| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ukash Trojaner gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2013, 11:16
| #1 |
 |  Ukash Trojaner gefunden Hallo zusammen, habe folgendes Problem, ich habe heute morgen meinen Rechner wieder angemacht und er war schonmal sehr langsam, da dachte ich mir ja gut mal schauen warum. Kurz danach wurde mein Desktop gesperrt und es kam die Meldung ,mein Rechner wurde gesperrt. Das Ding ist nur das ist nicht der BKA oder Bundespolizei Trojaner sonder irgendwas englisch amerikanisches. Sieht aber so ähnlich aus. Zur zeit kann ich wieder auf meinen Desktop zugreifen, denn ich habe im Taskmanager die Prozesse schonmal gelöscht und den PC zurück gesetzt. Wie gehe ich jetzt am besten weiter vor? Mein System ist Windows 7 64bit. Danke schonmal! MfG Oemmel |
|
11.01.2013, 13:24
| #2 |
| /// Malware-holic   | Ukash Trojaner gefunden Hi
__________________finger weg von der Systemwiederherstellung bei Malware, dass kann zu Problemen führen Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
11.01.2013, 13:52
| #3 |
| | Ukash Trojaner gefunden Ok scan wurde durchgeführt. Allerdings kam mitten im scan eine Meldung die mir in meiner Taskleiste mit einem gelben Dreieck und Ausrufezeichen angezeigt wurde: OTL: OTl.exe Datei beschädigt. Die Datei oder das Verzeichnis C:Windows\Prefetch\ReadyBoot\Trace4.fx beschädigt oder nicht lesbar. Bitte fürhen Sie CHKDSK aus.
__________________Log Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.01.2013 13:36:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A.Schattke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 78,05% Memory free
15,97 Gb Paging File | 14,00 Gb Available in Paging File | 87,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,41 Gb Total Space | 753,01 Gb Free Space | 81,72% Space Free | Partition Type: NTFS
Computer Name: KONSTRUKTION-PC | User Name: A.Schattke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E017A4A-9754-401E-8C61-ADF26B2580EC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20610E17-88A7-4531-BAB5-6F02E96C9813}" = lport=445 | protocol=6 | dir=in | app=system |
"{2EB81246-C263-4B02-A686-F23D0E2F7536}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44A5102F-F780-4DB4-B80F-16264446AAA6}" = lport=139 | protocol=6 | dir=in | app=system |
"{532F8E49-97E2-4929-90A2-DFA32C16525E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{544B12C5-9FB0-470A-B4A1-134D30F79B4B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{65335AB0-E448-4C09-8435-29944C0CE2DE}" = rport=138 | protocol=17 | dir=out | app=system |
"{65BC9408-B045-4FA1-9E93-67E6FC568531}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{67B0068D-78CA-422A-B9FC-57E668A95280}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C796BB5-207E-47E1-A080-65913EAAAC83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71FB6A4B-90F1-4AB0-8D2C-017CEF05FABA}" = rport=137 | protocol=17 | dir=out | app=system |
"{72515AF5-A3EB-4F94-AD32-BB25BA7E5C67}" = rport=445 | protocol=6 | dir=out | app=system |
"{73CFDCDC-657E-454B-A0E8-22CC6905075E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E9A5776-F4DC-4878-9C4B-5845A988977B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82D42A73-C89B-4406-AECA-6A582AA5553A}" = rport=139 | protocol=6 | dir=out | app=system |
"{8E7AAC43-C057-4D08-BCAD-9CB8572C91E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A43E8EA8-C018-4950-B935-60A356A5AF9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A44C2710-576F-4ECF-B392-93358728942F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A6735A7B-5CDC-491A-9EB9-D782F9336E8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A904E4E9-32A7-437B-AF73-887D4CF6373D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0ADD425-2C45-47DE-AC25-5A4ABD54CB3F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{C37FDE0E-E7B0-40D3-9B6B-FD6B73F99A7B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C535DE9A-C1D1-406D-BC93-DDB0FFA33EB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C72A7071-5FD8-4B0B-90BD-50A0A34D6651}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D8A51AA0-50C7-4801-BC64-E46F02DE4F07}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DB0F0868-1142-4E5F-B8D1-E4BF30CEFBB8}" = lport=138 | protocol=17 | dir=in | app=system |
"{E16DB8C1-5B57-4BAF-AE2E-78AA35FABB04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E37B5547-AFB2-458F-A06A-E1ADC9AB75D6}" = lport=1434 | protocol=17 | dir=in | name=sql server browser (eulanda) |
"{E3B19D23-A4D9-4A47-9BE8-6A607F153BEC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E49E9040-2DEA-4A7F-B25B-F3EF084154A7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E5FABCA3-E7B5-4014-9DB5-DFD77C285D04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6F6E8EE-A78C-4301-9E65-8E4818BFE59D}" = lport=137 | protocol=17 | dir=in | app=system |
"{EAD019F7-94EE-4FB1-9804-A408DDBC7269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC633075-7642-497C-8808-92FDF78BFD4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F477D725-0E58-4592-B347-970E1EFCEE8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FBCB4C96-2412-41F0-A1F6-504D3D474748}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023B898A-5FAB-43F5-AE83-8646DF17D06B}" = protocol=6 | dir=out | app=system |
"{092430E0-D9BF-418E-9175-2DF75DCD4D72}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1A01049D-9A76-427A-BAA0-569285BEF4FD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{202B59AD-2856-4E99-9C47-A0368FF8B46F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30E73406-2204-4FC6-BB83-2F00254FE875}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{333ACE0C-4B0C-456B-A0E3-E7230DB0D43E}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl11b\faxrx.exe |
"{34D2B306-52A9-4ED5-ACB7-82CD2FFAA4EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CADFB8B-0BAE-42A5-8E6F-BA6CABEA9134}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{490FC9D3-3D52-4D48-8EED-EB9DA165579F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{537C3DD4-08E3-4611-9B23-2EC496075887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EFD9D92-1B33-4E84-899D-29D650A04CF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62944AF4-F469-40A8-85D4-EF4A20DF3F13}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{635A3394-9747-455E-81E2-45B7241B9E19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64801656-FA6C-482A-BE19-6952E4FB980F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6994F759-3A5E-4590-9284-39C489FB0D14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{755270C4-D772-4969-9FAA-E96C011C6904}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7F03D40E-86BF-434B-85AD-39963089DE49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84828124-F9F5-4D60-9F3F-452CDE3E6C44}" = dir=in | app=c:\program files\microsoft sql server\mssql10_50.eulanda\mssql\binn\sqlservr.exe |
"{889014E5-28DF-450E-B45D-02AA7CB18026}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8FF6938F-BC4E-44C0-AFBF-7E89BBB85BE8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{909B7990-2EBE-41F3-9506-3FD08911C68D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94E3E7B6-79DC-4912-A37C-A88A4D789756}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97C4CBB7-F9CA-411F-BCAB-A4C0B00733EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9966BDBB-2541-48FF-B9C4-7600A1C6AB8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99809CC4-F444-42D9-9BC2-1F55702A4174}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B852382C-E1F8-4A1D-B581-EBEF023D1914}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{BBE10D8F-F266-4785-8805-37E1F41660FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFCB5B0A-099D-495B-8016-9F7BA8B9ADD0}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl11b\faxrx.exe |
"{C56F6824-1A97-40A8-8058-BE484DDA173E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6F66470-98E9-4486-9167-4B3F704B9034}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9F9C4DA-DEE3-4C55-8D6F-3729EDDAA5F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F7EB219F-7F88-45D7-AAD5-FAC5E98C789D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{1920FB4F-40E5-437C-94B8-ED795EDA387F}D:\windows utilities\installer64\installationmanager.exe" = protocol=6 | dir=in | app=d:\windows utilities\installer64\installationmanager.exe |
"TCP Query User{BCC168DC-0FF7-4C1A-B138-0F906E447ACE}C:\programdata\qtime\q1\q1.exe" = protocol=6 | dir=in | app=c:\programdata\qtime\q1\q1.exe |
"TCP Query User{F9E2AD1E-9229-4D98-9FC1-8C43D65AC641}C:\program files (x86)\eplan\platform\2.2.5\bin\eplan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eplan\platform\2.2.5\bin\eplan.exe |
"UDP Query User{6F55B034-722E-4D88-9846-57360BA6B835}D:\windows utilities\installer64\installationmanager.exe" = protocol=17 | dir=in | app=d:\windows utilities\installer64\installationmanager.exe |
"UDP Query User{E19938B4-83B3-4E28-8924-14BDEEDECA0E}C:\program files (x86)\eplan\platform\2.2.5\bin\eplan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eplan\platform\2.2.5\bin\eplan.exe |
"UDP Query User{E8602492-78AD-4C06-83F1-A8DCA0391211}C:\programdata\qtime\q1\q1.exe" = protocol=17 | dir=in | app=c:\programdata\qtime\q1\q1.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D7FB32-C400-7500-3596-5E10B70FECF2}" = AMD AVIVO64 Codecs
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{BB539DEC-56B4-7542-50E0-0843557AC3B0}" = ccc-utility64
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}" = AMD Media Foundation Decoders
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
"DesktopIconAmazon" = Desktop Icon für Amazon
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Recuva" = Recuva
"SearchAnonymizer" = SearchAnonymizer
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00008A35-4469-4899-98BF-6CBF7A275272}" = EPLAN 5.70.3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client
"{01C970A8-B27B-4CAA-103F-9341C66B92FA}" = CCC Help Thai
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0A7336FD-424E-1997-5C51-A23515716E6C}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{154240DE-32F2-94A7-B838-FC3990DC99F3}" = CCC Help Spanish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1B71D6F6-09B3-CD77-3E5E-5DFA80347723}" = CCC Help Swedish
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2648BD0A-D78E-EC53-B44C-36227A47406D}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2EA2DE09-5DCF-2B9E-E933-375EF0EDF768}" = Catalyst Control Center
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{30E88170-07BC-82A9-26C4-5B86DB421ED4}" = CCC Help Greek
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32BFD212-A55E-4D1A-9E42-DB3764B761B8}" = Sage HBCI-Kontaktverwaltung
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{398604E5-24B9-9023-1A75-8298C048352E}" = CCC Help Finnish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E91E222-F413-D384-DC10-07DDA23950CE}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E58145F-4CE7-45B7-74A3-85CA4D66BFC6}" = CCC Help German
"{5F89F3D0-0482-9F06-2022-A55B10CE9780}" = Catalyst Control Center InstallProxy
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B24794C-D8AC-4B90-B731-C0D7CF8FD840}" = OutlookSynchronisation
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6D8DDF5C-53E7-46C3-819E-3E75867C72A4}" = Cockpit
"{6ebc3eb4-503a-49c6-a77f-7f4c62c2698a}" = PC-Kaufmann Komplettpaket Pro 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7151419D-0A37-80DF-7584-A48F34E60512}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{830F55B6-4398-4B72-A0D8-66397B902C0E}" = Brother MFL-Pro Suite MFC-J5910DW
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8461189A-04D6-CF49-AC7F-DEE8D6EF5DC1}" = CCC Help Turkish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86EB0C65-F36E-6324-2EB5-55725EA7FF53}" = CCC Help Dutch
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8829C3E2-FA99-E136-C466-DB2C70C80340}" = CCC Help Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F91A4A-5806-F56B-5C45-E5DB5227DAA7}" = CCC Help Japanese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99416104-7727-B287-2F24-05E3AA57DC01}" = HydraVision
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A01F53EB-DCC5-0237-94BF-42A65E6D5990}" = CCC Help Italian
"{A32CD35B-103F-EE44-133F-3E28728BF955}" = CCC Help Korean
"{A621AFE8-E578-89AC-D363-E534A35A3C5B}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A802136A-3471-4539-B8B5-CFF8949EE095}" = eBay
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B587926C-A0B7-DCB7-E52C-5F7DBE3F2EAC}" = CCC Help English
"{BD383E92-2890-4A9F-9B2F-425F8FDF043B}" = EULANDA
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{BFF5CBD2-4D16-4908-864C-50BA5C10CCD1}" = Sage BankCom
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5095A9D-FC56-A25F-1E92-2F601CFA1B30}" = CCC Help Chinese Traditional
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6424F7D-D7A5-4E82-8BB6-0538B9663EC4}" = CCC Help Hungarian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D82F4E66-B3F6-4482-879E-AAC745CCFE0F}" = DraftSight
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DC002856-211F-3632-9C12-4203D8D21DCD}" = CCC Help Czech
"{DCC00443-03F7-FE92-3C5B-6FFFCA54C638}" = CCC Help Polish
"{DCD30354-3FFF-BBBD-949F-49BA69CAE41B}" = CCC Help Chinese Standard
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1032F4F-8EFC-479B-8912-827F24785A4C}" = EPLAN Electric P8 2.1
"{E104A6F4-1E3F-4F9E-916A-A7646E616DBC}" = EPLAN Electric P8 2.2
"{E300931E-D26F-4C30-B5AC-6CBDF1242BB5}" = EPLAN Platform Data 2.2
"{E300D0B0-9B51-4E5A-9025-D987AD6FFCB3}" = EPLAN Platform Addon 2.1
"{E310B68E-5664-4E7A-88E3-E2B993385BDF}" = EPLAN Electric P8 Addon 2.1
"{E310EFBD-5400-436D-BC30-550AAE87CD89}" = EPLAN Electric P8 Data 2.2
"{E37DA179-60DA-4044-8FAE-504831332AD3}" = EPLAN Platform 2.2
"{E3FACBAC-8787-46FC-9AAA-B0270AC815DC}" = EPLAN Platform 2.1
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7BCD68E-2EFA-41FE-BCA4-DD9777BFE757}" = Sage SAIP
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC9E0980-A5A8-83DC-0E03-AA628E54137D}" = Catalyst Control Center Graphics Previews Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 SmartFax" = 1&1 SmartFax
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"EPLAN Electric P8 2.1" = EPLAN Electric P8 2.1
"EPLAN Electric P8 2.2" = EPLAN Electric P8 2.2
"EULANDA" = EULANDA
"Hardlock Device Driver" = Hardlock Device Driver
"IMLock" = IM Lock
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"IrfanView" = IrfanView (remove only)
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.12.2012 04:52:41 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 21.12.2012 03:51:59 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 26.12.2012 05:33:07 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 04:27:39 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 02.01.2013 02:12:44 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 04.01.2013 04:16:43 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 05.01.2013 08:42:32 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 06.01.2013 07:12:44 | Computer Name = Konstruktion-Pc | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2013 04:14:30 | Computer Name = Konstruktion-Pc | Source = SideBySide | ID = 16842832
Description =
Error - 07.01.2013 04:16:02 | Computer Name = Konstruktion-Pc | Source = SideBySide | ID = 16842832
Description =
[ System Events ]
Error - 27.12.2012 04:26:00 | Computer Name = Konstruktion-Pc | Source = Service Control Manager | ID = 7000
Description =
Error - 27.12.2012 04:27:08 | Computer Name = Konstruktion-Pc | Source = DCOM | ID = 10016
Description =
Error - 27.12.2012 04:27:21 | Computer Name = Konstruktion-Pc | Source = DCOM | ID = 10016
Description =
Error - 02.01.2013 02:11:10 | Computer Name = Konstruktion-Pc | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2013 02:12:18 | Computer Name = Konstruktion-Pc | Source = DCOM | ID = 10016
Description =
Error - 02.01.2013 02:12:22 | Computer Name = Konstruktion-Pc | Source = DCOM | ID = 10016
Description =
Error - 04.01.2013 04:15:06 | Computer Name = Konstruktion-Pc | Source = Service Control Manager | ID = 7000
Description =
Error - 04.01.2013 04:16:12 | Computer Name = Konstruktion-Pc | Source = DCOM | ID = 10016
Description =
Error - 04.01.2013 04:16:18 | Computer Name = Konstruktion-Pc | Source = DCOM | ID = 10016
Description =
Error - 05.01.2013 08:40:50 | Computer Name = Konstruktion-Pc | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Log OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 11.01.2013 13:36:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A.Schattke\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 78,05% Memory free 15,97 Gb Paging File | 14,00 Gb Available in Paging File | 87,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,41 Gb Total Space | 753,01 Gb Free Space | 81,72% Space Free | Partition Type: NTFS Computer Name: KONSTRUKTION-PC | User Name: A.Schattke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.11 13:33:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A.Schattke\Desktop\OTL.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 15:23:11 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 15:22:55 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.12.11 15:22:50 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 15:22:50 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.02 20:19:54 | 006,239,727 | ---- | M] () -- C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.05.22 12:10:22 | 000,243,776 | ---- | M] (Comvigo, Inc.) -- C:\Windows\SysWOW64\qimlsrv.exe PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2011.04.20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2011.03.21 01:42:48 | 000,096,320 | ---- | M] (Comvigo, Inc.) -- C:\Windows\SysWOW64\dsrviml.exe PRC - [2010.03.09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010.03.05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2009.05.05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2004.05.17 14:34:10 | 000,360,448 | ---- | M] (Samsung Electronics.) -- C:\Windows\Samsung\ComSMMgr\SSMMgr.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 09:08:06 | 000,491,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1c45044fe9c3034d6c14c06588e96263\IAStorUtil.ni.dll MOD - [2013.01.10 09:08:06 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\205b321c691c934e529d96f9dcceb606\IAStorCommon.ni.dll MOD - [2013.01.10 08:22:31 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 08:22:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.10 08:22:08 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 08:21:59 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 08:21:56 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 08:21:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 08:21:52 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 08:21:48 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.12.02 20:19:54 | 006,239,727 | ---- | M] () -- C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe MOD - [2011.08.23 23:59:50 | 000,047,972 | ---- | M] () -- C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\mingwm10.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.23 03:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\libgcc_s_dw2-1.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.01.11 10:08:51 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 09:17:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.11 15:23:11 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 15:22:55 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.12.11 15:22:50 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.11.07 15:19:36 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\A.Schattke\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.01.24 11:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service) SRV - [2011.06.17 21:28:12 | 000,431,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.EULANDA\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$EULANDA) SRV - [2011.06.17 21:22:56 | 062,111,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10_50.EULANDA\MSSQL\Binn\sqlservr.exe -- (MSSQL$EULANDA) SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.04.03 19:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2010.04.03 11:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 15:23:16 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 15:23:16 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.20 14:50:49 | 000,068,608 | ---- | M] (Chingachguk & Denger2k (Elite & SP edition)) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\multikey.sys -- (multikey) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.06.15 08:39:36 | 000,296,576 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2012.06.15 06:44:14 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 13:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.28 14:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.08.26 04:08:54 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011.08.26 04:08:52 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011.08.17 11:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.08.17 11:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.06.17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.11 10:33:54 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.23 03:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.23 09:37:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.12.19 04:55:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D3304964-8CF2-4873-B5B0-22E66D2E1557} IE:64bit: - HKLM\..\SearchScopes\{D3304964-8CF2-4873-B5B0-22E66D2E1557}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D3304964-8CF2-4873-B5B0-22E66D2E1557} IE - HKLM\..\SearchScopes\{D3304964-8CF2-4873-B5B0-22E66D2E1557}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {D3304964-8CF2-4873-B5B0-22E66D2E1557} IE - HKCU\..\SearchScopes\{6FF6C3DC-AE4B-4BF4-91DC-9F684D459F7E}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=75532080-e16d-493b-8e05-c60d9242cab7&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{8EF12A13-9D5D-4A76-8F03-472C119D111B}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=75532080-e16d-493b-8e05-c60d9242cab7&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{98C25F72-E301-4C76-A5D2-B6E0B185B185}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=75532080-e16d-493b-8e05-c60d9242cab7&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DC6EF095-B2FC-4F24-9295-A2CC76A16EF4}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=75532080-e16d-493b-8e05-c60d9242cab7&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DD754ED9-3A0A-498A-B9C5-EE8E98919D43}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=75532080-e16d-493b-8e05-c60d9242cab7&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{DE7CA262-2442-40BF-A1DC-F01F0EEFD53E}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{E4CB800A-9650-4E56-9331-6B100E7F7562}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=75532080-e16d-493b-8e05-c60d9242cab7&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.ams-elektronik.de/" FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0 FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728 FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.5 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=b89e9eee-c17f-4e31-8062-fae3b6b11c05&apn_ptnrs=%5EAGS&apn_sauid=E36C5DC9-1DCD-4B8B-B6B4-476941F23770&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.03 16:45:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 10:08:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\extensions\firejump@firejump.net [2012.11.07 15:19:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 10:08:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 11:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\Extensions [2013.01.11 13:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\Firefox\Profiles\b2cdqmax.default\extensions [2013.01.11 13:31:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\Firefox\Profiles\b2cdqmax.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.10 08:23:57 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\Firefox\Profiles\b2cdqmax.default\extensions\firefox@ghostery.com [2012.11.07 15:19:41 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\Firefox\Profiles\b2cdqmax.default\extensions\firejump@firejump.net [2012.10.30 20:55:26 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\Firefox\Profiles\b2cdqmax.default\extensions\toolbar@ask.com [2012.12.13 08:00:48 | 000,363,462 | ---- | M] () (No name found) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\firefox\profiles\b2cdqmax.default\extensions\client@anonymox.net.xpi [2012.11.14 13:19:00 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\firefox\profiles\b2cdqmax.default\extensions\extension@preispilot.com.xpi [2012.12.13 08:23:03 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\A.Schattke\AppData\Roaming\mozilla\firefox\profiles\b2cdqmax.default\extensions\trackmenot@mrl.nyu.edu.xpi [2012.11.07 15:19:38 | 000,002,706 | ---- | M] () -- C:\Users\A.Schattke\AppData\Roaming\mozilla\firefox\profiles\b2cdqmax.default\searchplugins\askcom.xml [2012.11.07 15:19:38 | 000,002,077 | ---- | M] () -- C:\Users\A.Schattke\AppData\Roaming\mozilla\firefox\profiles\b2cdqmax.default\searchplugins\{23993C12-4D4C-439A-8C8E-08D24CAF0AE2}.xml [2012.11.07 15:19:38 | 000,002,188 | ---- | M] () -- C:\Users\A.Schattke\AppData\Roaming\mozilla\firefox\profiles\b2cdqmax.default\searchplugins\{264ADFD4-191C-4EBA-A1D7-221ED6BE92CB}.xml [2012.11.07 15:19:38 | 000,001,870 | ---- | M] () -- C:\Users\A.Schattke\AppData\Roaming\mozilla\firefox\profiles\b2cdqmax.default\searchplugins\{A58168E5-B8C9-4A8B-85C3-E95143C8DA3D}.xml [2013.01.11 10:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.01.11 10:08:51 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.11 10:08:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.11 10:08:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.11 10:08:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.11 10:08:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.11 10:08:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.11 10:08:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\A.Schattke\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XeroxRegistation] "C:\Users\A628F~1.SCH\AppData\Local\Temp\Xerox\EReg\EReg.exe" /Startup File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Samsung Common SM] C:\windows\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D2C0A1B-030D-47CF-BC0E-3DBEEF578EB4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d441526e-2714-11e2-a3ed-50e549d577ae}\Shell - "" = AutoRun O33 - MountPoints2\{d441526e-2714-11e2-a3ed-50e549d577ae}\Shell\AutoRun\command - "" = J:\setup.exe AUTORUN=1 O33 - MountPoints2\{d441527c-2714-11e2-a3ed-50e549d577ae}\Shell - "" = AutoRun O33 - MountPoints2\{d441527c-2714-11e2-a3ed-50e549d577ae}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{d441528e-2714-11e2-a3ed-50e549d577ae}\Shell - "" = AutoRun O33 - MountPoints2\{d441528e-2714-11e2-a3ed-50e549d577ae}\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CACCCD3F-1DD8-3A99-02C4-1873263CAF9C} - Internet Explorer ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5776AA3-9C2D-C170-66B7-8FB34A6DB902} - Microsoft Windows Media Player ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {E9815DE4-958E-0364-56AA-3183A945C3E5} - Themes Setup ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 13:33:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A.Schattke\Desktop\OTL.exe [2013.01.11 12:34:31 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.01.11 10:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.10 12:48:52 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\AppData\Local\CrashRpt [2013.01.10 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\Documents\My Drawings [2013.01.10 12:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dassault Systemes [2013.01.10 12:48:27 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\AppData\Roaming\DraftSight [2013.01.10 12:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Dassault Systemes [2013.01.10 12:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dassault Systemes [2013.01.10 12:43:55 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LibreCAD [2013.01.10 12:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreCAD [2013.01.10 12:30:30 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\AppData\Local\Autodesk [2013.01.10 12:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2013.01.10 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\AppData\Roaming\Autodesk [2013.01.10 12:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2013.01.09 08:05:12 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\Desktop\200x200_jpg [2013.01.07 12:11:26 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\Desktop\Jung CD 500 [2013.01.04 11:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.01.04 11:53:08 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\Desktop\USB Stick Matze [2012.12.13 15:33:59 | 000,000,000 | ---D | C] -- C:\Users\A.Schattke\AppData\Local\Vidalia [2012.12.13 07:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle [2012.12.13 07:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bridge Bundle [2012.10.30 22:48:19 | 001,178,624 | ---- | C] (CPUID) -- C:\Users\A.Schattke\AppData\Roaming\siw_sdk.dll ========== Files - Modified Within 30 Days ========== [2013.01.11 13:33:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A.Schattke\Desktop\OTL.exe [2013.01.11 12:44:53 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.11 12:44:53 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.11 12:37:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.11 12:37:16 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys [2013.01.11 12:35:50 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2013.01.11 11:17:49 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.01.11 10:44:11 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.11 10:10:26 | 000,003,032 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.11 10:10:26 | 000,001,060 | ---- | M] () -- C:\Users\A.Schattke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.11 10:10:26 | 000,000,161 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.11 10:10:26 | 000,000,072 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.10 17:56:29 | 000,443,840 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.10 12:48:29 | 000,002,773 | ---- | M] () -- C:\Users\Public\Desktop\DraftSight.lnk [2013.01.10 12:13:54 | 000,016,021 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Hager_Phasenschiene.jpg [2013.01.10 11:15:55 | 000,024,475 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Unterverteiler Hager.jpg [2013.01.10 11:12:00 | 000,007,485 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Reihenklemmen WDU 2,5.jpg [2013.01.10 10:21:14 | 000,022,981 | ---- | M] () -- C:\Users\A.Schattke\Desktop\siemens-6ES7313-5BG04-0AB0.jpg [2013.01.10 10:15:18 | 000,015,905 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Eaton Schütz DILM 7-10.jpg [2013.01.10 10:09:30 | 000,015,725 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Sicherungseinsätze.jpg [2013.01.10 10:06:52 | 000,052,561 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Sicherungssockel.jpg [2013.01.10 10:01:48 | 000,014,604 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Eaton Hauptschalter 125A.jpg [2013.01.10 09:55:27 | 000,011,624 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Eaton PXL B16.jpg [2013.01.10 09:44:43 | 000,013,750 | ---- | M] () -- C:\Users\A.Schattke\Desktop\Eaton FI 40A.jpg [2013.01.09 16:31:03 | 001,775,676 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.01.09 16:31:03 | 000,762,792 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.09 16:31:03 | 000,718,110 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.09 16:31:03 | 000,172,938 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.09 16:31:03 | 000,145,892 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.09 16:30:59 | 001,775,676 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013.01.11 12:35:50 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2013.01.11 10:10:26 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.11 10:10:26 | 000,003,032 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.11 10:10:26 | 000,001,060 | ---- | C] () -- C:\Users\A.Schattke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.11 10:10:26 | 000,000,161 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.11 10:10:26 | 000,000,072 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.10 12:48:29 | 000,002,773 | ---- | C] () -- C:\Users\Public\Desktop\DraftSight.lnk [2013.01.10 12:13:36 | 000,016,021 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Hager_Phasenschiene.jpg [2013.01.10 11:15:55 | 000,024,475 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Unterverteiler Hager.jpg [2013.01.10 11:12:00 | 000,007,485 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Reihenklemmen WDU 2,5.jpg [2013.01.10 10:21:14 | 000,022,981 | ---- | C] () -- C:\Users\A.Schattke\Desktop\siemens-6ES7313-5BG04-0AB0.jpg [2013.01.10 10:15:17 | 000,015,905 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Eaton Schütz DILM 7-10.jpg [2013.01.10 10:09:10 | 000,015,725 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Sicherungseinsätze.jpg [2013.01.10 10:06:22 | 000,052,561 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Sicherungssockel.jpg [2013.01.10 10:01:27 | 000,014,604 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Eaton Hauptschalter 125A.jpg [2013.01.10 09:55:02 | 000,011,624 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Eaton PXL B16.jpg [2013.01.10 08:53:15 | 000,013,750 | ---- | C] () -- C:\Users\A.Schattke\Desktop\Eaton FI 40A.jpg [2012.12.10 09:13:45 | 000,042,719 | ---- | C] () -- C:\Users\A.Schattke\AppData\Local\recently-used.xbel [2012.11.12 14:23:19 | 000,000,023 | ---- | C] () -- C:\windows\ODBCINST.INI [2012.11.07 15:19:42 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll [2012.11.01 14:02:02 | 000,000,052 | ---- | C] () -- C:\windows\seumain.INI [2012.11.01 13:52:50 | 000,000,000 | ---- | C] () -- C:\windows\KHKSManC.INI [2012.10.31 11:50:06 | 000,000,260 | ---- | C] () -- C:\windows\Brpfx04a.ini [2012.10.31 11:50:06 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini [2012.10.31 11:49:43 | 000,005,892 | ---- | C] () -- C:\windows\BRPARAM.INI [2012.10.31 11:48:57 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini [2012.10.31 11:48:57 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat [2012.10.31 11:48:39 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL [2012.10.31 11:48:36 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI [2012.10.28 12:16:48 | 000,099,840 | ---- | C] () -- C:\windows\IMGMSGMO.dll [2012.10.28 12:15:00 | 000,442,368 | ---- | C] () -- C:\windows\SysWow64\dvmsg.dll [2012.10.27 17:35:04 | 000,164,864 | ---- | C] () -- C:\windows\SysWow64\UNWISE.EXE [2012.10.27 17:35:04 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\hlduinst.exe [2012.10.27 17:35:04 | 000,006,836 | ---- | C] () -- C:\windows\SysWow64\UNWISE.INI [2012.10.27 17:29:01 | 001,775,676 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.01.09 14:09:51 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.01.09 14:07:54 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.01.09 14:07:54 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.01.09 14:07:53 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.01.09 13:52:22 | 000,000,032 | ---- | C] () -- C:\windows\CD_Start.INI [2012.01.09 13:38:44 | 000,085,761 | ---- | C] () -- C:\windows\SysWow64\tnblf.exe [2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\windows\SysWow64\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\windows\SysWow64\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\windows\SysWow64\LxDNTvm100.dll [2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\windows\SysWow64\winiml.dat [2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\ProgramData\winiml.dat [2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\ProgramData\iml.xml ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.16 09:11:23 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\1&1 [2012.12.03 16:45:49 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\APP_NAME_NON_STRING [2013.01.10 12:37:21 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\Autodesk [2012.10.31 11:59:56 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\ControlCenter4 [2012.11.07 15:19:47 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\DesktopIconForAmazon [2013.01.10 12:48:41 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\DraftSight [2012.12.04 08:05:44 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\IrfanView [2012.11.02 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de) [2012.11.02 10:31:36 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\IT-Service Christian Hau - www.a-bit-more.de [2012.11.12 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\Lexware [2012.10.31 11:43:12 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\Nuance [2012.11.07 15:19:36 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\OCS [2012.11.07 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\Opera [2012.12.03 16:54:48 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\PDF Architect [2012.12.03 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\pdfforge [2012.11.05 18:07:25 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\T-Mobile [2012.10.28 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\A.Schattke\AppData\Roaming\Tobit ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.05 11:18:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.01.10 08:59:13 | 000,000,000 | ---D | M] -- C:\AMS Elektronik [2012.10.31 11:48:59 | 000,000,000 | ---D | M] -- C:\Brother [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.10.27 16:59:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.11.29 14:27:17 | 000,000,000 | ---D | M] -- C:\EPLAN4 [2013.01.11 12:34:31 | 000,000,000 | -HSD | M] -- C:\found.000 [2012.01.09 13:38:45 | 000,000,000 | ---D | M] -- C:\imlreports [2012.10.30 17:07:07 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.28 08:34:52 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.11 13:31:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.01.11 10:10:26 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.10.27 16:59:40 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.06 16:14:29 | 000,000,000 | ---D | M] -- C:\PS Daten [2013.01.11 13:37:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.27 16:59:46 | 000,000,000 | R--D | M] -- C:\Users [2013.01.10 12:17:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,025,830 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012.10.30 18:40:25 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\windows\SysNative\drivers\iaStor.sys [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys [2011.10.17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\PNPDRV\StorageDrv\Intel\iaStor.sys [2011.10.17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_a0e315501c75a0d0\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.11 13:44:59 | 002,621,440 | -HS- | M] () -- C:\Users\A.Schattke\NTUSER.DAT [2013.01.11 13:44:59 | 000,262,144 | -HS- | M] () -- C:\Users\A.Schattke\ntuser.dat.LOG1 [2012.10.27 16:59:46 | 000,000,000 | -HS- | M] () -- C:\Users\A.Schattke\ntuser.dat.LOG2 [2012.10.27 17:59:47 | 000,065,536 | -HS- | M] () -- C:\Users\A.Schattke\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.10.27 17:59:47 | 000,524,288 | -HS- | M] () -- C:\Users\A.Schattke\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.10.27 17:59:47 | 000,524,288 | -HS- | M] () -- C:\Users\A.Schattke\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.10.27 16:59:46 | 000,000,020 | -HS- | M] () -- C:\Users\A.Schattke\ntuser.ini [2012.10.31 11:57:15 | 000,000,000 | ---- | M] () -- C:\Users\A.Schattke\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
11.01.2013, 16:01
| #4 |
| /// Malware-holic | Ukash Trojaner gefunden hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.11 10:44:11 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.11 10:10:26 | 000,003,032 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.11 10:10:26 | 000,001,060 | ---- | M] () -- C:\Users\A.Schattke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.11 10:10:26 | 000,000,161 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.11 10:10:26 | 000,000,072 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 16:10
| #5 |
| | Ukash Trojaner gefunden Ok erfolgreich durchgeführt. Nur nach jedem Neustart will Windows einen Datenträgerüberprüfung machen. Einmal schon ausgeführt, kommt aber immer wieder. Zusätzlich ist mir aufgefallen das ich eben kein USB stick verwenden kann. Soll immer erst formatieren aber wenn ich das machen will kommt die Fehlermeldung Windows kann den USB Stick nicht formatieren. Log: All processes killed ========== OTL ========== C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. C:\ProgramData\dsgsdgdsgdsgw.js moved successfully. C:\Users\A.Schattke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully. C:\ProgramData\dsgsdgdsgdsgw.reg moved successfully. C:\ProgramData\dsgsdgdsgdsgw.bat moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: A.Schattke ->Flash cache emptied: 1620 bytes User: All Users User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: A.Schattke ->Temp folder emptied: 193468214 bytes ->Temporary Internet Files folder emptied: 214352788 bytes ->Java cache emptied: 3058348 bytes ->FireFox cache emptied: 86864300 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 289968431 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 751,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01112013_160306 Files\Folders moved on Reboot... C:\Users\A.Schattke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\windows\temp\TmpFile1 scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
11.01.2013, 16:53
| #6 |
| /// Malware-holic | Ukash Trojaner gefunden Hi hast du noch n andern Stick, der den du verwendet hast, könnte evtl. kaputt sein. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Ukash Trojaner gefunden |
|
11.01.2013, 16:56
| #7 |
| | Ukash Trojaner gefunden Hier der log 16:54:05.0997 4360 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:54:06.0247 4360 ============================================================ 16:54:06.0247 4360 Current date / time: 2013/01/11 16:54:06.0247 16:54:06.0247 4360 SystemInfo: 16:54:06.0247 4360 16:54:06.0247 4360 OS Version: 6.1.7601 ServicePack: 1.0 16:54:06.0247 4360 Product type: Workstation 16:54:06.0247 4360 ComputerName: KONSTRUKTION-PC 16:54:06.0247 4360 UserName: A.Schattke 16:54:06.0247 4360 Windows directory: C:\windows 16:54:06.0247 4360 System windows directory: C:\windows 16:54:06.0247 4360 Running under WOW64 16:54:06.0247 4360 Processor architecture: Intel x64 16:54:06.0247 4360 Number of processors: 4 16:54:06.0247 4360 Page size: 0x1000 16:54:06.0247 4360 Boot type: Normal boot 16:54:06.0247 4360 ============================================================ 16:54:06.0730 4360 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040 16:54:06.0746 4360 ============================================================ 16:54:06.0746 4360 \Device\Harddisk0\DR0: 16:54:06.0746 4360 MBR partitions: 16:54:06.0746 4360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:54:06.0746 4360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x732D3800 16:54:06.0746 4360 ============================================================ 16:54:06.0886 4360 C: <-> \Device\Harddisk0\DR0\Partition2 16:54:06.0886 4360 ============================================================ 16:54:06.0886 4360 Initialize success 16:54:06.0886 4360 ============================================================ 16:54:56.0978 1320 ============================================================ 16:54:56.0978 1320 Scan started 16:54:56.0978 1320 Mode: Manual; SigCheck; TDLFS; 16:54:56.0978 1320 ============================================================ 16:54:57.0150 1320 ================ Scan system memory ======================== 16:54:57.0150 1320 System memory - ok 16:54:57.0150 1320 ================ Scan services ============================= 16:54:57.0290 1320 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 16:54:57.0353 1320 1394ohci - ok 16:54:57.0368 1320 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 16:54:57.0368 1320 ACPI - ok 16:54:57.0368 1320 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 16:54:57.0431 1320 AcpiPmi - ok 16:54:57.0493 1320 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:54:57.0524 1320 AdobeARMservice - ok 16:54:57.0618 1320 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:54:57.0633 1320 AdobeFlashPlayerUpdateSvc - ok 16:54:57.0649 1320 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 16:54:57.0680 1320 adp94xx - ok 16:54:57.0727 1320 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 16:54:57.0743 1320 adpahci - ok 16:54:57.0758 1320 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 16:54:57.0774 1320 adpu320 - ok 16:54:57.0805 1320 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 16:54:57.0899 1320 AeLookupSvc - ok 16:54:57.0961 1320 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 16:54:58.0023 1320 AFD - ok 16:54:58.0023 1320 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 16:54:58.0039 1320 agp440 - ok 16:54:58.0086 1320 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\windows\system32\drivers\aksdf.sys 16:54:58.0133 1320 aksdf - ok 16:54:58.0148 1320 [ A56F1B0F967AEF8A82D7771E6D166DEF ] akshasp C:\windows\system32\DRIVERS\akshasp.sys 16:54:58.0179 1320 akshasp - ok 16:54:58.0211 1320 [ E444E6F621A3CDF0E3FF018293895061 ] aksusb C:\windows\system32\DRIVERS\aksusb.sys 16:54:58.0226 1320 aksusb - ok 16:54:58.0273 1320 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 16:54:58.0304 1320 ALG - ok 16:54:58.0320 1320 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 16:54:58.0335 1320 aliide - ok 16:54:58.0367 1320 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\windows\system32\atiesrxx.exe 16:54:58.0429 1320 AMD External Events Utility - ok 16:54:58.0429 1320 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 16:54:58.0445 1320 amdide - ok 16:54:58.0445 1320 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 16:54:58.0476 1320 AmdK8 - ok 16:54:58.0632 1320 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys 16:54:58.0788 1320 amdkmdag - ok 16:54:58.0850 1320 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys 16:54:58.0897 1320 amdkmdap - ok 16:54:58.0913 1320 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 16:54:58.0944 1320 AmdPPM - ok 16:54:58.0959 1320 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 16:54:58.0975 1320 amdsata - ok 16:54:58.0975 1320 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 16:54:58.0991 1320 amdsbs - ok 16:54:59.0006 1320 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 16:54:59.0006 1320 amdxata - ok 16:54:59.0053 1320 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 16:54:59.0053 1320 AntiVirSchedulerService - ok 16:54:59.0084 1320 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 16:54:59.0100 1320 AntiVirService - ok 16:54:59.0115 1320 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 16:54:59.0147 1320 AntiVirWebService - ok 16:54:59.0178 1320 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 16:54:59.0256 1320 AppID - ok 16:54:59.0318 1320 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 16:54:59.0381 1320 AppIDSvc - ok 16:54:59.0381 1320 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 16:54:59.0427 1320 Appinfo - ok 16:54:59.0427 1320 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 16:54:59.0443 1320 arc - ok 16:54:59.0459 1320 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 16:54:59.0459 1320 arcsas - ok 16:54:59.0521 1320 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 16:54:59.0537 1320 aspnet_state - ok 16:54:59.0552 1320 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 16:54:59.0583 1320 AsyncMac - ok 16:54:59.0599 1320 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 16:54:59.0599 1320 atapi - ok 16:54:59.0630 1320 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\windows\system32\DRIVERS\athrx.sys 16:54:59.0677 1320 athr - ok 16:54:59.0724 1320 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys 16:54:59.0755 1320 AtiHDAudioService - ok 16:54:59.0786 1320 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 16:54:59.0849 1320 AudioEndpointBuilder - ok 16:54:59.0849 1320 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 16:54:59.0880 1320 AudioSrv - ok 16:54:59.0895 1320 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 16:54:59.0895 1320 avgntflt - ok 16:54:59.0958 1320 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 16:54:59.0973 1320 avipbb - ok 16:54:59.0989 1320 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 16:55:00.0005 1320 avkmgr - ok 16:55:00.0020 1320 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 16:55:00.0067 1320 AxInstSV - ok 16:55:00.0083 1320 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 16:55:00.0098 1320 b06bdrv - ok 16:55:00.0114 1320 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 16:55:00.0145 1320 b57nd60a - ok 16:55:00.0207 1320 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 16:55:00.0239 1320 BDESVC - ok 16:55:00.0239 1320 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 16:55:00.0270 1320 Beep - ok 16:55:00.0285 1320 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 16:55:00.0332 1320 BFE - ok 16:55:00.0363 1320 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 16:55:00.0410 1320 BITS - ok 16:55:00.0410 1320 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys 16:55:00.0441 1320 blbdrive - ok 16:55:00.0441 1320 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 16:55:00.0457 1320 bowser - ok 16:55:00.0473 1320 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 16:55:00.0488 1320 BrFiltLo - ok 16:55:00.0488 1320 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 16:55:00.0488 1320 BrFiltUp - ok 16:55:00.0535 1320 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 16:55:00.0551 1320 Browser - ok 16:55:00.0566 1320 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 16:55:00.0613 1320 Brserid - ok 16:55:00.0629 1320 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 16:55:00.0660 1320 BrSerWdm - ok 16:55:00.0660 1320 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 16:55:00.0675 1320 BrUsbMdm - ok 16:55:00.0675 1320 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 16:55:00.0707 1320 BrUsbSer - ok 16:55:00.0753 1320 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 16:55:00.0769 1320 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 16:55:00.0769 1320 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 16:55:00.0769 1320 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 16:55:00.0800 1320 BTHMODEM - ok 16:55:00.0831 1320 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 16:55:00.0863 1320 bthserv - ok 16:55:00.0878 1320 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 16:55:00.0909 1320 cdfs - ok 16:55:00.0925 1320 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 16:55:00.0941 1320 cdrom - ok 16:55:00.0941 1320 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 16:55:00.0972 1320 CertPropSvc - ok 16:55:00.0972 1320 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 16:55:00.0987 1320 circlass - ok 16:55:01.0019 1320 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 16:55:01.0034 1320 CLFS - ok 16:55:01.0081 1320 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:55:01.0097 1320 clr_optimization_v2.0.50727_32 - ok 16:55:01.0128 1320 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:55:01.0143 1320 clr_optimization_v2.0.50727_64 - ok 16:55:01.0175 1320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:55:01.0190 1320 clr_optimization_v4.0.30319_32 - ok 16:55:01.0190 1320 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:55:01.0206 1320 clr_optimization_v4.0.30319_64 - ok 16:55:01.0221 1320 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys 16:55:01.0237 1320 CmBatt - ok 16:55:01.0253 1320 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 16:55:01.0253 1320 cmdide - ok 16:55:01.0299 1320 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 16:55:01.0346 1320 CNG - ok 16:55:01.0346 1320 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys 16:55:01.0346 1320 Compbatt - ok 16:55:01.0346 1320 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 16:55:01.0377 1320 CompositeBus - ok 16:55:01.0377 1320 COMSysApp - ok 16:55:01.0377 1320 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 16:55:01.0393 1320 crcdisk - ok 16:55:01.0424 1320 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 16:55:01.0455 1320 CryptSvc - ok 16:55:01.0471 1320 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 16:55:01.0518 1320 DcomLaunch - ok 16:55:01.0549 1320 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 16:55:01.0580 1320 defragsvc - ok 16:55:01.0596 1320 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 16:55:01.0627 1320 DfsC - ok 16:55:01.0643 1320 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 16:55:01.0658 1320 Dhcp - ok 16:55:01.0674 1320 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 16:55:01.0705 1320 discache - ok 16:55:01.0705 1320 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 16:55:01.0721 1320 Disk - ok 16:55:01.0736 1320 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 16:55:01.0767 1320 Dnscache - ok 16:55:01.0783 1320 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 16:55:01.0814 1320 dot3svc - ok 16:55:01.0814 1320 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 16:55:01.0845 1320 DPS - ok 16:55:02.0001 1320 [ F4BEEE27ACAB429FB6FCAF8D29325A7D ] DraftSight API Service C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe 16:55:02.0017 1320 DraftSight API Service ( UnsignedFile.Multi.Generic ) - warning 16:55:02.0017 1320 DraftSight API Service - detected UnsignedFile.Multi.Generic (1) 16:55:02.0033 1320 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 16:55:02.0064 1320 drmkaud - ok 16:55:02.0095 1320 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 16:55:02.0126 1320 DXGKrnl - ok 16:55:02.0142 1320 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 16:55:02.0189 1320 EapHost - ok 16:55:02.0235 1320 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 16:55:02.0282 1320 ebdrv - ok 16:55:02.0313 1320 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 16:55:02.0329 1320 EFS - ok 16:55:02.0391 1320 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 16:55:02.0423 1320 ehRecvr - ok 16:55:02.0423 1320 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 16:55:02.0454 1320 ehSched - ok 16:55:02.0469 1320 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 16:55:02.0485 1320 elxstor - ok 16:55:02.0501 1320 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 16:55:02.0532 1320 ErrDev - ok 16:55:02.0547 1320 [ D182C5A0D436C8FD8C08A5424A3448FA ] EtronHub3 C:\windows\System32\Drivers\EtronHub3.sys 16:55:02.0563 1320 EtronHub3 - ok 16:55:02.0563 1320 [ CAD747ACEB8E693B3D92613655602219 ] EtronXHCI C:\windows\System32\Drivers\EtronXHCI.sys 16:55:02.0594 1320 EtronXHCI - ok 16:55:02.0657 1320 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 16:55:02.0703 1320 EventSystem - ok 16:55:02.0719 1320 ew_usbenumfilter - ok 16:55:02.0719 1320 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 16:55:02.0750 1320 exfat - ok 16:55:02.0766 1320 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 16:55:02.0797 1320 Fax - ok 16:55:02.0844 1320 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 16:55:02.0875 1320 fdc - ok 16:55:02.0891 1320 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 16:55:02.0937 1320 fdPHost - ok 16:55:02.0937 1320 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 16:55:02.0969 1320 FDResPub - ok 16:55:02.0984 1320 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 16:55:03.0000 1320 FileInfo - ok 16:55:03.0000 1320 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 16:55:03.0031 1320 Filetrace - ok 16:55:03.0047 1320 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 16:55:03.0047 1320 flpydisk - ok 16:55:03.0062 1320 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 16:55:03.0078 1320 FltMgr - ok 16:55:03.0140 1320 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 16:55:03.0187 1320 FontCache - ok 16:55:03.0218 1320 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:55:03.0234 1320 FontCache3.0.0.0 - ok 16:55:03.0249 1320 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 16:55:03.0265 1320 FsDepends - ok 16:55:03.0281 1320 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys 16:55:03.0296 1320 fssfltr - ok 16:55:03.0359 1320 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 16:55:03.0405 1320 fsssvc - ok 16:55:03.0437 1320 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 16:55:03.0452 1320 Fs_Rec - ok 16:55:03.0468 1320 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 16:55:03.0499 1320 fvevol - ok 16:55:03.0515 1320 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 16:55:03.0530 1320 gagp30kx - ok 16:55:03.0561 1320 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 16:55:03.0593 1320 gpsvc - ok 16:55:03.0624 1320 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\windows\system32\drivers\hardlock.sys 16:55:03.0671 1320 hardlock - ok 16:55:03.0671 1320 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 16:55:03.0686 1320 hcw85cir - ok 16:55:03.0702 1320 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 16:55:03.0717 1320 HdAudAddService - ok 16:55:03.0733 1320 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 16:55:03.0733 1320 HDAudBus - ok 16:55:03.0733 1320 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 16:55:03.0749 1320 HidBatt - ok 16:55:03.0764 1320 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 16:55:03.0780 1320 HidBth - ok 16:55:03.0795 1320 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 16:55:03.0795 1320 HidIr - ok 16:55:03.0811 1320 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 16:55:03.0873 1320 hidserv - ok 16:55:03.0873 1320 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 16:55:03.0889 1320 HidUsb - ok 16:55:03.0920 1320 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 16:55:03.0951 1320 hkmsvc - ok 16:55:03.0967 1320 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 16:55:03.0983 1320 HomeGroupListener - ok 16:55:03.0998 1320 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 16:55:04.0014 1320 HomeGroupProvider - ok 16:55:04.0029 1320 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 16:55:04.0029 1320 HpSAMD - ok 16:55:04.0045 1320 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 16:55:04.0092 1320 HTTP - ok 16:55:04.0092 1320 huawei_cdcacm - ok 16:55:04.0092 1320 huawei_enumerator - ok 16:55:04.0107 1320 huawei_ext_ctrl - ok 16:55:04.0107 1320 huawei_wwanecm - ok 16:55:04.0107 1320 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 16:55:04.0123 1320 hwpolicy - ok 16:55:04.0123 1320 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 16:55:04.0139 1320 i8042prt - ok 16:55:04.0139 1320 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\windows\system32\drivers\iaStor.sys 16:55:04.0154 1320 iaStor - ok 16:55:04.0170 1320 [ DB81EDC524A0F07FC2BD0B7415676528 ] iaStorA C:\windows\system32\drivers\iaStorA.sys 16:55:04.0185 1320 iaStorA - ok 16:55:04.0232 1320 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 16:55:04.0232 1320 IAStorDataMgrSvc - ok 16:55:04.0248 1320 [ 4621FAE7D3C969A1E84A2790D88FCCDE ] iaStorF C:\windows\system32\drivers\iaStorF.sys 16:55:04.0263 1320 iaStorF - ok 16:55:04.0279 1320 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 16:55:04.0295 1320 iaStorV - ok 16:55:04.0341 1320 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:55:04.0388 1320 idsvc - ok 16:55:04.0404 1320 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 16:55:04.0419 1320 iirsp - ok 16:55:04.0451 1320 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 16:55:04.0513 1320 IKEEXT - ok 16:55:04.0560 1320 [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 16:55:04.0622 1320 IntcAzAudAddService - ok 16:55:04.0622 1320 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 16:55:04.0638 1320 intelide - ok 16:55:04.0638 1320 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 16:55:04.0653 1320 intelppm - ok 16:55:04.0669 1320 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 16:55:04.0716 1320 IPBusEnum - ok 16:55:04.0716 1320 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 16:55:04.0731 1320 IpFilterDriver - ok 16:55:04.0763 1320 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 16:55:04.0809 1320 iphlpsvc - ok 16:55:04.0809 1320 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 16:55:04.0825 1320 IPMIDRV - ok 16:55:04.0825 1320 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 16:55:04.0872 1320 IPNAT - ok 16:55:04.0872 1320 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 16:55:04.0887 1320 IRENUM - ok 16:55:04.0903 1320 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 16:55:04.0919 1320 isapnp - ok 16:55:04.0919 1320 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 16:55:04.0934 1320 iScsiPrt - ok 16:55:04.0934 1320 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 16:55:04.0950 1320 kbdclass - ok 16:55:04.0950 1320 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 16:55:04.0965 1320 kbdhid - ok 16:55:04.0981 1320 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 16:55:04.0981 1320 KeyIso - ok 16:55:05.0012 1320 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 16:55:05.0043 1320 KSecDD - ok 16:55:05.0059 1320 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 16:55:05.0075 1320 KSecPkg - ok 16:55:05.0090 1320 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 16:55:05.0137 1320 ksthunk - ok 16:55:05.0153 1320 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 16:55:05.0199 1320 KtmRm - ok 16:55:05.0215 1320 [ 173666119D217E3739205C169E2BF0E5 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys 16:55:05.0215 1320 L1C - ok 16:55:05.0246 1320 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 16:55:05.0277 1320 LanmanServer - ok 16:55:05.0293 1320 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 16:55:05.0340 1320 LanmanWorkstation - ok 16:55:05.0340 1320 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 16:55:05.0371 1320 lltdio - ok 16:55:05.0387 1320 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 16:55:05.0418 1320 lltdsvc - ok 16:55:05.0433 1320 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 16:55:05.0465 1320 lmhosts - ok 16:55:05.0496 1320 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 16:55:05.0496 1320 LSI_FC - ok 16:55:05.0511 1320 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 16:55:05.0511 1320 LSI_SAS - ok 16:55:05.0527 1320 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 16:55:05.0527 1320 LSI_SAS2 - ok 16:55:05.0543 1320 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 16:55:05.0543 1320 LSI_SCSI - ok 16:55:05.0543 1320 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 16:55:05.0574 1320 luafv - ok 16:55:05.0605 1320 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 16:55:05.0621 1320 Mcx2Svc - ok 16:55:05.0621 1320 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 16:55:05.0636 1320 megasas - ok 16:55:05.0636 1320 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 16:55:05.0652 1320 MegaSR - ok 16:55:05.0808 1320 Microsoft SharePoint Workspace Audit Service - ok 16:55:05.0839 1320 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 16:55:05.0886 1320 MMCSS - ok 16:55:05.0901 1320 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 16:55:05.0933 1320 Modem - ok 16:55:05.0933 1320 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 16:55:05.0948 1320 monitor - ok 16:55:05.0948 1320 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 16:55:05.0964 1320 mouclass - ok 16:55:05.0964 1320 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 16:55:05.0979 1320 mouhid - ok 16:55:05.0979 1320 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 16:55:05.0995 1320 mountmgr - ok 16:55:06.0026 1320 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:55:06.0042 1320 MozillaMaintenance - ok 16:55:06.0073 1320 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 16:55:06.0104 1320 mpio - ok 16:55:06.0104 1320 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 16:55:06.0135 1320 mpsdrv - ok 16:55:06.0167 1320 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 16:55:06.0213 1320 MpsSvc - ok 16:55:06.0213 1320 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 16:55:06.0229 1320 MRxDAV - ok 16:55:06.0229 1320 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 16:55:06.0260 1320 mrxsmb - ok 16:55:06.0276 1320 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 16:55:06.0291 1320 mrxsmb10 - ok 16:55:06.0338 1320 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 16:55:06.0354 1320 mrxsmb20 - ok 16:55:06.0369 1320 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 16:55:06.0385 1320 msahci - ok 16:55:06.0385 1320 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 16:55:06.0401 1320 msdsm - ok 16:55:06.0416 1320 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 16:55:06.0447 1320 MSDTC - ok 16:55:06.0447 1320 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 16:55:06.0494 1320 Msfs - ok 16:55:06.0494 1320 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 16:55:06.0525 1320 mshidkmdf - ok 16:55:06.0541 1320 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 16:55:06.0557 1320 msisadrv - ok 16:55:06.0603 1320 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 16:55:06.0650 1320 MSiSCSI - ok 16:55:06.0650 1320 msiserver - ok 16:55:06.0650 1320 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 16:55:06.0681 1320 MSKSSRV - ok 16:55:06.0681 1320 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 16:55:06.0728 1320 MSPCLOCK - ok 16:55:06.0728 1320 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 16:55:06.0744 1320 MSPQM - ok 16:55:06.0759 1320 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 16:55:06.0775 1320 MsRPC - ok 16:55:06.0822 1320 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 16:55:06.0837 1320 mssmbios - ok 16:55:06.0931 1320 MSSQL$EULANDA - ok 16:55:07.0009 1320 [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 16:55:07.0025 1320 MSSQLServerADHelper100 - ok 16:55:07.0040 1320 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 16:55:07.0087 1320 MSTEE - ok 16:55:07.0103 1320 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 16:55:07.0103 1320 MTConfig - ok 16:55:07.0134 1320 [ EA42B8682687C77E25F0023691D86D42 ] multikey C:\windows\system32\DRIVERS\multikey.sys 16:55:07.0149 1320 multikey - ok 16:55:07.0181 1320 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 16:55:07.0181 1320 Mup - ok 16:55:07.0243 1320 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 16:55:07.0305 1320 napagent - ok 16:55:07.0321 1320 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 16:55:07.0337 1320 NativeWifiP - ok 16:55:07.0383 1320 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 16:55:07.0399 1320 NDIS - ok 16:55:07.0446 1320 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 16:55:07.0493 1320 NdisCap - ok 16:55:07.0508 1320 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 16:55:07.0524 1320 NdisTapi - ok 16:55:07.0524 1320 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 16:55:07.0555 1320 Ndisuio - ok 16:55:07.0571 1320 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 16:55:07.0602 1320 NdisWan - ok 16:55:07.0602 1320 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 16:55:07.0633 1320 NDProxy - ok 16:55:07.0680 1320 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 16:55:07.0727 1320 NetBIOS - ok 16:55:07.0727 1320 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 16:55:07.0758 1320 NetBT - ok 16:55:07.0773 1320 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 16:55:07.0773 1320 Netlogon - ok 16:55:07.0805 1320 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 16:55:07.0836 1320 Netman - ok 16:55:07.0851 1320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:55:07.0867 1320 NetMsmqActivator - ok 16:55:07.0867 1320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:55:07.0867 1320 NetPipeActivator - ok 16:55:07.0883 1320 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 16:55:07.0914 1320 netprofm - ok 16:55:07.0914 1320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:55:07.0929 1320 NetTcpActivator - ok 16:55:07.0929 1320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:55:07.0929 1320 NetTcpPortSharing - ok 16:55:07.0945 1320 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 16:55:07.0961 1320 nfrd960 - ok 16:55:07.0992 1320 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 16:55:08.0007 1320 NlaSvc - ok 16:55:08.0023 1320 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 16:55:08.0039 1320 Npfs - ok 16:55:08.0054 1320 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 16:55:08.0085 1320 nsi - ok 16:55:08.0085 1320 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 16:55:08.0117 1320 nsiproxy - ok 16:55:08.0179 1320 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 16:55:08.0241 1320 Ntfs - ok 16:55:08.0273 1320 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 16:55:08.0288 1320 Null - ok 16:55:08.0304 1320 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 16:55:08.0304 1320 nvraid - ok 16:55:08.0319 1320 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 16:55:08.0319 1320 nvstor - ok 16:55:08.0335 1320 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 16:55:08.0335 1320 nv_agp - ok 16:55:08.0351 1320 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 16:55:08.0366 1320 ohci1394 - ok 16:55:08.0413 1320 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:55:08.0444 1320 ose - ok 16:55:08.0553 1320 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:55:08.0631 1320 osppsvc - ok 16:55:08.0647 1320 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 16:55:08.0678 1320 p2pimsvc - ok 16:55:08.0678 1320 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 16:55:08.0694 1320 p2psvc - ok 16:55:08.0725 1320 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 16:55:08.0741 1320 Parport - ok 16:55:08.0756 1320 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 16:55:08.0803 1320 partmgr - ok 16:55:08.0834 1320 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 16:55:08.0881 1320 PcaSvc - ok 16:55:08.0881 1320 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 16:55:08.0881 1320 pci - ok 16:55:08.0897 1320 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 16:55:08.0897 1320 pciide - ok 16:55:08.0928 1320 [ 28C9AF2398DA99BCCD647A44F838949B ] PciPPorts C:\windows\system32\DRIVERS\PciPPorts.sys 16:55:08.0959 1320 PciPPorts - ok 16:55:08.0990 1320 [ 443BCB6D87ACE6F3FCDC65B299DD3EB7 ] PciSPorts C:\windows\system32\DRIVERS\PciSPorts.sys 16:55:09.0037 1320 PciSPorts - ok 16:55:09.0053 1320 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 16:55:09.0084 1320 pcmcia - ok 16:55:09.0084 1320 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 16:55:09.0099 1320 pcw - ok 16:55:09.0177 1320 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe 16:55:09.0224 1320 PDF Architect Helper Service - ok 16:55:09.0287 1320 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe 16:55:09.0318 1320 PDF Architect Service - ok 16:55:09.0489 1320 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe 16:55:09.0521 1320 PDFProFiltSrvPP - ok 16:55:09.0552 1320 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 16:55:09.0614 1320 PEAUTH - ok 16:55:09.0645 1320 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 16:55:09.0677 1320 PerfHost - ok 16:55:09.0708 1320 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 16:55:09.0755 1320 pla - ok 16:55:09.0786 1320 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 16:55:09.0817 1320 PlugPlay - ok 16:55:09.0817 1320 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 16:55:09.0848 1320 PNRPAutoReg - ok 16:55:09.0848 1320 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 16:55:09.0879 1320 PNRPsvc - ok 16:55:09.0911 1320 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 16:55:09.0973 1320 PolicyAgent - ok 16:55:09.0973 1320 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 16:55:10.0004 1320 Power - ok 16:55:10.0035 1320 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 16:55:10.0067 1320 PptpMiniport - ok 16:55:10.0082 1320 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 16:55:10.0098 1320 Processor - ok 16:55:10.0129 1320 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 16:55:10.0160 1320 ProfSvc - ok 16:55:10.0176 1320 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 16:55:10.0176 1320 ProtectedStorage - ok 16:55:10.0238 1320 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 16:55:10.0285 1320 Psched - ok 16:55:10.0363 1320 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 16:55:10.0410 1320 ql2300 - ok 16:55:10.0425 1320 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 16:55:10.0441 1320 ql40xx - ok 16:55:10.0519 1320 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 16:55:10.0550 1320 QWAVE - ok 16:55:10.0566 1320 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 16:55:10.0581 1320 QWAVEdrv - ok 16:55:10.0597 1320 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 16:55:10.0613 1320 RasAcd - ok 16:55:10.0628 1320 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 16:55:10.0644 1320 RasAgileVpn - ok 16:55:10.0659 1320 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 16:55:10.0691 1320 RasAuto - ok 16:55:10.0706 1320 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 16:55:10.0737 1320 Rasl2tp - ok 16:55:10.0753 1320 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 16:55:10.0784 1320 RasMan - ok 16:55:10.0800 1320 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 16:55:10.0831 1320 RasPppoe - ok 16:55:10.0831 1320 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 16:55:10.0862 1320 RasSstp - ok 16:55:10.0878 1320 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 16:55:10.0909 1320 rdbss - ok 16:55:10.0909 1320 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 16:55:10.0925 1320 rdpbus - ok 16:55:10.0940 1320 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 16:55:10.0956 1320 RDPCDD - ok 16:55:10.0956 1320 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 16:55:11.0003 1320 RDPENCDD - ok 16:55:11.0003 1320 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 16:55:11.0018 1320 RDPREFMP - ok 16:55:11.0065 1320 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 16:55:11.0081 1320 RDPWD - ok 16:55:11.0112 1320 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 16:55:11.0143 1320 rdyboost - ok 16:55:11.0205 1320 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 16:55:11.0237 1320 RemoteAccess - ok 16:55:11.0268 1320 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 16:55:11.0299 1320 RemoteRegistry - ok 16:55:11.0315 1320 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 16:55:11.0346 1320 RpcEptMapper - ok 16:55:11.0361 1320 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 16:55:11.0377 1320 RpcLocator - ok 16:55:11.0393 1320 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 16:55:11.0424 1320 RpcSs - ok 16:55:11.0471 1320 [ C606C5F712A3761896CEFFA4AF6B1268 ] RsFx0151 C:\windows\system32\DRIVERS\RsFx0151.sys 16:55:11.0486 1320 RsFx0151 - ok 16:55:11.0502 1320 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 16:55:11.0549 1320 rspndr - ok 16:55:11.0564 1320 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 16:55:11.0564 1320 SamSs - ok 16:55:11.0564 1320 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 16:55:11.0580 1320 sbp2port - ok 16:55:11.0595 1320 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 16:55:11.0627 1320 SCardSvr - ok 16:55:11.0627 1320 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 16:55:11.0658 1320 scfilter - ok 16:55:11.0689 1320 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 16:55:11.0736 1320 Schedule - ok 16:55:11.0751 1320 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 16:55:11.0767 1320 SCPolicySvc - ok 16:55:11.0783 1320 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 16:55:11.0814 1320 SDRSVC - ok 16:55:11.0876 1320 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\A.Schattke\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe 16:55:11.0907 1320 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning 16:55:11.0907 1320 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1) 16:55:11.0907 1320 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 16:55:11.0970 1320 secdrv - ok 16:55:11.0985 1320 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 16:55:12.0032 1320 seclogon - ok 16:55:12.0048 1320 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 16:55:12.0079 1320 SENS - ok 16:55:12.0079 1320 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 16:55:12.0095 1320 SensrSvc - ok 16:55:12.0126 1320 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys 16:55:12.0141 1320 Serenum - ok 16:55:12.0141 1320 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 16:55:12.0173 1320 Serial - ok 16:55:12.0173 1320 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 16:55:12.0204 1320 sermouse - ok 16:55:12.0204 1320 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 16:55:12.0235 1320 SessionEnv - ok 16:55:12.0251 1320 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 16:55:12.0251 1320 sffdisk - ok 16:55:12.0251 1320 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 16:55:12.0266 1320 sffp_mmc - ok 16:55:12.0266 1320 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 16:55:12.0282 1320 sffp_sd - ok 16:55:12.0282 1320 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 16:55:12.0297 1320 sfloppy - ok 16:55:12.0360 1320 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 16:55:12.0407 1320 SharedAccess - ok 16:55:12.0453 1320 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 16:55:12.0516 1320 ShellHWDetection - ok 16:55:12.0516 1320 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 16:55:12.0531 1320 SiSRaid2 - ok 16:55:12.0531 1320 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 16:55:12.0547 1320 SiSRaid4 - ok 16:55:12.0547 1320 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 16:55:12.0578 1320 Smb - ok 16:55:12.0594 1320 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 16:55:12.0609 1320 SNMPTRAP - ok 16:55:12.0609 1320 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 16:55:12.0609 1320 spldr - ok 16:55:12.0641 1320 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 16:55:12.0656 1320 Spooler - ok 16:55:12.0703 1320 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 16:55:12.0781 1320 sppsvc - ok 16:55:12.0828 1320 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 16:55:12.0875 1320 sppuinotify - ok 16:55:12.0968 1320 [ 3420E0482AD95120B471B7328A8D7D08 ] SQLAgent$EULANDA C:\Program Files\Microsoft SQL Server\MSSQL10_50.EULANDA\MSSQL\Binn\SQLAGENT.EXE 16:55:12.0984 1320 SQLAgent$EULANDA - ok 16:55:13.0031 1320 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 16:55:13.0062 1320 SQLBrowser - ok 16:55:13.0093 1320 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 16:55:13.0109 1320 SQLWriter - ok 16:55:13.0124 1320 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 16:55:13.0171 1320 srv - ok 16:55:13.0187 1320 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 16:55:13.0202 1320 srv2 - ok 16:55:13.0218 1320 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 16:55:13.0233 1320 srvnet - ok 16:55:13.0296 1320 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 16:55:13.0343 1320 SSDPSRV - ok 16:55:13.0343 1320 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 16:55:13.0374 1320 SstpSvc - ok 16:55:13.0374 1320 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 16:55:13.0374 1320 stexstor - ok 16:55:13.0405 1320 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys 16:55:13.0436 1320 StillCam - ok 16:55:13.0452 1320 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 16:55:13.0467 1320 stisvc - ok 16:55:13.0467 1320 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys 16:55:13.0483 1320 swenum - ok 16:55:13.0499 1320 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 16:55:13.0530 1320 swprv - ok 16:55:13.0561 1320 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 16:55:13.0592 1320 SysMain - ok 16:55:13.0592 1320 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 16:55:13.0608 1320 TabletInputService - ok 16:55:13.0608 1320 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 16:55:13.0655 1320 TapiSrv - ok 16:55:13.0655 1320 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 16:55:13.0686 1320 TBS - ok 16:55:13.0733 1320 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 16:55:13.0764 1320 Tcpip - ok 16:55:13.0779 1320 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 16:55:13.0811 1320 TCPIP6 - ok 16:55:13.0826 1320 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 16:55:13.0842 1320 tcpipreg - ok 16:55:13.0889 1320 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 16:55:13.0904 1320 TDPIPE - ok 16:55:13.0951 1320 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 16:55:13.0967 1320 TDTCP - ok 16:55:13.0967 1320 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 16:55:13.0998 1320 tdx - ok 16:55:14.0013 1320 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys 16:55:14.0013 1320 TermDD - ok 16:55:14.0045 1320 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 16:55:14.0076 1320 TermService - ok 16:55:14.0076 1320 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 16:55:14.0091 1320 Themes - ok 16:55:14.0123 1320 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 16:55:14.0138 1320 THREADORDER - ok 16:55:14.0154 1320 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 16:55:14.0185 1320 TrkWks - ok 16:55:14.0216 1320 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 16:55:14.0247 1320 TrustedInstaller - ok 16:55:14.0247 1320 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 16:55:14.0279 1320 tssecsrv - ok 16:55:14.0294 1320 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 16:55:14.0310 1320 TsUsbFlt - ok 16:55:14.0310 1320 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 16:55:14.0325 1320 TsUsbGD - ok 16:55:14.0325 1320 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 16:55:14.0357 1320 tunnel - ok 16:55:14.0357 1320 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 16:55:14.0372 1320 uagp35 - ok 16:55:14.0388 1320 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 16:55:14.0419 1320 udfs - ok 16:55:14.0435 1320 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 16:55:14.0450 1320 UI0Detect - ok 16:55:14.0450 1320 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 16:55:14.0466 1320 uliagpkx - ok 16:55:14.0466 1320 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 16:55:14.0497 1320 umbus - ok 16:55:14.0497 1320 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 16:55:14.0513 1320 UmPass - ok 16:55:14.0513 1320 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 16:55:14.0559 1320 upnphost - ok 16:55:14.0575 1320 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 16:55:14.0606 1320 usbccgp - ok 16:55:14.0606 1320 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 16:55:14.0622 1320 usbcir - ok 16:55:14.0622 1320 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 16:55:14.0637 1320 usbehci - ok 16:55:14.0653 1320 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys 16:55:14.0669 1320 usbhub - ok 16:55:14.0669 1320 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 16:55:14.0684 1320 usbohci - ok 16:55:14.0684 1320 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 16:55:14.0700 1320 usbprint - ok 16:55:14.0731 1320 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 16:55:14.0747 1320 USBSTOR - ok 16:55:14.0747 1320 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 16:55:14.0762 1320 usbuhci - ok 16:55:14.0778 1320 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 16:55:14.0825 1320 UxSms - ok 16:55:14.0825 1320 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 16:55:14.0840 1320 VaultSvc - ok 16:55:14.0840 1320 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 16:55:14.0840 1320 vdrvroot - ok 16:55:14.0856 1320 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 16:55:14.0887 1320 vds - ok 16:55:14.0887 1320 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 16:55:14.0903 1320 vga - ok 16:55:14.0903 1320 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 16:55:14.0934 1320 VgaSave - ok 16:55:14.0949 1320 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 16:55:14.0965 1320 vhdmp - ok 16:55:14.0981 1320 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 16:55:14.0981 1320 viaide - ok 16:55:14.0996 1320 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 16:55:14.0996 1320 volmgr - ok 16:55:15.0012 1320 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 16:55:15.0027 1320 volmgrx - ok 16:55:15.0027 1320 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 16:55:15.0043 1320 volsnap - ok 16:55:15.0043 1320 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 16:55:15.0059 1320 vsmraid - ok 16:55:15.0074 1320 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 16:55:15.0121 1320 VSS - ok 16:55:15.0137 1320 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 16:55:15.0152 1320 vwifibus - ok 16:55:15.0168 1320 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 16:55:15.0183 1320 vwififlt - ok 16:55:15.0199 1320 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 16:55:15.0230 1320 W32Time - ok 16:55:15.0246 1320 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 16:55:15.0246 1320 WacomPen - ok 16:55:15.0261 1320 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 16:55:15.0293 1320 WANARP - ok 16:55:15.0308 1320 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 16:55:15.0324 1320 Wanarpv6 - ok 16:55:15.0355 1320 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 16:55:15.0386 1320 wbengine - ok 16:55:15.0402 1320 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 16:55:15.0417 1320 WbioSrvc - ok 16:55:15.0433 1320 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 16:55:15.0449 1320 wcncsvc - ok 16:55:15.0449 1320 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 16:55:15.0464 1320 WcsPlugInService - ok 16:55:15.0495 1320 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 16:55:15.0495 1320 Wd - ok 16:55:15.0542 1320 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 16:55:15.0589 1320 Wdf01000 - ok 16:55:15.0605 1320 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 16:55:15.0636 1320 WdiServiceHost - ok 16:55:15.0636 1320 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 16:55:15.0651 1320 WdiSystemHost - ok 16:55:15.0667 1320 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 16:55:15.0683 1320 WebClient - ok 16:55:15.0698 1320 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 16:55:15.0729 1320 Wecsvc - ok 16:55:15.0729 1320 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 16:55:15.0761 1320 wercplsupport - ok 16:55:15.0776 1320 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 16:55:15.0807 1320 WerSvc - ok 16:55:15.0807 1320 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 16:55:15.0839 1320 WfpLwf - ok 16:55:15.0839 1320 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 16:55:15.0839 1320 WIMMount - ok 16:55:15.0854 1320 WinDefend - ok 16:55:15.0854 1320 WinHttpAutoProxySvc - ok 16:55:15.0901 1320 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 16:55:15.0948 1320 Winmgmt - ok 16:55:15.0979 1320 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 16:55:16.0026 1320 WinRM - ok 16:55:16.0041 1320 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 16:55:16.0073 1320 Wlansvc - ok 16:55:16.0119 1320 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 16:55:16.0119 1320 wlcrasvc - ok 16:55:16.0182 1320 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:55:16.0244 1320 wlidsvc - ok 16:55:16.0260 1320 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 16:55:16.0275 1320 WmiAcpi - ok 16:55:16.0291 1320 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 16:55:16.0338 1320 wmiApSrv - ok 16:55:16.0353 1320 WMPNetworkSvc - ok 16:55:16.0369 1320 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 16:55:16.0385 1320 WPCSvc - ok 16:55:16.0385 1320 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 16:55:16.0416 1320 WPDBusEnum - ok 16:55:16.0416 1320 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 16:55:16.0463 1320 ws2ifsl - ok 16:55:16.0509 1320 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 16:55:16.0541 1320 wscsvc - ok 16:55:16.0572 1320 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys 16:55:16.0587 1320 WSDPrintDevice - ok 16:55:16.0619 1320 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys 16:55:16.0634 1320 WSDScan - ok 16:55:16.0634 1320 WSearch - ok 16:55:16.0697 1320 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 16:55:16.0728 1320 wuauserv - ok 16:55:16.0743 1320 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 16:55:16.0790 1320 WudfPf - ok 16:55:16.0790 1320 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 16:55:16.0821 1320 WUDFRd - ok 16:55:16.0884 1320 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 16:55:16.0931 1320 wudfsvc - ok 16:55:16.0946 1320 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 16:55:16.0977 1320 WwanSvc - ok 16:55:16.0977 1320 ================ Scan global =============================== 16:55:17.0180 1320 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 16:55:17.0227 1320 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 16:55:17.0243 1320 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 16:55:17.0258 1320 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 16:55:17.0274 1320 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 16:55:17.0289 1320 [Global] - ok 16:55:17.0289 1320 ================ Scan MBR ================================== 16:55:17.0305 1320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:55:17.0523 1320 \Device\Harddisk0\DR0 - ok 16:55:17.0523 1320 ================ Scan VBR ================================== 16:55:17.0523 1320 [ 1B78DBBDE2E3F405F05B181172D54F77 ] \Device\Harddisk0\DR0\Partition1 16:55:17.0523 1320 \Device\Harddisk0\DR0\Partition1 - ok 16:55:17.0555 1320 [ 1007BE0C2AB7E446FE506472382CD5D9 ] \Device\Harddisk0\DR0\Partition2 16:55:17.0555 1320 \Device\Harddisk0\DR0\Partition2 - ok 16:55:17.0555 1320 ============================================================ 16:55:17.0555 1320 Scan finished 16:55:17.0555 1320 ============================================================ 16:55:17.0570 1124 Detected object count: 3 16:55:17.0570 1124 Actual detected object count: 3 16:55:36.0431 1124 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 16:55:36.0431 1124 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:55:36.0431 1124 DraftSight API Service ( UnsignedFile.Multi.Generic ) - skipped by user 16:55:36.0431 1124 DraftSight API Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:55:36.0431 1124 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user 16:55:36.0431 1124 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
11.01.2013, 16:57
| #8 | |
| /// Malware-holic | Ukash Trojaner gefunden Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 17:10
| #9 |
| | Ukash Trojaner gefunden Ok ComboFix ist durch. Zu dem USB Stick, es klappt mit keinen USB Stick. An einem anderen PC funktioniert es einwandfrei. ComboFix Log: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-11.01 - A.Schattke 11.01.2013 17:02:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8175.6162 [GMT 1:00]
ausgeführt von:: c:\users\A.Schattke\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\users\A.Schattke\AppData\Roaming\1&1
c:\users\A.Schattke\AppData\Roaming\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\users\A.Schattke\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml
c:\users\A.Schattke\AppData\Roaming\siw_sdk.dll
c:\windows\SysWow64\ChilkatMail_v7_9.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-11 bis 2013-01-11 ))))))))))))))))))))))))))))))
.
.
2013-01-11 16:05 . 2013-01-11 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 15:03 . 2013-01-11 15:03 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2013-01-11 15:03 . 2013-01-11 15:03 -------- d-----w- C:\_OTL
2013-01-11 11:34 . 2013-01-11 11:34 -------- d-----w- C:\found.000
2013-01-10 11:48 . 2013-01-10 11:48 -------- d-----w- c:\users\A.Schattke\AppData\Local\CrashRpt
2013-01-10 11:48 . 2013-01-10 11:48 -------- d-----w- c:\users\A.Schattke\AppData\Roaming\DraftSight
2013-01-10 11:48 . 2013-01-10 11:48 -------- d-----w- c:\programdata\Dassault Systemes
2013-01-10 11:48 . 2013-01-10 11:48 -------- d-----w- c:\program files (x86)\Dassault Systemes
2013-01-10 11:43 . 2013-01-10 11:43 -------- d-----w- c:\program files (x86)\LibreCAD
2013-01-10 11:30 . 2013-01-10 11:30 -------- d-----w- c:\users\A.Schattke\AppData\Local\Autodesk
2013-01-10 11:29 . 2013-01-10 11:51 -------- d-----w- c:\programdata\Autodesk
2013-01-10 11:20 . 2013-01-10 11:51 -------- d-----w- c:\program files (x86)\Autodesk
2013-01-10 11:20 . 2013-01-10 11:37 -------- d-----w- c:\users\A.Schattke\AppData\Roaming\Autodesk
2013-01-04 10:53 . 2013-01-04 10:53 -------- d-----w- c:\programdata\HitmanPro
2012-12-21 09:29 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 09:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 09:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 09:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 14:33 . 2013-01-11 14:38 -------- d-----w- c:\users\A.Schattke\AppData\Local\Vidalia
2012-12-13 06:56 . 2012-12-13 07:11 -------- d-----w- c:\program files (x86)\Vidalia Bridge Bundle
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 15:27 . 2012-01-09 13:20 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 08:17 . 2012-10-30 17:40 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:17 . 2012-10-30 17:40 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 08:20 . 2004-06-15 10:03 27648 ----a-w- c:\windows\SysWow64\Lclic32.dll
2012-12-11 14:23 . 2012-10-30 19:53 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 14:23 . 2012-10-30 19:53 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-30 04:45 . 2013-01-09 07:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-26 15:24 . 2012-11-26 15:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-26 15:24 . 2012-11-26 15:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-26 15:24 . 2012-11-26 15:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-26 15:20 . 2012-11-26 15:20 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-26 15:20 . 2012-11-26 15:20 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-26 15:20 . 2012-11-26 15:20 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-26 15:20 . 2012-11-26 15:20 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-26 15:20 . 2012-11-26 15:20 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-26 15:20 . 2012-11-26 15:20 188904 ----a-w- c:\windows\system32\java.exe
2012-11-20 13:50 . 2012-11-20 11:06 68608 ----a-w- c:\windows\system32\drivers\multikey.sys
2012-11-14 07:06 . 2012-12-12 15:09 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 15:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 15:09 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 15:09 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 15:09 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 15:09 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 15:09 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 15:09 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 15:09 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 15:09 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 15:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 15:09 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 15:09 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 15:09 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 15:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 15:09 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 15:09 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 15:09 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 15:09 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 15:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 15:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 15:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 14:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 14:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-05 17:07 . 2012-11-05 17:07 1486688 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-11-05 17:07 . 2012-11-05 17:07 1486688 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-11-02 05:59 . 2012-12-12 14:26 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 14:26 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-28 17:32 . 2012-12-03 15:45 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2012-10-28 12:21 . 2012-10-30 21:47 5567952 ----a-w- c:\users\Public\siw-setup_2011_1029p.exe
2012-10-17 01:31 . 2012-10-30 17:44 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{903C4BDA-8A43-4561-8030-577E2C4F53FD}\mpengine.dll
2012-10-16 08:38 . 2012-11-28 06:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:03 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-22 16:05 91784 ----a-w- c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-19 01:26 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-11-22 731784]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-19 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 360448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IML.lnk - c:\windows\System32\iml.vbs [2010-5-21 4472]
IML64.lnk - c:\windows\SysWOW64\iml.vbs [2010-5-21 4472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 multikey;Virtual USB MultiKey;c:\windows\system32\DRIVERS\multikey.sys [2012-11-20 68608]
R3 DraftSight API Service;DraftSight API Service;c:\program files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-01-24 78336]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2011-08-26 562456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 313696]
R4 SQLAgent$EULANDA;SQL Server Agent (EULANDA);c:\program files\Microsoft SQL Server\MSSQL10_50.EULANDA\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 431456]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2011-08-26 23832]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-11 565024]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 MSSQL$EULANDA;SQL Server (EULANDA);c:\program files\Microsoft SQL Server\MSSQL10_50.EULANDA\MSSQL\Binn\sqlservr.exe [2011-06-17 62111072]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\A.Schattke\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-11-07 40960]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2011-08-17 57088]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2011-08-17 80384]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
S3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2009-07-23 96768]
S3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [2008-12-19 122880]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 21186624
*Deregistered* - 21186624
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 08:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"Ocs_SM"="c:\users\A.Schattke\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-11-07 106496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ams-elektronik.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=b89e9eee-c17f-4e31-8062-fae3b6b11c05&apn_ptnrs=%5EAGS&apn_sauid=E36C5DC9-1DCD-4B8B-B6B4-476941F23770&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2012-12-03 16:45; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2012-12-13 08:00; client@anonymox.net; c:\users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\extensions\client@anonymox.net.xpi
FF - ExtSQL: 2012-12-13 08:23; trackmenot@mrl.nyu.edu; c:\users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\extensions\trackmenot@mrl.nyu.edu.xpi
FF - ExtSQL: 2012-12-13 08:23; firefox@ghostery.com; c:\users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2013-01-02 09:28; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: !HIDDEN! 2012-11-07 15:19; firejump@firejump.net; c:\users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-XeroxRegistation - c:\users\A628F~1.SCH\AppData\Local\Temp\Xerox\EReg\EReg.exe
AddRemove-Hardlock Device Driver - c:\windows\System32\UNWISE.EXE
AddRemove-IMLock - c:\windows\System32\tnblf.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11 17:08:12
ComboFix-quarantined-files.txt 2013-01-11 16:08
.
Vor Suchlauf: 12 Verzeichnis(se), 808.776.761.344 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 808.483.352.576 Bytes frei
.
- - End Of File - - 747D41AC7270BDBC8DC66416ADFBFFE9
|
|
11.01.2013, 19:57
| #10 |
| /// Malware-holic | Ukash Trojaner gefunden malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.01.2013, 07:16
| #11 |
| | Ukash Trojaner gefunden Moin! Malwarebytes ist soweit durch. Ohne Funde! Zu der Sache mit den USB Stick, hängt das auch mit dem Trojaner zusammen? Weil ich absolut keine Stick verwenden kann. Ich soll alle immer formatieren aber wenn ich das versuche, bekomme ich immer die Fehlermeldung das dieser Stick nicht formatiert werden kann. Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.12.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 A.Schattke :: KONSTRUKTION-PC [Administrator] Schutz: Aktiviert 12.01.2013 20:55:03 mbam-log-2013-01-12 (20-55-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 802173 Laufzeit: 1 Stunde(n), 39 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
14.01.2013, 20:26
| #12 |
| /// Malware-holic | Ukash Trojaner gefunden ist das bei allen sticks so? laufen sie auf anderen PC's? lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 08:12
| #13 |
| | Ukash Trojaner gefunden Guten morgen Markusg, also mit dem USB Stick habe ich es hin bekommen, der musste komplett formtiert werden, damit der wieder unter windows 7 läuft. Ich weiß zwar nicht warum, denn bevor ich dieser Trojaner hatte, funktionierte es einwandfrei. Aber jetzt geht es wieder. Hier die Liste: 1&1 SmartFax 1&1 Internet AG 16.11.2012 2.00.224 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 unbekannt Adobe Reader X (10.1.5) MUI Adobe Systems Incorporated 10.01.2013 480MB 10.1.5 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 09.01.2012 22,7MB 3.0.851.0 unbekannt Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 09.01.2012 1.0.2.43 notwendig Avira Free Antivirus Avira 11.12.2012 124MB 13.0.0.2890 notwendig Avira SearchFree Toolbar plus Web Protection Ask.com 30.10.2012 10,2MB 1.15.10.0 unbekannt Avira SearchFree Toolbar plus Web Protection Updater Ask.com 30.10.2012 1.4.1.29781 unbekannt Brother MFL-Pro Suite MFC-J5910DW Brother Industries, Ltd. 31.10.2012 1.0.0.0 notwendig CCleaner Piriform 19.12.2012 3.26 notwendig Desktop Icon für Amazon 07.11.2012 1.0.1 (de) unnötig DraftSight Dassault Systemes 10.01.2013 183MB 8.4.274 notwendig EPLAN 5.70.3 EPLAN 29.11.2012 84,4MB 5.70.3 notwendig EPLAN Electric P8 2.1 EPLAN Software & Service 22.11.2012 32,2MB 2.1.4.5325 notwendig EPLAN Electric P8 2.2 EPLAN Software & Service GmbH & Co. KG 12.12.2012 32,2MB 2.2.5.6338 notwendig EPLAN Electric P8 Addon 2.1 EPLAN Software & Service 22.11.2012 1,24GB 2.1.4.5325 notwendig EPLAN Electric P8 Data 2.2 EPLAN Software & Service GmbH & Co. KG 12.12.2012 322MB 2.2.5.6338 notwendig EPLAN License Client EPLAN Software & Service GmbH & Co. KG 12.12.2012 58,0MB 9.1.10.32500 notwendig EPLAN Platform 2.1 EPLAN Software & Service 22.11.2012 340MB 2.1.4.5325 notwendig EPLAN Platform 2.2 EPLAN Software & Service GmbH & Co. KG 12.12.2012 411MB 2.2.5.6338 notwendig EPLAN Platform Addon 2.1 EPLAN Software & Service 22.11.2012 648MB 2.1.4.5325 notwendig EPLAN Platform Data 2.2 EPLAN Software & Service GmbH & Co. KG 12.12.2012 671MB 2.2.5.6338 notwendig Etron USB3.0 Host Controller Etron Technology 09.01.2012 5,23MB 0.105 unbekannt EULANDA EULANDA Software GmbH 30.10.2012 4.4.74.6200 notwendig FireJump FireJump.net 07.11.2012 4,28MB 1.0.2.5 unbekannt GIMP 2.8.2 The GIMP Team 28.11.2012 234MB 2.8.2 notwendig Hardlock Device Driver 29.11.2012 notwendig IM Lock Comvigo, Inc. 16.02.2012 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 16.02.2012 10.6.0.1002 unbekannt IrfanView (remove only) Irfan Skiljan 04.12.2012 2,00MB 4.35 unnötig Java 7 Update 9 Oracle 26.11.2012 128MB 7.0.90 unbekannt Java 7 Update 9 (64-bit) Oracle 26.11.2012 127MB 7.0.90 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 12.01.2013 18,4MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.01.2012 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.01.2012 2,93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 27.10.2012 51,9MB 4.0.30319 notwendig Microsoft Office 2010 Microsoft Corporation 09.01.2012 6,31MB 14.0.4763.1000 notwendig Microsoft Office Professional Plus 2010 Microsoft Corporation 01.11.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 31.10.2012 40,3MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 09.01.2012 1,69MB 3.1.0000 unbekannt Microsoft SQL Server 2008 R2 (64-bit) Microsoft Corporation 30.10.2012 unbekannt Microsoft SQL Server 2008 R2 Native Client Microsoft Corporation 30.10.2012 6,09MB 10.51.2500.0 unbekannt Microsoft SQL Server 2008 R2 Setup (English) Microsoft Corporation 30.10.2012 43,6MB 10.51.2500.0 unbekannt Microsoft SQL Server 2008 Setup Support Files Microsoft Corporation 30.10.2012 24,8MB 10.1.2731.0 unbekannt Microsoft SQL Server Browser Microsoft Corporation 30.10.2012 9,00MB 10.51.2500.0 unbekannt Microsoft SQL Server VSS Writer Microsoft Corporation 30.10.2012 3,60MB 10.51.2500.0 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.11.2012 300KB 8.0.56336 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 31.10.2012 618KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 09.01.2012 784KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 31.10.2012 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 01.11.2012 244KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.01.2012 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 31.10.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 01.11.2012 13,7MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 01.11.2012 16,5MB 10.0.40219 unbekannt Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 01.11.2012 unbekannt Mozilla Firefox 18.0 (x86 de) Mozilla 11.01.2013 43,2MB 18.0 notwendig Mozilla Maintenance Service Mozilla 11.01.2013 330KB 18.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 30.10.2012 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 30.10.2012 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 31.10.2012 1,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 01.11.2012 1,53MB 4.30.2114.0 unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09.01.2013 1,54MB 4.30.2117.0 unbekannt Nuance PaperPort 12 Nuance Communications, Inc. 31.10.2012 202MB 12.1.0000 unbekannt Nuance PDF Viewer Plus Nuance Communications, Inc 31.10.2012 38,0MB 5.30.3290 unbekannt PaperPort Image Printer 64-bit Nuance Communications, Inc. 31.10.2012 558KB 1.00.0001 unbekannt PC-Kaufmann Komplettpaket Pro 2012 Sage Software GmbH 05.11.2012 notwendig PDF Architect pdfforge 03.12.2012 93,2MB 1.0.41.8362 notwendig PDFCreator Frank Heindörfer, Philip Chinery 03.12.2012 1.6.0notwendig Preispilot für Firefox Preispilot 07.11.2012 1,75MB 2.0 unnötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.01.2012 6.0.1.6526 notwendig Recuva Piriform 14.11.2012 1.43 unbekannt Sage HBCI-Kontaktverwaltung Sage Software GmbH 05.11.2012 978KB 3.0 notwendig SearchAnonymizer 07.11.2012 1.0.1 (de) unbekannt SIW version 2011.10.29 Topala Software Solutions 30.10.2012 3,42MB 2011.10.29 unbekannt Windows Live Essentials Microsoft Corporation 09.01.2012 15.4.3508.1109 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 09.01.2012 5,57MB 15.4.5722.2 unbekannt WinRAR 4.20 (64-Bit) win.rar GmbH 01.11.2012 4.20.0 notwendig |
|
15.01.2013, 20:40
| #14 |
| /// Malware-holic | Ukash Trojaner gefunden deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Avira SearchFree : beide Desktop Icon FireJump IrfanView Java : beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Nuance : beide PaperPort Preispilot Recuva SearchAnonymizer SIW Windows Live : alle die, die du nicht nutzt. Öffne CCleaner, analysieren starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 09:20
| #15 |
| | Ukash Trojaner gefunden Moin Markusg, ich habe alles soweit deinstalliert bzw neu installiert. Hier die Textdatei: # AdwCleaner v2.105 - Datei am 16/01/2013 um 09:13:34 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : A.Schattke - KONSTRUKTION-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\A.Schattke\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\searchplugins\Askcom.xml Ordner Gefunden : C:\Program Files (x86)\SweetIM Ordner Gefunden : C:\ProgramData\SweetIM Ordner Gefunden : C:\Users\A.Schattke\AppData\Roaming\pdfforge Ordner Gefunden : C:\windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\SweetIM Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3 Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Schlüssel Gefunden : HKLM\Software\SweetIM Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKU\S-1-5-21-352515027-633855842-707027720-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={2CB2D577-5EF7-11E2-BFDD-50E549D577AE} [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={2CB2D577-5EF7-11E2-BFDD-50E549D577AE} -\\ Mozilla Firefox v18.0 (de) Datei : C:\Users\A.Schattke\AppData\Roaming\Mozilla\Firefox\Profiles\b2cdqmax.default\prefs.js Gefunden : user_pref("browser.search.order.1", "Ask.com"); Gefunden : user_pref("browser.search.selectedEngine", "Ask.com"); Gefunden : user_pref("extensions.toolbar@ask.com.install-event-fired", true); ************************* AdwCleaner[R1].txt - [7114 octets] - [16/01/2013 09:13:34] ########## EOF - C:\AdwCleaner[R1].txt - [7174 octets] ########## |
|
| Themen zu Ukash Trojaner gefunden |
| amerika, beste, besten, desktop, englisch, folge, folgendes, gelöscht, gesperrt, hallo zusammen, heute, langsam, meldung, morgen, problem, prozesse, rechner, schonmal, sehr langsam, system, taskmanager, troja, trojaner, windows, windows 7, zugreifen, zusammen |
Linear-Darstellung
