| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner / Trojan.Ransom.SUGenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.12.2012, 15:16
| #1 |
 |  GVU Trojaner / Trojan.Ransom.SUGen Habe mir diesen Trojaner eingefangen und weiß langsam nicht mehr was ich noch machen kann um den zu entfernen. Sobald die Internet-Verbindung aufgebaut ist, "bittet" mich die "GVU" doch mal schnell vor Weihnachten noch 100,-€ zu überweisen. Ich habe Windows 7 (64-bit) und bin immer mit einem eingeschränkten Konto angemeldet. Ich habe zwar eine Möglichkeit gefunden, den Screen kurzfristig wegzubekommen, aber die vollständige Reinigung schaffe ich nicht und würde mich über Hilfe sehr freuen. So habe ich den Screen wegbekommen: - Windows starten (vorher Fritz-Stick abstecken) - irgend ein Dokument, z. B. Word öffnen und bearbeiten (NICHT speichern) - Fritz-Stick rein => Verbindung baut sich auf => Sperrscreen aktiv - CTRL + ALT + Entfernen => PC Neustart - wenn Meldung kommt, dass noch Dokumente offen sind: Neustart abbrechen - voila: Sperrscreen ist weg und man kommt wieder ins Net Doch zurück zum Thema: Was habe ich bis jetzt unternommen? - Einen Wiederherstellungspunkt habe ich nicht (wundert mich eigentlich; kann der Trojaner die Punkte zerstören?); nur ein 3 Monate altes Systemabbild (aber da kann ich ja gleich neu installieren) - Rechner über Kaspersky Windows unlocker entsperrt Im Logfile steht, dass alle User geöffnet wurden und zusätzlich eine verdächtige Veränderung in der userinit.exe. (auch die wird geöffnet). Allerdings hat das keine Auswirkungen; der Trojaner ist nach wie vor aktiv. - zusätzlich gründlicher Scan aller Platten mit Kaspersky Rescue Disk (lief über 8 Stunden), doch das Programm findet auch nichts, dass ein Fall für die Quarantäne wäre. - Dann dieses Forum gefunden und schnellen Scan von MBAM laufen lassen: Der Trojaner "Trojan.Ransom.SUGen" wird gefunden => Quarantäne. Nach einem Neustart und erneuten Scan ist der Trojaner wieder da. Auch wenn ich ohne Inet den Trojaner gescannt und beseitig habe ist er trotzdem sofort wieder da, wenn ich on gehe. Laut MBAM ist dann wieder die gleiche Datei infiziert. Logfile: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.18.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Florian_2 :: HOSCHIMEDES [limited] 19.12.2012 13:12:28 mbam-log-2012-12-19 (13-12-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197358 Time elapsed: 2 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully. (end) - Adwcleaner habe ich über den Link im Forum heruntergeladen, jedoch springt da mein Virenscanner an (AVG Free). Habs nicht ausgeführt. - defogger habe ich ausgeführt - OTL habe ich ausgeführt und gescannt OTL.txt: OTL logfile created on: 19.12.2012 14:46:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian_2\Downloads 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,05% Memory free 7,99 Gb Paging File | 5,45 Gb Available in Paging File | 68,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,87 Gb Total Space | 2,40 Gb Free Space | 4,92% Space Free | Partition Type: NTFS Drive F: | 48,78 Gb Total Space | 34,02 Gb Free Space | 69,74% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 20,32 Gb Free Space | 83,22% Space Free | Partition Type: NTFS Drive H: | 24,41 Gb Total Space | 24,32 Gb Free Space | 99,60% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 1,13 Gb Free Space | 2,31% Space Free | Partition Type: NTFS Drive J: | 97,65 Gb Total Space | 59,14 Gb Free Space | 60,56% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 1,69 Gb Free Space | 1,73% Space Free | Partition Type: NTFS Drive L: | 97,65 Gb Total Space | 44,69 Gb Free Space | 45,76% Space Free | Partition Type: NTFS Drive M: | 97,65 Gb Total Space | 12,64 Gb Free Space | 12,94% Space Free | Partition Type: NTFS Drive N: | 195,32 Gb Total Space | 26,11 Gb Free Space | 13,37% Space Free | Partition Type: NTFS Drive O: | 48,82 Gb Total Space | 28,22 Gb Free Space | 57,81% Space Free | Partition Type: NTFS Drive P: | 101,35 Gb Total Space | 10,89 Gb Free Space | 10,75% Space Free | Partition Type: NTFS Computer Name: HOSCHIMEDES | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.19 13:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Florian_2\Downloads\OTL.exe PRC - [2012.12.12 21:24:26 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.09.02 08:11:23 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012.07.14 01:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- F:\Mozilla Firefox\firefox.exe PRC - [2012.05.24 16:23:45 | 000,663,360 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe PRC - [2012.05.24 16:23:43 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe PRC - [2010.06.13 23:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.03.16 17:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- F:\Motherboard\ASUS EPU\EPU.exe PRC - [2010.01.22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- F:\Motherboard\USB 3.0\Application\nusb3mon.exe PRC - [2009.09.28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.07.07 12:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- F:\Motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.03.30 15:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2006.11.23 14:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- F:\Power DVD 7\PDVDServ.exe ========== Modules (No Company Name) ========== MOD - [2012.12.12 21:24:26 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.07.14 01:14:07 | 002,003,424 | ---- | M] () -- F:\Mozilla Firefox\mozjs.dll MOD - [2012.05.24 16:23:45 | 000,663,360 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe MOD - [2010.08.05 00:25:25 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.01.08 16:17:24 | 000,565,248 | ---- | M] () -- F:\Motherboard\ASUS EPU\pngio.dll MOD - [2010.01.08 16:17:24 | 000,053,248 | ---- | M] () -- F:\Motherboard\ASUS EPU\AsSpindownTimeout.dll MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.07.30 13:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.04.22 19:20:00 | 000,179,712 | ---- | M] () -- F:\Motherboard\ASUS EPU\AsusService.dll MOD - [2009.03.30 15:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.12 21:24:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.24 16:23:43 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.08.29 23:34:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.29 23:33:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.06.13 23:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.09.05 01:09:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- F:\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- P:\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 14:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.01.18 14:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2011.12.12 10:07:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.10.25 01:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.03.17 04:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.03.10 02:48:28 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.01.22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 09:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.01 13:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009.07.31 04:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2008.07.09 13:21:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64) DRV:64bit: - [2007.09.11 14:20:00 | 000,132,096 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EC168x64.sys -- (EC168x64) DRV - [2011.12.26 15:42:51 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=17-09-2011&tb_mrud=17-09-2011 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 23 D6 6D 1C 34 CB 01 [binary data] IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C EF 96 67 20 5C CB 01 [binary data] IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes,DefaultScope = {1D06B7FE-D65C-480E-9A40-6E850A29CDF5} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{1D06B7FE-D65C-480E-9A40-6E850A29CDF5}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{7C621DE1-34F6-48D4-8ECF-F1E06D420016}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 44 F4 52 C4 51 CB 01 [binary data] IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes,DefaultScope = {24F5310B-2853-4C63-9FD9-865FB8CA8A82} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: F:\Mozilla Firefox\components [2012.07.22 11:24:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: F:\Mozilla Firefox\plugins [2012.08.17 07:21:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: F:\Mozilla Thunderbird\components [2012.10.13 01:36:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: F:\Mozilla Thunderbird\plugins [2011.10.04 14:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2010.08.04 23:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.02.09 22:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\yi1dja40.default\extensions [2010.08.25 00:54:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\yi1dja40.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.28 23:15:09 | 000,002,354 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\yi1dja40.default\searchplugins\aol-web-search.xml [2011.07.09 22:17:49 | 000,002,501 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\yi1dja40.default\searchplugins\SearchResults.xml File not found (No name found) -- F:\AVG VIRENSCANNER\FIREFOX\DONOTTRACK [2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml O1 HOSTS File: ([2011.10.04 13:15:59 | 000,437,695 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15052 more lines... O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\AVG Virenscanner\avgssiea.dll File not found O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\AVG Virenscanner\avgssie.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LanguageShortcut] F:\Power DVD 7\Language\Language.exe () O4 - HKLM..\Run: [NUSB3MON] F:\Motherboard\USB 3.0\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [RemoteControl] F:\Power DVD 7\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [Six Engine] F:\Motherboard\ASUS EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] F:\Motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [EA Core] I:\Fussball Manager 10\EADM\Core.exe (Electronic Arts) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [flatster Recorder] F:\flatster Recorder\flatster Recorder.exe File not found O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk = C:\Program Files (x86)\Common Files\Adobe\Web\AOM.exe (Adobe Systems, Incorporated) O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ACF8334-BC7C-4872-AEEB-37010EFE9435}: DhcpNameServer = 83.169.184.161 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55221738-EDAE-42FD-8A5C-E1D33C9EFE5C}: DhcpNameServer = 83.169.184.161 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE815495-85DC-4519-9584-C47BCE7795BD}: DhcpNameServer = 83.169.184.161 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\AVG Virenscanner\avgppa.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\AVG Virenscanner\avgpp.dll File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9e8b7c32-a03b-11df-a765-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9e8b7c32-a03b-11df-a765-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{e1048f9a-a156-11df-9aaa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e1048f9a-a156-11df-9aaa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 13:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012.12.19 13:51:54 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2012.12.19 13:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012.12.19 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Programs [2012.12.19 03:27:20 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes [2012.12.19 03:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.19 03:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.19 03:27:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.19 03:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.19 03:15:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.13 03:46:17 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.12.13 00:10:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\AVG2013 [2012.12.13 00:07:37 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\TuneUp Software [2012.12.13 00:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.12.13 00:04:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\MFAData [2012.12.13 00:04:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Avg2013 [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Florian\AppData\Local\*.tmp files -> C:\Users\Florian\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.19 14:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.19 13:51:58 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.19 13:27:56 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable [2012.12.19 13:12:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 13:12:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 13:10:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.19 13:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.19 13:03:07 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2012.12.19 03:27:11 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.19 02:11:46 | 000,001,153 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk [2012.12.17 17:03:00 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.17 17:03:00 | 000,666,658 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.17 17:03:00 | 000,625,504 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.17 17:03:00 | 000,135,586 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.17 17:03:00 | 000,111,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 17:00:41 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.12.17 17:00:41 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.12.13 03:21:14 | 000,343,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.13 00:07:38 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Florian\AppData\Local\*.tmp files -> C:\Users\Florian\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.19 13:51:58 | 000,002,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012.12.19 13:51:58 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.19 13:27:56 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable [2012.12.19 03:27:11 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.19 02:11:46 | 000,001,153 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk [2012.12.19 01:01:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.13 00:07:38 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.11.01 13:17:07 | 011,624,448 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Sandra.mdb [2011.10.09 23:00:47 | 000,000,095 | ---- | C] () -- C:\Users\Florian\AppData\Local\fusioncache.dat [2011.10.09 22:59:16 | 001,557,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.18 15:25:40 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.05.23 21:30:46 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll [2011.05.09 20:35:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.05.09 20:35:32 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.02.19 00:45:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2011.02.03 15:52:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.02.03 15:47:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.02.03 15:45:55 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.11.10 20:20:10 | 000,011,205 | ---- | C] () -- C:\Users\Florian\firefox-2010-11-10 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.13 15:54:47 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\AVG2013 [2011.11.12 21:35:21 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Canon [2011.10.10 20:58:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\DVDVideoSoft [2011.02.02 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\FileZilla [2011.02.15 22:34:36 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\MAGIX [2010.08.12 11:19:31 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\OpenOffice.org [2010.08.13 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Thunderbird [2012.12.13 00:10:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\AVG2013 [2012.02.23 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canon [2010.08.06 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\CDZilla [2012.09.17 00:22:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DVDVideoSoft [2011.04.02 00:36:24 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.01 12:01:14 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FileZilla [2011.02.03 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\MAGIX [2010.08.14 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org [2011.01.26 15:34:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\REAPER [2010.08.14 13:27:26 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird [2012.12.13 00:07:37 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software [2011.05.28 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\UDC Profiles [2012.12.13 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\AVG2013 [2011.07.31 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\BayWotch4 [2011.01.21 13:58:08 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Canon [2010.08.06 12:16:16 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\CDZilla [2010.09.22 23:28:11 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2012.09.17 00:22:46 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\DVDVideoSoft [2012.12.17 11:56:39 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\FileZilla [2011.04.14 00:17:53 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Kalypso Media [2011.08.08 12:06:06 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Kummert Inspektionssysteme [2012.11.10 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Lionhead Studios [2011.02.03 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\MAGIX [2011.10.19 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\MudTV [2011.05.09 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\My Games [2010.08.05 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\OpenOffice.org [2010.08.16 10:42:54 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Opera [2010.08.14 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Thunderbird [2010.11.08 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Tropico 3 Demo ========== Purity Check ========== < End of report > extras.txt: OTL Extras logfile created on: 19.12.2012 14:46:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian_2\Downloads 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,05% Memory free 7,99 Gb Paging File | 5,45 Gb Available in Paging File | 68,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,87 Gb Total Space | 2,40 Gb Free Space | 4,92% Space Free | Partition Type: NTFS Drive F: | 48,78 Gb Total Space | 34,02 Gb Free Space | 69,74% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 20,32 Gb Free Space | 83,22% Space Free | Partition Type: NTFS Drive H: | 24,41 Gb Total Space | 24,32 Gb Free Space | 99,60% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 1,13 Gb Free Space | 2,31% Space Free | Partition Type: NTFS Drive J: | 97,65 Gb Total Space | 59,14 Gb Free Space | 60,56% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 1,69 Gb Free Space | 1,73% Space Free | Partition Type: NTFS Drive L: | 97,65 Gb Total Space | 44,69 Gb Free Space | 45,76% Space Free | Partition Type: NTFS Drive M: | 97,65 Gb Total Space | 12,64 Gb Free Space | 12,94% Space Free | Partition Type: NTFS Drive N: | 195,32 Gb Total Space | 26,11 Gb Free Space | 13,37% Space Free | Partition Type: NTFS Drive O: | 48,82 Gb Total Space | 28,22 Gb Free Space | 57,81% Space Free | Partition Type: NTFS Drive P: | 101,35 Gb Total Space | 10,89 Gb Free Space | 10,75% Space Free | Partition Type: NTFS Computer Name: HOSCHIMEDES | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0339D1FA-C0F8-452D-BE87-5658CAEC2817}" = lport=59070 | protocol=6 | dir=in | name=pando media booster | "{08640131-AB6F-49EA-90F9-32F1CAAA402D}" = lport=10243 | protocol=6 | dir=in | app=system | "{09E13297-EC9E-4BAF-A11E-AF53581694D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B12C8C5-2E4A-4188-8E19-44D1DEF3741A}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2012.sp5c\wnt500x64\rpcsandrasrv.exe | "{0F46B913-14E3-4684-AA84-EFB23F37F003}" = lport=137 | protocol=17 | dir=in | app=system | "{12610BA7-8889-469A-B2BA-E68909EC0C26}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2012.sp5c\rpcagentsrv.exe | "{1A1625E2-FEF6-4683-8794-DB11DCBDBEA6}" = lport=138 | protocol=17 | dir=in | app=system | "{2369A42B-90D4-493D-AEFE-911C85C191C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{28D52104-E55C-4D83-91E3-FDDF626C3B68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{39C59B98-1DC5-4878-B49E-8855944F99EB}" = rport=10243 | protocol=6 | dir=out | app=system | "{4826B081-F841-4D4E-93F8-31418B0B805A}" = rport=138 | protocol=17 | dir=out | app=system | "{4C25AE7F-0E02-4966-B328-C3B8F54A0002}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52670C30-DB10-4434-9990-50A73AF01F5A}" = lport=139 | protocol=6 | dir=in | app=system | "{5F35CD3A-BCD9-4541-8861-2FEF729FCA39}" = rport=445 | protocol=6 | dir=out | app=system | "{6BB2B87B-8148-4DEF-A616-2F51D7CEE44F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6DFC9F3E-2C1F-483D-9391-6E719D1DE379}" = lport=59070 | protocol=6 | dir=in | name=pando media booster | "{9776E23A-3F99-4FE3-BC22-3086D5956590}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99035FCC-4CB8-48FC-A84D-76EF1BB92F14}" = lport=59070 | protocol=17 | dir=in | name=pando media booster | "{99D48BAF-BB84-4F1C-974B-435808014A6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9EAB74F7-E4AC-474E-AE76-278D70CBEC30}" = lport=445 | protocol=6 | dir=in | app=system | "{AF53DB61-166F-4B63-B47B-48EC9C8A8EF7}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2011.sp5\wnt500x64\rpcsandrasrv.exe | "{B6FBABC1-94D8-4674-A369-389D15758F24}" = lport=59070 | protocol=17 | dir=in | name=pando media booster | "{B875FEF0-EEB9-4DF1-951B-74DBED9E27E4}" = rport=139 | protocol=6 | dir=out | app=system | "{B8ADC835-4ABC-45FB-AFFE-9C1A364DB18A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C03FAC8A-E7A9-46E7-8E4E-B28666628BBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C800E41E-D9F7-4BC3-A249-E12E76A3F81C}" = lport=2869 | protocol=6 | dir=in | app=system | "{CCF2B91A-982F-4874-9052-0E1563BD0458}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EFC96469-72E4-4AEC-95A4-377DEFDCE009}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F1C209D7-8980-4B27-A29A-DD3E05C1BF82}" = rport=137 | protocol=17 | dir=out | app=system | "{F3F0FB03-D1A7-4DBB-B317-B3F21544773B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0339729D-EFB0-4264-A87C-3B3B222253BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0CA3C3D3-AE90-4169-BB7A-26BC86475B8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1693CBA3-B2B4-4459-B87B-28630021A892}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{1A989884-779A-4209-B402-B8B14AFB46AA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{20F469C4-2293-4F67-87D7-B1D4652A4D7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3521137A-F330-4042-895D-270F53D59995}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{382C9661-0022-456B-9F30-D9DD2A614445}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{56454C06-739B-4DF3-9E10-7C65A513CB66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{56A8C587-9F5A-4CBF-9620-8A530A2357B2}" = protocol=6 | dir=in | app=f:\avg virenscanner\avgmfapx.exe | "{585F64B5-2702-4C98-A459-2F88841FFA53}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{591BFC36-9BCF-49AB-8AC6-64E67A8BCBB9}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{5964F3DD-6DE9-4A80-9BEA-4E1DA90D9A86}" = protocol=6 | dir=out | app=system | "{5D58B510-09CB-47EA-9DD4-5A732732BCB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{601403DB-70C8-4641-BFBE-1E29C199FDA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6261302D-68AF-49C9-9A6D-BD1C5B74E6C2}" = protocol=6 | dir=in | app=f:\opera\opera.exe | "{651A5ECB-162C-4ECE-8DC5-91301ACF8C3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{667622A2-05E2-4039-ABFC-B80CFF20123A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{753946BC-AFFC-4A65-A26C-D5BF835C6B45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{77973D99-818C-42EE-BE58-CFA608F51705}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{816FC1B7-83B8-48E5-9B5A-D85DA3F0B8C7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{82C21768-E7C6-4D87-90E4-E4B3552B1A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{84A5E6EE-BEA4-4D0B-8E58-5D91BA77754C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{8F7B9474-133A-4D3E-B499-DD379F95AA48}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{9152FA62-4289-4D09-9669-D972A35EB939}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{94C04C0F-A840-4C69-B78B-105540D5DB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{980FC9C9-3E15-4BD3-A69C-AAA111712A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{991DDB31-3F11-4F1C-B49A-25748AF4B40F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{9AC87C90-7FEC-41A8-8D83-5C1041C6C209}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{A6C33221-1EB6-47B7-A2BF-50EC25F138A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A77D6C80-AEF3-4B2C-BCEE-44BF79BBC0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{B02980D9-A5BE-4014-9487-4B0204BB453E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BBDED519-491D-4944-9421-D3CD1C59E7B5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BEE06E38-D088-4716-AD7D-306E403A8BE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{BF81113B-2D16-485F-BB37-87E5C36513FE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{C39D5BD7-D60A-4635-9198-72AAB1D3A3FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C6E7DB6C-B964-4AEB-AE80-6E09D252D44F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CC6CA898-7364-4B8D-9D89-9E33EDB47FD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCAA45A9-8C0B-4406-96B3-ADF78471133B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D8A8691B-ABD7-4530-96E9-5A70D6DFD819}" = protocol=17 | dir=in | app=f:\opera\opera.exe | "{D8DEAD40-F39F-4A24-AE96-DB3338D5A075}" = protocol=6 | dir=in | app=c:\users\florian\appdata\local\temp\dsoclient\dlcache\app.n3app | "{DB0C7711-D37E-4AFF-A88A-E85EEBCFF334}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | "{DC1DAE65-9E8D-4CFE-A869-83453A90768B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{E4296371-D727-4324-BC6B-9CD0179B7FC4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{E458BE0A-9A48-409D-BF3F-322C10C957AF}" = protocol=17 | dir=in | app=f:\avg virenscanner\avgmfapx.exe | "{E722690C-C102-4DEB-9B93-5DB6E0970417}" = protocol=17 | dir=in | app=c:\users\florian\appdata\local\temp\dsoclient\dlcache\app.n3app | "{E88A429F-FA5D-43B7-B535-07966D705C11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{F0C39CF5-9FE7-453A-B611-9BEF41B49828}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F1E8908A-96BC-4872-B8B7-05859A140AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{F4027133-A2FF-41CC-BD08-D4CC1233ABFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5260E63-0DC5-45E0-98D7-CF6206D762F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{FB667A48-B74B-42D3-9998-0D942D3EA56F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FB977B33-D7E7-4A03-9963-4617136C8C99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{FCE0AFF0-10B3-489A-8111-0990CA784D05}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{FE524118-4096-48BD-982B-A61A830ECD50}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "TCP Query User{005E40B7-3C01-4012-8C66-B3050F7813EF}I:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=i:\anno 1701\anno1701.exe | "TCP Query User{018C7A0C-781F-4624-AF41-EE07A85B9035}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | "TCP Query User{035E5FE8-ECA4-4782-89D1-5694B711BD16}I:\herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=i:\herr der ringe online\lotroclient.exe | "TCP Query User{08697313-CDD8-42BC-802F-62CAB33A210A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{4A60202E-9165-4746-8BC4-6390BE9FF241}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{6C866550-1B5C-46EC-B9BD-8CD4F18AE773}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | "TCP Query User{912645AF-6AC7-4632-91A7-DC95004E02C7}I:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "TCP Query User{9676E4A9-C17D-4B97-8481-91A5C1642E20}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{A0CFF612-CCD4-4B69-A76A-58E7C019F92B}I:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=i:\anno 1701\anno1701.exe | "TCP Query User{B00FBD0D-B294-4E93-B94B-A024E098BB2A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{B5EEFDC8-C5CB-437C-BAFE-11E727D67651}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=6 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "TCP Query User{C598187A-F930-474F-AAB4-826F7362DF75}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{D4C3128A-3372-4399-BB8E-8771B7D8FA3D}I:\spellforce 2\spellforce2.exe" = protocol=6 | dir=in | app=i:\spellforce 2\spellforce2.exe | "TCP Query User{D637096A-2BD1-4CB1-9897-64D2FE5FFCD4}I:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "TCP Query User{D8985EC2-C41B-4801-B9FF-E9C38CE34517}F:\opera\opera.exe" = protocol=6 | dir=in | app=f:\opera\opera.exe | "TCP Query User{EB96A6A3-0E61-4BB8-9AD3-7AD71EF32FAD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{FA626FB7-5B8F-4B12-9CD6-8FD4F6582E51}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=6 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "UDP Query User{0DE173D3-F7B5-4A5F-9B2D-509F34263ADF}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=17 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "UDP Query User{2D90BEAC-B907-4299-8701-37E1D64EFAF9}F:\opera\opera.exe" = protocol=17 | dir=in | app=f:\opera\opera.exe | "UDP Query User{339C96D9-48AE-442A-808D-F2F081FEF0A1}I:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "UDP Query User{3DD54E97-B6EF-4AE9-94FE-3EB60DBD5075}I:\spellforce 2\spellforce2.exe" = protocol=17 | dir=in | app=i:\spellforce 2\spellforce2.exe | "UDP Query User{46AC432C-D419-4B2D-8C5D-05DC1B2443B9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4C7AC3B3-E2F8-4C50-AA5E-4A21334F8197}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{50454226-AD18-48C6-B4B2-A84422833412}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=17 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "UDP Query User{6EED41AF-8719-4FFD-9935-31B19597E869}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{722C15FB-4E66-4BDA-9EF7-5763F9976318}I:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=i:\anno 1701\anno1701.exe | "UDP Query User{7EE3B264-CD0E-44F1-BCAD-001FCA959D9B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{81AACCB3-1448-477E-9FFF-ABF3527BD837}I:\herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=i:\herr der ringe online\lotroclient.exe | "UDP Query User{84EC56C2-9234-4309-AD42-992CF6584FB7}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | "UDP Query User{9D7A590F-ADCB-40C2-87A6-2DD50A7713EF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{B360B32B-36B1-4495-864F-A7593A54F1C4}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | "UDP Query User{C454CA49-629D-46AB-A5AB-8AE765FA58FF}I:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=i:\anno 1701\anno1701.exe | "UDP Query User{DF260977-3463-494A-AB2C-1D90B0D00EB4}I:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "UDP Query User{EF491720-1052-4429-9F9C-99379F009FF5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP5c "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2013 "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4 "{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver "{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies(TM) 1.1 Patch "{2D428867-5883-449B-86F3-7B7187061031}" = Nero 7 Essentials "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{339E300B-AD83-4013-BABF-E5C0DDAAFE7C}" = Spellforce 2 - Dragon Storm "{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1 "{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch "{818690C7-8DA5-4623-BBA8-A73CFBD44077}" = Sound Blaster X-Fi MB "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{A311F7E9-436E-4924-8DB5-6004325F5A43}" = MainConceptDemoCodecs "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.01 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT "{D3507473-2CE3-4073-A6BA-A0846B5CC687}" = Namo WebEditor 8 "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe SVG Viewer" = Adobe SVG Viewer "Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe "Ant Renamer 2_is1" = Ant Renamer "Audacity_is1" = Audacity 1.2.6 "AVMWLANCLI" = AVM FRITZ!WLAN "baywotch4_is1" = BayWotch v4.2.4 "Canon MX870 series Benutzerregistrierung" = Canon MX870 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Drakensang Online" = Drakensang Online "Drakensang_is1" = Drakensang "EADM" = EA Download Manager "Easy-WebPrint EX" = Canon Easy-WebPrint EX "etope Lister_is1" = 1.36 "FileZilla Client" = FileZilla Client 3.3.3 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) "InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D) "MAGIX Music Maker 15 Premium D" = MAGIX Music Maker 15 Premium 15.0.1.8 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.1" = Canon MP Navigator EX 3.1 "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D) "Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0 "MySSID_is1" = Vtune 7.10 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "SoftwareUpdUtility" = Download Updater (AOL LLC) "Speed Dial Utility" = Canon Kurzwahlprogramm "SpellForce 2 Update v1.02" = SpellForce 2 Update v1.02 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.4 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Xfire" = Xfire (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "Winamp Detect" = Winamp Erkennungs-Plug-in ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "Opera 11.10.2092" = Opera 11.10 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.12.2012 22:36:54 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 13.12.2012 22:42:19 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193 Description = Error - 13.12.2012 22:47:47 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193 Description = Error - 17.12.2012 04:30:04 | Computer Name = Hoschimedes | Source = Application Hang | ID = 1002 Description = Programm AcroRd32.exe, Version 9.5.2.295 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ec8 Startzeit: 01cddc2f2fc549fd Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Berichts-ID: Error - 18.12.2012 03:51:27 | Computer Name = Hoschimedes | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.2792, Zeitstempel: 0x50993b63 Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.2792, Zeitstempel: 0x50993b63 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027610b ID des fehlerhaften Prozesses: 0x724 Startzeit der fehlerhaften Anwendung: 0x01cdd9a1349e109b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Berichtskennung: b9a00eb7-48e7-11e2-9d66-bc0543072299 Error - 18.12.2012 07:47:03 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 18.12.2012 07:47:15 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\Creative\audio device selection unicode\CTAudSeu.exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\Creative\audio device selection unicode\CTAudSeu.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 18.12.2012 07:47:23 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.12.2012 07:51:54 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193 Description = Error - 19.12.2012 08:08:29 | Computer Name = Hoschimedes | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457, Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0x01cddde0e1fbe547 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cc93aa90-49d4-11e2-85dd-485b395d16ab [ Spybot - Search and Destroy Events ] Error - 19.12.2012 09:22:22 | Computer Name = Hoschimedes | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 18.12.2012 23:26:34 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.12.2012 23:26:35 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:26:37 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:27:35 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:28:56 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.12.2012 23:28:56 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:28:58 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:35:30 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.12.2012 08:03:10 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.12.2012 08:03:10 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > |
|
19.12.2012, 15:22
| #2 | |
| /// Malware-holic   | GVU Trojaner / Trojan.Ransom.SUGen Hi
__________________wenn man keine Windows updates einspielt (servicepack 1 zb fehlt) dann passiert so etwas schnell. Starte mal bitte neu, drücke f8 wähle abgesicherter Modus mit Netzwerk, melde dich im betroffenen Konto an, stelle die Internet verbindung her. dort solltest du arbeiten können. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
19.12.2012, 16:22
| #3 |
| | GVU Trojaner / Trojan.Ransom.SUGen Wow, da bin ich ja echt baff. So schnelle Antwort habe ich nun wirklich nicht erwartet. Toll!!
__________________Ja, mit dem SP1 hast du natürlich recht. Jetzt wo du es sagst fällt es mir auch wieder ein: Ich habe die Installation 2x gestartet, aber die brach dann ab mit einer Fehlermeldung. Ich hab mich dann nicht weiter drum gekümmert und letztendlich vergessen, da Windows mir auch nix mehr von dem fehlenden Update gesagt hat. Dies ist das einzig wichtige Update das fehlt; habe gerade nachgesehen. Ein Problem habe ich jedoch wg. dem abgesicherten Modus. Wenn ich F8 drücke (oder F5 oder den Rechner beim Booten zum Absturz bringe) dann habe ich nur die Auswahl zwischen "Windows ganz normal starten" und "Starthilfe starten". Bei Starthilfe startet der Rechner dann die Systemstartreparatur, sucht nach Problemen und repariert diese dann so ca. 5-10 Min. bis er zu dem Ergebnis kommt, dass die Starthilfe den PC nicht automatisch reparieren kann (Fehlercode 0x0). Anschließend kann ich mir erweiterte Optionen f. d. Systemwiederherstellung + Support anzeigen lassen. Wenn ich mich dann aber in dem betroffenen Konto anmelde, kann ich nur wieder die Sysstartrep. starten. Als Admin habe ich zwar mehr Möglichkeiten (Sysstartreparatur/Syswiederherst./Sysabbildwiderherst./Windows Speicherdiagnose/Eingabeaufforderung) aber das ist auch nicht das was du mir geantwortet hast. Ich hatte gestern bereits versucht, den Rechner in dem abgesicherten Modus zu starten, aber trotz googeln keine Möglichkeit gefunden das zu machen. Hast du eine Idee? Ich werde auch nochmal suchen. Macht es Sinn Combofix im normal gestarteten Windows auszuführen? |
|
19.12.2012, 16:38
| #4 |
| /// Malware-holic | GVU Trojaner / Trojan.Ransom.SUGen Hi, ja dann mal aus dem normalen Betrieb versuchen CF zu starten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 17:03
| #5 |
| | GVU Trojaner / Trojan.Ransom.SUGen Hallo, kurze Zwischenfrage noch: Beim Versuch den Rechner in den abgesicherten Modus zu bringen hab ich ihn auf "Energie sparen" gesetzt und dann am Netzteil ausgeschaltet. Normalerweise mag er das gar nicht. Aber diesmal hat er Windows gestartet, wie als ob ich ihn ganz normal aus dem Energie-Sparmodus raushole (hat nur länger gedauert). Jedenfalls kam jetzt der Sperrscreen nicht mehr. Ich hab MBAM ausgeführt und er hat den Trojaner gefunden. Hab den wieder in die Quarantäne verschoben und erneut durchgestartet. Der Sperrscreen kam danach ebenfalls nicht und nach erneutem Scan hat MBAM NICHTS gefunden. Das ist erstmalig so; bis jetzt war der immer wieder da. Meine Frage ist jetzt: Soll ich jetzt CF trotzdem im normalen Windows starten? |
|
19.12.2012, 18:30
| #6 |
| /// Malware-holic | GVU Trojaner / Trojan.Ransom.SUGen Hab ich irgendwas von Malwarebytes geschrieben? entweder das machen, was hier steht, oder ich kann meine zeit sonst auch sinnvoller nutzen, und schreib keine Anleitungen, die eh nicht befolgt werden... Öffne, wenn du hier weiterarbeiten willst,malwarebytes, Logdateien,, poste alle Logs mit funden. dann combofix ausführen
__________________ --> GVU Trojaner / Trojan.Ransom.SUGen |
|
19.12.2012, 21:31
| #7 |
| | GVU Trojaner / Trojan.Ransom.SUGen Tut mir leid, ich war der Meinung dass es helfen könnte, wenn ich hier alles ausführlich schildere. Sicher möchte ich hier weiter arbeiten. MBAM habe ich scannen lassen und hinterher cf gestartet. MBAM hat nichts gefunden. Combofix lief bis zum Neustart gut; jetzt nach dem Neustart kann das Programm nicht starten: Sobald es öffnet, schließt es auch schon wieder. Es öffnet mehrere Programmfenster schräg untereinander und fängt dann wieder oben an. Was kann ich tun? Hier noch das Logfile von MBAM: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.18.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Florian_2 :: HOSCHIMEDES [limited] 19.12.2012 16:54:05 mbam-log-2012-12-19 (16-54-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 187686 Time elapsed: 2 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Ich habe CF nochmal gestartet; diesmal hat es geklappt: Combofix Logfile: Code:
ATTFilter ComboFix 12-12-19.02 - Florian 20.12.2012 12:02:35.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2672 [GMT 1:00]
ausgeführt von:: c:\users\Florian_2\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Florian_2\wgsdgsdgdsgsd.dll
c:\windows\IsUn0407.exe
c:\windows\system\msvbvm60.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmp1103.tmp
c:\windows\SysWow64\tmp1133.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-20 bis 2012-12-20 ))))))))))))))))))))))))))))))
.
.
2012-12-20 11:22 . 2012-12-20 11:22 -------- d-----w- c:\users\Florian\AppData\Local\temp
2012-12-20 11:22 . 2012-12-20 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 11:22 . 2012-12-20 11:22 -------- d-----w- c:\users\Anja\AppData\Local\temp
2012-12-20 10:50 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3631B8A0-615B-41E2-8D4D-0C75B952650F}\mpengine.dll
2012-12-19 12:51 . 2012-12-19 19:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-19 12:50 . 2012-12-19 12:50 -------- d-----w- c:\users\Florian\AppData\Local\Programs
2012-12-19 03:11 . 2012-12-19 03:11 -------- d-----w- c:\users\Florian_2\AppData\Roaming\Malwarebytes
2012-12-19 02:27 . 2012-12-19 02:27 -------- d-----w- c:\users\Florian\AppData\Roaming\Malwarebytes
2012-12-19 02:27 . 2012-12-19 02:27 -------- d-----w- c:\programdata\Malwarebytes
2012-12-19 02:27 . 2012-12-19 02:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-19 02:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-19 02:15 . 2012-12-19 13:01 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-12-14 21:31 . 2012-12-14 21:31 -------- d-----w- c:\users\Anja\.seccommerce
2012-12-13 14:54 . 2012-12-13 14:54 -------- d-----w- c:\users\Anja\AppData\Roaming\AVG2013
2012-12-13 14:54 . 2012-12-13 14:54 -------- d-----w- c:\users\Anja\AppData\Local\Avg2013
2012-12-13 02:46 . 2012-12-13 02:46 -------- d-----w- c:\windows\rescache
2012-12-12 23:13 . 2012-12-12 23:13 -------- d-----w- c:\users\Florian_2\AppData\Roaming\AVG2013
2012-12-12 23:12 . 2012-12-13 12:43 -------- d-----w- c:\users\Florian_2\AppData\Local\Avg2013
2012-12-12 23:10 . 2012-12-12 23:10 -------- d-----w- c:\users\Florian\AppData\Roaming\AVG2013
2012-12-12 23:07 . 2012-12-12 23:07 -------- d-----w- c:\users\Florian\AppData\Roaming\TuneUp Software
2012-12-12 23:06 . 2012-12-19 20:26 -------- d-----w- c:\programdata\AVG2013
2012-12-12 23:04 . 2012-12-12 23:04 -------- d-----w- c:\users\Florian\AppData\Local\MFAData
2012-12-12 23:04 . 2012-12-12 23:04 -------- d-----w- c:\users\Florian\AppData\Local\Avg2013
2012-12-12 08:26 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 08:26 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 08:32 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 02:02 . 2010-08-06 12:07 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 20:24 . 2012-04-06 09:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 20:24 . 2011-05-17 07:49 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 21:20 . 2012-11-28 12:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 12:39 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 12:39 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 20:23 . 2012-10-10 20:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2011-05-21 05:01 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-10 20:23 . 2012-10-10 20:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2010-06-18 04:00 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-10 20:23 . 2011-05-21 05:01 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2010-06-18 04:00 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2010-06-18 04:00 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-02-09 20:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2010-06-18 04:00 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:45 . 2012-12-12 08:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:39 . 2012-11-15 23:37 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 21:55 . 2012-11-15 23:37 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-06-18 2158592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-09 3077528]
"EA Core"="i:\fussball manager 10\EADM\Core.exe" [2009-09-03 3342336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"RemoteControl"="f:\power dvd 7\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="f:\power dvd 7\Language\Language.exe" [2006-12-05 54832]
"VolPanel"="f:\motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NUSB3MON"="f:\motherboard\USB 3.0\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="f:\motherboard\ASUS EPU\EPU.exe" [2010-03-16 5309056]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOM.lnk - c:\program files (x86)\Common Files\Adobe\Web\AOM.exe [2011-11-24 618496]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\logitech\SetPoint.exe [2010-8-29 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FreemakeVideoCapture;FreemakeVideoCapture;f:\freemake\CaptureLib\CaptureLibService.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-25 14120]
R3 cpuz130;cpuz130;c:\users\Florian\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-29 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-29 79360]
R3 EC168x64;EC168BDA service;c:\windows\system32\DRIVERS\EC168x64.sys [2007-09-11 132096]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;p:\common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-03-20 460800]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-25 714368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\sisoftware sandra lite 2012.sp5c\RpcAgentSrv.exe [2008-09-05 68760]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-10 1255736]
S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [2008-07-09 136192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-13 248936]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-03-17 401696]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 83.169.184.161 192.168.0.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-flatster Recorder - f:\flatster recorder\flatster Recorder.exe
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Airline Tycoon - Deluxe - i:\airlin~2\UNWISE.EXE
AddRemove-Xfire - f:\spellforce 2\xfire\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\Software\SecuROM\License information*]
"datasecu"=hex:ef,bb,2e,f0,c3,07,80,8e,3a,23,c3,84,a6,ed,5b,01,7f,06,ef,d3,7c,
03,91,f3,51,96,de,f4,43,a4,b9,1e,02,23,1f,93,e7,a1,17,c1,bb,86,92,70,6f,a7,\
"rkeysecu"=hex:7b,1c,0e,e8,b6,ea,63,ea,ef,c5,84,b6,40,eb,04,a1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-20 12:23:42
ComboFix-quarantined-files.txt 2012-12-20 11:23
.
Vor Suchlauf: 2.696.409.088 Bytes frei
Nach Suchlauf: 2.508.099.584 Bytes frei
.
- - End Of File - - C43BA781E774CA19B993784F9CE8DCC2
|
|
20.12.2012, 13:41
| #8 |
| /// Malware-holic | GVU Trojaner / Trojan.Ransom.SUGen Sieht gut aus. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.12.2012, 15:37
| #9 |
| | GVU Trojaner / Trojan.Ransom.SUGen 15:32:44.0075 4192 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:32:44.0371 4192 ============================================================ 15:32:44.0371 4192 Current date / time: 2012/12/20 15:32:44.0371 15:32:44.0371 4192 SystemInfo: 15:32:44.0371 4192 15:32:44.0371 4192 OS Version: 6.1.7601 ServicePack: 1.0 15:32:44.0371 4192 Product type: Workstation 15:32:44.0371 4192 ComputerName: HOSCHIMEDES 15:32:44.0371 4192 UserName: Florian 15:32:44.0371 4192 Windows directory: C:\Windows 15:32:44.0371 4192 System windows directory: C:\Windows 15:32:44.0371 4192 Running under WOW64 15:32:44.0371 4192 Processor architecture: Intel x64 15:32:44.0371 4192 Number of processors: 4 15:32:44.0371 4192 Page size: 0x1000 15:32:44.0371 4192 Boot type: Normal boot 15:32:44.0371 4192 ============================================================ 15:32:45.0572 4192 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:32:45.0588 4192 ============================================================ 15:32:45.0588 4192 \Device\Harddisk0\DR0: 15:32:45.0588 4192 MBR partitions: 15:32:45.0588 4192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:32:45.0588 4192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x61BBAF8 15:32:45.0604 4192 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61EE337, BlocksNum 0x61900A1 15:32:45.0604 4192 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xC37E417, BlocksNum 0x30D3C70 15:32:45.0619 4192 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0xF4520CA, BlocksNum 0x30D3C6F 15:32:45.0635 4192 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x12525D7D, BlocksNum 0x61A7920 15:32:45.0666 4192 \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0x186CD6E3, BlocksNum 0xC34F289 15:32:45.0666 4192 \Device\Harddisk0\DR0\Partition8: MBR, Type 0x7, StartLBA 0x24A1C9AF, BlocksNum 0xC34F289 15:32:45.0682 4192 \Device\Harddisk0\DR0\Partition9: MBR, Type 0x7, StartLBA 0x30D6BC7B, BlocksNum 0xC34F289 15:32:45.0728 4192 \Device\Harddisk0\DR0\Partition10: MBR, Type 0x7, StartLBA 0x3D0BAF47, BlocksNum 0xC34F289 15:32:45.0760 4192 \Device\Harddisk0\DR0\Partition11: MBR, Type 0x7, StartLBA 0x4940A213, BlocksNum 0x186A241A 15:32:45.0791 4192 \Device\Harddisk0\DR0\Partition12: MBR, Type 0x7, StartLBA 0x61AAC66C, BlocksNum 0x61A3A66 15:32:45.0806 4192 \Device\Harddisk0\DR0\Partition13: MBR, Type 0x7, StartLBA 0x67C50111, BlocksNum 0xCAB58A9 15:32:45.0806 4192 ============================================================ 15:32:45.0900 4192 C: <-> \Device\Harddisk0\DR0\Partition2 15:32:45.0931 4192 G: <-> \Device\Harddisk0\DR0\Partition4 15:32:45.0994 4192 J: <-> \Device\Harddisk0\DR0\Partition7 15:32:46.0087 4192 K: <-> \Device\Harddisk0\DR0\Partition8 15:32:46.0103 4192 L: <-> \Device\Harddisk0\DR0\Partition9 15:32:46.0196 4192 M: <-> \Device\Harddisk0\DR0\Partition10 15:32:46.0259 4192 N: <-> \Device\Harddisk0\DR0\Partition11 15:32:46.0352 4192 P: <-> \Device\Harddisk0\DR0\Partition13 15:32:46.0384 4192 I: <-> \Device\Harddisk0\DR0\Partition6 15:32:46.0399 4192 H: <-> \Device\Harddisk0\DR0\Partition5 15:32:46.0415 4192 F: <-> \Device\Harddisk0\DR0\Partition3 15:32:46.0586 4192 O: <-> \Device\Harddisk0\DR0\Partition12 15:32:46.0586 4192 ============================================================ 15:32:46.0586 4192 Initialize success 15:32:46.0586 4192 ============================================================ 15:33:00.0517 3660 ============================================================ 15:33:00.0517 3660 Scan started 15:33:00.0517 3660 Mode: Manual; SigCheck; TDLFS; 15:33:00.0517 3660 ============================================================ 15:33:02.0202 3660 ================ Scan system memory ======================== 15:33:02.0202 3660 System memory - ok 15:33:02.0218 3660 ================ Scan services ============================= 15:33:02.0389 3660 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:33:02.0467 3660 1394ohci - ok 15:33:02.0498 3660 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:33:02.0514 3660 ACPI - ok 15:33:02.0514 3660 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:33:02.0810 3660 AcpiPmi - ok 15:33:02.0888 3660 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:33:02.0904 3660 AdobeFlashPlayerUpdateSvc - ok 15:33:02.0935 3660 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:33:02.0951 3660 adp94xx - ok 15:33:02.0966 3660 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 15:33:02.0998 3660 adpahci - ok 15:33:03.0013 3660 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 15:33:03.0029 3660 adpu320 - ok 15:33:03.0060 3660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:33:03.0091 3660 AeLookupSvc - ok 15:33:03.0122 3660 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:33:03.0154 3660 AFD - ok 15:33:03.0169 3660 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:33:03.0185 3660 agp440 - ok 15:33:03.0200 3660 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:33:03.0216 3660 ALG - ok 15:33:03.0232 3660 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:33:03.0247 3660 aliide - ok 15:33:03.0247 3660 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:33:03.0263 3660 amdide - ok 15:33:03.0278 3660 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:33:03.0356 3660 AmdK8 - ok 15:33:03.0372 3660 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:33:03.0419 3660 AmdPPM - ok 15:33:03.0466 3660 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:33:03.0497 3660 amdsata - ok 15:33:03.0512 3660 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 15:33:03.0528 3660 amdsbs - ok 15:33:03.0544 3660 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:33:03.0544 3660 amdxata - ok 15:33:03.0575 3660 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:33:03.0606 3660 AppID - ok 15:33:03.0637 3660 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:33:03.0668 3660 AppIDSvc - ok 15:33:03.0700 3660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 15:33:03.0731 3660 Appinfo - ok 15:33:03.0778 3660 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 15:33:03.0793 3660 AppMgmt - ok 15:33:03.0809 3660 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 15:33:03.0824 3660 arc - ok 15:33:03.0824 3660 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 15:33:03.0840 3660 arcsas - ok 15:33:03.0902 3660 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 15:33:03.0918 3660 AsIO - ok 15:33:03.0949 3660 aspnet_state - ok 15:33:03.0965 3660 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:33:03.0996 3660 AsyncMac - ok 15:33:04.0012 3660 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:33:04.0027 3660 atapi - ok 15:33:04.0058 3660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:33:04.0090 3660 AudioEndpointBuilder - ok 15:33:04.0090 3660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:33:04.0121 3660 AudioSrv - ok 15:33:04.0464 3660 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 15:33:04.0526 3660 AVGIDSAgent - ok 15:33:04.0558 3660 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 15:33:04.0573 3660 AVGIDSDriver - ok 15:33:04.0589 3660 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 15:33:04.0604 3660 AVGIDSHA - ok 15:33:04.0620 3660 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 15:33:04.0636 3660 Avgldx64 - ok 15:33:04.0667 3660 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 15:33:04.0682 3660 Avgloga - ok 15:33:04.0698 3660 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 15:33:04.0714 3660 Avgmfx64 - ok 15:33:04.0729 3660 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 15:33:04.0745 3660 Avgrkx64 - ok 15:33:04.0760 3660 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 15:33:04.0776 3660 Avgtdia - ok 15:33:04.0807 3660 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 15:33:04.0807 3660 avgwd - ok 15:33:04.0870 3660 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 15:33:04.0885 3660 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 15:33:04.0885 3660 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 15:33:04.0901 3660 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys 15:33:04.0932 3660 avmeject - ok 15:33:04.0963 3660 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:33:05.0026 3660 AxInstSV - ok 15:33:05.0072 3660 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 15:33:05.0119 3660 b06bdrv - ok 15:33:05.0150 3660 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:33:05.0197 3660 b57nd60a - ok 15:33:05.0213 3660 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:33:05.0228 3660 BDESVC - ok 15:33:05.0260 3660 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:33:05.0291 3660 Beep - ok 15:33:05.0322 3660 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:33:05.0369 3660 BFE - ok 15:33:05.0400 3660 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 15:33:05.0447 3660 BITS - ok 15:33:05.0462 3660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:33:05.0478 3660 blbdrive - ok 15:33:05.0509 3660 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:33:05.0525 3660 bowser - ok 15:33:05.0540 3660 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:33:05.0603 3660 BrFiltLo - ok 15:33:05.0603 3660 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:33:05.0618 3660 BrFiltUp - ok 15:33:05.0650 3660 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 15:33:05.0681 3660 BridgeMP - ok 15:33:05.0712 3660 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:33:05.0728 3660 Browser - ok 15:33:05.0743 3660 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:33:05.0774 3660 Brserid - ok 15:33:05.0806 3660 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:33:05.0837 3660 BrSerWdm - ok 15:33:05.0837 3660 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:33:05.0868 3660 BrUsbMdm - ok 15:33:05.0868 3660 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:33:05.0884 3660 BrUsbSer - ok 15:33:05.0899 3660 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:33:05.0930 3660 BTHMODEM - ok 15:33:05.0962 3660 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 15:33:06.0024 3660 BTHPORT - ok 15:33:06.0040 3660 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:33:06.0086 3660 bthserv - ok 15:33:06.0086 3660 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 15:33:06.0118 3660 BTHUSB - ok 15:33:06.0149 3660 catchme - ok 15:33:06.0164 3660 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:33:06.0196 3660 cdfs - ok 15:33:06.0227 3660 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 15:33:06.0242 3660 cdrom - ok 15:33:06.0274 3660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:33:06.0320 3660 CertPropSvc - ok 15:33:06.0336 3660 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:33:06.0352 3660 circlass - ok 15:33:06.0367 3660 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:33:06.0383 3660 CLFS - ok 15:33:06.0414 3660 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:33:06.0414 3660 clr_optimization_v2.0.50727_32 - ok 15:33:06.0539 3660 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:33:06.0554 3660 clr_optimization_v2.0.50727_64 - ok 15:33:06.0617 3660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:33:06.0617 3660 clr_optimization_v4.0.30319_32 - ok 15:33:06.0648 3660 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:33:06.0664 3660 clr_optimization_v4.0.30319_64 - ok 15:33:06.0679 3660 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:33:06.0695 3660 CmBatt - ok 15:33:06.0726 3660 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:33:06.0742 3660 cmdide - ok 15:33:06.0757 3660 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 15:33:06.0788 3660 CNG - ok 15:33:06.0804 3660 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:33:06.0820 3660 Compbatt - ok 15:33:06.0835 3660 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:33:06.0851 3660 CompositeBus - ok 15:33:06.0851 3660 COMSysApp - ok 15:33:06.0960 3660 cpuz130 - ok 15:33:06.0976 3660 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 15:33:06.0991 3660 crcdisk - ok 15:33:07.0022 3660 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe 15:33:07.0038 3660 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning 15:33:07.0038 3660 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1) 15:33:07.0054 3660 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 15:33:07.0069 3660 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 15:33:07.0069 3660 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 15:33:07.0132 3660 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:33:07.0147 3660 CryptSvc - ok 15:33:07.0178 3660 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 15:33:07.0225 3660 CSC - ok 15:33:07.0303 3660 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 15:33:07.0319 3660 CscService - ok 15:33:07.0381 3660 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 15:33:07.0412 3660 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 15:33:07.0412 3660 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 15:33:07.0475 3660 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 15:33:07.0490 3660 dc3d - ok 15:33:07.0522 3660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:33:07.0568 3660 DcomLaunch - ok 15:33:07.0584 3660 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:33:07.0615 3660 defragsvc - ok 15:33:07.0646 3660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:33:07.0678 3660 DfsC - ok 15:33:07.0709 3660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:33:07.0724 3660 Dhcp - ok 15:33:07.0740 3660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:33:07.0756 3660 discache - ok 15:33:07.0787 3660 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 15:33:07.0787 3660 Disk - ok 15:33:07.0818 3660 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:33:07.0834 3660 Dnscache - ok 15:33:07.0865 3660 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:33:07.0896 3660 dot3svc - ok 15:33:07.0912 3660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:33:07.0943 3660 DPS - ok 15:33:07.0974 3660 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:33:07.0990 3660 drmkaud - ok 15:33:08.0005 3660 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:33:08.0036 3660 DXGKrnl - ok 15:33:08.0052 3660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:33:08.0083 3660 EapHost - ok 15:33:08.0146 3660 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 15:33:08.0208 3660 ebdrv - ok 15:33:08.0224 3660 [ 629CE7287AFE06755F937B83D7806711 ] EC168x64 C:\Windows\system32\DRIVERS\EC168x64.sys 15:33:08.0255 3660 EC168x64 - ok 15:33:08.0270 3660 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:33:08.0302 3660 EFS - ok 15:33:08.0333 3660 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:33:08.0380 3660 ehRecvr - ok 15:33:08.0395 3660 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:33:08.0411 3660 ehSched - ok 15:33:08.0442 3660 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 15:33:08.0458 3660 elxstor - ok 15:33:08.0473 3660 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:33:08.0489 3660 ErrDev - ok 15:33:08.0504 3660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:33:08.0536 3660 EventSystem - ok 15:33:08.0536 3660 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:33:08.0567 3660 exfat - ok 15:33:08.0598 3660 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:33:08.0645 3660 fastfat - ok 15:33:08.0707 3660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:33:08.0754 3660 Fax - ok 15:33:08.0770 3660 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:33:08.0785 3660 fdc - ok 15:33:08.0801 3660 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:33:08.0832 3660 fdPHost - ok 15:33:08.0848 3660 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:33:08.0894 3660 FDResPub - ok 15:33:08.0910 3660 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:33:08.0910 3660 FileInfo - ok 15:33:08.0910 3660 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:33:08.0957 3660 Filetrace - ok 15:33:09.0222 3660 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance P:\Common\Database\bin\fbserver.exe 15:33:09.0284 3660 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 15:33:09.0284 3660 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 15:33:09.0300 3660 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:33:09.0316 3660 flpydisk - ok 15:33:09.0331 3660 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:33:09.0347 3660 FltMgr - ok 15:33:09.0440 3660 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 15:33:09.0472 3660 FontCache - ok 15:33:09.0518 3660 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:33:09.0534 3660 FontCache3.0.0.0 - ok 15:33:09.0550 3660 FreemakeVideoCapture - ok 15:33:09.0565 3660 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:33:09.0565 3660 FsDepends - ok 15:33:09.0581 3660 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:33:09.0596 3660 Fs_Rec - ok 15:33:09.0612 3660 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:33:09.0628 3660 fvevol - ok 15:33:09.0690 3660 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys 15:33:09.0737 3660 FWLANUSB - ok 15:33:09.0784 3660 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys 15:33:09.0815 3660 fwlanusbn - ok 15:33:09.0815 3660 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 15:33:09.0830 3660 gagp30kx - ok 15:33:09.0862 3660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:33:09.0893 3660 gpsvc - ok 15:33:09.0908 3660 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:33:09.0940 3660 hcw85cir - ok 15:33:09.0971 3660 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:33:10.0002 3660 HdAudAddService - ok 15:33:10.0033 3660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 15:33:10.0049 3660 HDAudBus - ok 15:33:10.0064 3660 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 15:33:10.0080 3660 HidBatt - ok 15:33:10.0096 3660 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 15:33:10.0127 3660 HidBth - ok 15:33:10.0142 3660 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:33:10.0158 3660 HidIr - ok 15:33:10.0158 3660 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 15:33:10.0189 3660 hidserv - ok 15:33:10.0220 3660 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:33:10.0220 3660 HidUsb - ok 15:33:10.0252 3660 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:33:10.0283 3660 hkmsvc - ok 15:33:10.0298 3660 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:33:10.0330 3660 HomeGroupListener - ok 15:33:10.0345 3660 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:33:10.0376 3660 HomeGroupProvider - ok 15:33:10.0392 3660 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:33:10.0408 3660 HpSAMD - ok 15:33:10.0423 3660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:33:10.0454 3660 HTTP - ok 15:33:10.0486 3660 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:33:10.0486 3660 hwpolicy - ok 15:33:10.0517 3660 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 15:33:10.0532 3660 i8042prt - ok 15:33:10.0564 3660 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:33:10.0579 3660 iaStorV - ok 15:33:10.0657 3660 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 15:33:10.0673 3660 IDriverT ( UnsignedFile.Multi.Generic ) - warning 15:33:10.0673 3660 IDriverT - detected UnsignedFile.Multi.Generic (1) 15:33:10.0766 3660 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:33:10.0798 3660 idsvc - ok 15:33:10.0813 3660 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 15:33:10.0829 3660 iirsp - ok 15:33:10.0907 3660 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:33:10.0938 3660 IKEEXT - ok 15:33:10.0985 3660 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:33:10.0985 3660 intelide - ok 15:33:11.0000 3660 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:33:11.0032 3660 intelppm - ok 15:33:11.0063 3660 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:33:11.0094 3660 IPBusEnum - ok 15:33:11.0110 3660 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:33:11.0141 3660 IpFilterDriver - ok 15:33:11.0188 3660 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:33:11.0219 3660 iphlpsvc - ok 15:33:11.0250 3660 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:33:11.0266 3660 IPMIDRV - ok 15:33:11.0297 3660 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:33:11.0344 3660 IPNAT - ok 15:33:11.0359 3660 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:33:11.0406 3660 IRENUM - ok 15:33:11.0422 3660 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:33:11.0437 3660 isapnp - ok 15:33:11.0453 3660 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:33:11.0468 3660 iScsiPrt - ok 15:33:11.0500 3660 [ 75DDB94A2A24F9F7037D10A2DDA06D36 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 15:33:11.0515 3660 JRAID - ok 15:33:11.0531 3660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 15:33:11.0546 3660 kbdclass - ok 15:33:11.0578 3660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 15:33:11.0593 3660 kbdhid - ok 15:33:11.0609 3660 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:33:11.0624 3660 KeyIso - ok 15:33:11.0671 3660 [ DB449F50E5141458EB58E64FFAC4863F ] kl1 C:\Windows\system32\DRIVERS\kl1.sys 15:33:11.0687 3660 kl1 - ok 15:33:11.0702 3660 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:33:11.0702 3660 KSecDD - ok 15:33:11.0749 3660 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:33:11.0749 3660 KSecPkg - ok 15:33:11.0780 3660 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:33:11.0827 3660 ksthunk - ok 15:33:11.0843 3660 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:33:11.0905 3660 KtmRm - ok 15:33:11.0936 3660 [ F33C5D79D3273530E1892A0922283A7B ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys 15:33:11.0952 3660 L8042Kbd - ok 15:33:11.0983 3660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 15:33:12.0014 3660 LanmanServer - ok 15:33:12.0046 3660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:33:12.0061 3660 LanmanWorkstation - ok 15:33:12.0092 3660 Lavasoft Kernexplorer - ok 15:33:12.0108 3660 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:33:12.0139 3660 lltdio - ok 15:33:12.0170 3660 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:33:12.0202 3660 lltdsvc - ok 15:33:12.0217 3660 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:33:12.0248 3660 lmhosts - ok 15:33:12.0264 3660 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 15:33:12.0280 3660 LSI_FC - ok 15:33:12.0295 3660 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 15:33:12.0311 3660 LSI_SAS - ok 15:33:12.0311 3660 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:33:12.0326 3660 LSI_SAS2 - ok 15:33:12.0326 3660 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:33:12.0342 3660 LSI_SCSI - ok 15:33:12.0358 3660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:33:12.0389 3660 luafv - ok 15:33:12.0420 3660 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:33:12.0451 3660 Mcx2Svc - ok 15:33:12.0451 3660 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 15:33:12.0467 3660 megasas - ok 15:33:12.0482 3660 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 15:33:12.0498 3660 MegaSR - ok 15:33:12.0498 3660 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:33:12.0545 3660 MMCSS - ok 15:33:12.0560 3660 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:33:12.0592 3660 Modem - ok 15:33:12.0607 3660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:33:12.0623 3660 monitor - ok 15:33:12.0654 3660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 15:33:12.0670 3660 mouclass - ok 15:33:12.0685 3660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:33:12.0701 3660 mouhid - ok 15:33:12.0732 3660 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:33:12.0732 3660 mountmgr - ok 15:33:12.0763 3660 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:33:12.0779 3660 MozillaMaintenance - ok 15:33:12.0810 3660 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:33:12.0826 3660 mpio - ok 15:33:12.0841 3660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:33:12.0857 3660 mpsdrv - ok 15:33:12.0888 3660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:33:12.0919 3660 MpsSvc - ok 15:33:12.0950 3660 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:33:12.0966 3660 MRxDAV - ok 15:33:12.0997 3660 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:33:13.0028 3660 mrxsmb - ok 15:33:13.0044 3660 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:33:13.0044 3660 mrxsmb10 - ok 15:33:13.0060 3660 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:33:13.0075 3660 mrxsmb20 - ok 15:33:13.0091 3660 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:33:13.0106 3660 msahci - ok 15:33:13.0122 3660 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:33:13.0138 3660 msdsm - ok 15:33:13.0153 3660 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:33:13.0169 3660 MSDTC - ok 15:33:13.0184 3660 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:33:13.0216 3660 Msfs - ok 15:33:13.0231 3660 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:33:13.0262 3660 mshidkmdf - ok 15:33:13.0294 3660 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:33:13.0294 3660 msisadrv - ok 15:33:13.0309 3660 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:33:13.0356 3660 MSiSCSI - ok 15:33:13.0356 3660 msiserver - ok 15:33:13.0372 3660 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:33:13.0403 3660 MSKSSRV - ok 15:33:13.0403 3660 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:33:13.0450 3660 MSPCLOCK - ok 15:33:13.0465 3660 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:33:13.0512 3660 MSPQM - ok 15:33:13.0528 3660 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:33:13.0528 3660 MsRPC - ok 15:33:13.0559 3660 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:33:13.0574 3660 mssmbios - ok 15:33:13.0574 3660 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:33:13.0606 3660 MSTEE - ok 15:33:13.0606 3660 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 15:33:13.0621 3660 MTConfig - ok 15:33:13.0652 3660 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 15:33:13.0652 3660 MTsensor - ok 15:33:13.0668 3660 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:33:13.0668 3660 Mup - ok 15:33:13.0715 3660 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:33:13.0746 3660 napagent - ok 15:33:13.0777 3660 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:33:13.0793 3660 NativeWifiP - ok 15:33:13.0824 3660 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 15:33:13.0840 3660 NDIS - ok 15:33:13.0840 3660 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:33:13.0871 3660 NdisCap - ok 15:33:13.0886 3660 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:33:13.0918 3660 NdisTapi - ok 15:33:13.0933 3660 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:33:13.0964 3660 Ndisuio - ok 15:33:13.0980 3660 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:33:14.0027 3660 NdisWan - ok 15:33:14.0042 3660 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:33:14.0074 3660 NDProxy - ok 15:33:14.0089 3660 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:33:14.0120 3660 NetBIOS - ok 15:33:14.0120 3660 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:33:14.0152 3660 NetBT - ok 15:33:14.0167 3660 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:33:14.0167 3660 Netlogon - ok 15:33:14.0198 3660 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:33:14.0245 3660 Netman - ok 15:33:14.0245 3660 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:33:14.0276 3660 netprofm - ok 15:33:14.0308 3660 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:33:14.0323 3660 NetTcpPortSharing - ok 15:33:14.0339 3660 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 15:33:14.0354 3660 nfrd960 - ok 15:33:14.0370 3660 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:33:14.0401 3660 NlaSvc - ok 15:33:14.0510 3660 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe 15:33:14.0542 3660 NMIndexingService - ok 15:33:14.0557 3660 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:33:14.0588 3660 Npfs - ok 15:33:14.0620 3660 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:33:14.0651 3660 nsi - ok 15:33:14.0666 3660 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:33:14.0698 3660 nsiproxy - ok 15:33:14.0729 3660 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:33:14.0760 3660 Ntfs - ok 15:33:14.0776 3660 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:33:14.0791 3660 Null - ok 15:33:14.0822 3660 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 15:33:14.0854 3660 nusb3hub - ok 15:33:14.0869 3660 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 15:33:14.0900 3660 nusb3xhc - ok 15:33:14.0932 3660 [ A842341EF3C702EF8208E610BE0FD1D9 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 15:33:14.0947 3660 NVHDA - ok 15:33:15.0275 3660 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:33:15.0415 3660 nvlddmkm - ok 15:33:15.0493 3660 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:33:15.0524 3660 nvraid - ok 15:33:15.0540 3660 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:33:15.0556 3660 nvstor - ok 15:33:15.0571 3660 [ 1B3524DF1C5977122D09F531ED98D0B3 ] nvsvc C:\Windows\system32\nvvsvc.exe 15:33:15.0587 3660 nvsvc - ok 15:33:15.0618 3660 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:33:15.0634 3660 nv_agp - ok 15:33:15.0665 3660 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:33:15.0696 3660 ohci1394 - ok 15:33:15.0712 3660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:33:15.0743 3660 p2pimsvc - ok 15:33:15.0758 3660 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:33:15.0774 3660 p2psvc - ok 15:33:15.0790 3660 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:33:15.0821 3660 Parport - ok 15:33:15.0836 3660 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:33:15.0852 3660 partmgr - ok 15:33:15.0852 3660 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:33:15.0883 3660 PcaSvc - ok 15:33:15.0899 3660 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:33:15.0899 3660 pci - ok 15:33:15.0930 3660 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:33:15.0930 3660 pciide - ok 15:33:15.0946 3660 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:33:15.0961 3660 pcmcia - ok 15:33:15.0977 3660 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:33:15.0977 3660 pcw - ok 15:33:16.0008 3660 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:33:16.0055 3660 PEAUTH - ok 15:33:16.0102 3660 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 15:33:16.0133 3660 PeerDistSvc - ok 15:33:16.0195 3660 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:33:16.0211 3660 PerfHost - ok 15:33:16.0258 3660 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:33:16.0289 3660 pla - ok 15:33:16.0336 3660 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:33:16.0351 3660 PlugPlay - ok 15:33:16.0367 3660 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:33:16.0382 3660 PNRPAutoReg - ok 15:33:16.0382 3660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:33:16.0398 3660 PNRPsvc - ok 15:33:16.0429 3660 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 15:33:16.0445 3660 Point64 - ok 15:33:16.0460 3660 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:33:16.0492 3660 PolicyAgent - ok 15:33:16.0523 3660 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:33:16.0554 3660 Power - ok 15:33:16.0570 3660 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:33:16.0601 3660 PptpMiniport - ok 15:33:16.0601 3660 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 15:33:16.0632 3660 Processor - ok 15:33:16.0648 3660 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:33:16.0679 3660 ProfSvc - ok 15:33:16.0694 3660 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:33:16.0694 3660 ProtectedStorage - ok 15:33:16.0726 3660 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:33:16.0757 3660 Psched - ok 15:33:16.0788 3660 [ FF40216A382B30CC39372B889AE1F785 ] pwdrvio C:\Windows\system32\pwdrvio.sys 15:33:16.0804 3660 pwdrvio - ok 15:33:16.0819 3660 [ BD08A9CDF23502B1C141D52D9D6A6648 ] pwdspio C:\Windows\system32\pwdspio.sys 15:33:16.0850 3660 pwdspio - ok 15:33:16.0882 3660 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 15:33:16.0913 3660 ql2300 - ok 15:33:16.0944 3660 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 15:33:16.0960 3660 ql40xx - ok 15:33:16.0975 3660 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:33:16.0991 3660 QWAVE - ok 15:33:16.0991 3660 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:33:17.0022 3660 QWAVEdrv - ok 15:33:17.0022 3660 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:33:17.0053 3660 RasAcd - ok 15:33:17.0069 3660 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:33:17.0100 3660 RasAgileVpn - ok 15:33:17.0116 3660 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:33:17.0131 3660 RasAuto - ok 15:33:17.0147 3660 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:33:17.0178 3660 Rasl2tp - ok 15:33:17.0209 3660 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:33:17.0256 3660 RasMan - ok 15:33:17.0256 3660 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:33:17.0303 3660 RasPppoe - ok 15:33:17.0318 3660 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:33:17.0350 3660 RasSstp - ok 15:33:17.0365 3660 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:33:17.0396 3660 rdbss - ok 15:33:17.0412 3660 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:33:17.0428 3660 rdpbus - ok 15:33:17.0443 3660 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:33:17.0459 3660 RDPCDD - ok 15:33:17.0490 3660 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 15:33:17.0506 3660 RDPDR - ok 15:33:17.0521 3660 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:33:17.0552 3660 RDPENCDD - ok 15:33:17.0568 3660 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:33:17.0584 3660 RDPREFMP - ok 15:33:17.0599 3660 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:33:17.0646 3660 RDPWD - ok 15:33:17.0677 3660 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:33:17.0693 3660 rdyboost - ok 15:33:17.0724 3660 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:33:17.0755 3660 RemoteAccess - ok 15:33:17.0771 3660 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:33:17.0802 3660 RemoteRegistry - ok 15:33:17.0849 3660 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 15:33:17.0864 3660 RichVideo ( UnsignedFile.Multi.Generic ) - warning 15:33:17.0864 3660 RichVideo - detected UnsignedFile.Multi.Generic (1) 15:33:17.0880 3660 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:33:17.0911 3660 RpcEptMapper - ok 15:33:17.0942 3660 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:33:17.0942 3660 RpcLocator - ok 15:33:17.0974 3660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:33:18.0005 3660 RpcSs - ok 15:33:18.0005 3660 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:33:18.0036 3660 rspndr - ok 15:33:18.0052 3660 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 15:33:18.0083 3660 s3cap - ok 15:33:18.0098 3660 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:33:18.0098 3660 SamSs - ok 15:33:18.0239 3660 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA F:\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys 15:33:18.0254 3660 SANDRA - ok 15:33:18.0270 3660 [ 5FDF2605205C73E05316795DCC6663EC ] SandraAgentSrv F:\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe 15:33:18.0286 3660 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning 15:33:18.0286 3660 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1) 15:33:18.0301 3660 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:33:18.0317 3660 sbp2port - ok 15:33:18.0332 3660 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:33:18.0364 3660 SCardSvr - ok 15:33:18.0395 3660 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:33:18.0426 3660 scfilter - ok 15:33:18.0457 3660 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:33:18.0488 3660 Schedule - ok 15:33:18.0520 3660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:33:18.0535 3660 SCPolicySvc - ok 15:33:18.0582 3660 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:33:18.0598 3660 SDRSVC - ok 15:33:18.0629 3660 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:33:18.0660 3660 secdrv - ok 15:33:18.0676 3660 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:33:18.0707 3660 seclogon - ok 15:33:18.0738 3660 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 15:33:18.0754 3660 SENS - ok 15:33:18.0769 3660 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:33:18.0816 3660 SensrSvc - ok 15:33:18.0816 3660 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:33:18.0832 3660 Serenum - ok 15:33:18.0847 3660 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:33:18.0878 3660 Serial - ok 15:33:18.0894 3660 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 15:33:18.0910 3660 sermouse - ok 15:33:18.0925 3660 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:33:18.0956 3660 SessionEnv - ok 15:33:18.0988 3660 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:33:19.0019 3660 sffdisk - ok 15:33:19.0034 3660 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:33:19.0066 3660 sffp_mmc - ok 15:33:19.0066 3660 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:33:19.0081 3660 sffp_sd - ok 15:33:19.0097 3660 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:33:19.0097 3660 sfloppy - ok 15:33:19.0144 3660 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:33:19.0159 3660 SharedAccess - ok 15:33:19.0190 3660 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:33:19.0206 3660 ShellHWDetection - ok 15:33:19.0237 3660 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:33:19.0253 3660 SiSRaid2 - ok 15:33:19.0253 3660 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 15:33:19.0268 3660 SiSRaid4 - ok 15:33:19.0284 3660 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:33:19.0315 3660 Smb - ok 15:33:19.0331 3660 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:33:19.0331 3660 SNMPTRAP - ok 15:33:19.0378 3660 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe 15:33:19.0409 3660 Sony Ericsson PCCompanion - ok 15:33:19.0424 3660 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:33:19.0440 3660 spldr - ok 15:33:19.0456 3660 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:33:19.0487 3660 Spooler - ok 15:33:19.0580 3660 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:33:19.0627 3660 sppsvc - ok 15:33:19.0643 3660 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:33:19.0674 3660 sppuinotify - ok 15:33:19.0705 3660 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:33:19.0721 3660 srv - ok 15:33:19.0736 3660 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:33:19.0752 3660 srv2 - ok 15:33:19.0768 3660 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:33:19.0783 3660 srvnet - ok 15:33:19.0814 3660 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:33:19.0830 3660 SSDPSRV - ok 15:33:19.0846 3660 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:33:19.0861 3660 SstpSvc - ok 15:33:20.0002 3660 [ 108F1BE5B024E5FA0B8801E5B9F5288B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 15:33:20.0002 3660 Stereo Service - ok 15:33:20.0033 3660 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:33:20.0048 3660 stexstor - ok 15:33:20.0080 3660 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:33:20.0111 3660 stisvc - ok 15:33:20.0126 3660 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 15:33:20.0142 3660 storflt - ok 15:33:20.0158 3660 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 15:33:20.0204 3660 StorSvc - ok 15:33:20.0220 3660 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:33:20.0236 3660 storvsc - ok 15:33:20.0267 3660 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 15:33:20.0282 3660 swenum - ok 15:33:20.0314 3660 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:33:20.0345 3660 swprv - ok 15:33:20.0423 3660 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:33:20.0454 3660 SysMain - ok 15:33:20.0470 3660 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:33:20.0501 3660 TabletInputService - ok 15:33:20.0516 3660 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:33:20.0548 3660 TapiSrv - ok 15:33:20.0548 3660 TBPanel - ok 15:33:20.0579 3660 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:33:20.0594 3660 TBS - ok 15:33:20.0641 3660 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:33:20.0672 3660 Tcpip - ok 15:33:20.0704 3660 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:33:20.0735 3660 TCPIP6 - ok 15:33:20.0750 3660 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:33:20.0782 3660 tcpipreg - ok 15:33:20.0813 3660 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:33:20.0844 3660 TDPIPE - ok 15:33:20.0875 3660 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:33:20.0891 3660 TDTCP - ok 15:33:20.0922 3660 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:33:20.0953 3660 tdx - ok 15:33:20.0984 3660 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:33:21.0000 3660 TermDD - ok 15:33:21.0031 3660 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:33:21.0062 3660 TermService - ok 15:33:21.0078 3660 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:33:21.0094 3660 Themes - ok 15:33:21.0140 3660 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:33:21.0156 3660 THREADORDER - ok 15:33:21.0172 3660 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:33:21.0218 3660 TrkWks - ok 15:33:21.0265 3660 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:33:21.0312 3660 TrustedInstaller - ok 15:33:21.0343 3660 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:33:21.0374 3660 tssecsrv - ok 15:33:21.0390 3660 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:33:21.0421 3660 TsUsbFlt - ok 15:33:21.0468 3660 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:33:21.0499 3660 tunnel - ok 15:33:21.0499 3660 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:33:21.0515 3660 uagp35 - ok 15:33:21.0546 3660 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:33:21.0593 3660 udfs - ok 15:33:21.0624 3660 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:33:21.0624 3660 UI0Detect - ok 15:33:21.0655 3660 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:33:21.0671 3660 uliagpkx - ok 15:33:21.0702 3660 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 15:33:21.0718 3660 umbus - ok 15:33:21.0718 3660 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:33:21.0733 3660 UmPass - ok 15:33:21.0749 3660 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 15:33:21.0780 3660 UmRdpService - ok 15:33:21.0796 3660 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:33:21.0827 3660 upnphost - ok 15:33:21.0889 3660 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe 15:33:21.0936 3660 UPnPService ( UnsignedFile.Multi.Generic ) - warning 15:33:21.0936 3660 UPnPService - detected UnsignedFile.Multi.Generic (1) 15:33:21.0952 3660 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 15:33:21.0967 3660 usbaudio - ok 15:33:21.0983 3660 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys 15:33:22.0014 3660 usbccgp - ok 15:33:22.0030 3660 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:33:22.0045 3660 usbcir - ok 15:33:22.0061 3660 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:33:22.0092 3660 usbehci - ok 15:33:22.0139 3660 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:33:22.0154 3660 usbhub - ok 15:33:22.0170 3660 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:33:22.0201 3660 usbohci - ok 15:33:22.0232 3660 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:33:22.0248 3660 usbprint - ok 15:33:22.0264 3660 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 15:33:22.0295 3660 USBSTOR - ok 15:33:22.0310 3660 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:33:22.0326 3660 usbuhci - ok 15:33:22.0342 3660 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:33:22.0373 3660 UxSms - ok 15:33:22.0388 3660 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:33:22.0388 3660 VaultSvc - ok 15:33:22.0404 3660 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:33:22.0404 3660 vdrvroot - ok 15:33:22.0435 3660 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:33:22.0482 3660 vds - ok 15:33:22.0498 3660 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:33:22.0513 3660 vga - ok 15:33:22.0529 3660 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:33:22.0560 3660 VgaSave - ok 15:33:22.0622 3660 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:33:22.0654 3660 vhdmp - ok 15:33:22.0685 3660 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 15:33:22.0732 3660 VIAHdAudAddService - ok 15:33:22.0747 3660 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:33:22.0763 3660 viaide - ok 15:33:22.0794 3660 [ D0F2587ACA932D5C1BC0F949CB76EBB1 ] viamrx64 C:\Windows\system32\DRIVERS\viamrx64.sys 15:33:22.0825 3660 viamrx64 - ok 15:33:22.0856 3660 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:33:22.0872 3660 vmbus - ok 15:33:22.0888 3660 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 15:33:22.0903 3660 VMBusHID - ok 15:33:22.0919 3660 [ 754C8BF43F0DD4B54865F174A62761E9 ] VMfilt C:\Windows\system32\drivers\VMfilt64.sys 15:33:22.0934 3660 VMfilt - ok 15:33:22.0966 3660 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:33:22.0966 3660 volmgr - ok 15:33:22.0997 3660 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:33:23.0012 3660 volmgrx - ok 15:33:23.0044 3660 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:33:23.0059 3660 volsnap - ok 15:33:23.0106 3660 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys 15:33:23.0122 3660 vpcbus - ok 15:33:23.0153 3660 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys 15:33:23.0168 3660 vpcnfltr - ok 15:33:23.0200 3660 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 15:33:23.0231 3660 vpcusb - ok 15:33:23.0246 3660 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys 15:33:23.0262 3660 vpcvmm - ok 15:33:23.0293 3660 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:33:23.0293 3660 vsmraid - ok 15:33:23.0340 3660 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:33:23.0371 3660 VSS - ok 15:33:23.0387 3660 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:33:23.0402 3660 vwifibus - ok 15:33:23.0434 3660 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:33:23.0465 3660 W32Time - ok 15:33:23.0465 3660 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:33:23.0496 3660 WacomPen - ok 15:33:23.0527 3660 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:33:23.0558 3660 WANARP - ok 15:33:23.0558 3660 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:33:23.0590 3660 Wanarpv6 - ok 15:33:23.0621 3660 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 15:33:23.0761 3660 WatAdminSvc - ok 15:33:23.0777 3660 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:33:23.0808 3660 wbengine - ok 15:33:23.0824 3660 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:33:23.0839 3660 WbioSrvc - ok 15:33:23.0933 3660 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:33:23.0948 3660 wcncsvc - ok 15:33:23.0964 3660 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:33:23.0980 3660 WcsPlugInService - ok 15:33:23.0980 3660 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:33:23.0995 3660 Wd - ok 15:33:24.0026 3660 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:33:24.0042 3660 Wdf01000 - ok 15:33:24.0073 3660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:33:24.0151 3660 WdiServiceHost - ok 15:33:24.0151 3660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:33:24.0167 3660 WdiSystemHost - ok 15:33:24.0182 3660 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:33:24.0214 3660 WebClient - ok 15:33:24.0229 3660 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:33:24.0260 3660 Wecsvc - ok 15:33:24.0276 3660 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:33:24.0307 3660 wercplsupport - ok 15:33:24.0338 3660 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:33:24.0370 3660 WerSvc - ok 15:33:24.0370 3660 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:33:24.0401 3660 WfpLwf - ok 15:33:24.0401 3660 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:33:24.0416 3660 WIMMount - ok 15:33:24.0432 3660 WinDefend - ok 15:33:24.0448 3660 WinHttpAutoProxySvc - ok 15:33:24.0557 3660 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:33:24.0588 3660 Winmgmt - ok 15:33:24.0775 3660 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:33:24.0806 3660 WinRM - ok 15:33:24.0900 3660 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:33:24.0916 3660 WinUsb - ok 15:33:24.0978 3660 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:33:25.0009 3660 Wlansvc - ok 15:33:25.0025 3660 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:33:25.0040 3660 WmiAcpi - ok 15:33:25.0056 3660 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:33:25.0072 3660 wmiApSrv - ok 15:33:25.0087 3660 WMPNetworkSvc - ok 15:33:25.0103 3660 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:33:25.0118 3660 WPCSvc - ok 15:33:25.0134 3660 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:33:25.0150 3660 WPDBusEnum - ok 15:33:25.0165 3660 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:33:25.0196 3660 ws2ifsl - ok 15:33:25.0196 3660 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 15:33:25.0228 3660 wscsvc - ok 15:33:25.0243 3660 WSearch - ok 15:33:25.0290 3660 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:33:25.0321 3660 wuauserv - ok 15:33:25.0337 3660 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:33:25.0368 3660 WudfPf - ok 15:33:25.0399 3660 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:33:25.0415 3660 WUDFRd - ok 15:33:25.0446 3660 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:33:25.0462 3660 wudfsvc - ok 15:33:25.0477 3660 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:33:25.0508 3660 WwanSvc - ok 15:33:25.0540 3660 [ B2818BFAB7817F7E7EE886F58B15B35C ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 15:33:25.0555 3660 yukonw7 - ok 15:33:25.0586 3660 ================ Scan global =============================== 15:33:25.0602 3660 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:33:25.0618 3660 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 15:33:25.0633 3660 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 15:33:25.0649 3660 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:33:25.0664 3660 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:33:25.0664 3660 [Global] - ok 15:33:25.0664 3660 ================ Scan MBR ================================== 15:33:25.0680 3660 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:33:26.0351 3660 \Device\Harddisk0\DR0 - ok 15:33:26.0351 3660 ================ Scan VBR ================================== 15:33:26.0351 3660 [ E7E89D2A50F1F6ACEF18A87BC4F577C1 ] \Device\Harddisk0\DR0\Partition1 15:33:26.0351 3660 \Device\Harddisk0\DR0\Partition1 - ok 15:33:26.0366 3660 [ CDEF80CB8B38FF13989F4CC5932A1E86 ] \Device\Harddisk0\DR0\Partition2 15:33:26.0413 3660 \Device\Harddisk0\DR0\Partition2 - ok 15:33:26.0413 3660 [ A74E2E55B2E1FF25D7C64C607F0E0293 ] \Device\Harddisk0\DR0\Partition3 15:33:26.0413 3660 \Device\Harddisk0\DR0\Partition3 - ok 15:33:26.0429 3660 [ 889EFDC2C5C4EC00FAB7426E45AEB593 ] \Device\Harddisk0\DR0\Partition4 15:33:26.0429 3660 \Device\Harddisk0\DR0\Partition4 - ok 15:33:26.0429 3660 [ A73D637513E9652EE921D1CBABF61E97 ] \Device\Harddisk0\DR0\Partition5 15:33:26.0429 3660 \Device\Harddisk0\DR0\Partition5 - ok 15:33:26.0444 3660 [ 2886C362BCE53B3032060B4A1E20080C ] \Device\Harddisk0\DR0\Partition6 15:33:26.0444 3660 \Device\Harddisk0\DR0\Partition6 - ok 15:33:26.0460 3660 [ D3826172DB18351CCBB772558FA916EB ] \Device\Harddisk0\DR0\Partition7 15:33:26.0460 3660 \Device\Harddisk0\DR0\Partition7 - ok 15:33:26.0476 3660 [ 0DDA0434830F25233731320D7881BBF5 ] \Device\Harddisk0\DR0\Partition8 15:33:26.0491 3660 \Device\Harddisk0\DR0\Partition8 - ok 15:33:26.0507 3660 [ 18D225BCF9B8981F8772B3CF4636C0D0 ] \Device\Harddisk0\DR0\Partition9 15:33:26.0507 3660 \Device\Harddisk0\DR0\Partition9 - ok 15:33:26.0522 3660 [ 203E3BD0E80F61B823628712BB96E955 ] \Device\Harddisk0\DR0\Partition10 15:33:26.0522 3660 \Device\Harddisk0\DR0\Partition10 - ok 15:33:26.0538 3660 [ CECEE868FC7B0AF211A82434B434257B ] \Device\Harddisk0\DR0\Partition11 15:33:26.0538 3660 \Device\Harddisk0\DR0\Partition11 - ok 15:33:26.0554 3660 [ FF873654AE1D8561DACE605029443F49 ] \Device\Harddisk0\DR0\Partition12 15:33:26.0585 3660 \Device\Harddisk0\DR0\Partition12 - ok 15:33:26.0616 3660 [ DD10F9B4FB7D7616EC5DE627B92AB2A0 ] \Device\Harddisk0\DR0\Partition13 15:33:26.0632 3660 \Device\Harddisk0\DR0\Partition13 - ok 15:33:26.0632 3660 ============================================================ 15:33:26.0632 3660 Scan finished 15:33:26.0632 3660 ============================================================ 15:33:26.0632 1192 Detected object count: 9 15:33:26.0632 1192 Actual detected object count: 9 15:33:45.0554 1192 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0554 1192 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0554 1192 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0554 1192 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0554 1192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0554 1192 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0554 1192 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0554 1192 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0554 1192 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:33:45.0570 1192 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user 15:33:45.0570 1192 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
20.12.2012, 16:16
| #10 |
| /// Malware-holic | GVU Trojaner / Trojan.Ransom.SUGen Hi, lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.12.2012, 20:41
| #11 |
| | GVU Trojaner / Trojan.Ransom.SUGen Den Menü-Punkt "Extras" finde ich nicht, aber unter Tools > Uninstall stehen alle installierten Programme: 1.36 Freshworx GmbH & Co.KG 05.04.2011 NOTWENDIG Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 6,00 MB 11.5.502.135 NOTWENDIG Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00 MB 11.5.502.135 NOTWENDIG Adobe Photoshop 6.0 Adobe Systems, Inc. 24.11.2011 6.0 NOTWENDIG Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 17.08.2012 148 MB 9.5.2 NOTWENDIG Adobe SVG Viewer Adobe Systems, Inc. 24.11.2011 1.0 UNBEKANNT Airline Tycoon - Deluxe Spellbound Entertainment AG 19.10.2011 NOTWENDIG Ant Renamer Ant Software 27.08.2010 2.10.0 NOTWENDIG Audacity 1.2.6 17.04.2011 NOTWENDIG AVG 2013 AVG Technologies 20.12.2012 2013.0.2805 NOTWENDIG AVM FRITZ!WLAN AVM Berlin 04.08.2010 NOTWENDIG BayWotch v4.2.4 Elmar Denkmann 11.02.2011 17,7 MB NOTWENDIG Canon Easy-WebPrint EX 22.12.2010 NOTWENDIG Canon IJ Network Scan Utility 22.12.2010 NOTWENDIG Canon IJ Network Tool 22.12.2010 NOTWENDIG Canon Inkjet Printer Driver Add-On Module 06.08.2010 NOTWENDIG Canon Kurzwahlprogramm 22.12.2010 UNBEKANNT Canon MP Navigator EX 3.1 22.12.2010 UNBEKANNT Canon MX870 series Benutzerregistrierung 22.12.2010 NOTWENDIG Canon MX870 series MP Drivers 22.12.2010 NOTWENDIG Canon Utilities My Printer 22.12.2010 UNNÖTIG Canon Utilities Solution Menu 22.12.2010 UNNÖTIG CCleaner Piriform 25.11.2012 3.25 NOTWENDIG Command & Conquer 3 Ihr Firmenname 22.09.2010 13,1 GB 1.00.0000 NOTWENDIG Der Herr der Ringe Online v03.03.05.8039 Turbine, Inc. 09.10.2011 03.03.05.8039 NOTWENDIG DHTML Editing Component Microsoft Corporation 06.08.2010 554 KB 6.02.0001 UNBEKANNT Download Updater (AOL LLC) 17.09.2011 UNBEKANNT Drakensang dtp 01.01.2012 NOTWENDIG Drakensang Online 22.07.2012 NOTWENDIG DVBT Lestina 21.01.2011 v1.0.0 UNNÖTIG DVBT Driver 21.01.2011 572 KB 1.1.3.1 UNNÖTIG EA Download Manager Electronic Arts, Inc. 09.08.2012 5.1.0.4 NOTWENDIG EPU 29.08.2010 1.02.20 UNBEKANNT FileZilla Client 3.3.3 04.08.2010 3.3.3 NOTWENDIG Firebird SQL Server - MAGIX Edition MAGIX AG 03.02.2011 2.0.1.13 UNNÖTIG Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 02.04.2011 10,6 MB NOTWENDIG Free YouTube to MP3 Converter version 3.11.31.916 DVDVideoSoft Ltd. 17.09.2012 60,8 MB 3.11.31.916 NOTWENDIG FUSSBALL MANAGER 10 Electronic Arts 09.08.2012 2.0.0.7 NOTWENDIG Futuremark SystemInfo Futuremark Corporation 11.08.2010 3.21.2.1 UNBEKANNT Java 7 Update 9 Oracle 20.09.2012 128 MB 7.0.90 NOTWENDIG JavaFX 2.1.1 Oracle Corporation 22.07.2012 20,8 MB 2.1.1 NOTWENDIG JMicron JMB36X Driver JMicron Technology Corp. 30.08.2010 1.00.0000 NOTWENDIG Logitech SetPoint Logitech 30.08.2010 17,0 KB 4.80 NOTWENDIG MAGIX Goya burnR 1.3.1.3 (D) MAGIX AG 03.02.2011 1.3.1.3 UNNÖTIG MAGIX Music Maker 15 Premium 15.0.1.8 (D) MAGIX AG 03.02.2011 15.0.1.8 NOTWENDIG MAGIX Screenshare 4.3.6.1987 (D) MAGIX AG 03.02.2011 4.3.6.1987 UNNÖTIG MainConceptDemoCodecs Kummert GmbH 08.08.2011 3,96 MB 1.00.0000 UNBEKANNT Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 19.12.2012 19,4 MB 1.65.1.1000 NOTWENDIG Microsoft .NET Framework 1.1 09.10.2011 NOTWENDIG Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.09.2010 38,8 MB 4.0.30319 NOTWENDIG Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.09.2010 2,93 MB 4.0.30319 NOTWENDIG Microsoft IntelliPoint 8.2 Microsoft Corporation 09.02.2012 8.20.468.0 NOTWENDIG Microsoft Silverlight Microsoft Corporation 13.05.2012 60,4 MB 4.1.10329.0 UNBEKANNT Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.08.2010 1,72 MB 3.1.0000 UNBEKANNT Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 31.08.2010 260 KB 8.0.50727.4053 UNBEKANNT Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.01.2012 252 KB 8.0.50727.4053 UNBEKANNT Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300 KB 8.0.56336 UNBEKANNT Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 30.08.2010 708 KB 8.0.61000 UNBEKANNT Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 14.04.2011 580 KB 8.0.51011 UNBEKANNT Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 05.08.2010 212 KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 14.04.2011 790 KB 9.0.30729.5570 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 598 KB 9.0.30729.5570 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 05.08.2010 2,52 MB 9.0.21022 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 25.09.2010 786 KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788 KB 9.0.30729.6161 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.11.2010 590 KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600 KB 9.0.30729.6161 UNBEKANNT Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.12.2012 16,5 MB 10.0.40219 UNBEKANNT MiniTool Partition Wizard Home Edition 7.1 MiniTool Solution Ltd. 14.05.2012 24,2 MB NOTWENDIG Mozilla Firefox 14.0.1 (x86 de) Mozilla 22.07.2012 36,8 MB 14.0.1 NOTWENDIG Mozilla Maintenance Service Mozilla 22.07.2012 199 KB 14.0.1 UNBEKANNT Mozilla Thunderbird (3.1.2) Mozilla 11.08.2010 3.1.2 (de) NOTWENDIG Mozilla Thunderbird 17.0 (x86 de) Mozilla 22.11.2012 6,55 GB 17.0 NOTWENDIG MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.08.2010 1,27 MB 4.20.9870.0 UNBEKANNT MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.08.2010 1,33 MB 4.20.9876.0 UNBEKANNT Mufin MusicFinder Base 1.5.3.255 (D) MAGIX AG 03.02.2011 1.5.3.255 UNNÖTIG Musik & Audio Restaurator Pro 5.0 Softfeld 28.12.2010 5.0 NOTWENDIG Namo WebEditor 8 Namo Interactive, Inc. 01.09.2010 8.00.000 NOTWENDIG NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 30.08.2010 993 KB 1.0.19.0 NOTWENDIG Nero 7 Essentials Nero AG 06.08.2010 521 MB 7.02.7903 NOTWENDIG NVIDIA Display Control Panel NVIDIA Corporation 05.08.2010 135 MB 6.14.12.5856 NOTWENDIG NVIDIA Drivers NVIDIA Corporation 05.08.2010 65,1 MB 1.10.61.39 NOTWENDIG NVIDIA PhysX NVIDIA Corporation 05.08.2010 80,0 MB 9.10.0223 NOTWENDIG NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 05.08.2010 7.17.12.5812 NOTWENDIG OpenOffice.org 3.2 OpenOffice.org 05.08.2010 356 MB 3.2.9502 NOTWENDIG Opera 11.10 Opera Software ASA 27.04.2011 11.10.2092 NOTWENDIG Pando Media Booster Pando Networks Inc. 09.10.2011 5,46 MB 2.3.6.0 UNBEKANNT PowerDVD CyberLink Corporation 06.08.2010 7.0.2414.0 NOTWENDIG QuarkXPress Passport 5.01 Quark Inc. 06.08.2010 104 MB 5.01.0000 NOTWENDIG RedMon - Redirection Port Monitor 28.05.2011 UNBEKANNT Sid Meier's Civilization 4 Firaxis Games 09.05.2011 1.00.0000 UNNÖTIG SimCity 4 06.08.2010 NOTWENDIG SiSoftware Sandra Lite 2012.SP5c SiSoftware 01.11.2012 97,1 MB 18.74.2012.10 NOTWENDIG Sony Ericsson PC Companion 2.01.217 Sony Ericsson 25.08.2011 17,1 MB 2.01.217 NOTWENDIG Sound Blaster X-Fi MB Creative Technology Limited 29.08.2010 1.0 NOTWENDIG Spellforce 2 - Dragon Storm JoWooD Productions Software AG 28.02.2011 1.00.0000 NOTWENDIG SpellForce 2 - Shadow Wars Ihr Firmenname 10.12.2010 3,29 GB 1.00.0000 NOTWENDIG SpellForce 2 Update v1.02 10.12.2010 NOTWENDIG Text-To-Speech-Runtime Magix Development GmbH 03.02.2011 260 KB 1.0.0.0 UNBEKANNT The Movies(TM) Activision 10.11.2012 1,93 GB 1.1 NOTWENDIG Turbo Lister 2 eBay Inc. 06.08.2010 77,1 MB 2.00.0000 NOTWENDIG Uninstall 1.0.0.1 02.04.2011 10,9 MB UNBEKANNT VIA Plattform-Geräte-Manager VIA Technologies, Inc. 30.08.2010 2,61 MB 1.34 UNBEKANNT Visual C++ 8.0 Runtime Setup Package (x64) AVG Technologies CZ, s.r.o. 05.08.2010 2,23 MB 9.0.0.623 UNBEKANNT Visual Studio 2008 x64 Redistributables AVG Technologies 11.11.2010 11,5 MB 10.0.0.2 UNBEKANNT Visual Studio 2010 x64 Redistributables AVG Technologies 13.12.2012 12,4 MB 13.0.0.1 UNBEKANNT VLC media player 1.1.4 VideoLAN 20.11.2010 1.1.4 NOTWENDIG Vtune 7.10 05.08.2010 11,1 MB UNBEKANNT Windows Live Anmelde-Assistent Microsoft Corporation 05.08.2010 1,93 MB 5.000.818.5 UNBEKANNT Windows Live Essentials Microsoft Corporation 05.08.2010 14.0.8117.0416 UNBEKANNT Windows Live Sync Microsoft Corporation 05.08.2010 2,79 MB 14.0.8117.416 UNBEKANNT Windows Live-Uploadtool Microsoft Corporation 05.08.2010 224 KB 14.0.8014.1029 UNBEKANNT Windows XP Mode Microsoft Corporation 10.08.2010 1,13 GB 1.3.7600.16422 UNBEKANNT WinPcap 4.1.2 CACE Technologies 13.11.2012 4.1.0.2001 UNBEKANNT WinRAR 4.11 (64-Bit) win.rar GmbH 13.05.2012 4.11.0 NOTWENDIG Xfire (remove only) 10.12.2010 UNNÖTIG |
|
21.12.2012, 14:11
| #12 |
| /// Malware-holic | GVU Trojaner / Trojan.Ransom.SUGen deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Download Updater DVBT : beide Firebird Futuremark Java : beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: MAGIX : die unnötigen Mozilla Thunderbird : öffnen, hilfe, update, version 17 drauf. das Selbe mit dem FF. Deinstaliere: Mufin Opera : vollkommen veraltet. Opera Webbrowser | Schneller & Sicherer | Kostenloser Download der neuen Internetbrowser Version 12 drauf. deinstaliere: Sid Text-To-Speech Windows Live : alle von dir nicht Verwendeten Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 16:40
| #13 |
| | GVU Trojaner / Trojan.Ransom.SUGen # AdwCleaner v2.101 - Datei am 21/12/2012 um 16:39:02 erstellt # Aktualisiert am 16/12/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Florian - HOSCHIMEDES # Bootmodus : Normal # Ausgeführt unter : C:\Users\Florian_2\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\aol-web-search.xml Datei Gefunden : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\SearchResults.xml Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\Users\Anja\AppData\Local\Ilivid Player Ordner Gefunden : C:\Users\Anja\AppData\LocalLow\facemoods.com Ordner Gefunden : C:\Users\Anja\AppData\LocalLow\searchquband Ordner Gefunden : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Ordner Gefunden : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\Searchqutoolbar Ordner Gefunden : C:\Users\Florian\AppData\LocalLow\facemoods.com Ordner Gefunden : C:\Users\Florian\AppData\LocalLow\searchquband Ordner Gefunden : C:\Users\Florian\AppData\LocalLow\Searchqutoolbar Ordner Gefunden : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\Searchqutoolbar Ordner Gefunden : C:\Users\Florian_2\AppData\LocalLow\facemoods.com ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gefunden : HKLM\Software\Bandoo Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Schlüssel Gefunden : HKU\S-1-5-21-1234284039-539375577-3249342001-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v17.0.1 (de) Profilname : default Datei : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\prefs.js Gefunden : user_pref("aol_toolbar.surf.date", "25"); Gefunden : user_pref("aol_toolbar.surf.lastDate", "9"); Gefunden : user_pref("aol_toolbar.surf.lastMonth", "1"); Gefunden : user_pref("aol_toolbar.surf.lastYear", "2012"); Gefunden : user_pref("aol_toolbar.surf.month", "25"); Gefunden : user_pref("aol_toolbar.surf.prevMonth", "2"); Gefunden : user_pref("aol_toolbar.surf.total", "27"); Gefunden : user_pref("aol_toolbar.surf.week", "25"); Gefunden : user_pref("aol_toolbar.surf.year", "25"); Gefunden : user_pref("browser.search.defaultenginename", "AOL Web Search"); Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...] Gefunden : user_pref("browser.search.order.1", "Search Results"); Gefunden : user_pref("extensions.facemoods.aflt", "_#ddr"); Gefunden : user_pref("extensions.facemoods.firstRun", false); Gefunden : user_pref("extensions.facemoods.lastActv", "18"); Gefunden : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocati[...] Profilname : default Datei : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\yzc1e76t.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [8243 octets] - [21/12/2012 16:39:02] ########## EOF - \AdwCleaner[R1].txt - [8303 octets] ########## |
|
21.12.2012, 16:41
| #14 |
| /// Malware-holic | GVU Trojaner / Trojan.Ransom.SUGen Hi,
Starte dann neu, teste, wie der PC läuft + Programme, wie Browser (firefox, Internet explorer) etc.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 20:09
| #15 |
| | GVU Trojaner / Trojan.Ransom.SUGen # AdwCleaner v2.101 - Datei am 21/12/2012 um 20:03:24 erstellt # Aktualisiert am 16/12/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Florian - HOSCHIMEDES # Bootmodus : Normal # Ausgeführt unter : C:\Users\Florian_2\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\aol-web-search.xml Datei Gelöscht : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\searchplugins\SearchResults.xml Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\Anja\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\facemoods.com Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\searchquband Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\Searchqutoolbar Ordner Gelöscht : C:\Users\Florian\AppData\LocalLow\facemoods.com Ordner Gelöscht : C:\Users\Florian\AppData\LocalLow\searchquband Ordner Gelöscht : C:\Users\Florian\AppData\LocalLow\Searchqutoolbar Ordner Gelöscht : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\Searchqutoolbar Ordner Gelöscht : C:\Users\Florian_2\AppData\LocalLow\facemoods.com ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\Software\Bandoo Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v17.0.1 (de) Profilname : default Datei : C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\yi1dja40.default\prefs.js Gelöscht : user_pref("aol_toolbar.surf.date", "25"); Gelöscht : user_pref("aol_toolbar.surf.lastDate", "9"); Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "1"); Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012"); Gelöscht : user_pref("aol_toolbar.surf.month", "25"); Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "2"); Gelöscht : user_pref("aol_toolbar.surf.total", "27"); Gelöscht : user_pref("aol_toolbar.surf.week", "25"); Gelöscht : user_pref("aol_toolbar.surf.year", "25"); Gelöscht : user_pref("browser.search.defaultenginename", "AOL Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...] Gelöscht : user_pref("browser.search.order.1", "Search Results"); Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddr"); Gelöscht : user_pref("extensions.facemoods.firstRun", false); Gelöscht : user_pref("extensions.facemoods.lastActv", "18"); Gelöscht : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocati[...] Profilname : default Datei : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\v7or4302.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\Florian_2\AppData\Roaming\Mozilla\Firefox\Profiles\yzc1e76t.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [8348 octets] - [21/12/2012 16:39:02] AdwCleaner[S1].txt - [8144 octets] - [21/12/2012 20:03:24] ########## EOF - \AdwCleaner[S1].txt - [8204 octets] ########## War jetzt ein wenig im Internet unterwegs und hab auch ein paar Programme gestartet. Läuft alles sehr gut; ich bilde mir ein dass der Rechner teilweise sogar ein wenig schneller ist. Anderes Thema: Kannst du mir einen guten Werbe- bzw. Popup-Blocker empfehlen? Ich suche speziell etwas gegen Werbung, die beim wegklicken ein neues Fenster öffnet. Ich meine dass ich mir den Trojaner von so einem sich neu öffnenden Fenster eingefangen habe. |
|
| Themen zu GVU Trojaner / Trojan.Ransom.SUGen |
| ad-aware, audacity, bho, canon, converter, error, fehler, firefox, flash player, iexplore.exe, install.exe, kaspersky, langsam, logfile, mozilla, mp3, pando media booster, plug-in, programm, registry, richtlinie, runctf.lnk, safer networking, scan, security, software, starten, svchost.exe, trojaner, usb, usb 3.0, visual studio, windows, windows xp |
Linear-Darstellung
