 21:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.14 21:21:42 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 21:21:42 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 21:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.14 21:07:06 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 22:18:46 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.12.13 21:06:46 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.13 19:38:48 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.12 19:27:24 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.12.12 19:17:29 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.12.12 17:46:41 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.11 19:50:13 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.12.11 19:50:13 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.12.11 12:53:44 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk [2012.12.11 12:41:23 | 000,001,192 | ---- | M] () -- C:\Users\Michi\Desktop\IsoBuster.lnk [2012.12.11 12:08:43 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.12.11 11:17:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat [2012.12.09 12:12:53 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.12.06 16:45:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.06 16:45:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.06 16:45:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.06 16:45:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.06 16:45:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.29 19:05:36 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012.12.14 21:35:34 | 000,000,000 | ---- | C] () -- C:\Users\Michi\defogger_reenable [2012.12.14 21:32:12 | 000,065,416 | ---- | C] () -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.12.14 21:31:30 | 000,050,477 | ---- | C] () -- C:\Users\Michi\Desktop\Defogger.exe [2012.12.13 22:18:46 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.12.13 21:06:46 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.12 19:27:24 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.12.12 19:27:24 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.12.12 19:17:29 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.12.12 17:46:41 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.11 12:53:44 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk [2012.12.11 12:41:23 | 000,001,192 | ---- | C] () -- C:\Users\Michi\Desktop\IsoBuster.lnk [2012.12.11 12:08:43 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.12.11 12:08:43 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.12.11 11:52:36 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.12.11 11:52:36 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.12.11 11:17:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat [2012.11.29 19:05:36 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.11.29 19:05:36 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.11.18 22:51:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.18 22:40:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.07.02 18:31:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.04.30 21:37:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.08 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\.minecraft [2012.12.11 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Ad-Aware Antivirus [2012.11.29 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Audacity [2012.12.12 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\AVG2013 [2012.12.12 19:27:54 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited [2012.05.14 12:59:00 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canon [2012.12.14 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Dropbox [2012.05.10 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Foxit Software [2012.10.16 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICAClient [2012.12.11 12:10:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ImgBurn [2012.07.04 23:48:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView [2012.08.28 18:46:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Juniper Networks [2012.05.02 06:44:26 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org [2012.07.04 23:53:29 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\RCP 6 [2012.12.13 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Simply Super Software [2012.12.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Spotify [2012.11.29 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TeamViewer [2012.04.30 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Thunderbird [2012.05.01 19:37:56 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TS3Client [2012.05.01 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ts3overlay [2012.12.12 17:46:40 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.12.2012 21:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,37% Memory free
8,00 Gb Paging File | 6,43 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 76,59 Gb Total Space | 29,32 Gb Free Space | 38,28% Space Free | Partition Type: NTFS
Drive D: | 275,41 Gb Total Space | 263,09 Gb Free Space | 95,53% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 61,66 Mb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 22,67 Gb Total Space | 22,58 Gb Free Space | 99,57% Space Free | Partition Type: NTFS
Drive G: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F60E8D-C8DE-49BE-9204-F7E2863BB0D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2AEC7EC9-0E3D-45E6-A209-DADBEBCA5594}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30CDDF08-726B-4192-9E95-DA63102708BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{3146F934-674A-458D-9032-5DDE025022C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C329E82-823D-4FB9-8091-60955D61A6E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41697BEB-BC90-4759-B0B5-DEFE82258C37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4879CA2C-043C-449B-908B-A46F91FBB97A}" = lport=445 | protocol=6 | dir=in | app=system |
"{4ACF8635-E5D5-457B-9958-7B5C903373F7}" = lport=139 | protocol=6 | dir=in | app=system |
"{728D48E0-F24D-4B69-A75B-280271D96FFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72AFE86F-11B4-4423-8FBC-0C78A59B2043}" = lport=138 | protocol=17 | dir=in | app=system |
"{8811505D-B057-4E49-91EF-D313040305E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CA00294-0804-49FF-83FF-B725F9DE0DAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{903683B4-E788-44F9-94A3-0EA17C3F999A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{937497CF-B13F-4AEA-B608-8C2DE7D93664}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A849CEC8-D9A6-4D2B-8BF8-087CD022F6DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3749D49-D066-407C-9FAE-BB34AA0C81D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7FCB0AB-9329-4F77-9C16-43C2FE2695A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF05A72E-E088-4C13-9A28-9EF75E4C68B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1D31D53-074C-4725-BDCB-121B3902777A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7512FEF-C511-446E-AF2B-060157F8E8DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EAFC6C16-E804-4271-A528-AD7CFE2DE88D}" = rport=137 | protocol=17 | dir=out | app=system |
"{ECA33431-1DA2-4823-8AFD-B447115835A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD4A5C62-D823-49BD-99B0-641490DDEB5A}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046C9906-2ADE-43B4-A140-0E082A706D3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{062962F7-AC2A-452A-96C8-9FC9F8D395FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{07CFE2D1-33F8-430D-965D-B891263F2937}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{11736EA1-B3E6-4C25-AFA3-C7FAB51DB000}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16C17FEC-2829-4BF5-A1D4-AC979F44E585}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{21459F0D-CF85-4E65-A669-2B6096673AB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22A11654-90F9-4392-8C1A-C78E4C83E81A}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{22C80196-6BCD-46F5-AC13-ABFADECE7D75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27F8FAA5-8DE4-43A7-9AF9-2BE3F488E752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E913C22-E0AE-4648-8099-918682D7DA60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3791539E-6F69-4FF3-81D9-4CB76E1B842A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{39B1B689-455B-407D-BA9D-C50A1FFF436A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3BECD75F-0AFC-435D-8693-C1C4789C3AD6}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
"{3E79DB4D-EA1A-425B-B1F9-DF8C01CB7D21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6316DA77-A4CA-43CF-8483-C4D9451B4B5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DA76A9B-643F-4CC9-B5F4-834E21E3E582}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{78D721FC-82F5-4EB8-8C2A-CA99E665DE69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7CB442C0-9EBB-4E2F-8DE1-5E11FC99E513}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E2353FF-8F67-44CC-9132-9B98A89E3B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E397181-EB2E-4E31-8AC4-23875BFCCACA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{90490784-4963-4582-BB45-2F524D96EDCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96586787-5B9A-4F4C-A47B-9DBC2C297D21}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9B91A62D-54C0-4C6B-966E-4C3B993F8D0F}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{9BDA0D94-F911-4B8D-94EA-2F980BEE0DC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F420CFF-2583-46F6-9A98-89F932996996}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A0CFEB72-310A-4165-A749-B45645DFFD98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A25ED3FA-053A-4115-B162-CFECE9351AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{A5D9EC14-B8C0-4CE8-B6BE-52384555C472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD0301E0-9680-4396-B5AA-3C22A57AC57C}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
"{AD181834-C8D1-4EEA-9B40-20D699CB6E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B8281A05-DD2A-42D1-97CA-6AF8A9378736}" = protocol=6 | dir=out | app=system |
"{C578EDF6-9459-4579-96FD-AA480D3EE303}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{C96E6E0A-07E2-4129-B741-A8A60C88A5C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D14314E4-6765-4C84-87EC-3DEBFE50CDFB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D890A29D-1174-46AA-906A-89C9CE6F4FBF}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{DB3D034C-FFCE-48BB-984A-7E13FE1C9465}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{DBFD7F88-11E5-464E-9A8A-DBD4BAA6C355}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E86A9B4A-8566-4912-8EC9-1A55DAF678FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F100ACFF-515C-4778-B62E-86F757E26E53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB1ED8AD-FF73-4765-B2BE-3B44664283B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{76B8A690-EFE2-4271-829B-44E303817930}C:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C2C0422B-830C-4FC8-86B4-6A7229F2FB4E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{01C16974-8243-463F-A0C9-344A78E76F28}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{651E8647-D074-4069-AD78-CE7B6F025B9F}C:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2981DA65-BD02-4DCC-9D64-C8E325AE6B9B}" = Nero Kwik Media
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0B165DC-F037-483F-B1C9-D89D91529CEB}" = Citrix XenApp Web Plugin
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Foxit Reader_is1" = Foxit Reader
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ReaConverter 6.7 Standard_is1" = ReaConverter 6.7 Standard
"Security Task Manager" = Security Task Manager 1.8d
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 2.0.1
"waterMark V2" = waterMark V2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Puzzle Pirates" = Puzzle Pirates
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2012 06:01:04 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michi\Downloads\SoftonicDownloader_fuer_irfanview.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 11.12.2012 06:13:21 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: c2c_service.exe, Version: 6.3.0.11079,
Zeitstempel: 0x506ada69 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x5e4 Startzeit der fehlerhaften Anwendung: 0x01cdd787cb9b0740 Pfad der
fehlerhaften Anwendung: C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 638911f0-437b-11e2-b0c7-001fd05d8c26
Error - 11.12.2012 06:13:23 | Computer Name = Michi-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Skype C2C Service" konnte nicht heruntergefahren
werden.
Error - 11.12.2012 06:13:40 | Computer Name = Michi-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 11.12.2012 07:36:21 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .
Error - 11.12.2012 07:51:00 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Name des fehlerhaften Moduls: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001c0d ID des fehlerhaften
Prozesses: 0x1218 Startzeit der fehlerhaften Anwendung: 0x01cdd795c5dbbe40 Pfad der
fehlerhaften Anwendung: C:\Users\Michi\AppData\Local\Temp\Rar$EXa0.769\IsoPuzzle.exe
Pfad
des fehlerhaften Moduls: C:\Users\Michi\AppData\Local\Temp\Rar$EXa0.769\IsoPuzzle.exe
Berichtskennung:
07f8b300-4389-11e2-a795-001fd05d8c26
Error - 11.12.2012 07:51:42 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Name des fehlerhaften Moduls: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001c0d ID des fehlerhaften
Prozesses: 0x724 Startzeit der fehlerhaften Anwendung: 0x01cdd795dec4ba10 Pfad der
fehlerhaften Anwendung: C:\Users\Michi\Desktop\isopuzzle\IsoPuzzle.exe Pfad des
fehlerhaften Moduls: C:\Users\Michi\Desktop\isopuzzle\IsoPuzzle.exe Berichtskennung:
20bfde90-4389-11e2-a795-001fd05d8c26
Error - 11.12.2012 14:34:18 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michi\Downloads\SoftonicDownloader_fuer_irfanview.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 12.12.2012 13:42:06 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgui.exe, Version: 13.0.0.2792,
Zeitstempel: 0x50993af1 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1,
Zeitstempel: 0x4d5f0c22 Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften
Prozesses: 0xc34 Startzeit der fehlerhaften Anwendung: 0x01cdd888e801bdb4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgui.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\MSVCR100.dll Berichtskennung: 3e924aac-4483-11e2-a09d-001fd05d8c26
Error - 13.12.2012 15:57:56 | Computer Name = Michi-PC | Source = Application Hang | ID = 1002
Description = Programm SpybotSD.exe, Version 1.6.2.46 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 123c Startzeit:
01cdd96c124b3350 Endzeit: 94 Anwendungspfad: C:\Program Files (x86)\Spybot - Search
& Destroy\SpybotSD.exe Berichts-ID: 5bfab1b1-455f-11e2-99e9-001fd05d8c26
[ System Events ]
Error - 13.12.2012 17:40:05 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.12.2012 17:42:03 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Ad-Aware" wurde nicht richtig gestartet.
Error - 13.12.2012 17:42:55 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 13.12.2012 17:42:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 13.12.2012 17:43:19 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 14.12.2012 16:07:09 | Computer Name = Michi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?12.?2012 um 22:43:30 unerwartet heruntergefahren.
Error - 14.12.2012 16:07:21 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 14.12.2012 16:07:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SBSD Security Center Service erreicht.
Error - 14.12.2012 16:07:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 14.12.2012 16:07:58 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
Geändert von Ilithrien (14.12.2012 um 23:03 Uhr) |
|
15.12.2012, 13:13
| #2 | |
| /// Malware-holic   | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hi
__________________trojan hunter ist schrott... schaun wir mal weiter. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
15.12.2012, 14:21
| #3 | |
| | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hallo
__________________ Ich hab alles soweit deaktiviert, wie es sich deaktivieren, bzw beenden ließ. Ich hoffe, da hat nichts mehr gestört. Combofix log: Code:
ATTFilter ComboFix 12-12-14.01 - Michi 15.12.2012 13:24:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4095.2838 [GMT 1:00]
ausgeführt von:: c:\users\Michi\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\l_u0_0.pad
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-15 bis 2012-12-15 ))))))))))))))))))))))))))))))
.
.
2012-12-15 12:34 . 2012-12-15 12:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-15 12:34 . 2012-12-15 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-14 20:54 . 2012-12-14 21:54 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-12-13 21:18 . 2012-12-13 21:18 -------- d-----w- c:\users\Michi\AppData\Roaming\Simply Super Software
2012-12-13 21:18 . 2012-12-13 21:18 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-12-13 21:18 . 2012-12-13 21:18 -------- d-----w- c:\programdata\Simply Super Software
2012-12-13 20:09 . 2012-12-13 20:09 -------- d-----w- c:\users\Michi\AppData\Roaming\Avira
2012-12-13 20:06 . 2012-12-13 20:06 -------- d-----w- c:\program files (x86)\Ask.com
2012-12-13 20:05 . 2012-12-03 14:36 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-13 20:05 . 2012-12-03 14:36 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-13 20:05 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-13 20:05 . 2012-12-13 20:06 -------- d-----w- c:\programdata\Avira
2012-12-13 20:05 . 2012-12-13 20:05 -------- d-----w- c:\program files (x86)\Avira
2012-12-13 19:04 . 2012-12-13 19:07 -------- d-----w- c:\programdata\SecTaskMan
2012-12-13 19:04 . 2012-12-13 19:04 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-12-12 19:33 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-12 19:33 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-12 18:27 . 2012-12-12 18:27 -------- d-----w- c:\users\Michi\AppData\Roaming\Canneverbe Limited
2012-12-12 18:27 . 2012-12-12 18:27 -------- d-----w- c:\programdata\Canneverbe Limited
2012-12-12 18:27 . 2012-12-12 18:27 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-12-12 18:18 . 2012-12-12 18:18 -------- d-----w- c:\users\Michi\AppData\Roaming\Nero
2012-12-12 18:18 . 2012-12-12 18:20 -------- d-----w- c:\users\Michi\AppData\Local\Nero
2012-12-12 18:16 . 2012-12-12 18:17 -------- d-----w- c:\program files (x86)\Nero
2012-12-12 18:15 . 2012-12-12 18:16 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-12-12 18:15 . 2012-12-12 18:18 -------- d-----w- c:\programdata\Nero
2012-12-12 18:14 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-12-12 18:13 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-12-12 18:13 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-12-12 18:12 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-12-12 18:12 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-12 16:51 . 2012-12-12 16:51 -------- d-----w- c:\users\Michi\AppData\Roaming\AVG2013
2012-12-12 16:50 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 16:50 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 16:50 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 16:50 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 16:50 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 16:50 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 16:50 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 16:50 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 16:50 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-12-12 16:50 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 16:50 . 2012-10-04 15:21 338432 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 16:46 . 2012-12-12 16:46 -------- d-----w- c:\users\Michi\AppData\Roaming\TuneUp Software
2012-12-12 16:45 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 16:45 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 16:44 . 2012-12-12 16:47 -------- d-----w- c:\programdata\AVG2013
2012-12-12 16:44 . 2012-12-12 16:44 -------- d-----w- C:\$AVG
2012-12-12 16:43 . 2012-12-12 16:43 -------- d-----w- c:\program files (x86)\AVG
2012-12-12 16:37 . 2012-12-15 10:44 -------- d-----w- c:\programdata\MFAData
2012-12-12 16:37 . 2012-12-12 16:52 -------- d-----w- c:\users\Michi\AppData\Local\Avg2013
2012-12-12 16:37 . 2012-12-12 16:37 -------- d--h--w- c:\programdata\Common Files
2012-12-12 16:37 . 2012-12-12 16:37 -------- d-----w- c:\users\Michi\AppData\Local\MFAData
2012-12-11 11:53 . 2012-12-11 11:53 -------- d-----w- c:\program files (x86)\Roadkil.Net
2012-12-11 11:41 . 2012-12-11 11:41 -------- d-----w- c:\program files (x86)\Smart File Advisor
2012-12-11 11:41 . 2012-12-11 11:41 -------- d-----w- c:\program files (x86)\Smart Projects
2012-12-11 11:10 . 2012-12-11 11:10 -------- d-----w- c:\users\Michi\AppData\Roaming\ImgBurn
2012-12-11 11:08 . 2012-12-11 11:08 -------- d-----w- c:\program files (x86)\ImgBurn
2012-12-11 10:12 . 2012-12-11 11:05 -------- d-----w- c:\users\Michi\AppData\Local\adaware
2012-12-10 22:10 . 2012-12-10 22:10 -------- d-----w- c:\users\Michi\AppData\Local\ElevatedDiagnostics
2012-12-10 17:03 . 2012-12-10 17:04 -------- d-----w- c:\program files (x86)\Oblivion Improved
2012-12-09 19:31 . 2012-12-10 16:03 -------- d-----w- c:\users\Michi\AppData\Local\oblivion
2012-12-09 18:01 . 2012-12-09 18:01 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-12-09 17:59 . 2012-12-09 17:59 -------- d--h--r- c:\users\Michi\AppData\Roaming\SecuROM
2012-11-29 18:07 . 2012-11-29 18:22 -------- d-----w- c:\users\Michi\AppData\Roaming\TeamViewer
2012-11-29 18:05 . 2012-11-29 18:05 -------- d-----w- c:\program files (x86)\TeamViewer
2012-11-18 21:51 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-18 21:51 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 21:51 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 21:51 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-18 21:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 21:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-18 21:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 21:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 21:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-18 21:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-18 21:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-18 16:22 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-18 16:22 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 19:38 . 2010-06-24 10:11 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-12-12 18:25 . 2012-04-30 20:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 18:25 . 2012-04-30 20:31 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-27 19:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 19:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 19:40 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-04-30 18:32 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 16:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-04-30 18:35 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-04-30 18:35 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-04-30 18:35 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-04-30 18:35 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-04-30 18:35 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-04-30 18:35 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 02:30 . 2012-10-02 02:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-21 02:46 . 2012-09-21 02:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 02:46 . 2012-09-21 02:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spotify"="c:\users\Michi\AppData\Roaming\Spotify\Spotify.exe" [2012-10-27 7880664]
"Spotify Web Helper"="c:\users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
.
c:\users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-04 565024]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-01 1340976]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-09 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 10:44]
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 18:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_ptnrs=%5EAGY&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3&apn_dtid=%5EYYYYYY%5EYY%5ENL&&q=
FF - ExtSQL: 2012-12-11 11:09; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-12-13 21:06; toolbar@ask.com; c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions\toolbar@ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-15 13:54:43
ComboFix-quarantined-files.txt 2012-12-15 12:54
.
Vor Suchlauf: 7 Verzeichnis(se), 33.034.924.032 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 32.687.755.264 Bytes frei
.
- - End Of File - - B9C2DAF640CA30AC7DEB9183A7FD211C
Zitat:
|
|
15.12.2012, 14:56
| #4 |
| /// Malware-holic | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( hi ich sehe noch Avira, gabs da auch Fundmeldungen? http://www.trojaner-board.de/125889-...en-posten.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.12.2012, 15:09
| #5 | |
| | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hey! Avira hat nur gemeldet, das etwas auf die Registry zugreift und gefragt, ob ich scannen will, was ich verneint hab. Es gibt unter Ereignisse nur die dazugehörige Warnung: Zitat:
Soll ich im Zweifel Antivir mal runter schmeißen und den Log neuschreiben lassen? Weil ich Avira nicht ganz aus krieg. Nicht mal übern Taskmanager kann ich den Prozess beenden. Oder geht das so? Soll ja alles richtig funktionieren. |
|
15.12.2012, 15:20
| #6 |
| /// Malware-holic | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hi, geht so. wenn du Avira beenden willst, rechtsklick auf den Schirm, deaktivieren, dass ist dann ok. Gibts unter: Avira, Verwaltung, Quarantäne, irgendwelche gefundenen Objekte? Wenn ja, benötige ich sie, mit Fundnamen und Pfadangabe. Warum hast du AVG und Avira gleichzeitig instaliert? war das Schon immer so? Falls ja, ist das nicht gut :-)
__________________ --> Trojaner Generic28.BVLH und Crypt.AXUH an Board :( |
|
15.12.2012, 17:03
| #7 |
| | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hallo! Ja, Avira hatte ich per Rechtsklick deaktiviert. Kam halt dennoch die Warnung, als ich Combofix ausgeführt hatte. In Quarantäne ist nichts. Ich hatte die ganze Zeit nur Ad Aware, was ja auch nichts gefunden hatte. Daraufhin hatte ich AVG am Mittwoch installiert, welches dann die beiden Trojaner in den oben genannten Pfaden fand. Donnerstag hatte ich dan Avira noch installiert, nach dem AVG dann keine Funde mehr meldete, und ich wissen wollte, ob vllt Avira noch was findet. Wenn die ganze Sache hier gut über der Bühne ist, wird auch alles wieder runter geworfen und ich werd wohl AVG als Schutzprogramm behalten. Brauchst du noch weitere Informationen von mir? Dann immer her mit den Anweisungen |
|
15.12.2012, 18:51
| #8 |
| /// Malware-holic | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 12:38
| #9 |
| | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hey Also TDSS Killer hat nichts gefunden, hier der Log: Code:
ATTFilter 12:30:41.0999 2184 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:30:42.0015 2184 ============================================================
12:30:42.0015 2184 Current date / time: 2012/12/16 12:30:42.0015
12:30:42.0015 2184 SystemInfo:
12:30:42.0015 2184
12:30:42.0015 2184 OS Version: 6.1.7601 ServicePack: 1.0
12:30:42.0015 2184 Product type: Workstation
12:30:42.0015 2184 ComputerName: MICHI-PC
12:30:42.0015 2184 UserName: Michi
12:30:42.0015 2184 Windows directory: C:\Windows
12:30:42.0015 2184 System windows directory: C:\Windows
12:30:42.0015 2184 Running under WOW64
12:30:42.0015 2184 Processor architecture: Intel x64
12:30:42.0015 2184 Number of processors: 2
12:30:42.0015 2184 Page size: 0x1000
12:30:42.0015 2184 Boot type: Normal boot
12:30:42.0015 2184 ============================================================
12:30:43.0123 2184 Drive \Device\Harddisk1\DR1 - Size: 0x132C467E00 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x298D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
12:30:43.0123 2184 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:43.0123 2184 ============================================================
12:30:43.0123 2184 \Device\Harddisk1\DR1:
12:30:43.0123 2184 MBR partitions:
12:30:43.0123 2184 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:30:43.0123 2184 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x992F000
12:30:43.0123 2184 \Device\Harddisk0\DR0:
12:30:43.0123 2184 MBR partitions:
12:30:43.0123 2184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x226D3F70, BlocksNum 0x2D59751
12:30:43.0123 2184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x226D3EF2
12:30:43.0123 2184 ============================================================
12:30:43.0154 2184 C: <-> \Device\Harddisk1\DR1\Partition2
12:30:43.0216 2184 D: <-> \Device\Harddisk0\DR0\Partition2
12:30:43.0263 2184 E: <-> \Device\Harddisk1\DR1\Partition1
12:30:43.0279 2184 F: <-> \Device\Harddisk0\DR0\Partition1
12:30:43.0279 2184 ============================================================
12:30:43.0279 2184 Initialize success
12:30:43.0279 2184 ============================================================
12:30:59.0596 0628 ============================================================
12:30:59.0596 0628 Scan started
12:30:59.0596 0628 Mode: Manual; SigCheck; TDLFS;
12:30:59.0596 0628 ============================================================
12:31:00.0548 0628 ================ Scan system memory ========================
12:31:00.0548 0628 System memory - ok
12:31:00.0548 0628 ================ Scan services =============================
12:31:00.0907 0628 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:31:00.0985 0628 1394ohci - ok
12:31:01.0000 0628 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:31:01.0016 0628 ACPI - ok
12:31:01.0047 0628 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:31:01.0141 0628 AcpiPmi - ok
12:31:01.0234 0628 [ FB182AD520910442ABF146BB325DE79B ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
12:31:01.0281 0628 Ad-Aware Service - ok
12:31:01.0375 0628 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:01.0390 0628 AdobeFlashPlayerUpdateSvc - ok
12:31:01.0437 0628 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:31:01.0468 0628 adp94xx - ok
12:31:01.0484 0628 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:31:01.0515 0628 adpahci - ok
12:31:01.0531 0628 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:31:01.0546 0628 adpu320 - ok
12:31:01.0577 0628 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:31:01.0733 0628 AeLookupSvc - ok
12:31:01.0811 0628 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:31:01.0874 0628 AFD - ok
12:31:01.0905 0628 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:31:01.0921 0628 agp440 - ok
12:31:01.0952 0628 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:31:02.0014 0628 ALG - ok
12:31:02.0045 0628 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:31:02.0061 0628 aliide - ok
12:31:02.0077 0628 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:31:02.0092 0628 amdide - ok
12:31:02.0123 0628 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:31:02.0201 0628 AmdK8 - ok
12:31:02.0217 0628 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:31:02.0279 0628 AmdPPM - ok
12:31:02.0326 0628 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:31:02.0357 0628 amdsata - ok
12:31:02.0373 0628 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:31:02.0389 0628 amdsbs - ok
12:31:02.0389 0628 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:31:02.0404 0628 amdxata - ok
12:31:02.0482 0628 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:31:02.0498 0628 AntiVirSchedulerService - ok
12:31:02.0529 0628 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:31:02.0529 0628 AntiVirService - ok
12:31:02.0560 0628 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:31:02.0576 0628 AntiVirWebService - ok
12:31:02.0654 0628 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:31:02.0794 0628 AppID - ok
12:31:02.0825 0628 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:31:02.0888 0628 AppIDSvc - ok
12:31:02.0935 0628 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:31:03.0013 0628 Appinfo - ok
12:31:03.0044 0628 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:31:03.0091 0628 AppMgmt - ok
12:31:03.0122 0628 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:31:03.0137 0628 arc - ok
12:31:03.0137 0628 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:31:03.0153 0628 arcsas - ok
12:31:03.0184 0628 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:03.0231 0628 AsyncMac - ok
12:31:03.0278 0628 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:31:03.0278 0628 atapi - ok
12:31:03.0325 0628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:31:03.0434 0628 AudioEndpointBuilder - ok
12:31:03.0496 0628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:31:03.0543 0628 AudioSrv - ok
12:31:03.0590 0628 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
12:31:03.0590 0628 Avgfwfd - ok
12:31:03.0761 0628 [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
12:31:03.0917 0628 avgfws - ok
12:31:04.0183 0628 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
12:31:04.0276 0628 AVGIDSAgent - ok
12:31:04.0339 0628 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:31:04.0463 0628 AVGIDSDriver - ok
12:31:04.0479 0628 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
12:31:04.0619 0628 AVGIDSHA - ok
12:31:04.0713 0628 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
12:31:04.0869 0628 Avgldx64 - ok
12:31:04.0931 0628 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
12:31:05.0056 0628 Avgloga - ok
12:31:05.0103 0628 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
12:31:05.0290 0628 Avgmfx64 - ok
12:31:05.0337 0628 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:31:05.0477 0628 avgntflt - ok
12:31:05.0524 0628 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
12:31:05.0665 0628 Avgrkx64 - ok
12:31:05.0727 0628 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
12:31:05.0867 0628 Avgtdia - ok
12:31:05.0930 0628 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
12:31:06.0101 0628 avgwd - ok
12:31:06.0133 0628 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:31:06.0273 0628 avipbb - ok
12:31:06.0304 0628 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:31:06.0445 0628 avkmgr - ok
12:31:06.0476 0628 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:31:06.0569 0628 AxInstSV - ok
12:31:06.0663 0628 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:31:06.0757 0628 b06bdrv - ok
12:31:06.0788 0628 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:06.0835 0628 b57nd60a - ok
12:31:06.0881 0628 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:31:06.0928 0628 BDESVC - ok
12:31:06.0959 0628 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:31:07.0022 0628 Beep - ok
12:31:07.0100 0628 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:31:07.0178 0628 BFE - ok
12:31:07.0225 0628 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:31:07.0318 0628 BITS - ok
12:31:07.0349 0628 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:07.0381 0628 blbdrive - ok
12:31:07.0412 0628 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:31:07.0459 0628 bowser - ok
12:31:07.0474 0628 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:31:07.0552 0628 BrFiltLo - ok
12:31:07.0552 0628 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:31:07.0568 0628 BrFiltUp - ok
12:31:07.0646 0628 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:31:07.0724 0628 BridgeMP - ok
12:31:07.0849 0628 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:31:07.0911 0628 Browser - ok
12:31:07.0927 0628 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:31:07.0989 0628 Brserid - ok
12:31:07.0989 0628 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:08.0067 0628 BrSerWdm - ok
12:31:08.0083 0628 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:08.0129 0628 BrUsbMdm - ok
12:31:08.0145 0628 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:08.0192 0628 BrUsbSer - ok
12:31:08.0192 0628 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:31:08.0223 0628 BTHMODEM - ok
12:31:08.0270 0628 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:31:08.0332 0628 bthserv - ok
12:31:08.0363 0628 catchme - ok
12:31:08.0410 0628 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:31:08.0441 0628 cdfs - ok
12:31:08.0488 0628 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:31:08.0519 0628 cdrom - ok
12:31:08.0551 0628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:31:08.0629 0628 CertPropSvc - ok
12:31:08.0707 0628 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:31:08.0722 0628 circlass - ok
12:31:08.0785 0628 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:31:08.0831 0628 CLFS - ok
12:31:09.0019 0628 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:09.0050 0628 clr_optimization_v2.0.50727_32 - ok
12:31:09.0097 0628 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:09.0112 0628 clr_optimization_v2.0.50727_64 - ok
12:31:09.0175 0628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:09.0206 0628 clr_optimization_v4.0.30319_32 - ok
12:31:09.0253 0628 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:09.0284 0628 clr_optimization_v4.0.30319_64 - ok
12:31:09.0299 0628 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:09.0331 0628 CmBatt - ok
12:31:09.0346 0628 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:31:09.0362 0628 cmdide - ok
12:31:09.0440 0628 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:31:09.0471 0628 CNG - ok
12:31:09.0487 0628 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:31:09.0502 0628 Compbatt - ok
12:31:09.0533 0628 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:31:09.0565 0628 CompositeBus - ok
12:31:09.0580 0628 COMSysApp - ok
12:31:09.0674 0628 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:31:09.0689 0628 crcdisk - ok
12:31:09.0721 0628 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:31:09.0783 0628 CryptSvc - ok
12:31:09.0830 0628 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:31:09.0908 0628 CSC - ok
12:31:10.0048 0628 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:31:10.0079 0628 CscService - ok
12:31:10.0142 0628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:31:10.0189 0628 DcomLaunch - ok
12:31:10.0235 0628 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:31:10.0298 0628 defragsvc - ok
12:31:10.0345 0628 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:31:10.0391 0628 DfsC - ok
12:31:10.0454 0628 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:31:10.0501 0628 Dhcp - ok
12:31:10.0547 0628 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:31:10.0641 0628 discache - ok
12:31:10.0688 0628 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:31:10.0703 0628 Disk - ok
12:31:10.0735 0628 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:31:10.0781 0628 Dnscache - ok
12:31:10.0813 0628 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:31:10.0875 0628 dot3svc - ok
12:31:10.0937 0628 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:31:10.0984 0628 DPS - ok
12:31:11.0015 0628 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:31:11.0047 0628 drmkaud - ok
12:31:11.0125 0628 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:31:11.0171 0628 DXGKrnl - ok
12:31:11.0203 0628 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:31:11.0265 0628 EapHost - ok
12:31:11.0717 0628 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:31:11.0842 0628 ebdrv - ok
12:31:11.0873 0628 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:31:11.0936 0628 EFS - ok
12:31:11.0998 0628 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:31:12.0061 0628 ehRecvr - ok
12:31:12.0076 0628 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:31:12.0139 0628 ehSched - ok
12:31:12.0185 0628 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:31:12.0248 0628 elxstor - ok
12:31:12.0295 0628 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:31:12.0341 0628 ErrDev - ok
12:31:12.0451 0628 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:31:12.0497 0628 EventSystem - ok
12:31:12.0591 0628 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:31:12.0731 0628 exfat - ok
12:31:12.0763 0628 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:31:12.0841 0628 fastfat - ok
12:31:12.0887 0628 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:31:12.0950 0628 Fax - ok
12:31:12.0965 0628 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:31:12.0997 0628 fdc - ok
12:31:13.0028 0628 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:31:13.0059 0628 fdPHost - ok
12:31:13.0075 0628 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:31:13.0121 0628 FDResPub - ok
12:31:13.0153 0628 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:31:13.0184 0628 FileInfo - ok
12:31:13.0199 0628 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:31:13.0246 0628 Filetrace - ok
12:31:13.0277 0628 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:13.0293 0628 flpydisk - ok
12:31:13.0340 0628 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:31:13.0355 0628 FltMgr - ok
12:31:13.0402 0628 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:31:13.0480 0628 FontCache - ok
12:31:13.0558 0628 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:13.0589 0628 FontCache3.0.0.0 - ok
12:31:13.0667 0628 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:31:13.0683 0628 FsDepends - ok
12:31:13.0699 0628 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:31:13.0714 0628 Fs_Rec - ok
12:31:13.0745 0628 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:31:13.0761 0628 fvevol - ok
12:31:13.0777 0628 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:31:13.0792 0628 gagp30kx - ok
12:31:13.0917 0628 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:31:14.0026 0628 gpsvc - ok
12:31:14.0057 0628 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:31:14.0120 0628 hcw85cir - ok
12:31:14.0167 0628 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:31:14.0198 0628 HdAudAddService - ok
12:31:14.0245 0628 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:31:14.0245 0628 HDAudBus - ok
12:31:14.0276 0628 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:31:14.0307 0628 HidBatt - ok
12:31:14.0338 0628 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:31:14.0354 0628 HidBth - ok
12:31:14.0385 0628 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:31:14.0432 0628 HidIr - ok
12:31:14.0479 0628 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:31:14.0557 0628 hidserv - ok
12:31:14.0666 0628 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:31:14.0681 0628 HidUsb - ok
12:31:14.0713 0628 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:31:14.0775 0628 hkmsvc - ok
12:31:14.0806 0628 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:31:14.0853 0628 HomeGroupListener - ok
12:31:14.0900 0628 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:31:14.0931 0628 HomeGroupProvider - ok
12:31:14.0962 0628 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:31:14.0978 0628 HpSAMD - ok
12:31:15.0025 0628 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:31:15.0071 0628 HTTP - ok
12:31:15.0103 0628 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:31:15.0103 0628 hwpolicy - ok
12:31:15.0134 0628 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:31:15.0134 0628 i8042prt - ok
12:31:15.0165 0628 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:31:15.0196 0628 iaStorV - ok
12:31:15.0321 0628 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:15.0368 0628 idsvc - ok
12:31:15.0383 0628 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:31:15.0399 0628 iirsp - ok
12:31:15.0555 0628 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:31:15.0617 0628 IKEEXT - ok
12:31:16.0054 0628 [ ACACD1B925D448558C1C9D0258749451 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:31:16.0257 0628 IntcAzAudAddService - ok
12:31:16.0288 0628 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:31:16.0304 0628 intelide - ok
12:31:16.0335 0628 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:31:16.0366 0628 intelppm - ok
12:31:16.0413 0628 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:31:16.0507 0628 IPBusEnum - ok
12:31:16.0553 0628 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:16.0616 0628 IpFilterDriver - ok
12:31:16.0772 0628 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:31:16.0834 0628 iphlpsvc - ok
12:31:16.0897 0628 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:31:16.0959 0628 IPMIDRV - ok
12:31:17.0006 0628 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:31:17.0037 0628 IPNAT - ok
12:31:17.0068 0628 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:31:17.0131 0628 IRENUM - ok
12:31:17.0146 0628 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:31:17.0162 0628 isapnp - ok
12:31:17.0193 0628 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:31:17.0209 0628 iScsiPrt - ok
12:31:17.0255 0628 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:17.0271 0628 kbdclass - ok
12:31:17.0287 0628 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:17.0302 0628 kbdhid - ok
12:31:17.0318 0628 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:31:17.0333 0628 KeyIso - ok
12:31:17.0365 0628 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:31:17.0396 0628 KSecDD - ok
12:31:17.0427 0628 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:31:17.0443 0628 KSecPkg - ok
12:31:17.0458 0628 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:31:17.0521 0628 ksthunk - ok
12:31:17.0583 0628 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:31:17.0723 0628 KtmRm - ok
12:31:17.0770 0628 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:31:17.0817 0628 LanmanServer - ok
12:31:17.0848 0628 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:31:17.0911 0628 LanmanWorkstation - ok
12:31:17.0957 0628 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:31:17.0989 0628 lltdio - ok
12:31:18.0035 0628 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:31:18.0145 0628 lltdsvc - ok
12:31:18.0160 0628 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:31:18.0191 0628 lmhosts - ok
12:31:18.0223 0628 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:18.0238 0628 LSI_FC - ok
12:31:18.0254 0628 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:18.0269 0628 LSI_SAS - ok
12:31:18.0269 0628 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:18.0285 0628 LSI_SAS2 - ok
12:31:18.0301 0628 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:18.0316 0628 LSI_SCSI - ok
12:31:18.0316 0628 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:31:18.0379 0628 luafv - ok
12:31:18.0410 0628 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
12:31:18.0550 0628 LVRS64 - ok
12:31:18.0862 0628 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
12:31:19.0159 0628 LVUVC64 - ok
12:31:19.0190 0628 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:31:19.0237 0628 Mcx2Svc - ok
12:31:19.0283 0628 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:31:19.0315 0628 megasas - ok
12:31:19.0330 0628 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:19.0346 0628 MegaSR - ok
12:31:19.0377 0628 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:31:19.0439 0628 MMCSS - ok
12:31:19.0455 0628 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:31:19.0517 0628 Modem - ok
12:31:19.0549 0628 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:31:19.0580 0628 monitor - ok
12:31:19.0658 0628 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:31:19.0673 0628 mouclass - ok
12:31:19.0705 0628 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:31:19.0720 0628 mouhid - ok
12:31:19.0751 0628 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:31:19.0767 0628 mountmgr - ok
12:31:19.0829 0628 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:19.0861 0628 MozillaMaintenance - ok
12:31:19.0892 0628 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:31:19.0923 0628 mpio - ok
12:31:19.0954 0628 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:31:20.0001 0628 mpsdrv - ok
12:31:20.0032 0628 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:31:20.0110 0628 MpsSvc - ok
12:31:20.0141 0628 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:31:20.0188 0628 MRxDAV - ok
12:31:20.0219 0628 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:20.0235 0628 mrxsmb - ok
12:31:20.0251 0628 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:20.0266 0628 mrxsmb10 - ok
12:31:20.0297 0628 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:20.0313 0628 mrxsmb20 - ok
12:31:20.0329 0628 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:31:20.0344 0628 msahci - ok
12:31:20.0375 0628 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:31:20.0391 0628 msdsm - ok
12:31:20.0407 0628 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:31:20.0438 0628 MSDTC - ok
12:31:20.0485 0628 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:31:20.0516 0628 Msfs - ok
12:31:20.0547 0628 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:31:20.0594 0628 mshidkmdf - ok
12:31:20.0641 0628 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:31:20.0656 0628 msisadrv - ok
12:31:20.0672 0628 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:31:20.0734 0628 MSiSCSI - ok
12:31:20.0734 0628 msiserver - ok
12:31:20.0781 0628 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:31:20.0828 0628 MSKSSRV - ok
12:31:20.0828 0628 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:20.0875 0628 MSPCLOCK - ok
12:31:20.0890 0628 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:31:20.0921 0628 MSPQM - ok
12:31:20.0953 0628 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:31:20.0968 0628 MsRPC - ok
12:31:20.0999 0628 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:31:21.0015 0628 mssmbios - ok
12:31:21.0046 0628 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:31:21.0093 0628 MSTEE - ok
12:31:21.0093 0628 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:31:21.0124 0628 MTConfig - ok
12:31:21.0155 0628 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:31:21.0155 0628 Mup - ok
12:31:21.0265 0628 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:31:21.0311 0628 napagent - ok
12:31:21.0343 0628 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:31:21.0389 0628 NativeWifiP - ok
12:31:21.0483 0628 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
12:31:21.0499 0628 NAUpdate - ok
12:31:21.0545 0628 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:31:21.0561 0628 NDIS - ok
12:31:21.0592 0628 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:21.0686 0628 NdisCap - ok
12:31:21.0717 0628 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:21.0779 0628 NdisTapi - ok
12:31:21.0811 0628 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:21.0857 0628 Ndisuio - ok
12:31:21.0889 0628 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:21.0951 0628 NdisWan - ok
12:31:21.0982 0628 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:31:22.0029 0628 NDProxy - ok
12:31:22.0060 0628 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:31:22.0154 0628 NetBIOS - ok
12:31:22.0185 0628 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:31:22.0247 0628 NetBT - ok
12:31:22.0279 0628 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:31:22.0294 0628 Netlogon - ok
12:31:22.0325 0628 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:31:22.0372 0628 Netman - ok
12:31:22.0466 0628 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:31:22.0528 0628 netprofm - ok
12:31:22.0559 0628 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:31:22.0591 0628 NetTcpPortSharing - ok
12:31:22.0637 0628 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:31:22.0653 0628 nfrd960 - ok
12:31:22.0684 0628 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:31:22.0747 0628 NlaSvc - ok
12:31:22.0778 0628 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:31:22.0840 0628 Npfs - ok
12:31:22.0856 0628 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:31:22.0903 0628 nsi - ok
12:31:22.0934 0628 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:31:23.0012 0628 nsiproxy - ok
12:31:23.0308 0628 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:31:23.0417 0628 Ntfs - ok
12:31:23.0433 0628 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:31:23.0495 0628 Null - ok
12:31:23.0558 0628 [ 1AC8BE0BBCE42C7C0DD46B854803C911 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
12:31:23.0698 0628 NVENETFD - ok
12:31:24.0743 0628 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:31:25.0087 0628 nvlddmkm - ok
12:31:25.0133 0628 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:31:25.0165 0628 nvraid - ok
12:31:25.0211 0628 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:31:25.0243 0628 nvstor - ok
12:31:25.0305 0628 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
12:31:25.0461 0628 nvsvc - ok
12:31:25.0695 0628 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:31:25.0882 0628 nvUpdatusService - ok
12:31:25.0945 0628 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:31:25.0960 0628 nv_agp - ok
12:31:25.0976 0628 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:31:25.0991 0628 ohci1394 - ok
12:31:26.0007 0628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:31:26.0069 0628 p2pimsvc - ok
12:31:26.0132 0628 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:31:26.0147 0628 p2psvc - ok
12:31:26.0179 0628 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:31:26.0194 0628 Parport - ok
12:31:26.0210 0628 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:31:26.0225 0628 partmgr - ok
12:31:26.0241 0628 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:31:26.0288 0628 PcaSvc - ok
12:31:26.0303 0628 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:31:26.0319 0628 pci - ok
12:31:26.0350 0628 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:31:26.0366 0628 pciide - ok
12:31:26.0413 0628 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:31:26.0475 0628 pcmcia - ok
12:31:26.0491 0628 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:31:26.0506 0628 pcw - ok
12:31:26.0647 0628 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:31:26.0709 0628 PEAUTH - ok
12:31:27.0037 0628 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:31:27.0161 0628 PeerDistSvc - ok
12:31:27.0239 0628 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:31:27.0271 0628 PerfHost - ok
12:31:27.0520 0628 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:31:27.0676 0628 pla - ok
12:31:27.0723 0628 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:31:27.0754 0628 PlugPlay - ok
12:31:27.0785 0628 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:31:27.0832 0628 PNRPAutoReg - ok
12:31:27.0848 0628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:31:27.0863 0628 PNRPsvc - ok
12:31:27.0910 0628 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:31:28.0004 0628 PolicyAgent - ok
12:31:28.0051 0628 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:31:28.0097 0628 Power - ok
12:31:28.0129 0628 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:31:28.0175 0628 PptpMiniport - ok
12:31:28.0207 0628 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:31:28.0207 0628 Processor - ok
12:31:28.0238 0628 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:31:28.0285 0628 ProfSvc - ok
12:31:28.0300 0628 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:31:28.0316 0628 ProtectedStorage - ok
12:31:28.0363 0628 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:31:28.0409 0628 Psched - ok
12:31:28.0472 0628 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:31:28.0519 0628 ql2300 - ok
12:31:28.0550 0628 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:31:28.0565 0628 ql40xx - ok
12:31:28.0628 0628 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:31:28.0675 0628 QWAVE - ok
12:31:28.0706 0628 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:31:28.0768 0628 QWAVEdrv - ok
12:31:28.0799 0628 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:31:28.0846 0628 RasAcd - ok
12:31:28.0877 0628 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:28.0924 0628 RasAgileVpn - ok
12:31:28.0940 0628 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:31:29.0002 0628 RasAuto - ok
12:31:29.0033 0628 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:29.0080 0628 Rasl2tp - ok
12:31:29.0111 0628 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:31:29.0174 0628 RasMan - ok
12:31:29.0205 0628 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:29.0299 0628 RasPppoe - ok
12:31:29.0330 0628 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:31:29.0439 0628 RasSstp - ok
12:31:29.0486 0628 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:31:29.0548 0628 rdbss - ok
12:31:29.0564 0628 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:29.0595 0628 rdpbus - ok
12:31:29.0642 0628 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:29.0689 0628 RDPCDD - ok
12:31:29.0735 0628 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:31:29.0767 0628 RDPDR - ok
12:31:29.0782 0628 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:31:29.0845 0628 RDPENCDD - ok
12:31:29.0845 0628 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:31:29.0907 0628 RDPREFMP - ok
12:31:29.0969 0628 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:31:30.0016 0628 RdpVideoMiniport - ok
12:31:30.0079 0628 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:31:30.0157 0628 RDPWD - ok
12:31:30.0203 0628 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:31:30.0219 0628 rdyboost - ok
12:31:30.0235 0628 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:31:30.0313 0628 RemoteAccess - ok
12:31:30.0359 0628 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:31:30.0422 0628 RemoteRegistry - ok
12:31:30.0469 0628 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:31:30.0500 0628 RpcEptMapper - ok
12:31:30.0531 0628 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:31:30.0562 0628 RpcLocator - ok
12:31:30.0640 0628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:31:30.0718 0628 RpcSs - ok
12:31:30.0749 0628 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:31:30.0812 0628 rspndr - ok
12:31:30.0859 0628 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:31:30.0999 0628 RTL8167 - ok
12:31:31.0061 0628 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:31:31.0108 0628 s3cap - ok
12:31:31.0124 0628 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:31:31.0139 0628 SamSs - ok
12:31:31.0685 0628 [ C7D53053541A448FEBB1373ABBAF79EF ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
12:31:31.0873 0628 SBAMSvc - ok
12:31:31.0904 0628 [ DB7F9394B2F2D446DF14D46C61B0E94B ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
12:31:32.0029 0628 sbapifs - ok
12:31:32.0075 0628 [ CDB954C736D51DC5FA712C039AF4F683 ] SbFw C:\Windows\system32\drivers\SbFw.sys
12:31:32.0200 0628 SbFw - ok
12:31:32.0231 0628 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
12:31:32.0356 0628 SBFWIMCL - ok
12:31:32.0372 0628 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
12:31:32.0512 0628 SBFWIMCLMP - ok
12:31:32.0575 0628 [ A5BC45F8C2F30350E7566799C86B2F5D ] sbhips C:\Windows\system32\drivers\sbhips.sys
12:31:32.0809 0628 sbhips - ok
12:31:32.0840 0628 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:31:32.0871 0628 sbp2port - ok
12:31:32.0902 0628 [ FD833BEE2FD9BEFDC0AFD1941A306D9E ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
12:31:33.0027 0628 SBRE - ok
12:31:33.0152 0628 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:31:33.0199 0628 SBSDWSCService - ok
12:31:33.0245 0628 [ F9955774A6BF0A5CA696F591C7B80A79 ] SbTis C:\Windows\system32\drivers\sbtis.sys
12:31:33.0370 0628 SbTis - ok
12:31:33.0417 0628 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:31:33.0495 0628 SCardSvr - ok
12:31:33.0526 0628 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:31:33.0635 0628 scfilter - ok
12:31:33.0854 0628 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:31:33.0916 0628 Schedule - ok
12:31:33.0963 0628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:31:33.0994 0628 SCPolicySvc - ok
12:31:34.0025 0628 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:31:34.0057 0628 SDRSVC - ok
12:31:34.0072 0628 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:31:34.0119 0628 secdrv - ok
12:31:34.0135 0628 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:31:34.0197 0628 seclogon - ok
12:31:34.0244 0628 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:31:34.0291 0628 SENS - ok
12:31:34.0353 0628 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:31:34.0415 0628 SensrSvc - ok
12:31:34.0447 0628 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:31:34.0493 0628 Serenum - ok
12:31:34.0540 0628 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:31:34.0587 0628 Serial - ok
12:31:34.0649 0628 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:31:34.0681 0628 sermouse - ok
12:31:34.0821 0628 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:31:34.0883 0628 SessionEnv - ok
12:31:34.0930 0628 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:31:34.0961 0628 sffdisk - ok
12:31:34.0993 0628 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:31:35.0008 0628 sffp_mmc - ok
12:31:35.0039 0628 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:31:35.0055 0628 sffp_sd - ok
12:31:35.0086 0628 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:31:35.0102 0628 sfloppy - ok
12:31:35.0133 0628 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:31:35.0195 0628 SharedAccess - ok
12:31:35.0273 0628 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:31:35.0336 0628 ShellHWDetection - ok
12:31:35.0367 0628 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:31:35.0383 0628 SiSRaid2 - ok
12:31:35.0398 0628 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:31:35.0414 0628 SiSRaid4 - ok
12:31:35.0726 0628 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:31:35.0788 0628 Skype C2C Service - ok
12:31:35.0835 0628 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:31:35.0851 0628 SkypeUpdate - ok
12:31:35.0882 0628 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:31:35.0944 0628 Smb - ok
12:31:35.0991 0628 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:31:35.0991 0628 SNMPTRAP - ok
12:31:36.0022 0628 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:31:36.0038 0628 spldr - ok
12:31:36.0085 0628 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:31:36.0147 0628 Spooler - ok
12:31:36.0365 0628 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:31:36.0537 0628 sppsvc - ok
12:31:36.0568 0628 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:31:36.0662 0628 sppuinotify - ok
12:31:36.0709 0628 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:31:36.0755 0628 srv - ok
12:31:36.0771 0628 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:31:36.0849 0628 srv2 - ok
12:31:36.0880 0628 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:31:36.0927 0628 srvnet - ok
12:31:36.0958 0628 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:31:37.0005 0628 SSDPSRV - ok
12:31:37.0036 0628 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:31:37.0067 0628 SstpSvc - ok
12:31:37.0114 0628 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:31:37.0255 0628 Stereo Service - ok
12:31:37.0286 0628 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:31:37.0301 0628 stexstor - ok
12:31:37.0333 0628 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:31:37.0379 0628 stisvc - ok
12:31:37.0411 0628 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:31:37.0426 0628 storflt - ok
12:31:37.0457 0628 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:31:37.0473 0628 storvsc - ok
12:31:37.0489 0628 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:31:37.0504 0628 swenum - ok
12:31:37.0551 0628 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:31:37.0691 0628 swprv - ok
12:31:37.0707 0628 Synth3dVsc - ok
12:31:37.0894 0628 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:31:37.0988 0628 SysMain - ok
12:31:38.0019 0628 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:31:38.0066 0628 TabletInputService - ok
12:31:38.0113 0628 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:31:38.0206 0628 TapiSrv - ok
12:31:38.0237 0628 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:31:38.0269 0628 TBS - ok
12:31:38.0581 0628 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:31:38.0705 0628 Tcpip - ok
12:31:38.0737 0628 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:31:38.0783 0628 TCPIP6 - ok
12:31:38.0815 0628 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:31:38.0830 0628 tcpipreg - ok
12:31:38.0877 0628 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:31:38.0908 0628 TDPIPE - ok
12:31:38.0939 0628 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:31:38.0971 0628 TDTCP - ok
12:31:39.0002 0628 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:31:39.0033 0628 tdx - ok
12:31:39.0236 0628 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:31:39.0298 0628 TeamViewer7 - ok
12:31:39.0329 0628 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:31:39.0345 0628 TermDD - ok
12:31:39.0485 0628 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:31:39.0563 0628 TermService - ok
12:31:39.0579 0628 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:31:39.0595 0628 Themes - ok
12:31:39.0657 0628 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:31:39.0735 0628 THREADORDER - ok
12:31:39.0766 0628 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:31:39.0829 0628 TrkWks - ok
12:31:39.0875 0628 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:31:39.0922 0628 TrustedInstaller - ok
12:31:39.0953 0628 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:40.0000 0628 tssecsrv - ok
12:31:40.0047 0628 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:31:40.0063 0628 TsUsbFlt - ok
12:31:40.0078 0628 tsusbhub - ok
12:31:40.0109 0628 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:31:40.0156 0628 tunnel - ok
12:31:40.0203 0628 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:31:40.0219 0628 uagp35 - ok
12:31:40.0297 0628 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:31:40.0390 0628 udfs - ok
12:31:40.0421 0628 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:31:40.0453 0628 UI0Detect - ok
12:31:40.0499 0628 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:31:40.0515 0628 uliagpkx - ok
12:31:40.0531 0628 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:31:40.0562 0628 umbus - ok
12:31:40.0640 0628 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:31:40.0687 0628 UmPass - ok
12:31:40.0733 0628 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:31:40.0780 0628 UmRdpService - ok
12:31:40.0843 0628 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:31:40.0999 0628 UMVPFSrv - ok
12:31:41.0061 0628 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:31:41.0123 0628 upnphost - ok
12:31:41.0155 0628 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:31:41.0217 0628 usbaudio - ok
12:31:41.0248 0628 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:41.0311 0628 usbccgp - ok
12:31:41.0342 0628 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:31:41.0373 0628 usbcir - ok
12:31:41.0404 0628 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:31:41.0420 0628 usbehci - ok
12:31:41.0482 0628 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:31:41.0513 0628 usbhub - ok
12:31:41.0545 0628 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:31:41.0576 0628 usbohci - ok
12:31:41.0654 0628 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:31:41.0669 0628 usbprint - ok
12:31:41.0701 0628 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:31:41.0716 0628 usbscan - ok
12:31:41.0732 0628 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:41.0794 0628 USBSTOR - ok
12:31:41.0825 0628 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:31:41.0857 0628 usbuhci - ok
12:31:41.0903 0628 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:31:41.0966 0628 UxSms - ok
12:31:41.0997 0628 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:31:41.0997 0628 VaultSvc - ok
12:31:42.0028 0628 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:31:42.0044 0628 vdrvroot - ok
12:31:42.0075 0628 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:31:42.0122 0628 vds - ok
12:31:42.0153 0628 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:42.0169 0628 vga - ok
12:31:42.0184 0628 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:31:42.0231 0628 VgaSave - ok
12:31:42.0262 0628 VGPU - ok
12:31:42.0325 0628 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:31:42.0356 0628 vhdmp - ok
12:31:42.0387 0628 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:31:42.0403 0628 viaide - ok
12:31:42.0449 0628 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:31:42.0496 0628 vmbus - ok
12:31:42.0512 0628 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:31:42.0543 0628 VMBusHID - ok
12:31:42.0559 0628 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:31:42.0574 0628 volmgr - ok
12:31:42.0637 0628 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:31:42.0652 0628 volmgrx - ok
12:31:42.0668 0628 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:31:42.0683 0628 volsnap - ok
12:31:42.0730 0628 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:31:42.0746 0628 vsmraid - ok
12:31:42.0824 0628 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:31:42.0886 0628 VSS - ok
12:31:42.0902 0628 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:31:42.0949 0628 vwifibus - ok
12:31:42.0980 0628 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:31:43.0011 0628 W32Time - ok
12:31:43.0058 0628 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:31:43.0089 0628 WacomPen - ok
12:31:43.0120 0628 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:31:43.0167 0628 WANARP - ok
12:31:43.0167 0628 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:31:43.0214 0628 Wanarpv6 - ok
12:31:43.0463 0628 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:43.0541 0628 WatAdminSvc - ok
12:31:43.0651 0628 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:31:43.0729 0628 wbengine - ok
12:31:43.0760 0628 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:31:43.0775 0628 WbioSrvc - ok
12:31:43.0807 0628 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:31:43.0838 0628 wcncsvc - ok
12:31:43.0853 0628 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:31:43.0869 0628 WcsPlugInService - ok
12:31:43.0885 0628 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:31:43.0900 0628 Wd - ok
12:31:43.0947 0628 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:31:43.0978 0628 Wdf01000 - ok
12:31:44.0009 0628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:31:44.0119 0628 WdiServiceHost - ok
12:31:44.0134 0628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:31:44.0165 0628 WdiSystemHost - ok
12:31:44.0197 0628 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:31:44.0259 0628 WebClient - ok
12:31:44.0275 0628 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:31:44.0337 0628 Wecsvc - ok
12:31:44.0368 0628 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:31:44.0431 0628 wercplsupport - ok
12:31:44.0477 0628 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:31:44.0524 0628 WerSvc - ok
12:31:44.0571 0628 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:44.0665 0628 WfpLwf - ok
12:31:44.0665 0628 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:31:44.0680 0628 WIMMount - ok
12:31:44.0696 0628 WinDefend - ok
12:31:44.0711 0628 WinHttpAutoProxySvc - ok
12:31:44.0758 0628 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:31:44.0821 0628 Winmgmt - ok
12:31:45.0101 0628 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:31:45.0179 0628 WinRM - ok
12:31:45.0226 0628 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:31:45.0242 0628 WinUsb - ok
12:31:45.0289 0628 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:31:45.0335 0628 Wlansvc - ok
12:31:45.0382 0628 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:31:45.0413 0628 WmiAcpi - ok
12:31:45.0445 0628 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:31:45.0491 0628 wmiApSrv - ok
12:31:45.0523 0628 WMPNetworkSvc - ok
12:31:45.0538 0628 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:31:45.0554 0628 WPCSvc - ok
12:31:45.0585 0628 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:31:45.0601 0628 WPDBusEnum - ok
12:31:45.0647 0628 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:31:45.0757 0628 ws2ifsl - ok
12:31:45.0772 0628 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:31:45.0803 0628 wscsvc - ok
12:31:45.0819 0628 WSearch - ok
12:31:46.0006 0628 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:31:46.0147 0628 wuauserv - ok
12:31:46.0178 0628 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:31:46.0225 0628 WudfPf - ok
12:31:46.0256 0628 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:46.0287 0628 WUDFRd - ok
12:31:46.0318 0628 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:31:46.0349 0628 wudfsvc - ok
12:31:46.0396 0628 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:31:46.0412 0628 WwanSvc - ok
12:31:46.0427 0628 ================ Scan global ===============================
12:31:46.0459 0628 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:31:46.0490 0628 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:31:46.0490 0628 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:31:46.0521 0628 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:31:46.0583 0628 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:31:46.0599 0628 [Global] - ok
12:31:46.0599 0628 ================ Scan MBR ==================================
12:31:46.0646 0628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:31:48.0689 0628 \Device\Harddisk1\DR1 - ok
12:31:48.0705 0628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:31:49.0126 0628 \Device\Harddisk0\DR0 - ok
12:31:49.0126 0628 ================ Scan VBR ==================================
12:31:49.0157 0628 [ B69060D15AA4AADDD41DEAAF12FEE055 ] \Device\Harddisk1\DR1\Partition1
12:31:49.0189 0628 \Device\Harddisk1\DR1\Partition1 - ok
12:31:49.0204 0628 [ CEB8EBB0E48A174917F5640B4E559C12 ] \Device\Harddisk1\DR1\Partition2
12:31:49.0220 0628 \Device\Harddisk1\DR1\Partition2 - ok
12:31:49.0235 0628 [ 7DA863222D88920C404B2402AD10E187 ] \Device\Harddisk0\DR0\Partition1
12:31:49.0235 0628 \Device\Harddisk0\DR0\Partition1 - ok
12:31:49.0251 0628 [ 2C557F18991D9FCEB3D5A194ADD6DF68 ] \Device\Harddisk0\DR0\Partition2
12:31:49.0251 0628 \Device\Harddisk0\DR0\Partition2 - ok
12:31:49.0251 0628 ============================================================
12:31:49.0251 0628 Scan finished
12:31:49.0251 0628 ============================================================
12:31:49.0267 4684 Detected object count: 0
12:31:49.0267 4684 Actual detected object count: 0
Ich hab eben entdeckt, das Spybot wohl doch auf meinem Rechner (wieder)läuft. Als ich damit Mittwoch mal scannen wollte, hat sich das nicht berappelt bekommen. Als ich eben mal bei getrenntem Netzwerk alles an Programmen und Virenscannern deaktiviert hab, damit Kaspersky sich nicht gestört fühlen könnte, fiel mir auf, das es jetzt wohl doch beim Systemstart mit geöffnet wurde. Ich bin mir jetzt nicht sicher, ob das gestern bei Combofix mitlief. Ist bekannt, dass Spybot search and Destroy da was blockiert für Combofix? Dann mach ich den Scan nochmal mit diesmal alles, alles aus. Danke dir, dass du bei mir dran bleibst Ich geb mein Bestes, aber manchmal bin ich leider ne konfuse Nudel. |
|
16.12.2012, 17:25
| #10 |
| /// Malware-holic | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hi, wir hauen Spybot auf jeden fall runter, kann man ruhig drauf verzichten. lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 18:28
| #11 |
| | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hey hier das File: Code:
ATTFilter Ad-Aware Antivirus Lavasoft Limited 30.04.2012 42,5MB 10.0.185.3207 unnötig
Ad-Aware Browsing Protection Lavasoft 30.04.2012 0.9.0.2 unnötig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig
Audacity 2.0 Audacity Team 07.05.2012 42,1MB unnötig
AVG 2013 AVG Technologies 12.12.2012 2013.0.2805 notwendig
Avira Free Antivirus Avira 13.12.2012 129MB 13.0.0.2890 unnötig
Avira SearchFree Toolbar plus Web Protection Ask.com 13.12.2012 10,2MB 1.15.11.0 unnötig
Avira SearchFree Toolbar plus Web Protection Updater Ask.com 13.12.2012 1.2.3.30498 unnötig
Canon MP Navigator EX 2.0 14.05.2012 notwendig
Canon My Printer 14.05.2012 notwendig
Canon Utilities Easy-PhotoPrint EX 14.05.2012 notwendig
Canon Utilities Solution Menu 14.05.2012 notwendig
CCleaner Piriform 25.11.2012 3.25 notwendig
CDBurnerXP CDBurnerXP 12.12.2012 16,9MB 4.5.0.3661 unnötig
Citrix XenApp Web Plugin Citrix Systems, Inc. 28.08.2012 25,4MB 11.0.150.5357 unnötig
Dropbox Dropbox, Inc. 25.05.2012 1.4.7 notwendig
Foxit Reader Foxit Corporation 03.05.2012 36,0MB 5.3.0.423 notwendig
ImgBurn LIGHTNING UK! 11.12.2012 2.5.7.0 unnötig
IrfanView (remove only) Irfan Skiljan 04.07.2012 1,50MB 4.32 unnötig
IsoBuster 3.0 Smart Projects 11.12.2012 10,4MB 3.0 unnötig
Java(TM) 6 Update 32 Oracle 05.05.2012 95,7MB 6.0.320
Java(TM) 7 Update 4 (64-bit) Oracle 05.05.2012 95,0MB 7.0.40
Juniper Citrix Services Client Juniper Networks 16.10.2012 7.2.0.22071 unnötig
Juniper Networks Setup Client Activex Control Juniper Networks 28.08.2012 2.1.1.1 unnötig
Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 16.10.2012 800KB 7.2.5.26817 unnötig
Juniper Networks, Inc. Setup Client 64-bit Activex Control Juniper Networks, Inc. 16.10.2012 2.1.1.1 unnötig
LAME v3.99.3 (for Windows) 07.05.2012 1,52MB unnötig
Magical Jelly Bean KeyFinder Magical Jelly Bean 21.08.2012 1,87MB 2.0.8.4 unnötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.05.2012 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.05.2012 2,93MB 4.0.30319
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.12.2012 348KB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 30.04.2012 788KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 01.05.2012 240KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.04.2012 596KB 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.12.2012 11,1MB 10.0.40219
Mozilla Firefox 17.0.1 (x86 de) Mozilla 15.12.2012 49,9MB 17.0.1 notwendig
Mozilla Maintenance Service Mozilla 15.12.2012 329KB 17.0.1 notwendig
Mozilla Thunderbird 17.0 (x86 de) Mozilla 14.12.2012 41,9MB 17.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 01.05.2012 1,27MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 01.05.2012 1,33MB 4.20.9876.0
Nero Kwik Media Nero AG 12.12.2012 437MB 12.0.02100 unnötig
No23 Recorder No23 22.05.2012 3,18MB 2.1.0.3 unnötig
NVIDIA 3D Vision Controller-Treiber 296.10 NVIDIA Corporation 30.04.2012 296.10 notwendig
NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 18.11.2012 306.97 notwendig
NVIDIA Drivers 30.04.2012 notwendig
NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 18.11.2012 306.97 notwendig
NVIDIA PhysX-Systemsoftware 9.12.0213 NVIDIA Corporation 30.04.2012 9.12.0213 notwendig
NVIDIA Update 1.10.8 NVIDIA Corporation 18.11.2012 1.10.8 notwendig
OpenOffice.org 3.3 OpenOffice.org 30.04.2012 414MB 3.3.9567 notwendig
Puzzle Pirates 30.04.2012 unnötig
ReaConverter 6.7 Standard ReaSoft 05.07.2012 unnötig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 30.04.2012 6.0.1.6554 notwendig
Roadkil's Unstoppable Copier Version 5.2 Roadkil.Net 11.12.2012 812KB unnötig
Security Task Manager 1.8d Neuber Software 13.12.2012 1.8d unnötig
Skype Click to Call Skype Technologies S.A. 07.11.2012 65,1MB 6.3.11079 notwendig, wenn skype ohne nicht geht. sonst unnötig
Skype™ 5.10 Skype Technologies S.A. 09.08.2012 19,3MB 5.10.116 notwendig
Smart File Advisor 1.1.1 Filefacts.net 11.12.2012 1,50MB 1.1.1 unbekannt
Spotify Spotify AB 27.10.2012 0.8.5.1333.g822e0de8 unnötig
Spybot - Search & Destroy Safer Networking Limited 02.07.2012 1.6.2 unnötig
TeamSpeak 3 Client TeamSpeak Systems GmbH 01.05.2012 3.0.6 unnötig
TeamViewer 7 TeamViewer 29.11.2012 7.0.15723 unnötig
Tinypic 3.18 E. Fiedler 08.10.2012 Tinypic 3.18 notwendig
Trojan Remover 6.8.5 Simply Super Software 13.12.2012 18,7MB 6.8.5 unnötig
Visual Studio 2010 x64 Redistributables AVG Technologies 12.12.2012 12,4MB 13.0.0.1 unbekannt wenns zu AVG gehört notwendig
VLC media player 2.0.1 VideoLAN 06.05.2012 2.0.1 notwendig
waterMark V2 08.10.2012 unnötig
WinRAR 4.20 (64-Bit) win.rar GmbH 24.06.2012 4.20.0 notwendig
Java Update Microsoft .NET Framework 4 Microsoft Visual C++ MSXML 4.0 SP2 weil ich mir da nicht sicher war, was davon für was notwendig ist. Sonst war ich sehr rigoros. Wenn ich es vermissen sollte, kann man es ja wieder installieren. Aber aktuell ist es nicht wichtig. |
|
16.12.2012, 19:36
| #12 |
| /// Malware-holic | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Deinstaliere: Ad-Aware : alle deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. Deinstaliere: Avira : alle CDBurnerXP Citrix ImgBurn IrfanView IsoBuster Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Juniper : alle LAME Magical Nero No23 Puzzle ReaConverter Roadkil's Security Task Skype Click Smart File Spotify Spybot TeamSpeak TeamViewer Trojan Remover waterMark Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 22:56
| #13 | |
| | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( hey Beim Deinstallieren habe eine Warnungen bekommen: Für IsoBuster: Zitat:
Code:
ATTFilter # AdwCleaner v2.101 - Datei am 16/12/2012 um 22:34:33 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Michi - MICHI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michi\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\searchplugins\Askcom.xml
Ordner Gefunden : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default-1355223939464 [Profil par défaut]
Datei : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\prefs.js
Gefunden : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R1].txt - [1136 octets] - [16/12/2012 22:34:33]
########## EOF - C:\AdwCleaner[R1].txt - [1196 octets] ##########
|
|
17.12.2012, 11:13
| #14 |
| /// Malware-holic | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Sieht eig recht gut aus, möchte dann noch etwas prüfen. 1.
IsoBuster: ists noch in der Programmliste? wie läuft das System, nach einem Neustart? Auch Browser und Programme testen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 16:02
| #15 |
| | Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hey Tut mir leid, dass ich mich erst heute melde. Konnte gestern zwar noch deine Anweisung ausführen, aber dann ist mir irgendwie die Zeit weggerannt. Code:
ATTFilter # AdwCleaner v2.101 - Datei am 17/12/2012 um 12:41:46 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Michi - MICHI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\searchplugins\Askcom.xml
Ordner Gelöscht : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default-1355223939464 [Profil par défaut]
Datei : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\prefs.js
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R1].txt - [1265 octets] - [16/12/2012 22:34:33]
AdwCleaner[S1].txt - [1234 octets] - [17/12/2012 12:41:46]
########## EOF - C:\AdwCleaner[S1].txt - [1294 octets] ##########
Auch meine Tastatur ist im BIOS wieder funktionstüchtig  Den wirklichen Auslastungstest konnte ich so jetzt noch nicht machen. Schaff ich heute auch leider nicht. Ich hoffe, das ich es morgen schaffe, da ich dann erstmal einen Monat außerhalb der Rechnerreichweite bin. Aber es sieht so vom normalen Arbeiten her recht gut aus. Teilweise konnte ich ja noch nichtmal im Explorer was suchen, ohne das der sich mir "keine Rückmeldung" verabschiedet hat, und auf nichts mehr reagierte. Das ist deutlich besser! Danke dafür! Wie sieht es aus, ich habe noch eine externe Datenplatte von mir und eine meiner Familie, die diese gerne bei Gelegenheit wieder hätten. Ich hatte sie beide vor nicht allzulanger Zeit noch angeschlossen, aber jetzt die ganze Zeit nicht, um sie zu schützen. Ich werde sie auf jedenfall noch durchscannen. War meine Infizierung eher systemorientiert, oder kann es passieren, dass ich zwischen Fotos, Musik, Dokumenten und ähnlichem noch was fürchten muss? |
|
| Themen zu Trojaner Generic28.BVLH und Crypt.AXUH an Board :( |
| ad-aware, antivir, antivirus, application/pdf:, avira, avira searchfree toolbar, bho, bootmenü, error, firefox, flash player, google, iexplore.exe, immer wieder da, install.exe, kis, langsam, msiinstaller, nicht öffnen, nvidia update, pirates, plug-in, problem, programm, realtek, registry, richtlinie, safer networking, security, sehr langsam, software, spotify web helper, super, svchost.exe, system, system error, taskmanager, teamspeak, trojaner, visual studio, warum, windows |
Linear-Darstellung
