| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.TPM.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.01.2013, 13:11
| #1 |
| |  TR/Crypt.TPM.Gen Hallo zusammen, mein Antivir meldete mir gerade den Trojaner TR/Crypt.TPM.Gen und hat ihn in Quarantäne verschoben. Bin nach Eurer Anweisung vorgegangen und habe als erstes defogger geladen und den Rechner gescannt. Als nächsten Schritt nun OTL runter geladen und quick scan ausgeführt. Folgend OTL.Text und Extras.Text:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2013 12:40:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 3,54 Gb Available Physical Memory | 59,21% Memory free 11,96 Gb Paging File | 9,38 Gb Available in Paging File | 78,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,40 Gb Total Space | 362,69 Gb Free Space | 79,64% Space Free | Partition Type: NTFS Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-VAIO | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.03 12:40:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2013.01.03 12:35:26 | 000,711,240 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\is-31L95.tmp\mbam-setup.tmp PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.10.27 14:45:39 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe PRC - [2012.08.13 19:32:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.13 14:20:06 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 14:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.14 18:18:43 | 000,854,040 | ---- | M] (hxxp://izloader.com/) -- C:\Program Files (x86)\Easy Downloads\easydownloads.exe PRC - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.04.30 12:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2010.03.02 15:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe PRC - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe PRC - [2010.02.24 13:59:08 | 000,099,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe PRC - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe PRC - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2010.01.21 19:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.15 12:40:22 | 000,316,784 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.20 23:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2013.01.03 12:35:26 | 000,711,240 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\is-31L95.tmp\mbam-setup.tmp MOD - [2013.01.03 03:36:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2013.01.03 03:32:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2013.01.03 03:31:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2013.01.03 03:31:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2013.01.03 03:31:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2013.01.03 03:31:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2013.01.03 03:31:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2013.01.03 03:31:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.01.02 20:03:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.27 22:41:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.04.08 13:27:18 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.03.12 16:15:40 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.02.24 13:59:08 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2010.02.08 09:46:46 | 000,302,448 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService) SRV - [2010.01.20 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.25 03:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.11.25 03:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 14:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.05 07:59:22 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.05 16:27:22 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.08.16 20:21:27 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.03.20 11:06:18 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.03.19 11:03:49 | 000,093,184 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010.03.19 11:03:46 | 000,077,312 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010.03.18 21:47:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.03.18 21:47:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.03.18 21:47:38 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.03.18 21:47:37 | 000,334,888 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.03.18 21:47:03 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.03.18 10:16:10 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.03.17 21:02:57 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010.03.03 23:56:59 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.11 20:19:26 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.20 16:02:25 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2011.01.05 16:27:22 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=8691acc5000000000000002314b8cced IE - HKCU\..\SearchScopes\{5A6C85CE-58F0-49BD-884E-41EECB7E6E47}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVED_deDE388DE388 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A67C1857-CB98-4061-B6DF-2525ECA01527}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{B46FC204-4117-411A-9566-0E05E5D7594B}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{B82039A1-06D6-4AAA-BCE5-D44208C4EF2A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9 FF - prefs.js..extensions.enabledAddons: gutscheinmieze%40synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.100 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.4.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_ptnrs=^AAA&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] [2010.07.15 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.01 03:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions [2013.01.01 03:56:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.13 17:43:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@conduit.com [2011.05.11 19:18:18 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@plasmoo.com [2011.10.14 18:18:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\ffxtlbr@babylon.com [2011.05.06 21:14:42 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\gutscheinmieze@synatix-gmbh.de [2012.06.20 22:50:26 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\toolbar@ask.com [2010.09.16 20:26:27 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\vshare@toolbar [2013.01.02 20:03:41 | 000,002,404 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\askcom.xml [2010.07.15 21:09:30 | 000,000,873 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\conduit.xml [2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\plasmoo.xml [2012.02.11 18:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.27 22:41:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.06.19 21:11:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.30 16:23:07 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011.10.14 18:18:45 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.10.03 23:33:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 21:11:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.06 21:14:42 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.06.19 21:11:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 21:11:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 21:11:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7778BCE7-2A10-4702-9287-4D6B9F0A21F5}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9F53EC-CA10-40D8-B7C0-543D3FA66BF5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,131 | RH-- | M] () - D:\autorun.bat -- [ CDFS ] O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,063 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{0f503dac-56c7-11e0-a8df-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{0f503dac-56c7-11e0-a8df-5442495ff7de}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{31f65abd-8092-11e0-88b3-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{31f65abd-8092-11e0-88b3-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{31f65ac1-8092-11e0-88b3-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{31f65ac1-8092-11e0-88b3-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{52fd6418-ab77-11df-9863-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{52fd6418-ab77-11df-9863-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{52fd6429-ab77-11df-9863-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{52fd6429-ab77-11df-9863-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{97d3410b-a96a-11df-9a71-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{97d3410b-a96a-11df-9a71-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{97d34111-a96a-11df-9a71-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{97d34111-a96a-11df-9a71-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d6ea8ffc-8d2f-11df-a9f9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d6ea8ffc-8d2f-11df-a9f9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- [2012.07.23 15:24:03 | 000,000,131 | RH-- | M] () O33 - MountPoints2\{dc22ce69-4b20-11e0-9872-5442495ff7de}\Shell - "" = AutoRun O33 - MountPoints2\{dc22ce69-4b20-11e0-9872-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.01 17:37:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\.elfohilfe [2012.12.30 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\elsterformular [2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.12.30 19:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2012.12.09 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Gabi [2012.12.09 15:22:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Internat-Juamt [2012.12.09 01:34:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Metin2 [2012.12.09 01:30:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.03 12:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.03 12:30:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.03 12:25:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job [2013.01.03 10:38:41 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.03 10:38:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.03 03:40:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 03:40:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 03:33:09 | 000,438,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.03 03:32:41 | 522,760,191 | -HS- | M] () -- C:\hiberfil.sys [2013.01.02 17:56:26 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job [2013.01.01 18:03:21 | 000,159,620 | ---- | M] () -- C:\Users\***\Desktop\ESt2011_***_GABRIELE_Final_Final.elfo [2012.12.30 19:03:34 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.12.29 16:26:58 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job [2012.12.28 00:12:48 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.12.26 15:49:19 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job [2012.12.15 12:17:29 | 000,000,702 | ---- | M] () -- C:\Users\***\Desktop\Bibliotheken - Verknüpfung (2).lnk [2012.12.10 15:45:06 | 000,056,576 | ---- | M] () -- C:\Users\***\Documents\päckchen.xps [2012.12.09 01:30:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.07 13:06:46 | 000,019,728 | ---- | M] () -- C:\Users\Siebert\Desktop\kaffeemaschine.jpg [2012.12.07 13:05:17 | 000,033,537 | ---- | M] () -- C:\Users\***\Desktop\Kaffeemaschine_2.jpg [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.01 17:19:50 | 000,159,620 | ---- | C] () -- C:\Users\***\Desktop\ESt2011_***_GABRIELE_Final_Final.elfo [2012.12.30 19:03:34 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.12.15 12:17:29 | 000,000,702 | ---- | C] () -- C:\Users\***\Desktop\Bibliotheken - Verknüpfung (2).lnk [2012.12.10 15:44:40 | 000,056,576 | ---- | C] () -- C:\Users\***\Documents\päckchen.xps [2012.12.07 13:10:29 | 000,033,537 | ---- | C] () -- C:\Users\***\Desktop\Kaffeemaschine_2.jpg [2012.12.07 13:07:05 | 000,019,728 | ---- | C] () -- C:\Users\***\Desktop\kaffeemaschine.jpg [2012.09.01 15:04:03 | 001,806,336 | ---- | C] () -- C:\Windows\SysWow64\speedtreert.dll [2012.05.27 20:57:12 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\defogger_reenable [2011.11.13 23:37:35 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{39B99734-236D-40B7-90AC-7444B93AAD31} [2011.10.28 17:13:00 | 000,174,756 | ---- | C] () -- C:\Users\***\Mojo verde.pdf [2011.10.28 16:46:09 | 000,145,485 | ---- | C] () -- C:\Users\***\Aioli.pdf [2011.10.28 16:44:18 | 000,000,839 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.10.28 16:29:36 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2011.05.07 12:11:58 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{8D669B6F-E7BF-47F2-88C6-D42C0A7BCD33} [2011.05.06 21:14:56 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011.05.06 21:14:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011.01.23 17:56:02 | 000,000,043 | ---- | C] () -- C:\Users\***\.gtk-bookmarks [2011.01.03 14:54:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.01 19:53:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.05.17 04:40:25 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\***\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = \\.\globalroot\systemroot\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\n. "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.25 19:33:06 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2010.12.25 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.08.26 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2011.10.14 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.09.01 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dll-files.com [2012.09.30 11:03:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.09.30 11:02:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.30 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2011.04.10 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Esku [2011.04.16 15:52:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.05.06 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze [2012.09.30 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2011.04.10 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qoniyc [2012.04.30 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.08.13 23:42:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.05.17 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent [2012.08.15 03:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.01.2013 12:40:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,98 Gb Total Physical Memory | 3,54 Gb Available Physical Memory | 59,21% Memory free
11,96 Gb Paging File | 9,38 Gb Available in Paging File | 78,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,40 Gb Total Space | 362,69 Gb Free Space | 79,64% Space Free | Partition Type: NTFS
Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SIEBERT-VAIO | User Name: Siebert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery MergeModules x64
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VMp MergeModule x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA57D9DF-BE05-416A-96E4-2BB4884308E7}" = MSI_SPF_x64
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows-Treiberpaket - Broadcom HIDClass (09/11/2009 6.3.0.1500)
"C3D0C7A1290AAA6A45D0D0422262CE3370E27BE5" = Windows-Treiberpaket - Broadcom Corporation (BTHUSB) Bluetooth (02/12/2010 6.3.0.3820)
"CCleaner" = CCleaner
"D9022850BCF278EAFBF9EDC8741DC09A1AE20B6B" = Windows-Treiberpaket - Broadcom Corporation (BTHUSB) Bluetooth (02/28/2010 6.3.0.3850)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21D1464A-1C54-451E-B780-3ECB3DF8BD4E}" = VAIO Content Monitoring Settings
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44E0DB64-566D-4126-82E6-206B4D76E902}" = VAIO Original Function Settings
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D556460-6E5A-4C53-BCDD-7A7EAEBC169A}" = VAIO Entertainment Platform
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{84FFB317-A08A-4AEE-95EA-7FBA69A3F924}" = VAIO Entertainment Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98F2FA0E-923A-48C2-8EC7-62BD97E38FC0}" = VAIO Data Restore Tool
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C416CBB4-00BA-4E78-878A-590C5FD4A7A1}" = VAIO Media plus
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8A09003-7FAB-4D48-99DD-DC2A734EC9FA}" = Remote Play with PlayStation 3
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFBA1469-E0DA-4825-96AB-12B2988E9A28}" = Media Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular" = ElsterFormular
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Chrome" = Google Chrome
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"IpodConverter_is1" = IpodConverter 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Metin2_is1" = Metin2
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.01.2013 22:29:17 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 5604
Description =
Error - 02.01.2013 22:29:43 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 28
Description =
Error - 02.01.2013 22:29:52 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 28
Description =
Error - 02.01.2013 22:33:15 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 28
Description =
Error - 03.01.2013 06:44:07 | Computer Name = ***-VAIO | Source = ESENT | ID = 490
Description = Windows (1160) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 03.01.2013 06:44:07 | Computer Name = ***-VAIO | Source = ESENT | ID = 439
Description = Windows (1160) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 03.01.2013 07:14:11 | Computer Name = ***-VAIO | Source = ESENT | ID = 490
Description = Windows (1160) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 03.01.2013 07:14:11 | Computer Name = ***-VAIO | Source = ESENT | ID = 439
Description = Windows (1160) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 03.01.2013 07:14:34 | Computer Name = ***-VAIO | Source = ESENT | ID = 490
Description = Windows (1160) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 03.01.2013 07:14:34 | Computer Name = ***-VAIO | Source = ESENT | ID = 439
Description = Windows (1160) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
[ Media Center Events ]
Error - 24.11.2012 18:38:54 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 23:38:53 - Fehler beim Herstellen der Internetverbindung. 23:38:53
- Serververbindung konnte nicht hergestellt werden..
Error - 24.11.2012 19:38:59 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 00:38:58 - Fehler beim Herstellen der Internetverbindung. 00:38:58
- Serververbindung konnte nicht hergestellt werden..
Error - 01.01.2013 12:24:43 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 01.01.2013 12:24:46 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:45 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 01.01.2013 12:24:47 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:47 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 01.01.2013 12:24:48 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:48 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 01.01.2013 13:24:56 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:24:56 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 01.01.2013 13:24:59 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:24:58 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 01.01.2013 13:25:00 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:24:59 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 01.01.2013 13:25:02 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:25:00 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2758857)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2770660)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 für Windows 7 für x64-Systeme (KB2761465)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2729452)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2753842)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Update für Benutzermodus-Treiberframework Version
1.11 für Windows 7 für x64-basierte Systeme (KB2685813)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2727528)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2762895)
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0826 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2761217)
< End of report >
War das soweit richtig oder hätte ich die beiden Text Dateien irgendwie komprimieren müssen? Bitte um Hilfe, wie ich nun weiter verfahren muß. Vielen herzlichen Dank und viele Grüße SGP41 Geändert von sgp41 (03.01.2013 um 13:58 Uhr) |
|
03.01.2013, 13:23
| #2 |
| /// Selecta Jahrusso   | TR/Crypt.TPM.Gen Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.01.2013, 14:06
| #3 |
| | TR/Crypt.TPM.Gen Hallo Daniel,
__________________vielen Dank für die schnelle Nachricht. Habe den TDSSRKiller runtergeladen und gescannt, aber ohne Ergebnis. Hier der LOGFILE: 14:01:29.0622 10064 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:01:29.0806 10064 ============================================================ 14:01:29.0806 10064 Current date / time: 2013/01/03 14:01:29.0806 14:01:29.0806 10064 SystemInfo: 14:01:29.0806 10064 14:01:29.0806 10064 OS Version: 6.1.7601 ServicePack: 1.0 14:01:29.0806 10064 Product type: Workstation 14:01:29.0807 10064 ComputerName: SIEBERT-VAIO 14:01:29.0807 10064 UserName: Siebert 14:01:29.0807 10064 Windows directory: C:\Windows 14:01:29.0807 10064 System windows directory: C:\Windows 14:01:29.0807 10064 Running under WOW64 14:01:29.0807 10064 Processor architecture: Intel x64 14:01:29.0807 10064 Number of processors: 8 14:01:29.0807 10064 Page size: 0x1000 14:01:29.0807 10064 Boot type: Normal boot 14:01:29.0807 10064 ============================================================ 14:01:30.0773 10064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:01:30.0796 10064 ============================================================ 14:01:30.0796 10064 \Device\Harddisk0\DR0: 14:01:30.0797 10064 MBR partitions: 14:01:30.0797 10064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1487800, BlocksNum 0x32000 14:01:30.0797 10064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14B9800, BlocksNum 0x38ECC030 14:01:30.0797 10064 ============================================================ 14:01:30.0810 10064 C: <-> \Device\Harddisk0\DR0\Partition2 14:01:30.0810 10064 ============================================================ 14:01:30.0810 10064 Initialize success 14:01:30.0810 10064 ============================================================ 14:01:32.0827 4524 ============================================================ 14:01:32.0827 4524 Scan started 14:01:32.0827 4524 Mode: Manual; 14:01:32.0827 4524 ============================================================ 14:01:34.0624 4524 ================ Scan system memory ======================== 14:01:34.0624 4524 System memory - ok 14:01:34.0625 4524 ================ Scan services ============================= 14:01:34.0991 4524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:01:34.0996 4524 1394ohci - ok 14:01:35.0084 4524 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 14:01:35.0087 4524 ACDaemon - ok 14:01:35.0122 4524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:01:35.0131 4524 ACPI - ok 14:01:35.0162 4524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:01:35.0163 4524 AcpiPmi - ok 14:01:35.0332 4524 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:01:35.0336 4524 AdobeFlashPlayerUpdateSvc - ok 14:01:35.0391 4524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:01:35.0401 4524 adp94xx - ok 14:01:35.0424 4524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:01:35.0432 4524 adpahci - ok 14:01:35.0452 4524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:01:35.0455 4524 adpu320 - ok 14:01:35.0481 4524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:01:35.0483 4524 AeLookupSvc - ok 14:01:35.0531 4524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:01:35.0546 4524 AFD - ok 14:01:35.0583 4524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:01:35.0584 4524 agp440 - ok 14:01:35.0604 4524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 14:01:35.0606 4524 ALG - ok 14:01:35.0631 4524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:01:35.0632 4524 aliide - ok 14:01:35.0644 4524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 14:01:35.0645 4524 amdide - ok 14:01:35.0679 4524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:01:35.0680 4524 AmdK8 - ok 14:01:35.0694 4524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 14:01:35.0696 4524 AmdPPM - ok 14:01:35.0728 4524 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:01:35.0730 4524 amdsata - ok 14:01:35.0772 4524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 14:01:35.0777 4524 amdsbs - ok 14:01:35.0794 4524 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:01:35.0795 4524 amdxata - ok 14:01:35.0875 4524 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 14:01:35.0879 4524 AntiVirSchedulerService - ok 14:01:35.0905 4524 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 14:01:35.0909 4524 AntiVirService - ok 14:01:35.0962 4524 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys 14:01:35.0969 4524 ApfiltrService - ok 14:01:36.0012 4524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 14:01:36.0014 4524 AppID - ok 14:01:36.0039 4524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:01:36.0040 4524 AppIDSvc - ok 14:01:36.0079 4524 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 14:01:36.0081 4524 Appinfo - ok 14:01:36.0154 4524 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:01:36.0159 4524 Apple Mobile Device - ok 14:01:36.0197 4524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 14:01:36.0198 4524 arc - ok 14:01:36.0225 4524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:01:36.0227 4524 arcsas - ok 14:01:36.0272 4524 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 14:01:36.0273 4524 ArcSoftKsUFilter - ok 14:01:36.0311 4524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:01:36.0312 4524 AsyncMac - ok 14:01:36.0352 4524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 14:01:36.0353 4524 atapi - ok 14:01:36.0448 4524 [ 08BAAA2432E81031A6C3B11AD5A67E2B ] athr C:\Windows\system32\DRIVERS\athrx.sys 14:01:36.0515 4524 athr - ok 14:01:36.0576 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:01:36.0599 4524 AudioEndpointBuilder - ok 14:01:36.0631 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:01:36.0639 4524 AudioSrv - ok 14:01:36.0665 4524 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 14:01:36.0667 4524 avgntflt - ok 14:01:36.0700 4524 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 14:01:36.0702 4524 avipbb - ok 14:01:36.0715 4524 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 14:01:36.0716 4524 avkmgr - ok 14:01:36.0754 4524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:01:36.0756 4524 AxInstSV - ok 14:01:36.0789 4524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 14:01:36.0806 4524 b06bdrv - ok 14:01:36.0845 4524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:01:36.0851 4524 b57nd60a - ok 14:01:36.0884 4524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:01:36.0886 4524 BDESVC - ok 14:01:36.0902 4524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:01:36.0918 4524 Beep - ok 14:01:36.0962 4524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 14:01:36.0993 4524 BITS - ok 14:01:37.0018 4524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:01:37.0019 4524 blbdrive - ok 14:01:37.0099 4524 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 14:01:37.0116 4524 Bonjour Service - ok 14:01:37.0158 4524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:01:37.0160 4524 bowser - ok 14:01:37.0189 4524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 14:01:37.0190 4524 BrFiltLo - ok 14:01:37.0201 4524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 14:01:37.0202 4524 BrFiltUp - ok 14:01:37.0249 4524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 14:01:37.0251 4524 Browser - ok 14:01:37.0283 4524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:01:37.0287 4524 Brserid - ok 14:01:37.0305 4524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:01:37.0306 4524 BrSerWdm - ok 14:01:37.0336 4524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:01:37.0337 4524 BrUsbMdm - ok 14:01:37.0355 4524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:01:37.0356 4524 BrUsbSer - ok 14:01:37.0404 4524 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 14:01:37.0405 4524 BthEnum - ok 14:01:37.0432 4524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 14:01:37.0434 4524 BTHMODEM - ok 14:01:37.0458 4524 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 14:01:37.0460 4524 BthPan - ok 14:01:37.0500 4524 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 14:01:37.0523 4524 BTHPORT - ok 14:01:37.0560 4524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 14:01:37.0562 4524 bthserv - ok 14:01:37.0592 4524 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 14:01:37.0594 4524 BTHUSB - ok 14:01:37.0634 4524 [ 71A07B6FC98030935E60EDBFFE9E9C85 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys 14:01:37.0643 4524 btwampfl - ok 14:01:37.0670 4524 [ BA5622F5544C6C445DFF1A05ACC8B19D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 14:01:37.0672 4524 btwaudio - ok 14:01:37.0697 4524 [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 14:01:37.0699 4524 btwavdt - ok 14:01:37.0763 4524 [ 1AF4ADB12E5EC25041166DA38C3B42C9 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 14:01:37.0797 4524 btwdins - ok 14:01:37.0813 4524 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 14:01:37.0814 4524 btwl2cap - ok 14:01:37.0837 4524 [ BD776F32D64EC615BE4563DC2747224E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 14:01:37.0838 4524 btwrchid - ok 14:01:37.0873 4524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:01:37.0874 4524 cdfs - ok 14:01:37.0916 4524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 14:01:37.0918 4524 cdrom - ok 14:01:37.0964 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 14:01:37.0965 4524 CertPropSvc - ok 14:01:37.0979 4524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 14:01:37.0980 4524 circlass - ok 14:01:38.0019 4524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 14:01:38.0029 4524 CLFS - ok 14:01:38.0098 4524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:01:38.0100 4524 clr_optimization_v2.0.50727_32 - ok 14:01:38.0146 4524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:01:38.0148 4524 clr_optimization_v2.0.50727_64 - ok 14:01:38.0220 4524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:01:38.0225 4524 clr_optimization_v4.0.30319_32 - ok 14:01:38.0255 4524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:01:38.0261 4524 clr_optimization_v4.0.30319_64 - ok 14:01:38.0296 4524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 14:01:38.0297 4524 CmBatt - ok 14:01:38.0310 4524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:01:38.0311 4524 cmdide - ok 14:01:38.0367 4524 [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys 14:01:38.0369 4524 cmnsusbser - ok 14:01:38.0418 4524 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 14:01:38.0434 4524 CNG - ok 14:01:38.0456 4524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:01:38.0457 4524 Compbatt - ok 14:01:38.0496 4524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 14:01:38.0497 4524 CompositeBus - ok 14:01:38.0508 4524 COMSysApp - ok 14:01:38.0536 4524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:01:38.0537 4524 crcdisk - ok 14:01:38.0590 4524 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:01:38.0593 4524 CryptSvc - ok 14:01:38.0638 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:01:38.0663 4524 DcomLaunch - ok 14:01:38.0702 4524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 14:01:38.0710 4524 defragsvc - ok 14:01:38.0735 4524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:01:38.0737 4524 DfsC - ok 14:01:38.0770 4524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 14:01:38.0777 4524 Dhcp - ok 14:01:38.0802 4524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 14:01:38.0803 4524 discache - ok 14:01:38.0836 4524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 14:01:38.0838 4524 Disk - ok 14:01:38.0872 4524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:01:38.0876 4524 Dnscache - ok 14:01:38.0913 4524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:01:38.0919 4524 dot3svc - ok 14:01:38.0970 4524 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 14:01:38.0972 4524 Dot4 - ok 14:01:39.0000 4524 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 14:01:39.0001 4524 Dot4Print - ok 14:01:39.0019 4524 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 14:01:39.0020 4524 dot4usb - ok 14:01:39.0043 4524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 14:01:39.0046 4524 DPS - ok 14:01:39.0074 4524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:01:39.0075 4524 drmkaud - ok 14:01:39.0125 4524 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:01:39.0156 4524 DXGKrnl - ok 14:01:39.0198 4524 EagleX64 - ok 14:01:39.0230 4524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:01:39.0233 4524 EapHost - ok 14:01:39.0326 4524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 14:01:39.0418 4524 ebdrv - ok 14:01:39.0445 4524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 14:01:39.0448 4524 EFS - ok 14:01:39.0507 4524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:01:39.0530 4524 ehRecvr - ok 14:01:39.0554 4524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 14:01:39.0556 4524 ehSched - ok 14:01:39.0602 4524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:01:39.0623 4524 elxstor - ok 14:01:39.0648 4524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:01:39.0649 4524 ErrDev - ok 14:01:39.0687 4524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 14:01:39.0702 4524 EventSystem - ok 14:01:39.0794 4524 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 14:01:39.0845 4524 EvtEng - ok 14:01:39.0900 4524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 14:01:39.0903 4524 exfat - ok 14:01:40.0033 4524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:01:40.0038 4524 fastfat - ok 14:01:40.0150 4524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 14:01:40.0173 4524 Fax - ok 14:01:40.0194 4524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 14:01:40.0195 4524 fdc - ok 14:01:40.0227 4524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:01:40.0228 4524 fdPHost - ok 14:01:40.0246 4524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:01:40.0248 4524 FDResPub - ok 14:01:40.0271 4524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:01:40.0273 4524 FileInfo - ok 14:01:40.0287 4524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:01:40.0288 4524 Filetrace - ok 14:01:40.0305 4524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 14:01:40.0306 4524 flpydisk - ok 14:01:40.0341 4524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:01:40.0348 4524 FltMgr - ok 14:01:40.0403 4524 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 14:01:40.0452 4524 FontCache - ok 14:01:40.0511 4524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:01:40.0512 4524 FontCache3.0.0.0 - ok 14:01:40.0533 4524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:01:40.0534 4524 FsDepends - ok 14:01:40.0558 4524 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 14:01:40.0559 4524 fssfltr - ok 14:01:40.0629 4524 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 14:01:40.0653 4524 fsssvc - ok 14:01:40.0696 4524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:01:40.0697 4524 Fs_Rec - ok 14:01:40.0719 4524 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:01:40.0724 4524 fvevol - ok 14:01:40.0754 4524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:01:40.0756 4524 gagp30kx - ok 14:01:40.0788 4524 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:01:40.0790 4524 GEARAspiWDM - ok 14:01:40.0828 4524 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll 14:01:40.0829 4524 getPlusHelper - ok 14:01:40.0879 4524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 14:01:40.0904 4524 gpsvc - ok 14:01:40.0965 4524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:01:40.0967 4524 gupdate - ok 14:01:41.0006 4524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:01:41.0008 4524 gupdatem - ok 14:01:41.0042 4524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:01:41.0043 4524 hcw85cir - ok 14:01:41.0088 4524 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:01:41.0096 4524 HdAudAddService - ok 14:01:41.0123 4524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 14:01:41.0126 4524 HDAudBus - ok 14:01:41.0143 4524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 14:01:41.0144 4524 HidBatt - ok 14:01:41.0171 4524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 14:01:41.0173 4524 HidBth - ok 14:01:41.0198 4524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 14:01:41.0199 4524 HidIr - ok 14:01:41.0229 4524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 14:01:41.0231 4524 hidserv - ok 14:01:41.0247 4524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:01:41.0249 4524 HidUsb - ok 14:01:41.0281 4524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:01:41.0284 4524 hkmsvc - ok 14:01:41.0336 4524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:01:41.0343 4524 HomeGroupListener - ok 14:01:41.0375 4524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:01:41.0384 4524 HomeGroupProvider - ok 14:01:41.0405 4524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:01:41.0407 4524 HpSAMD - ok 14:01:41.0445 4524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:01:41.0469 4524 HTTP - ok 14:01:41.0515 4524 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 14:01:41.0517 4524 hwdatacard - ok 14:01:41.0529 4524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:01:41.0530 4524 hwpolicy - ok 14:01:41.0543 4524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 14:01:41.0545 4524 i8042prt - ok 14:01:41.0579 4524 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys 14:01:41.0585 4524 iaStor - ok 14:01:41.0621 4524 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 14:01:41.0623 4524 IAStorDataMgrSvc - ok 14:01:41.0650 4524 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:01:41.0665 4524 iaStorV - ok 14:01:41.0717 4524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:01:41.0741 4524 idsvc - ok 14:01:41.0782 4524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:01:41.0784 4524 iirsp - ok 14:01:41.0845 4524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 14:01:41.0870 4524 IKEEXT - ok 14:01:41.0903 4524 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\drivers\Impcd.sys 14:01:41.0906 4524 Impcd - ok 14:01:41.0996 4524 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 14:01:42.0063 4524 IntcAzAudAddService - ok 14:01:42.0099 4524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 14:01:42.0100 4524 intelide - ok 14:01:42.0129 4524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 14:01:42.0130 4524 intelppm - ok 14:01:42.0164 4524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:01:42.0167 4524 IPBusEnum - ok 14:01:42.0197 4524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:01:42.0198 4524 IpFilterDriver - ok 14:01:42.0231 4524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:01:42.0233 4524 IPMIDRV - ok 14:01:42.0263 4524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:01:42.0266 4524 IPNAT - ok 14:01:42.0334 4524 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:01:42.0365 4524 iPod Service - ok 14:01:42.0400 4524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:01:42.0401 4524 IRENUM - ok 14:01:42.0424 4524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:01:42.0425 4524 isapnp - ok 14:01:42.0457 4524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:01:42.0463 4524 iScsiPrt - ok 14:01:42.0502 4524 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 14:01:42.0504 4524 IviRegMgr - ok 14:01:42.0534 4524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:01:42.0535 4524 kbdclass - ok 14:01:42.0573 4524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:01:42.0574 4524 kbdhid - ok 14:01:42.0589 4524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 14:01:42.0591 4524 KeyIso - ok 14:01:42.0619 4524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:01:42.0621 4524 KSecDD - ok 14:01:42.0657 4524 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:01:42.0660 4524 KSecPkg - ok 14:01:42.0677 4524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:01:42.0678 4524 ksthunk - ok 14:01:42.0715 4524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 14:01:42.0731 4524 KtmRm - ok 14:01:42.0770 4524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:01:42.0778 4524 LanmanServer - ok 14:01:42.0810 4524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:01:42.0815 4524 LanmanWorkstation - ok 14:01:42.0845 4524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:01:42.0847 4524 lltdio - ok 14:01:42.0872 4524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:01:42.0880 4524 lltdsvc - ok 14:01:42.0893 4524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:01:42.0897 4524 lmhosts - ok 14:01:42.0928 4524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:01:42.0931 4524 LSI_FC - ok 14:01:42.0964 4524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:01:42.0966 4524 LSI_SAS - ok 14:01:42.0989 4524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 14:01:42.0990 4524 LSI_SAS2 - ok 14:01:43.0010 4524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:01:43.0012 4524 LSI_SCSI - ok 14:01:43.0039 4524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 14:01:43.0042 4524 luafv - ok 14:01:43.0074 4524 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 14:01:43.0075 4524 MBAMProtector - ok 14:01:43.0122 4524 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:01:43.0147 4524 MBAMService - ok 14:01:43.0231 4524 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 14:01:43.0234 4524 McComponentHostService - ok 14:01:43.0279 4524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:01:43.0282 4524 Mcx2Svc - ok 14:01:43.0307 4524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 14:01:43.0308 4524 megasas - ok 14:01:43.0352 4524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 14:01:43.0358 4524 MegaSR - ok 14:01:43.0388 4524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 14:01:43.0391 4524 MMCSS - ok 14:01:43.0420 4524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:01:43.0421 4524 Modem - ok 14:01:43.0436 4524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:01:43.0439 4524 monitor - ok 14:01:43.0463 4524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:01:43.0465 4524 mouclass - ok 14:01:43.0495 4524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:01:43.0496 4524 mouhid - ok 14:01:43.0537 4524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:01:43.0539 4524 mountmgr - ok 14:01:43.0599 4524 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:01:43.0601 4524 MozillaMaintenance - ok 14:01:43.0625 4524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:01:43.0628 4524 mpio - ok 14:01:43.0656 4524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:01:43.0658 4524 mpsdrv - ok 14:01:43.0688 4524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:01:43.0690 4524 MRxDAV - ok 14:01:43.0718 4524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:01:43.0721 4524 mrxsmb - ok 14:01:43.0764 4524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:01:43.0770 4524 mrxsmb10 - ok 14:01:43.0790 4524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:01:43.0793 4524 mrxsmb20 - ok 14:01:43.0822 4524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:01:43.0823 4524 msahci - ok 14:01:43.0841 4524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:01:43.0844 4524 msdsm - ok 14:01:43.0865 4524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 14:01:43.0869 4524 MSDTC - ok 14:01:43.0910 4524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:01:43.0911 4524 Msfs - ok 14:01:43.0935 4524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:01:43.0937 4524 mshidkmdf - ok 14:01:43.0961 4524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:01:43.0962 4524 msisadrv - ok 14:01:43.0989 4524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:01:43.0992 4524 MSiSCSI - ok 14:01:43.0999 4524 msiserver - ok 14:01:44.0028 4524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:01:44.0029 4524 MSKSSRV - ok 14:01:44.0042 4524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:01:44.0043 4524 MSPCLOCK - ok 14:01:44.0051 4524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:01:44.0052 4524 MSPQM - ok 14:01:44.0088 4524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:01:44.0096 4524 MsRPC - ok 14:01:44.0121 4524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 14:01:44.0122 4524 mssmbios - ok 14:01:44.0129 4524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:01:44.0130 4524 MSTEE - ok 14:01:44.0157 4524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 14:01:44.0158 4524 MTConfig - ok 14:01:44.0178 4524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:01:44.0179 4524 Mup - ok 14:01:44.0219 4524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 14:01:44.0241 4524 napagent - ok 14:01:44.0271 4524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:01:44.0277 4524 NativeWifiP - ok 14:01:44.0346 4524 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:01:44.0375 4524 NDIS - ok 14:01:44.0390 4524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:01:44.0391 4524 NdisCap - ok 14:01:44.0408 4524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:01:44.0409 4524 NdisTapi - ok 14:01:44.0436 4524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:01:44.0438 4524 Ndisuio - ok 14:01:44.0469 4524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:01:44.0472 4524 NdisWan - ok 14:01:44.0501 4524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:01:44.0502 4524 NDProxy - ok 14:01:44.0510 4524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:01:44.0511 4524 NetBIOS - ok 14:01:44.0547 4524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:01:44.0552 4524 NetBT - ok 14:01:44.0577 4524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 14:01:44.0579 4524 Netlogon - ok 14:01:44.0608 4524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 14:01:44.0623 4524 Netman - ok 14:01:44.0641 4524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 14:01:44.0655 4524 netprofm - ok 14:01:44.0702 4524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:01:44.0721 4524 NetTcpPortSharing - ok 14:01:44.0931 4524 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys 14:01:45.0109 4524 NETw5s64 - ok 14:01:45.0149 4524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:01:45.0151 4524 nfrd960 - ok 14:01:45.0298 4524 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:01:45.0306 4524 NlaSvc - ok 14:01:45.0327 4524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:01:45.0328 4524 Npfs - ok 14:01:45.0349 4524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:01:45.0352 4524 nsi - ok 14:01:45.0366 4524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:01:45.0367 4524 nsiproxy - ok 14:01:45.0430 4524 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:01:45.0471 4524 Ntfs - ok 14:01:45.0489 4524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 14:01:45.0490 4524 Null - ok 14:01:45.0537 4524 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 14:01:45.0539 4524 NVHDA - ok 14:01:45.0827 4524 [ DB2BEE926E7DFC59896A2D6800EB13F7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:01:46.0117 4524 nvlddmkm - ok 14:01:46.0162 4524 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:01:46.0165 4524 nvraid - ok 14:01:46.0198 4524 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:01:46.0201 4524 nvstor - ok 14:01:46.0247 4524 [ 24AB15D09A13D5A40567211A1AB9B479 ] nvsvc C:\Windows\system32\nvvsvc.exe 14:01:46.0264 4524 nvsvc - ok 14:01:46.0294 4524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:01:46.0297 4524 nv_agp - ok 14:01:46.0313 4524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:01:46.0315 4524 ohci1394 - ok 14:01:46.0356 4524 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:01:46.0361 4524 ose - ok 14:01:46.0510 4524 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:01:46.0625 4524 osppsvc - ok 14:01:46.0655 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:01:46.0664 4524 p2pimsvc - ok 14:01:46.0688 4524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:01:46.0709 4524 p2psvc - ok 14:01:46.0739 4524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 14:01:46.0741 4524 Parport - ok 14:01:46.0778 4524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:01:46.0779 4524 partmgr - ok 14:01:46.0795 4524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:01:46.0800 4524 PcaSvc - ok 14:01:46.0831 4524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 14:01:46.0838 4524 pci - ok 14:01:46.0851 4524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 14:01:46.0852 4524 pciide - ok 14:01:46.0883 4524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:01:46.0886 4524 pcmcia - ok 14:01:46.0914 4524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:01:46.0916 4524 pcw - ok 14:01:46.0944 4524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:01:46.0967 4524 PEAUTH - ok 14:01:47.0057 4524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:01:47.0059 4524 PerfHost - ok 14:01:47.0134 4524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 14:01:47.0176 4524 pla - ok 14:01:47.0211 4524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:01:47.0232 4524 PlugPlay - ok 14:01:47.0299 4524 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 14:01:47.0307 4524 PMBDeviceInfoProvider - ok 14:01:47.0318 4524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:01:47.0321 4524 PNRPAutoReg - ok 14:01:47.0340 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:01:47.0346 4524 PNRPsvc - ok 14:01:47.0374 4524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:01:47.0390 4524 PolicyAgent - ok 14:01:47.0428 4524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 14:01:47.0433 4524 Power - ok 14:01:47.0480 4524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:01:47.0482 4524 PptpMiniport - ok 14:01:47.0509 4524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 14:01:47.0511 4524 Processor - ok 14:01:47.0540 4524 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 14:01:47.0547 4524 ProfSvc - ok 14:01:47.0563 4524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:01:47.0566 4524 ProtectedStorage - ok 14:01:47.0603 4524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:01:47.0606 4524 Psched - ok 14:01:47.0653 4524 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 14:01:47.0656 4524 PSI_SVC_2 - ok 14:01:47.0683 4524 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 14:01:47.0684 4524 PxHlpa64 - ok 14:01:47.0736 4524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:01:47.0778 4524 ql2300 - ok 14:01:47.0793 4524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:01:47.0796 4524 ql40xx - ok 14:01:47.0829 4524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 14:01:47.0836 4524 QWAVE - ok 14:01:47.0851 4524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:01:47.0853 4524 QWAVEdrv - ok 14:01:47.0870 4524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:01:47.0872 4524 RasAcd - ok 14:01:47.0902 4524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:01:47.0904 4524 RasAgileVpn - ok 14:01:47.0920 4524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 14:01:47.0924 4524 RasAuto - ok 14:01:47.0947 4524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:01:47.0949 4524 Rasl2tp - ok 14:01:47.0990 4524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 14:01:48.0006 4524 RasMan - ok 14:01:48.0019 4524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:01:48.0021 4524 RasPppoe - ok 14:01:48.0048 4524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:01:48.0050 4524 RasSstp - ok 14:01:48.0083 4524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:01:48.0090 4524 rdbss - ok 14:01:48.0109 4524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 14:01:48.0110 4524 rdpbus - ok 14:01:48.0130 4524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:01:48.0131 4524 RDPCDD - ok 14:01:48.0149 4524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:01:48.0150 4524 RDPENCDD - ok 14:01:48.0160 4524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:01:48.0161 4524 RDPREFMP - ok 14:01:48.0195 4524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:01:48.0200 4524 RDPWD - ok 14:01:48.0231 4524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:01:48.0234 4524 rdyboost - ok 14:01:48.0254 4524 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys 14:01:48.0255 4524 regi - ok 14:01:48.0308 4524 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 14:01:48.0333 4524 RegSrvc - ok 14:01:48.0369 4524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:01:48.0373 4524 RemoteAccess - ok 14:01:48.0407 4524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:01:48.0411 4524 RemoteRegistry - ok 14:01:48.0446 4524 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 14:01:48.0449 4524 RFCOMM - ok 14:01:48.0468 4524 [ 6DED176A14770339F1415CFDBCC9E07F ] rimspci C:\Windows\system32\drivers\rimssne64.sys 14:01:48.0470 4524 rimspci - ok 14:01:48.0506 4524 [ DDF5F666C2A5B3729E8BEA01FB999CC0 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys 14:01:48.0508 4524 risdsnpe - ok 14:01:48.0559 4524 [ BA6CE930E1453677F7565AE45181AD76 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe 14:01:48.0565 4524 Roxio UPnP Renderer 10 - ok 14:01:48.0584 4524 [ 3A3D707A35EA30A6CF88B9E555E3D815 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe 14:01:48.0592 4524 Roxio Upnp Server 10 - ok 14:01:48.0605 4524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:01:48.0609 4524 RpcEptMapper - ok 14:01:48.0619 4524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 14:01:48.0621 4524 RpcLocator - ok 14:01:48.0661 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 14:01:48.0670 4524 RpcSs - ok 14:01:48.0689 4524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:01:48.0691 4524 rspndr - ok 14:01:48.0702 4524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 14:01:48.0704 4524 SamSs - ok 14:01:48.0729 4524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:01:48.0732 4524 sbp2port - ok 14:01:48.0775 4524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:01:48.0780 4524 SCardSvr - ok 14:01:48.0855 4524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:01:48.0856 4524 scfilter - ok 14:01:48.0902 4524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 14:01:48.0927 4524 Schedule - ok 14:01:48.0970 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:01:48.0972 4524 SCPolicySvc - ok 14:01:48.0995 4524 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 14:01:48.0997 4524 sdbus - ok 14:01:49.0013 4524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:01:49.0019 4524 SDRSVC - ok 14:01:49.0048 4524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:01:49.0049 4524 secdrv - ok 14:01:49.0068 4524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 14:01:49.0071 4524 seclogon - ok 14:01:49.0094 4524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 14:01:49.0098 4524 SENS - ok 14:01:49.0110 4524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:01:49.0114 4524 SensrSvc - ok 14:01:49.0134 4524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 14:01:49.0136 4524 Serenum - ok 14:01:49.0163 4524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 14:01:49.0165 4524 Serial - ok 14:01:49.0184 4524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:01:49.0185 4524 sermouse - ok 14:01:49.0224 4524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:01:49.0228 4524 SessionEnv - ok 14:01:49.0265 4524 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys 14:01:49.0267 4524 SFEP - ok 14:01:49.0279 4524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:01:49.0280 4524 sffdisk - ok 14:01:49.0291 4524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:01:49.0292 4524 sffp_mmc - ok 14:01:49.0306 4524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:01:49.0307 4524 sffp_sd - ok 14:01:49.0334 4524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:01:49.0335 4524 sfloppy - ok 14:01:49.0376 4524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:01:49.0383 4524 ShellHWDetection - ok 14:01:49.0413 4524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 14:01:49.0415 4524 SiSRaid2 - ok 14:01:49.0447 4524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:01:49.0449 4524 SiSRaid4 - ok 14:01:49.0502 4524 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:01:49.0507 4524 SkypeUpdate - ok 14:01:49.0531 4524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:01:49.0533 4524 Smb - ok 14:01:49.0577 4524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:01:49.0581 4524 SNMPTRAP - ok 14:01:49.0635 4524 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe 14:01:49.0639 4524 SOHCImp - ok 14:01:49.0666 4524 [ C1CD71C672EA281A424FBCF24AC99553 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe 14:01:49.0681 4524 SOHDms - ok 14:01:49.0699 4524 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe 14:01:49.0703 4524 SOHDs - ok 14:01:49.0744 4524 [ E2E40C0D24456B6EB440BE01AF829829 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe 14:01:49.0753 4524 SpfService - ok 14:01:49.0771 4524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:01:49.0772 4524 spldr - ok 14:01:49.0813 4524 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 14:01:49.0837 4524 Spooler - ok 14:01:49.0937 4524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 14:01:50.0030 4524 sppsvc - ok 14:01:50.0063 4524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:01:50.0067 4524 sppuinotify - ok 14:01:50.0104 4524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 14:01:50.0120 4524 srv - ok 14:01:50.0144 4524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:01:50.0151 4524 srv2 - ok 14:01:50.0186 4524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:01:50.0188 4524 srvnet - ok 14:01:50.0210 4524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:01:50.0218 4524 SSDPSRV - ok 14:01:50.0233 4524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:01:50.0237 4524 SstpSvc - ok 14:01:50.0259 4524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 14:01:50.0260 4524 stexstor - ok 14:01:50.0304 4524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 14:01:50.0328 4524 stisvc - ok 14:01:50.0363 4524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 14:01:50.0364 4524 swenum - ok 14:01:50.0395 4524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 14:01:50.0408 4524 swprv - ok 14:01:50.0484 4524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 14:01:50.0538 4524 SysMain - ok 14:01:50.0575 4524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:01:50.0579 4524 TabletInputService - ok 14:01:50.0620 4524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:01:50.0636 4524 TapiSrv - ok 14:01:50.0655 4524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 14:01:50.0659 4524 TBS - ok 14:01:50.0729 4524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:01:50.0795 4524 Tcpip - ok 14:01:50.0853 4524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:01:50.0875 4524 TCPIP6 - ok 14:01:50.0912 4524 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:01:50.0914 4524 tcpipreg - ok 14:01:50.0941 4524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:01:50.0942 4524 TDPIPE - ok 14:01:50.0972 4524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:01:50.0973 4524 TDTCP - ok 14:01:51.0002 4524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:01:51.0005 4524 tdx - ok 14:01:51.0127 4524 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 14:01:51.0204 4524 TeamViewer7 - ok 14:01:51.0239 4524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 14:01:51.0241 4524 TermDD - ok 14:01:51.0268 4524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 14:01:51.0291 4524 TermService - ok 14:01:51.0317 4524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 14:01:51.0321 4524 Themes - ok 14:01:51.0349 4524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 14:01:51.0352 4524 THREADORDER - ok 14:01:51.0372 4524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 14:01:51.0376 4524 TrkWks - ok 14:01:51.0427 4524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:01:51.0431 4524 TrustedInstaller - ok 14:01:51.0459 4524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:01:51.0460 4524 tssecsrv - ok 14:01:51.0500 4524 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:01:51.0502 4524 TsUsbFlt - ok 14:01:51.0542 4524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:01:51.0544 4524 tunnel - ok 14:01:51.0583 4524 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW32 C:\Windows\system32\DRIVERS\TVICHW32.SYS 14:01:51.0585 4524 TVICHW32 - ok 14:01:51.0609 4524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:01:51.0611 4524 uagp35 - ok 14:01:51.0642 4524 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe 14:01:51.0646 4524 uCamMonitor - ok 14:01:51.0691 4524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:01:51.0698 4524 udfs - ok 14:01:51.0728 4524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:01:51.0732 4524 UI0Detect - ok 14:01:51.0756 4524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:01:51.0758 4524 uliagpkx - ok 14:01:51.0783 4524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 14:01:51.0785 4524 umbus - ok 14:01:51.0816 4524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 14:01:51.0818 4524 UmPass - ok 14:01:51.0841 4524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 14:01:51.0858 4524 upnphost - ok 14:01:51.0902 4524 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 14:01:51.0903 4524 USBAAPL64 - ok 14:01:51.0920 4524 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:01:51.0922 4524 usbccgp - ok 14:01:51.0941 4524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:01:51.0943 4524 usbcir - ok 14:01:51.0964 4524 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 14:01:51.0966 4524 usbehci - ok 14:01:51.0986 4524 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:01:51.0993 4524 usbhub - ok 14:01:52.0011 4524 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:01:52.0013 4524 usbohci - ok 14:01:52.0031 4524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 14:01:52.0032 4524 usbprint - ok 14:01:52.0048 4524 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:01:52.0050 4524 USBSTOR - ok 14:01:52.0069 4524 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:01:52.0070 4524 usbuhci - ok 14:01:52.0112 4524 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 14:01:52.0117 4524 usbvideo - ok 14:01:52.0140 4524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 14:01:52.0144 4524 UxSms - ok 14:01:52.0192 4524 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe 14:01:52.0194 4524 VAIO Entertainment TV Device Arbitration Service - ok 14:01:52.0243 4524 [ 218F78B39832A2A0761CE2422828A57C ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe 14:01:52.0249 4524 VAIO Event Service - ok 14:01:52.0306 4524 [ 1CF1A4DD7A58C966C9014B83C7229CF3 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe 14:01:52.0329 4524 VAIO Power Management - ok 14:01:52.0340 4524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 14:01:52.0342 4524 VaultSvc - ok 14:01:52.0387 4524 [ 917FB366B6CF2834CDBF9256D18A8FF0 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe 14:01:52.0413 4524 VCFw - ok 14:01:52.0466 4524 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe 14:01:52.0491 4524 VcmIAlzMgr - ok 14:01:52.0523 4524 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe 14:01:52.0533 4524 VcmINSMgr - ok 14:01:52.0564 4524 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe 14:01:52.0566 4524 VcmXmlIfHelper - ok 14:01:52.0605 4524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:01:52.0606 4524 vdrvroot - ok 14:01:52.0651 4524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 14:01:52.0674 4524 vds - ok 14:01:52.0696 4524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:01:52.0698 4524 vga - ok 14:01:52.0716 4524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 14:01:52.0717 4524 VgaSave - ok 14:01:52.0755 4524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:01:52.0758 4524 vhdmp - ok 14:01:52.0774 4524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:01:52.0775 4524 viaide - ok 14:01:52.0799 4524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:01:52.0801 4524 volmgr - ok 14:01:52.0844 4524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:01:52.0853 4524 volmgrx - ok 14:01:52.0873 4524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:01:52.0879 4524 volsnap - ok 14:01:52.0925 4524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:01:52.0928 4524 vsmraid - ok 14:01:52.0997 4524 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe 14:01:53.0027 4524 VSNService - ok 14:01:53.0086 4524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 14:01:53.0144 4524 VSS - ok 14:01:53.0249 4524 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe 14:01:53.0300 4524 VUAgent - ok 14:01:53.0319 4524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 14:01:53.0320 4524 vwifibus - ok 14:01:53.0332 4524 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 14:01:53.0334 4524 vwififlt - ok 14:01:53.0358 4524 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 14:01:53.0359 4524 vwifimp - ok 14:01:53.0404 4524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 14:01:53.0420 4524 W32Time - ok 14:01:53.0453 4524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:01:53.0454 4524 WacomPen - ok 14:01:53.0495 4524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:01:53.0497 4524 WANARP - ok 14:01:53.0516 4524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:01:53.0518 4524 Wanarpv6 - ok 14:01:53.0581 4524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 14:01:53.0631 4524 wbengine - ok 14:01:53.0663 4524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:01:53.0670 4524 WbioSrvc - ok 14:01:53.0707 4524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:01:53.0723 4524 wcncsvc - ok 14:01:53.0743 4524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:01:53.0747 4524 WcsPlugInService - ok 14:01:53.0772 4524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 14:01:53.0774 4524 Wd - ok 14:01:53.0813 4524 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:01:53.0838 4524 Wdf01000 - ok 14:01:53.0857 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:01:53.0864 4524 WdiServiceHost - ok 14:01:53.0870 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:01:53.0874 4524 WdiSystemHost - ok 14:01:53.0907 4524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:01:53.0915 4524 WebClient - ok 14:01:53.0932 4524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:01:53.0940 4524 Wecsvc - ok 14:01:53.0955 4524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:01:53.0961 4524 wercplsupport - ok 14:01:53.0984 4524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:01:53.0989 4524 WerSvc - ok 14:01:54.0005 4524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:01:54.0006 4524 WfpLwf - ok 14:01:54.0018 4524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:01:54.0019 4524 WIMMount - ok 14:01:54.0027 4524 WinHttpAutoProxySvc - ok 14:01:54.0084 4524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:01:54.0089 4524 Winmgmt - ok 14:01:54.0146 4524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 14:01:54.0214 4524 WinRM - ok 14:01:54.0288 4524 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:01:54.0289 4524 WinUsb - ok 14:01:54.0330 4524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:01:54.0359 4524 Wlansvc - ok 14:01:54.0375 4524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:01:54.0376 4524 WmiAcpi - ok 14:01:54.0409 4524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:01:54.0414 4524 wmiApSrv - ok 14:01:54.0435 4524 WMPNetworkSvc - ok 14:01:54.0463 4524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:01:54.0467 4524 WPCSvc - ok 14:01:54.0500 4524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:01:54.0505 4524 WPDBusEnum - ok 14:01:54.0531 4524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:01:54.0533 4524 ws2ifsl - ok 14:01:54.0539 4524 WSearch - ok 14:01:54.0633 4524 [ 624809FE31F0EBBA33FD4C98E016DD83 ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe 14:01:54.0642 4524 WTGService - ok 14:01:54.0724 4524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:01:54.0808 4524 wuauserv - ok 14:01:54.0839 4524 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:01:54.0841 4524 WudfPf - ok 14:01:54.0881 4524 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:01:54.0884 4524 WUDFRd - ok 14:01:55.0004 4524 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:01:55.0010 4524 wudfsvc - ok 14:01:55.0040 4524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 14:01:55.0048 4524 WwanSvc - ok 14:01:55.0086 4524 [ B9A3655BED42A2D7B8C111B93481BCCC ] XS Stick Service C:\Windows\service4g.exe 14:01:55.0088 4524 XS Stick Service - ok 14:01:55.0132 4524 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 14:01:55.0140 4524 yukonw7 - ok 14:01:55.0155 4524 ================ Scan global =============================== 14:01:55.0191 4524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:01:55.0269 4524 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 14:01:55.0293 4524 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 14:01:55.0324 4524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:01:55.0355 4524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:01:55.0370 4524 [Global] - ok 14:01:55.0371 4524 ================ Scan MBR ================================== 14:01:55.0385 4524 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:01:55.0732 4524 \Device\Harddisk0\DR0 - ok 14:01:55.0733 4524 ================ Scan VBR ================================== 14:01:55.0737 4524 [ 11DE3BBCC6B2860A936BD6A094AA1727 ] \Device\Harddisk0\DR0\Partition1 14:01:55.0741 4524 \Device\Harddisk0\DR0\Partition1 - ok 14:01:55.0753 4524 [ 2525F737EC61B8271157D78F6A2B4641 ] \Device\Harddisk0\DR0\Partition2 14:01:55.0757 4524 \Device\Harddisk0\DR0\Partition2 - ok 14:01:55.0758 4524 ============================================================ 14:01:55.0758 4524 Scan finished 14:01:55.0758 4524 ============================================================ 14:01:55.0774 9256 Detected object count: 0 14:01:55.0774 9256 Actual detected object count: 0 VG Gabi |
|
03.01.2013, 14:11
| #4 |
| /// Selecta Jahrusso | TR/Crypt.TPM.Gen Kein Problem Scan mit Combofix
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.01.2013, 15:19
| #5 |
| | TR/Crypt.TPM.Gen Hallo Daniel, habe combofix herunter geladen und nun folgende Logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-03.02 - Siebert 03.01.2013 14:23:17.1.8 - x64
ausgeführt von:: c:\users\Siebert\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Siebert\AppData\Roaming\.#
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 ))))))))))))))))))))))))))))))
.
.
2013-01-03 13:30 . 2013-01-03 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 16:37 . 2013-01-01 16:45 -------- d-----w- c:\users\Siebert\AppData\Local\.elfohilfe
2012-12-30 18:04 . 2012-12-30 18:04 -------- d-----w- c:\users\Siebert\AppData\Roaming\elsterformular
2012-12-30 18:03 . 2012-12-30 18:03 -------- d-----w- c:\programdata\elsterformular
2012-12-30 18:02 . 2012-12-30 18:02 -------- d-----w- c:\program files (x86)\ElsterFormular
2012-12-27 21:41 . 2012-12-27 21:41 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-27 21:41 . 2012-12-27 21:41 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-09 00:30 . 2012-12-09 00:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-09 00:30 . 2012-12-09 00:30 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 19:03 . 2012-08-24 15:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-02 19:03 . 2012-08-24 15:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-01 18:31 . 2011-10-18 20:06 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-01 18:30 . 2011-10-18 20:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-01 18:30 . 2011-10-18 20:05 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-27 23:12 . 2010-08-01 18:53 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-12-16 20:23 . 2010-07-28 11:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-26 15:39 . 2011-11-24 22:02 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-18 13:35 . 2012-11-18 13:35 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2012-11-18 13:35 . 2012-11-18 13:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2012-11-15 20:24 . 2011-11-02 21:03 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-15 20:24 . 2011-11-02 21:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-13 138096]
"GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"EasyDownloads"="c:\program files (x86)\Easy Downloads\easydownloads.exe" [2011-10-14 854040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-02-24 99696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Siebert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
R2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 334888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 39464]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-04-05 117888]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-03-03 158720]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-03-19 93184]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-03-19 77312]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 386416]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-02-11 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-10-20 393216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 19:03]
.
2012-12-26 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2012-12-29 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2013-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10060320]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3
FF - ProfilePath - c:\users\Siebert\AppData\Roaming\Mozilla\Firefox\Profiles\e3qmgbf3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_ptnrs=^AAA&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550&apn_dtid=^YYYYYY^YY^DE&&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Metin2_is1 - c:\program files (x86)\Metin2\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03 14:40:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-03 13:40
.
Vor Suchlauf: 16 Verzeichnis(se), 389.406.433.280 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 389.568.143.360 Bytes frei
.
- - End Of File - - B17784877F863F40AC6A0796F445D667
VG Gabi Hallo Daniel, muß ich noch etwas tun? VG Gabi |
|
03.01.2013, 19:12
| #7 |
| | TR/Crypt.TPM.Gen Hallo Daniel, hier die otl.txt :OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2013 18:51:27 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Siebert\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 63,32% Memory free 11,96 Gb Paging File | 9,42 Gb Available in Paging File | 78,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,40 Gb Total Space | 362,12 Gb Free Space | 79,52% Space Free | Partition Type: NTFS Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SIEBERT-VAIO | User Name: Siebert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.03 18:51:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siebert\Desktop\OTL.exe PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.08.13 19:32:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 14:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.14 18:18:43 | 000,854,040 | ---- | M] (hxxp://izloader.com/) -- C:\Program Files (x86)\Easy Downloads\easydownloads.exe PRC - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.04.30 12:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2010.03.02 15:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe PRC - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe PRC - [2010.02.24 13:59:08 | 000,099,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe PRC - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe PRC - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2010.01.21 19:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.15 12:40:22 | 000,316,784 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.20 23:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012.08.31 11:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.08.31 11:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.04.23 23:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.03.21 23:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.02.11 00:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 02:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2010.11.05 02:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009.06.10 22:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Services (SafeList) ========== SRV - [2013.01.02 20:03:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.27 22:41:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.04.08 13:27:18 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.03.12 16:15:40 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.02.24 13:59:08 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2010.02.08 09:46:46 | 000,302,448 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService) SRV - [2010.01.20 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.25 03:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.11.25 03:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 14:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.05 07:59:22 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.05 16:27:22 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.08.16 20:21:27 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.03.20 11:06:18 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.03.19 11:03:49 | 000,093,184 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010.03.19 11:03:46 | 000,077,312 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010.03.18 21:47:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.03.18 21:47:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.03.18 21:47:38 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.03.18 21:47:37 | 000,334,888 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.03.18 21:47:03 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.03.18 10:16:10 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.03.17 21:02:57 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010.03.03 23:56:59 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.11 20:19:26 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.20 16:02:25 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2011.01.05 16:27:22 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=8691acc5000000000000002314b8cced IE - HKCU\..\SearchScopes\{5A6C85CE-58F0-49BD-884E-41EECB7E6E47}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVED_deDE388DE388 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A67C1857-CB98-4061-B6DF-2525ECA01527}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{B46FC204-4117-411A-9566-0E05E5D7594B}: "URL" = Shopping.com Deutschland - der große Produkt- und Preisvergleich IE - HKCU\..\SearchScopes\{B82039A1-06D6-4AAA-BCE5-D44208C4EF2A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9 FF - prefs.js..extensions.enabledAddons: gutscheinmieze%40synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.100 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.4.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_ptnrs=^AAA&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Siebert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Siebert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M] [2010.07.15 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebert\AppData\Roaming\mozilla\Extensions [2013.01.01 03:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions [2013.01.01 03:56:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.13 17:43:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@conduit.com [2011.05.11 19:18:18 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@plasmoo.com [2011.10.14 18:18:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\ffxtlbr@babylon.com [2011.05.06 21:14:42 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\gutscheinmieze@synatix-gmbh.de [2012.06.20 22:50:26 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\toolbar@ask.com [2010.09.16 20:26:27 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\vshare@toolbar [2013.01.02 20:03:41 | 000,002,404 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\askcom.xml [2010.07.15 21:09:30 | 000,000,873 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\conduit.xml [2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\plasmoo.xml [2012.02.11 18:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.27 22:41:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.06.19 21:11:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.30 16:23:07 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011.10.14 18:18:45 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.10.03 23:33:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 21:11:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.06 21:14:42 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.06.19 21:11:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 21:11:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 21:11:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Siebert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Google Mail = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Siebert\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Siebert\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKCU..\Run: [Facebook Update] C:\Users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7778BCE7-2A10-4702-9287-4D6B9F0A21F5}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9F53EC-CA10-40D8-B7C0-543D3FA66BF5}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,131 | RH-- | M] () - D:\autorun.bat -- [ CDFS ] O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,063 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.03 18:51:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Siebert\Desktop\OTL.exe [2013.01.03 14:40:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.03 14:35:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.01.03 14:21:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.03 14:21:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.03 14:21:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.03 14:21:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.03 14:20:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.03 14:16:10 | 005,018,169 | R--- | C] (Swearware) -- C:\Users\Siebert\Desktop\ComboFix.exe [2013.01.03 14:01:14 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Siebert\Desktop\tdsskiller.exe [2013.01.01 17:37:27 | 000,000,000 | ---D | C] -- C:\Users\Siebert\AppData\Local\.elfohilfe [2012.12.30 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Siebert\AppData\Roaming\elsterformular [2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.12.30 19:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2012.12.09 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\Siebert\Documents\Gabi [2012.12.09 15:22:34 | 000,000,000 | ---D | C] -- C:\Users\Siebert\Documents\Internat-Juamt [2012.12.09 01:34:45 | 000,000,000 | ---D | C] -- C:\Users\Siebert\Desktop\Metin2 [2012.12.09 01:30:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2 C:\Users\Siebert\Desktop\*.tmp files -> C:\Users\Siebert\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.03 18:51:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siebert\Desktop\OTL.exe [2013.01.03 18:48:22 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.03 18:48:22 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.03 18:48:22 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.03 18:48:22 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.03 18:48:22 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.03 18:47:13 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job [2013.01.03 18:47:08 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.03 18:47:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.03 18:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.03 17:36:37 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.03 15:25:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job [2013.01.03 15:19:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 15:19:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 15:11:28 | 000,440,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.03 15:10:09 | 522,760,191 | -HS- | M] () -- C:\hiberfil.sys [2013.01.03 14:16:29 | 005,018,169 | R--- | M] (Swearware) -- C:\Users\Siebert\Desktop\ComboFix.exe [2013.01.03 14:01:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Siebert\Desktop\tdsskiller.exe [2013.01.01 18:03:21 | 000,159,620 | ---- | M] () -- C:\Users\Siebert\Desktop\ESt2011_SIEBERT_GABRIELE_Final_Final.elfo [2012.12.30 19:03:34 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.12.29 16:26:58 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job [2012.12.28 00:12:48 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.12.26 15:49:19 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job [2012.12.15 12:17:29 | 000,000,702 | ---- | M] () -- C:\Users\Siebert\Desktop\Bibliotheken - Verknüpfung (2).lnk [2012.12.10 15:45:06 | 000,056,576 | ---- | M] () -- C:\Users\Siebert\Documents\päckchen.xps [2012.12.09 01:30:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.07 13:06:46 | 000,019,728 | ---- | M] () -- C:\Users\Siebert\Desktop\kaffeemaschine.jpg [2012.12.07 13:05:17 | 000,033,537 | ---- | M] () -- C:\Users\Siebert\Desktop\Kaffeemaschine_2.jpg [2 C:\Users\Siebert\Desktop\*.tmp files -> C:\Users\Siebert\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.03 14:21:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.03 14:21:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.03 14:21:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.03 14:21:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.03 14:21:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.03 03:01:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.01 17:19:50 | 000,159,620 | ---- | C] () -- C:\Users\Siebert\Desktop\ESt2011_SIEBERT_GABRIELE_Final_Final.elfo [2012.12.30 19:03:34 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.12.29 03:06:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.15 12:17:29 | 000,000,702 | ---- | C] () -- C:\Users\Siebert\Desktop\Bibliotheken - Verknüpfung (2).lnk [2012.12.10 15:44:40 | 000,056,576 | ---- | C] () -- C:\Users\Siebert\Documents\päckchen.xps [2012.12.07 13:10:29 | 000,033,537 | ---- | C] () -- C:\Users\Siebert\Desktop\Kaffeemaschine_2.jpg [2012.12.07 13:07:05 | 000,019,728 | ---- | C] () -- C:\Users\Siebert\Desktop\kaffeemaschine.jpg [2012.09.01 15:04:03 | 001,806,336 | ---- | C] () -- C:\Windows\SysWow64\speedtreert.dll [2012.05.27 20:57:12 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\defogger_reenable [2011.11.13 23:37:35 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\AppData\Local\{39B99734-236D-40B7-90AC-7444B93AAD31} [2011.10.28 17:13:00 | 000,174,756 | ---- | C] () -- C:\Users\Siebert\Mojo verde.pdf [2011.10.28 16:46:09 | 000,145,485 | ---- | C] () -- C:\Users\Siebert\Aioli.pdf [2011.10.28 16:44:18 | 000,000,839 | ---- | C] () -- C:\Users\Siebert\.recently-used.xbel [2011.10.28 16:29:36 | 000,004,096 | -H-- | C] () -- C:\Users\Siebert\AppData\Local\keyfile3.drm [2011.05.07 12:11:58 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\AppData\Local\{8D669B6F-E7BF-47F2-88C6-D42C0A7BCD33} [2011.05.06 21:14:56 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011.05.06 21:14:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011.01.23 17:56:02 | 000,000,043 | ---- | C] () -- C:\Users\Siebert\.gtk-bookmarks [2011.01.03 14:54:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.01 19:53:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.05.17 04:40:25 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.12.25 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Amazon [2010.08.26 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Auslogics [2011.10.14 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Babylon [2012.09.01 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\dll-files.com [2012.09.30 11:03:23 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\DVDVideoSoft [2012.09.30 11:02:17 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.30 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\elsterformular [2011.04.10 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Esku [2011.04.16 15:52:10 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\gtk-2.0 [2011.05.06 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Gutscheinmieze [2012.09.30 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\OpenCandy [2011.04.10 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Qoniyc [2012.04.30 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\TeamViewer [2012.08.13 23:42:28 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\TS3Client [2011.05.17 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Verbindungsassistent [2012.08.15 03:04:51 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\XSManager ========== Purity Check ========== < End of report > Was muß ich nun tun? Vielen herzlichen Dank für die Hilfestellung. Grüße Gabi |
|
03.01.2013, 20:57
| #8 |
| /// Selecta Jahrusso | TR/Crypt.TPM.Gen Hy. Deinstalliere bitte: Babylon toolbar on IE DVDVideoSoftTB Toolbar Gutscheinmieze - Toolbar McAfee Security Scan Plus Starte danach den Rechner neu auf. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Combofix-Skript
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
04.01.2013, 14:57
| #9 |
| | TR/Crypt.TPM.Gen Hallo Daniel, habe es gestern noch die halbe Nacht versucht und auch heute Vormittag, aber leider erfolglos. Ich ziehe auf dem Desktop die CFScript.txt in die ComboFix.exe, ComboFix startet auch aber bleibt bei Stufe 4 hängen. Habe Anitvir abgestellt, aber es funktioniert nicht. Kannst Du mir sagen was ich falsch mache? VG Gabi |
|
04.01.2013, 15:06
| #10 |
| /// Selecta Jahrusso | TR/Crypt.TPM.Gen Versuchen wir es mal im abgesicherten Modus. Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
05.01.2013, 18:36
| #11 |
| | TR/Crypt.TPM.Gen Hallo Daniel, super, im abgesicherten Modus gat es funktioniert. Hier die txt Datei: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-05.01 - Siebert 05.01.2013 18:11:51.6.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6126.5197 [GMT 1:00]
ausgeführt von:: c:\users\Siebert\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Siebert\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\assembly\Desktop.ini"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\Desktop.ini
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-05 bis 2013-01-05 ))))))))))))))))))))))))))))))
.
.
2013-01-05 17:18 . 2013-01-05 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 09:51 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E755C8CC-7D0F-4392-9387-0926A0635C03}\mpengine.dll
2013-01-03 02:02 . 2012-11-14 07:11 763424 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-01-03 02:02 . 2012-11-14 06:04 1346048 ----a-w- c:\windows\system32\urlmon.dll
2013-01-03 02:02 . 2012-11-14 06:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-03 02:02 . 2012-11-14 06:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-01-03 02:02 . 2012-11-14 05:55 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-01-03 02:02 . 2012-11-14 05:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-01-03 02:02 . 2012-11-14 06:06 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-01-03 02:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-03 02:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-03 02:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-03 02:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-03 02:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-03 02:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-03 02:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-03 02:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-03 02:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-01 16:37 . 2013-01-01 16:45 -------- d-----w- c:\users\Siebert\AppData\Local\.elfohilfe
2012-12-30 18:04 . 2012-12-30 18:04 -------- d-----w- c:\users\Siebert\AppData\Roaming\elsterformular
2012-12-30 18:03 . 2012-12-30 18:03 -------- d-----w- c:\programdata\elsterformular
2012-12-30 18:02 . 2012-12-30 18:02 -------- d-----w- c:\program files (x86)\ElsterFormular
2012-12-29 02:06 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-29 02:06 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-29 02:06 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-29 02:06 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-29 02:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-29 02:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-27 21:41 . 2012-12-27 21:41 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-27 21:41 . 2012-12-27 21:41 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-17 09:58 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-12-17 09:58 . 2012-10-04 15:21 338432 ----a-w- c:\windows\system32\conhost.exe
2012-12-17 09:58 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-17 09:58 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-16 14:08 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-16 14:08 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-16 14:08 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-09 00:30 . 2012-12-09 00:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-09 00:30 . 2012-12-09 00:30 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 19:03 . 2012-08-24 15:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-02 19:03 . 2012-08-24 15:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-01 18:31 . 2011-10-18 20:06 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-01 18:30 . 2011-10-18 20:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-01 18:30 . 2011-10-18 20:05 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-27 23:12 . 2010-08-01 18:53 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-12-16 20:23 . 2010-07-28 11:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-26 15:39 . 2011-11-24 22:02 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-18 13:35 . 2012-11-18 13:35 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2012-11-18 13:35 . 2012-11-18 13:35 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2012-11-15 20:24 . 2011-11-02 21:03 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-15 20:24 . 2011-11-02 21:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-27 19:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 19:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 19:03 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 15:29 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 15:29 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 15:29 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 15:29 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-13 138096]
"GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"EasyDownloads"="c:\program files (x86)\Easy Downloads\easydownloads.exe" [2011-10-14 854040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-02-24 99696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Siebert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 334888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 39464]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-04-05 117888]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-03-03 158720]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-03-19 93184]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-03-19 77312]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 386416]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-02-11 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-10-20 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 19:03]
.
2012-12-26 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2013-01-05 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10060320]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3
FF - ProfilePath - c:\users\Siebert\AppData\Roaming\Mozilla\Firefox\Profiles\e3qmgbf3.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Metin2_is1 - c:\program files (x86)\Metin2\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-05 18:30:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-05 17:30
ComboFix2.txt 2013-01-03 13:40
.
Vor Suchlauf: 18 Verzeichnis(se), 390.209.986.560 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 389.900.881.920 Bytes frei
.
- - End Of File - - 58B829709DEE20A0265A6273161E9DC1
Was muß ich nun tun? VG Gabi |
|
05.01.2013, 19:01
| #12 |
| /// Selecta Jahrusso | TR/Crypt.TPM.Gen Hy. Sieht eigentlich alles ganz gut aus. Update bitte Malwarebytes und lass einen QuickScan laufen. Entferne alle Funde und poste die Logfile hier. ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
06.01.2013, 20:10
| #13 |
| | TR/Crypt.TPM.Gen Hallo Daniel, hier die Logfile vin Malwarebyte: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.05.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Siebert :: SIEBERT-VAIO [Administrator] 06.01.2013 00:15:06 mbam-log-2013-01-06 (00-15-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224116 Laufzeit: 4 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und hier die Logfile von Eset (war etwas schwierig, da der Scanner unheimlich lange brauchte): ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=945f6842c67c604cb60a22e1cd6383f0 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-06 01:58:40 # local_time=2013-01-06 02:58:40 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 98 77612 222904010 0 0 # compatibility_mode=5893 16776573 100 94 187620 109110570 0 0 # scanned=230596 # found=1 # cleaned=0 # scan_time=52024 C:\Users\Siebert\Downloads\vlc-1.1.9-win32.exe Win32/StartPage.OIE trojan (unable to clean) 1D435CA0C4BA455742225989F95CC529198E86DB I ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=945f6842c67c604cb60a22e1cd6383f0 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-06 05:04:07 # local_time=2013-01-06 06:04:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1799 16775165 100 98 88739 222915137 81519 0 # compatibility_mode=5893 16776573 100 94 198747 109121697 0 0 # scanned=231290 # found=1 # cleaned=0 # scan_time=11022 C:\Users\Siebert\Downloads\vlc-1.1.9-win32.exe Win32/StartPage.OIE trojan (unable to clean) 1D435CA0C4BA455742225989F95CC529198E86DB I Was mache ich nun? VG Gabi |
|
06.01.2013, 20:31
| #14 |
| /// Selecta Jahrusso | TR/Crypt.TPM.Gen Wenn du mit Defogger irgendwelche Treiber deaktiviert hast, starte bitte Defogger und klicke den Re-enable Button. Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen. Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Downloade dir bitte delfix auf deinen Desktop.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
08.01.2013, 17:55
| #15 |
| |  TR/Crypt.TPM.Gen Hallo Daniel, vielen herzlichen Dank für die tolle Unterstützung. Es scheint tatsächlich alles bereinigt zu sein, die Virenprogramme haben auch heute nichts mehr gefunden. Klasse Arbeit. Werde zukünftig sehr vorsichtig sein. Viele Grüsse Gabi |
|
| Themen zu TR/Crypt.TPM.Gen |
| 7-zip, antivir, avg secure search, avira, babylontoolbar, bho, bonjour, cid, converter, desktop, error, excel, firefox, flash player, google, home, install.exe, limited.com/facebook, logfile, mp3, plug-in, realtek, registry, secure search, security, senden, server, software, symantec, teamspeak, tr/crypt., trojaner, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
