| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Rechner läuft aber noch)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.06.2013, 16:05
| #1 |
 |  GVU Trojaner (Rechner läuft aber noch) Hallo, ich habe mir den GVU-Trojaner eingefangen. Antivir hat gemeldet, dass irgendetwas auf meine registry zugreift und daher geblockt wird (den genauen Wortlaut habe ich nicht mehr im Kopf). Ich habe das mit OK bestätigt und sofort erschien der GVU-Bildschirm, aus dem man nicht mehr rauskommt. Ich habe dann mit Strg-Alt-Entf den Taskmanager aufgerufen, den IE beendet und den Rechner neu gestartet. Ohne Probleme, im ganz normalen Modus. Dann hat ein kompletter Scan mit Antivir noch folgende Dateien in Quarantäne geschickt: - TR/Dldr.Nymaim.B.69 - TR/Drop.Xpaj.A - EXP/CVE-2013-0431.EB Malwarebytes, AdwCleaner und Spyware Terminator brachten auch keine neuen Ergebnisse mehr. Dann bin ich auf dieses Board gestoßen und nachdem was ich gelesen habe, bin ich mir nicht sicher, dass mein Rechner clean ist. Der Scan mit Antivir kann ja wohl kaum die Lösung gewesen sein. Auf der anderen Seite funktioniert mein Rechner ohne Probleme. Es handelt sich übrigens um einen Dell XPS mit Windows 7/64bit. Wie soll ich nun weiter vorgehen? Viele Grüße und vielen Dank Vorab Ralf |
|
14.06.2013, 16:09
| #2 |
| /// Malware-holic   | GVU Trojaner (Rechner läuft aber noch) hi
__________________1. avira fundmeldungen mit pfadangabe posten http://www.trojaner-board.de/125889-...en-posten.html 2. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
14.06.2013, 16:19
| #3 |
| | GVU Trojaner (Rechner läuft aber noch) Hier kommt schon mal die Fundmeldung von avira:
__________________Typ: Datei Quelle: C:\Users\Keffi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d90297-7f016309 Status: Infiziert Quarantäne-Objekt: 1f0d2a59.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.12.60 Virendefinitionsdatei: 7.11.84.172 Meldung: EXP/CVE-2013-0431.EB Datum/Uhrzeit: 14.06.2013, 13:31 Typ: Datei Quelle: C:\Users\Keffi\Desktop\gemc.tmp Status: Infiziert Quarantäne-Objekt: 55fc5f45.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.12.60 Virendefinitionsdatei: 7.11.84.172 Meldung: TR/Dldr.Nymaim.B.69 Datum/Uhrzeit: 14.06.2013, 13:31 Typ: Datei Quelle: C:\Users\Keffi\AppData\Roaming\dbu32.ocx Status: Infiziert Quarantäne-Objekt: 4d6370df.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.12.60 Virendefinitionsdatei: 7.11.84.172 Meldung: TR/Drop.Xpaj.A Datum/Uhrzeit: 14.06.2013, 13:31 |
|
14.06.2013, 18:02
| #4 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) otl logs fehlen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 19:33
| #5 |
| | GVU Trojaner (Rechner läuft aber noch) Hier kommt der OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2013 17:43:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 52,62% Memory free 7,79 Gb Paging File | 5,81 Gb Available in Paging File | 74,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,01 Gb Total Space | 257,66 Gb Free Space | 57,13% Space Free | Partition Type: NTFS Drive D: | 528,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\XSManager\XSManager.exe (WebToGo Mobiles Internet GmbH) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\XSManager\WTGXMLUtil.dll () MOD - C:\Program Files (x86)\XSManager\WtgUtil.dll () MOD - C:\Program Files (x86)\XSManager\WTGSMSPCClient.Dll () MOD - C:\Program Files (x86)\XSManager\WtgPorts.dll () MOD - C:\Program Files (x86)\XSManager\WtgDriverInstall.dll () MOD - C:\Program Files (x86)\XSManager\WTGDriverInstallX.Dll () MOD - C:\Program Files (x86)\XSManager\WtgDetection.dll () MOD - C:\Program Files (x86)\XSManager\WtgDialup.dll () MOD - C:\Program Files (x86)\XSManager\WTGDebugs.dll () MOD - C:\Program Files (x86)\XSManager\WtgCore.dll () MOD - C:\Program Files (x86)\XSManager\WtgBluetooth.dll () MOD - C:\Program Files (x86)\XSManager\WtgDatabase.dll () MOD - C:\Program Files (x86)\XSManager\sqlite3.dll () MOD - C:\Program Files (x86)\XSManager\ToolKit.dll () MOD - C:\Program Files (x86)\XSManager\tinyxml.dll () MOD - C:\Program Files (x86)\XSManager\NDISDirectDial.dll () MOD - C:\Program Files (x86)\XSManager\LogModule.dll () MOD - C:\Program Files (x86)\XSManager\4GSystems_WTGSMSPCClientGer.dll () MOD - C:\Program Files (x86)\XSManager\4GSystems_OneClickAssistantGer.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DMAgent) -- C:\Programme\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.) SRV - (WiMAXAppSrv) -- C:\Programme\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation) SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (cmnuusbser) -- C:\Windows\SysNative\drivers\cmnuusbser.sys (Wireless Device) DRV:64bit: - (cmntnet) -- C:\Windows\SysNative\drivers\cmntnet.sys (Wireless Data Device) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation) DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation) DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation) DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB) DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB) DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{C7A9FA1A-647B-465A-AB18-22CABDF822E9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=784 IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes\{0E57A08F-892D-4C7A-B2FB-2781E80F4857}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes,DefaultScope = {00E96D5B-F401-46A8-9E2A-8AAC70D74E13} IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=784 IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{0E57A08F-892D-4C7A-B2FB-2781E80F4857}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{4D5E70C8-52C6-433A-AD89-4067A2B4F01E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c1207fde-90d1-4a55-a1ed-38d8a9c5e0ea&apn_sauid=C8E5CBB4-05A4-4F88-A3E2-84A30A3FA07C IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.10.16 17:23:29 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS [2011.03.27 16:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.27 16:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.03.21 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.05.01 22:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aumr8uax.default\extensions [2011.03.18 23:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\foz4gsfv.default\extensions [2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\aumr8uax.default\extensions\m2k@m2kdownloader.com.xpi [2011.03.18 23:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.19 20:01:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.03 20:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.03 20:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.03 20:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.03 20:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.03 20:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110315180916.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110315180916.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [] File not found O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent File not found O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB) O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1002..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE23362A-FE7B-462D-B778-E68A8955D32B}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94A5AC7-BB78-4D58-B170-23C310ADAA07}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1998.11.26 17:49:16 | 000,420,864 | R--- | M] () - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [1998.10.22 16:16:54 | 000,000,766 | R--- | M] () - D:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [1997.10.24 12:08:06 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{3f59daa2-2fdc-11e2-a236-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{3f59daa2-2fdc-11e2-a236-028037ec0200}\Shell\AutoRun\command - "" = E:\XSManagerinstallation.exe O33 - MountPoints2\{f6cbbf4d-5734-11e2-a147-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f6cbbf4d-5734-11e2-a147-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1998.11.26 17:49:16 | 000,420,864 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\PROGRA~2\DIGITA~1\DLG.exe - (Avanquest Software ) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) MsConfig:64bit - StartUpReg: Dell Registration - hkey= - key= - C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.) MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DellStage - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe () MsConfig:64bit - StartUpReg: DriverMax - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DriverMax_RESTART - hkey= - key= - File not found MsConfig:64bit - StartUpReg: emsisoft anti-malware - hkey= - key= - File not found MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) MsConfig:64bit - StartUpReg: MyTomTomSA.exe - hkey= - key= - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom) MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) MsConfig:64bit - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) MsConfig:64bit - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 17:21:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.14 13:55:03 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.06.14 13:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2013.06.14 13:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.06.14 13:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.06.14 13:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2013.06.12 00:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.06.11 23:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\imkn [2013.06.11 22:54:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Nikon [2013.06.01 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.06.01 21:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.05.25 19:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.25 19:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.05.24 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell [2013.05.23 21:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.05.23 21:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.05.21 21:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.20 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging [2013.05.20 14:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SilverFast Application [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.14 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.14 17:21:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.14 17:20:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.14 13:55:03 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.06.14 13:55:01 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.06.14 13:50:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 13:50:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 13:42:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.14 13:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 13:41:48 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 11:21:55 | 001,622,076 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.14 11:21:55 | 000,700,608 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.14 11:21:55 | 000,655,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.14 11:21:55 | 000,149,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.14 11:21:55 | 000,122,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.11 21:37:46 | 001,599,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.10 19:35:48 | 000,001,324 | ---- | M] () -- C:\Users\***\Desktop\SilverFast (32bit).lnk [2013.06.05 21:13:26 | 507,233,348 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.02 14:49:51 | 000,541,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.01 22:26:48 | 000,001,080 | ---- | M] () -- C:\Users\***\Desktop\Kyodai Mahjongg 2006.lnk [2013.05.23 22:08:44 | 000,000,608 | ---- | M] () -- C:\Windows\wiso.ini [2013.05.21 21:16:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.20 14:32:55 | 000,000,128 | -H-- | M] () -- C:\ProgramData\V93GE [2013.05.20 14:30:48 | 000,000,001 | -H-- | M] () -- C:\ProgramData\T23J7 [2013.05.15 19:15:36 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\XSManager.lnk [2013.05.15 19:15:32 | 000,123,904 | ---- | M] (Wireless Device) -- C:\Windows\SysNative\drivers\cmnuusbser.sys [2013.05.15 19:15:32 | 000,117,888 | ---- | M] (Mobile Connector) -- C:\Windows\SysNative\drivers\cmnsusbser.sys [2013.05.15 19:15:31 | 000,141,824 | ---- | M] (Wireless Data Device) -- C:\Windows\SysNative\drivers\cmntnet.sys [2013.05.15 19:15:31 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_netamd.sys [2013.05.15 19:15:31 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_seramd.sys [2013.05.15 19:15:31 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_net32.sys [2013.05.15 19:15:31 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_ser32.sys [2013.05.15 19:15:31 | 000,101,056 | ---- | M] () -- C:\Windows\SysNative\drivers\dvb_nova_12mhz_b0.inp [2013.05.15 19:15:31 | 000,092,456 | ---- | M] () -- C:\Windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp [2013.05.15 19:15:31 | 000,079,036 | ---- | M] () -- C:\Windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp [2013.05.15 19:15:31 | 000,063,648 | ---- | M] (Siano) -- C:\Windows\SysNative\drivers\smsbda.sys [2013.05.15 19:15:31 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\drivers\smsbda.cfg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.14 13:55:01 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.06.05 21:13:26 | 507,233,348 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.01 22:26:48 | 000,001,080 | ---- | C] () -- C:\Users\***\Desktop\Kyodai Mahjongg 2006.lnk [2013.06.01 21:49:55 | 000,001,521 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2013.06.01 21:49:45 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.06.01 21:46:11 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk [2013.05.20 14:30:48 | 000,000,001 | -H-- | C] () -- C:\ProgramData\T23J7 [2013.05.20 14:10:41 | 000,001,324 | ---- | C] () -- C:\Users\***\Desktop\SilverFast (32bit).lnk [2013.05.12 00:00:27 | 000,000,128 | -H-- | C] () -- C:\ProgramData\V93GE [2012.12.23 16:59:06 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.12.23 16:58:50 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.05.28 09:47:30 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2012.03.19 23:23:09 | 000,000,673 | ---- | C] () -- C:\Windows\wininit.ini [2012.03.19 23:01:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Echo [2012.03.19 23:01:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filters [2012.03.19 23:01:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Effects [2012.03.19 23:01:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flange Saw [2012.03.19 23:01:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library [2012.03.19 23:01:10 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filesystems [2012.03.19 22:59:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Distortion [2012.03.19 22:59:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Dance Kit [2012.03.19 22:47:31 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.02.09 22:54:03 | 000,001,453 | ---- | C] () -- C:\Windows\eReg.dat [2012.01.21 12:30:37 | 000,000,608 | ---- | C] () -- C:\Windows\wiso.ini [2011.06.25 19:43:53 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.06.25 14:43:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.25 14:43:52 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Drum Kits [2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Documents [2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Documentation [2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.03.19 22:34:23 | 000,006,656 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.28 09:30:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech [2012.01.21 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2013.06.01 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.04.20 08:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.03.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe Mediengruppe [2013.05.12 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LaserSoft Imaging [2011.03.18 23:03:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.03.20 23:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2012.06.01 00:32:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2013.04.15 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\metaspinner net GmbH [2012.03.19 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2012.01.31 22:49:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.04.11 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2011.11.22 23:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2011.03.20 13:29:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.05.24 17:43:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr [2012.06.02 14:33:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2012.09.02 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD [2012.06.14 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2013.06.14 13:55:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2012.12.20 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2013.05.03 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.06.14 12:34:22 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.03.16 01:24:47 | 000,000,000 | ---D | M] -- C:\apps [2013.06.11 22:54:47 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.06.25 14:38:09 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.18 22:59:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.16 03:20:46 | 000,000,000 | ---D | M] -- C:\Drivers [2011.03.16 00:54:20 | 000,000,000 | ---D | M] -- C:\Intel [2011.03.19 22:58:20 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.06.13 21:47:30 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.24 23:28:01 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.14 13:55:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.14 13:55:02 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.03.18 22:59:18 | 000,000,000 | -HSD | M] -- C:\Programme [2011.03.18 23:05:44 | 000,000,000 | -HSD | M] -- C:\System Recovery [2013.06.14 13:15:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.05.23 21:55:30 | 000,000,000 | ---D | M] -- C:\Temp [2012.05.28 09:28:50 | 000,000,000 | R--D | M] -- C:\Users [2013.06.05 21:13:26 | 000,000,000 | ---D | M] -- C:\Windows [2011.07.08 19:09:20 | 000,000,000 | ---D | M] -- C:\{BFFABDB7-DE96-4467-9C57-1BFDA39C34AF} < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.20 21:04:40 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.03.20 21:04:41 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.06.10 17:53:09 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\dell\drivers\R296901\f6flpy-x64\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys [2011.01.12 17:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\dell\drivers\R296901\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.14 18:20:15 | 004,718,592 | -HS- | M] () -- C:\Users\***\ntuser.dat [2013.06.14 18:20:15 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2011.03.18 22:59:30 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2 [2011.03.18 23:15:00 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.03.18 23:15:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.03.18 23:15:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.05.18 23:25:13 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TM.blf [2011.05.18 23:25:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2011.05.18 23:25:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2012.01.31 23:26:06 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TM.blf [2012.01.31 23:26:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2012.01.31 23:26:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2011.03.19 20:53:10 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TM.blf [2011.03.19 20:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2011.03.19 20:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2012.12.31 01:40:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TM.blf [2012.12.31 01:40:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TMContainer00000000000000000001.regtrans-ms [2012.12.31 01:40:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TMContainer00000000000000000002.regtrans-ms [2012.12.31 01:25:32 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TM.blf [2012.12.31 01:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TMContainer00000000000000000001.regtrans-ms [2012.12.31 01:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TMContainer00000000000000000002.regtrans-ms [2011.08.25 23:59:17 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TM.blf [2011.08.25 23:59:17 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2011.08.25 23:59:17 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2013.05.04 15:36:58 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TM.blf [2013.05.04 15:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TMContainer00000000000000000001.regtrans-ms [2013.05.04 15:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TMContainer00000000000000000002.regtrans-ms [2012.05.24 17:46:55 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TM.blf [2012.05.24 17:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2012.05.24 17:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2011.03.18 22:59:30 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
14.06.2013, 19:34
| #6 |
| | GVU Trojaner (Rechner läuft aber noch) ...und hier der Extras.TxtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 17:43:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 52,62% Memory free
7,79 Gb Paging File | 5,81 Gb Available in Paging File | 74,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 257,66 Gb Free Space | 57,13% Space Free | Partition Type: NTFS
Drive D: | 528,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F538EED-6C7A-4FBE-B5B1-42A8BC86581A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1BD478E7-7FA4-47AC-9634-5693D3EB676E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DB3269A-E4B9-4699-A4D1-44A41781C811}" = lport=10243 | protocol=6 | dir=in | app=system |
"{201F6BF0-1FE8-4B07-9227-F22B40C49B9E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2AD536BB-BB83-48B3-B516-97148808729F}" = lport=138 | protocol=17 | dir=in | app=system |
"{33A38BCB-64E7-4BC7-98F3-6CAD2ADA63B0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3C53AFF1-F8E1-436B-A641-204789521E68}" = lport=137 | protocol=17 | dir=in | app=system |
"{3FB0223E-4420-4717-B235-D429739A469D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF0E6DB-F523-488F-8ACF-160711892D79}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4EB56BB8-7085-4676-B478-1BE3BA826F50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{534E2D18-E326-4748-8E1C-B3E66325964B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59020B63-83DF-4EB3-A1E5-22E45125F9B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{664A4E65-EA30-4144-8C7F-21584C19B0E1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6798314F-6D39-488F-95A0-9F897A3BE144}" = lport=139 | protocol=6 | dir=in | app=system |
"{70CBE7FC-B4F6-418E-AE8B-7A5D830A4F00}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C6BF505-B5E7-43B0-AADB-539A3E2AF20C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EF24AED-1193-46C3-9EDF-685092FD11D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90670B08-CE4A-4C51-A4C8-2657103FD24B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{954415EC-FC41-4A34-9D84-3D6C3DB8CA02}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{99A27E93-5816-4FB9-AEA6-17B4F17BAA9D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A009D4C4-BF73-4243-AD00-7771AD084BA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A16BAECB-CC78-47B0-BC9E-DBD7B51F10EB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4E3AD81-3449-437A-A3EF-98D17D90F493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B20860FD-759D-4975-9390-50FE580A0745}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C283E3CC-43F8-453E-98FC-FBA2A3212A3F}" = rport=137 | protocol=17 | dir=out | app=system |
"{C39945D9-C2C0-457C-A6CC-DC4F90EA88DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C53A25BE-FE2B-44C2-BFD5-36312B05F658}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA9AD350-1F6A-4A7B-8BC9-2E57EFE1E3B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D75BC5CE-1CFA-40AF-8997-CDA5C3AC8769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E0AA6E6E-FCEB-425C-A7E2-D884C8373EED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E763C857-520A-45F2-B3AB-0A735093DF54}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E77C1253-C4C6-4DB0-819D-665974768733}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DB25BB-26E2-432F-BC22-3BC47D6C058E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{013BF48C-537A-417A-ACDC-D1FAFED5B905}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{04EE44EA-211C-40F6-8133-2D8021E12502}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{061ED317-7979-4B52-8B93-0EF1EBA35064}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{0AC16A85-062F-45D6-AB39-ABF3F5C2806C}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{0F7E582B-5645-4281-910B-C328B45B14C2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{100BBA64-3AC8-4E16-8837-42BD3FAB7670}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{1089EC81-C8A7-4FAA-B8F2-FAF0AAFFCFE9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1507DA49-E0EC-4A7B-A0DD-07C73CA32E7A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{19551EC2-3213-421F-8F0A-75D7B6A5AD86}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{19E3ECB3-AE0F-4A62-BBF5-6EBF4840FF4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CFFDEC4-4BD6-4310-9C94-5F31C0A378D7}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{222E6526-3B48-429B-9360-0BCDC1930FFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{232A00A0-FECF-4ED7-A530-63ABC9581780}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{2696D085-5234-4644-A33A-0AAD83C44F34}" = protocol=6 | dir=out | app=system |
"{27674F58-FED1-4001-8239-2D0C9409664F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2ADC9882-BA8E-4203-90BE-6C64D38B2495}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B893C89-D6DA-4E4C-9C79-95CE7973793E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2E944EAD-4F6E-4521-B7EA-AA81BB2E71AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{30F6A501-6781-46E8-AEC7-9FBA89F1A031}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{415DC2E7-D64A-443D-8E00-DDE8AB6EB3E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4337667E-5141-420F-A901-7F23B027BFDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{499382D7-7BCD-49CD-8E13-1F4DE8EA9FEC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DAA793E-7C18-4781-81A4-1C609EFBE784}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4DFCE73E-089F-4BA8-A4EE-1A18AAE6ABD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4E06582E-37A2-4339-950C-2B15C7F37BA8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5157130C-595C-4CEE-B2A2-EF69C1D85752}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{5A4D5F73-AB1C-4EE7-A84A-6B977E6989FC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{5CE49E59-A7DF-4247-8781-BF9665FF3E39}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{5D39E58A-F31E-411B-875B-7DCCA4CCC91A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EFA155D-910C-4D29-90BA-60009EB120AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{609DA841-BFBF-46AB-9FBB-4FB5A0AC520D}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{61A4F72A-A5A6-4275-BFAC-FD4262EB1DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{666DAE86-517D-49F4-8096-CD2B9E5B0453}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{68040292-2917-44CB-8451-FB326BA53C57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F2F18C9-84CA-471B-B6D5-862C85B2D421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E957BC7-0A5A-4996-95CF-A2ECA76EDCB0}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{852D0124-2AEF-4EDD-B9C1-9C055886DADB}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{857D8819-0CAF-4C4A-8DC0-E4FC55B0DD3E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{8629A484-03E4-427C-B85A-82CA5EC9305D}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{8D032D28-EE49-42F1-9E90-A698B8DCA5A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{964E364D-6D49-4601-A991-2EFEAA57A378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9947B5E9-0925-424A-AD90-081D0D4C9636}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{99934960-2039-4DC1-9F02-8AC02A045830}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{9CA9821A-0FF2-44AB-9007-4044E8C5FA85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DFB0822-C383-4733-9A73-D13A7B23F7AC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A2EAF6B9-13E1-4DE9-9470-89656CD20226}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A40E04AB-F58D-440B-828C-FD9F5E739581}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A61D5585-EE4F-4E62-832B-6228FCD2E5E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7B80CD5-425B-4A29-B223-FFFB9F17A8C3}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{A8FAF3F7-2D71-4124-AF16-689F83C1CA59}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC130BFF-55A2-4CDE-8843-883E3CFF263F}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{AE666F26-17DB-4B63-9DC8-F9CE90533E39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF3B06EF-C932-4F6B-8A9A-E2A8CDBF35CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0B657FF-B22F-4D4D-BBD9-47D277EEF475}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4CF9E8E-C5AB-4347-A931-96D2303A6A33}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{BCA5B340-DF40-4437-9429-347F69B0B57F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C4036843-0DA7-4048-B835-DDE323465483}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{C7CCFAC0-6281-4810-A734-129110625BD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCC977BD-AF76-4FD4-A972-73F996F942BC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCD24DFA-FE03-4850-9C37-72F66A37A791}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CE00B811-7A0F-4CC9-98A1-9A7BF3DF004D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAFCDE03-3E57-438D-9032-0D511B859327}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DBE0F57C-6BD6-4656-93DC-C62BD685BEE1}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{DFA7BB1F-E2FF-4E4E-8561-8BFDFB2F93DA}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{E02EEEC6-3EA1-40D0-A5AD-BE665FAFDE3B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1EC6F7B-CDF1-48ED-B9D0-8B681DDF2EFB}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{F0939ADC-015F-4BB0-AE66-A13995A82699}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F936C6B3-67B8-4AE9-970E-3FCE58707BAA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FCD1442F-802B-4BB4-9E40-F885E215C5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FD0A9FBB-6665-45D5-9488-58AD0D0E3BAA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FF17BC37-AC3C-4B78-983B-6DD9AE3C59CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{CE634875-496E-4FC6-93E7-DBAABCC46A4C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{717C60E2-3FAA-46B3-B816-E7AA3861B0AB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{171C55A9-DE88-4A60-A26D-C13CA38AA771}" = System Requirements Lab for Intel (64-bit)
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6D8CD48B-FFDC-44ED-B474-644E4A723DC8}" = Fotos auf DVD MX Deluxe Sonderedition Update
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D722B485-CE5B-44A2-9522-CD113608A2F6}" = Fotos auf DVD MX Deluxe SE Update
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Nightly 19.0a1 (x64 en-US)" = Nightly 19.0a1 (x64 en-US)
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FF5E588-C1BC-477A-A827-FB1693C73567}" = Fotos auf DVD MX Deluxe Sonderedition Update
"{10C854E0-55B2-4DBB-78F6-55CF500A4F41}" = MAGIX Online Druck Service
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4967EACC-76E9-4E8A-B7D2-5C7105F0A79D}" = MAGIX Fotos auf DVD MX Deluxe Sonderedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6139D295-3B53-4137-A71E-C084C189A5AE}" = MAGIX Foto Manager 10
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B08B4896-886C-4644-8664-BBA4CE99D318}" = Distortion Control Data
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8AEEF04-373D-48F8-8457-924EBB924F75}" = MAGIX Speed burnR (MSI)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C8B6BB-4B08-4062-B5A7-DE1962B18382}" = MAGIX Screenshare
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Civilization V" = Sid Meier's Civilization V
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"MAGIX_{4967EACC-76E9-4E8A-B7D2-5C7105F0A79D}" = MAGIX Fotos auf DVD MX Deluxe Sonderedition
"MAGIX_{6139D295-3B53-4137-A71E-C084C189A5AE}" = MAGIX Foto Manager 10
"MAGIX_{D8AEEF04-373D-48F8-8457-924EBB924F75}" = MAGIX Speed burnR (MSI)
"MAGIX_{E0C8B6BB-4B08-4062-B5A7-DE1962B18382}" = MAGIX Screenshare
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MyTomTom" = MyTomTom 3.2.0.1116
"NewBlue Art Effects for Magix" = Art Effects for Magix
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"ShapeCollage" = Shape Collage
"SilverFast 8 x86" = SilverFast 8.0.1r24 (32bit)
"Tomb Raider III" = Tomb Raider III
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"f031ef6ac137efc5" = Dell Driver Download Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 14:34:26 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.03.2013 16:04:15 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.03.2013 08:58:14 | Computer Name = ***-PC | Source = IAStorDataMgrSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
Verbindung mit dem Dienstcontroller herstellen
Error - 03.03.2013 14:10:57 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.03.2013 16:38:04 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.03.2013 11:04:43 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.03.2013 11:38:34 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 09.03.2013 11:39:08 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 09.03.2013 15:33:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mini_WMCore.exe, Version: 6.3.3.4,
Zeitstempel: 0x4d64fd88 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften
Prozesses: 0x920 Startzeit der fehlerhaften Anwendung: 0x01ce1cde0c1b9420 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 38a7cf4c-88f0-11e2-bc42-028037ec0200
Error - 10.03.2013 10:48:19 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.03.2013 17:08:27 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ Dell Events ]
Error - 20.03.2011 15:11:25 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 26.03.2011 16:13:23 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 26.03.2011 16:13:23 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 17.05.2011 14:31:30 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 17.05.2011 14:31:30 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 22.05.2011 06:03:53 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 22.05.2011 06:03:53 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 22.05.2011 06:27:29 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 22.05.2011 06:27:29 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 26.07.2011 09:15:17 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 10.06.2011 03:52:25 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:52:25 - Fehler beim Herstellen der Internetverbindung. 09:52:25
- Serververbindung konnte nicht hergestellt werden..
Error - 10.06.2011 03:52:32 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:52:31 - Fehler beim Herstellen der Internetverbindung. 09:52:31
- Serververbindung konnte nicht hergestellt werden..
Error - 10.06.2011 04:52:37 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 10:52:37 - Fehler beim Herstellen der Internetverbindung. 10:52:37
- Serververbindung konnte nicht hergestellt werden..
Error - 10.06.2011 04:52:42 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 10:52:42 - Fehler beim Herstellen der Internetverbindung. 10:52:42
- Serververbindung konnte nicht hergestellt werden..
Error - 17.06.2011 02:56:42 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 08:56:38 - Fehler beim Herstellen der Internetverbindung. 08:56:38
- Serververbindung konnte nicht hergestellt werden..
Error - 17.06.2011 03:57:07 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:57:03 - Fehler beim Herstellen der Internetverbindung. 09:57:03
- Serververbindung konnte nicht hergestellt werden..
Error - 17.06.2011 04:57:13 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 10:57:12 - Fehler beim Herstellen der Internetverbindung. 10:57:12
- Serververbindung konnte nicht hergestellt werden..
Error - 17.06.2011 05:57:18 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:57:18 - Fehler beim Herstellen der Internetverbindung. 11:57:18
- Serververbindung konnte nicht hergestellt werden..
Error - 13.08.2011 15:27:52 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:27:52 - Fehler beim Herstellen der Internetverbindung. 21:27:52
- Serververbindung konnte nicht hergestellt werden..
Error - 13.08.2011 15:28:16 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:27:57 - Fehler beim Herstellen der Internetverbindung. 21:27:57
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.06.2013 15:29:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 11.06.2013 15:30:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 11.06.2013 17:12:47 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
Error - 11.06.2013 17:12:52 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
Error - 11.06.2013 17:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 11.06.2013 17:44:26 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11.06.2013 17:44:26 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11.06.2013 17:44:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 14.06.2013 05:06:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 14.06.2013 07:43:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
|
|
14.06.2013, 20:04
| #7 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) poste bitte die hitmanpro ergebnisse die bisher erstellt wurden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 20:12
| #8 |
| | GVU Trojaner (Rechner läuft aber noch) Stimmt, den Scan hab ich ja auch noch gemacht. Da bin über das BSI dran gekommen. Hier ist das Ergebnis: Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : ***-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : ***-PC\***
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-12 00:02:49
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 39s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 1105
Objects scanned . . . : 2.034.210
Files scanned . . . . : 58.189
Remnants scanned . . : 593.920 files / 1.382.101 keys
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Ask.com\ (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\ (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\b.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\bl.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\br.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\l.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\r.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\t.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\tl.png (AskBar)
C:\Program Files (x86)\Ask.com\assets\oobe\tr.png (AskBar)
C:\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe (AskBar)
Size . . . . . . . : 233.640 bytes
Age . . . . . . . : 380.1 days (2012-05-27 22:06:49)
Entropy . . . . . : 6.2
SHA-256 . . . . . : BD4CFE00ADE28FE3E2D0BF9AE330DC6E8EA75EA928BF08A45FBA6CBB50499799
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Program Files (x86)\Ask.com\cb_1559.ico (AskBar)
C:\Program Files (x86)\Ask.com\cobrand.ico (AskBar)
C:\Program Files (x86)\Ask.com\config.xml (AskBar)
C:\Program Files (x86)\Ask.com\favicon.ico (AskBar)
C:\Program Files (x86)\Ask.com\fv_1049.ico (AskBar)
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (AskBar)
Size . . . . . . . : 1.519.272 bytes
Age . . . . . . . : 380.1 days (2012-05-27 22:06:49)
Entropy . . . . . : 6.8
SHA-256 . . . . . : 9141CD19AA620C6B0F93D3FDAFAC4C7CEBCFAC3944D2F849C1B66F90CF4B7B7C
Product . . . . . : Toolbar
Publisher . . . . : Ask
Description . . . : Avira SearchFree Toolbar
Version . . . . . : 5.15.1.22229
Copyright . . . . : (c) Ask. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -17.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKU\S-1-5-21-1076415451-527864440-302771368-500\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1\
HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKU\S-1-5-21-1076415451-527864440-302771368-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\
C:\Program Files (x86)\Ask.com\mupcfg.xml (AskBar)
C:\Program Files (x86)\Ask.com\precache.exe (AskBar)
Size . . . . . . . : 70.824 bytes
Age . . . . . . . : 380.1 days (2012-05-27 22:06:49)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 86135AC920B83645547294BD3D4DD4D4D3255AD7547D379D000CDBF7B055E0B1
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Program Files (x86)\Ask.com\SaUpdate.exe (AskBar)
Size . . . . . . . : 196.776 bytes
Age . . . . . . . : 380.1 days (2012-05-27 22:06:49)
Entropy . . . . . : 6.6
SHA-256 . . . . . : E7B9AB3D7FC49542CC86391867B84F842B5E5848ECFE60B2A0E72B1743111AC8
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Program Files (x86)\Ask.com\Updater\ (AskBar)
C:\Program Files (x86)\Ask.com\Updater\config.xml (AskBar)
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (AskBar)
Size . . . . . . . : 1.557.160 bytes
Age . . . . . . . : 380.1 days (2012-05-27 22:06:49)
Entropy . . . . . : 6.1
SHA-256 . . . . . : C61D77D353CE0A520A3430C69CBC939C226FF806CF467AF086A94E6B0E15920F
Product . . . . . : Updater
Publisher . . . . : Ask
Description . . . : Ask Updater
Version . . . . . : 5.15.1.22229
Copyright . . . . : (c) Ask. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -19.0
C:\Program Files (x86)\Ask.com\UpdateTask.exe (AskBar)
Size . . . . . . . : 135.336 bytes
Age . . . . . . . : 380.1 days (2012-05-27 22:06:49)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 553228BB8350CFD51679F43E631B8E7F581FA8263B3DEA8CFEE8B8F62CEF72F0
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
C:\Program Files (x86)\Delta\delta\ (Delta Search)
C:\Program Files (x86)\Delta\delta\1.8.16.16\ (Delta Search)
C:\Program Files (x86)\Delta\delta\1.8.16.16\deltasrv.exe (Delta Search)
Size . . . . . . . : 381.336 bytes
Age . . . . . . . : 90.5 days (2013-03-13 13:00:16)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 98FAB08E1E99BA4F491ACDA14ADB042417A0F37F30CA80B8F8354D64D6F1EB91
Product . . . . . : Delta Toolbar
Publisher . . . . : Delta-search.com
Description
Version . . . . . : 1.8.16.0
Copyright . . . . : (c) Delta-search.com All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Program Files (x86)\Delta\delta\1.8.16.16\GUninstaller.exe (Delta Search)
Size . . . . . . . : 394.320 bytes
Age . . . . . . . : 44.0 days (2013-04-28 23:13:19)
Entropy . . . . . : 6.3
SHA-256 . . . . . : E21B939CA056FEA3E053059D70BDA0857EAA15C5177610DDB81C3FEF4B619A66
Product . . . . . : Uninstaller
Publisher . . . . : Babylon Ltd.
Description . . . : Uninstaller Application
Version . . . . . : 9.1.1.1
Copyright . . . . : Copyright © Babylon Ltd. 1997-2013
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Program Files (x86)\Delta\delta\1.8.16.16\uninstall.exe (Delta Search)
Size . . . . . . . : 198.808 bytes
Age . . . . . . . : 44.0 days (2013-04-28 23:13:06)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 904E833BA68DCD2F72C24B7783D6B38CE4405275BAE8659915AFB6A63BCC6578
Product . . . . . : ${PRDCT_DSP}
Publisher . . . . : Delta
Version . . . . . : 1.8.16.16
Fuzzy . . . . . . : 8.0
C:\ProgramData\Babylon\ (Babylon)
C:\ProgramData\BrowserProtect\ (Claro)
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\ (Claro)
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (Claro)
Size . . . . . . . : 2.520.016 bytes
Age . . . . . . . : 44.0 days (2013-04-28 23:13:16)
Entropy . . . . . : 6.7
SHA-256 . . . . . : BCA2B76339A9331A089EA7A3297764767D7ED4E0CAC18935B85D462B08A67F6F
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (Claro)
Size . . . . . . . : 2.787.280 bytes
Age . . . . . . . : 44.0 days (2013-04-28 23:13:16)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 67941CDDBC7FE0A6F913541ED9EDA6DCD73BED38281C498764077491501D62D4
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\ (Claro)
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (Claro)
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (Claro)
Size . . . . . . . : 2.787.280 bytes
Age . . . . . . . : 44.0 days (2013-04-28 23:13:18)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 67941CDDBC7FE0A6F913541ED9EDA6DCD73BED38281C498764077491501D62D4
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
C:\Users\Administrator\AppData\LocalLow\AskToolbar\ (AskBar)
C:\Users\Administrator\AppData\LocalLow\AskToolbar\APNU\ (AskBar)
C:\Users\Administrator\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar)
C:\Users\***\AppData\Local\AskToolbar\ (AskBar)
C:\Users\***\AppData\Local\AskToolbar\Downloaded Program Files\ (AskBar)
C:\Users\***\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (AskBar)
Size . . . . . . . : 986.064 bytes
Age . . . . . . . : 411.3 days (2012-04-26 17:12:34)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 7699132B6EBAD2A9A8563A602173D499E008B9FB1C9359E5FB07B3DCAB033CEF
Product . . . . . : Avira Addon
Publisher . . . . : Ask.com
Description . . . : Avira Addon
Version . . . . . : 3.0.0.1000
Copyright . . . . : Copyright © 2009 Ask.com, All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Users\***\AppData\Local\AskToolbar\Downloaded Program Files\avr-3.inf (AskBar)
C:\Users\***\AppData\LocalLow\AskToolbar\ (AskBar)
C:\Users\***\AppData\LocalLow\AskToolbar\accl.xml (AskBar)
C:\Users\***\AppData\LocalLow\AskToolbar\Avira.install-bubble.config (AskBar)
C:\Users\***\AppData\LocalLow\AskToolbar\Avira.status.config (AskBar)
C:\Users\***\AppData\LocalLow\AskToolbar\cache.dat (AskBar)
C:\Users\***\AppData\LocalLow\AskToolbar\config.xml (AskBar)
C:\Users\***\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
C:\Users\***\AppData\Roaming\BabSolution\ (Delta Search)
C:\Users\***\AppData\Roaming\BabSolution\Shared\ (Delta Search)
C:\Users\***\AppData\Roaming\BabSolution\Shared\BUSUninstall.exe (Delta Search)
Size . . . . . . . : 12.880 bytes
Age . . . . . . . : 44.0 days (2013-04-28 23:13:10)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 40A4B8C4BBDF41956D3EB220E926CF32F49B92914DDF1B244BEF8770115761AF
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -1.0
C:\Users\***\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (Delta Search)
Size . . . . . . . : 394.320 bytes
Age . . . . . . . : 44.0 days (2013-04-28 23:13:10)
Entropy . . . . . : 6.3
SHA-256 . . . . . : E21B939CA056FEA3E053059D70BDA0857EAA15C5177610DDB81C3FEF4B619A66
Product . . . . . : Uninstaller
Publisher . . . . : Babylon Ltd.
Description . . . : Uninstaller Application
Version . . . . . : 9.1.1.1
Copyright . . . . : Copyright © Babylon Ltd. 1997-2013
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Users\***\AppData\Roaming\Babylon\ (Babylon)
C:\Users\***\AppData\Roaming\Babylon\log_file.txt (Babylon)
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1031.MST (AskBar)
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe (AskBar)
Size . . . . . . . : 102.400 bytes
Age . . . . . . . : 380.1 days (2012-05-27 22:06:50)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 092D64E5DB4FA21D6719B3A6A30AD06A2CB0E1F897357CD4935BECA52E921274
Product . . . . . : InstallShield
Publisher . . . . : Acresso Software Inc.
Description . . . : InstallShield
Version . . . . . : 16.0.328
Copyright . . . . : Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
Fuzzy . . . . . . : 0.0
HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\ (Delta Search)
HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\ (Delta Search)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}\ (Delta Search)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\ (Delta Search)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Ask.com\ (AskBar)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\AskToolbar\ (AskBar)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\BabylonToolbar\ (Babylon)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\DataMngr\ (SearchQU)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\DataMngr_Toolbar\ (SearchQU)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:apmebf.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:atdmt.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:content.yieldmanager.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:doubleclick.net
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:fastclick.net
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:invitemedia.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:mediaplex.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:microsoftwllivemkt.112.2o7.net
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:revsci.net
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:serving-sys.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:smartadserver.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:tradedoubler.com
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:ww251.smartadserver.com
|
|
14.06.2013, 20:15
| #9 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) Hi,Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 20:22
| #10 |
| | GVU Trojaner (Rechner läuft aber noch) Hier ist das Ergebnis: 21:17:59.0796 8688 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:18:00.0036 8688 ============================================================ 21:18:00.0036 8688 Current date / time: 2013/06/14 21:18:00.0036 21:18:00.0036 8688 SystemInfo: 21:18:00.0036 8688 21:18:00.0036 8688 OS Version: 6.1.7601 ServicePack: 1.0 21:18:00.0036 8688 Product type: Workstation 21:18:00.0036 8688 ComputerName: ***-PC 21:18:00.0036 8688 UserName: *** 21:18:00.0036 8688 Windows directory: C:\Windows 21:18:00.0036 8688 System windows directory: C:\Windows 21:18:00.0036 8688 Running under WOW64 21:18:00.0036 8688 Processor architecture: Intel x64 21:18:00.0036 8688 Number of processors: 8 21:18:00.0036 8688 Page size: 0x1000 21:18:00.0036 8688 Boot type: Normal boot 21:18:00.0036 8688 ============================================================ 21:18:01.0016 8688 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:18:01.0026 8688 ============================================================ 21:18:01.0026 8688 \Device\Harddisk0\DR0: 21:18:01.0026 8688 MBR partitions: 21:18:01.0026 8688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1D4C000 21:18:01.0026 8688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x38606830 21:18:01.0026 8688 ============================================================ 21:18:01.0086 8688 C: <-> \Device\Harddisk0\DR0\Partition2 21:18:01.0086 8688 ============================================================ 21:18:01.0086 8688 Initialize success 21:18:01.0086 8688 ============================================================ 21:19:27.0320 9264 ============================================================ 21:19:27.0320 9264 Scan started 21:19:27.0320 9264 Mode: Manual; SigCheck; TDLFS; 21:19:27.0320 9264 ============================================================ 21:19:27.0890 9264 ================ Scan system memory ======================== 21:19:27.0890 9264 System memory - ok 21:19:27.0890 9264 ================ Scan services ============================= 21:19:28.0030 9264 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:19:28.0120 9264 1394ohci - ok 21:19:28.0130 9264 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:19:28.0150 9264 ACPI - ok 21:19:28.0180 9264 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:19:28.0260 9264 AcpiPmi - ok 21:19:28.0490 9264 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe 21:19:28.0500 9264 AdobeActiveFileMonitor9.0 - ok 21:19:28.0580 9264 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:19:28.0590 9264 AdobeARMservice - ok 21:19:28.0710 9264 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:19:28.0720 9264 AdobeFlashPlayerUpdateSvc - ok 21:19:28.0770 9264 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:19:28.0790 9264 adp94xx - ok 21:19:28.0820 9264 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:19:28.0850 9264 adpahci - ok 21:19:28.0870 9264 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:19:28.0880 9264 adpu320 - ok 21:19:28.0910 9264 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:19:29.0030 9264 AeLookupSvc - ok 21:19:29.0100 9264 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 21:19:29.0110 9264 AERTFilters - ok 21:19:29.0150 9264 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:19:29.0220 9264 AFD - ok 21:19:29.0240 9264 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:19:29.0260 9264 agp440 - ok 21:19:29.0290 9264 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:19:29.0320 9264 ALG - ok 21:19:29.0370 9264 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:19:29.0390 9264 aliide - ok 21:19:29.0420 9264 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:19:29.0450 9264 amdide - ok 21:19:29.0470 9264 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:19:29.0510 9264 AmdK8 - ok 21:19:29.0510 9264 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:19:29.0540 9264 AmdPPM - ok 21:19:29.0580 9264 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:19:29.0600 9264 amdsata - ok 21:19:29.0610 9264 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:19:29.0630 9264 amdsbs - ok 21:19:29.0640 9264 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:19:29.0650 9264 amdxata - ok 21:19:29.0700 9264 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys 21:19:29.0750 9264 AMPPAL - ok 21:19:29.0750 9264 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys 21:19:29.0760 9264 AMPPALP - ok 21:19:29.0820 9264 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 21:19:29.0900 9264 AMPPALR3 - ok 21:19:29.0990 9264 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:19:30.0000 9264 AntiVirSchedulerService - ok 21:19:30.0060 9264 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:19:30.0080 9264 AntiVirService - ok 21:19:30.0110 9264 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 21:19:30.0130 9264 AntiVirWebService - ok 21:19:30.0170 9264 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:19:30.0330 9264 AppID - ok 21:19:30.0350 9264 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:19:30.0390 9264 AppIDSvc - ok 21:19:30.0440 9264 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 21:19:30.0490 9264 Appinfo - ok 21:19:30.0570 9264 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:19:30.0580 9264 Apple Mobile Device - ok 21:19:30.0610 9264 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 21:19:30.0620 9264 arc - ok 21:19:30.0630 9264 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:19:30.0640 9264 arcsas - ok 21:19:30.0750 9264 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:19:30.0760 9264 aspnet_state - ok 21:19:30.0780 9264 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:19:30.0840 9264 AsyncMac - ok 21:19:30.0870 9264 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 21:19:30.0880 9264 atapi - ok 21:19:30.0920 9264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:19:30.0980 9264 AudioEndpointBuilder - ok 21:19:30.0990 9264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:19:31.0030 9264 AudioSrv - ok 21:19:31.0100 9264 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 21:19:31.0110 9264 avgntflt - ok 21:19:31.0150 9264 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 21:19:31.0160 9264 avipbb - ok 21:19:31.0220 9264 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 21:19:31.0230 9264 avkmgr - ok 21:19:31.0270 9264 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:19:31.0350 9264 AxInstSV - ok 21:19:31.0390 9264 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 21:19:31.0440 9264 b06bdrv - ok 21:19:31.0470 9264 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:19:31.0480 9264 b57nd60a - ok 21:19:31.0520 9264 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:19:31.0570 9264 BDESVC - ok 21:19:31.0580 9264 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:19:31.0630 9264 Beep - ok 21:19:31.0680 9264 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:19:31.0730 9264 BFE - ok 21:19:31.0750 9264 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:19:31.0820 9264 BITS - ok 21:19:31.0830 9264 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:19:31.0850 9264 blbdrive - ok 21:19:31.0910 9264 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:19:31.0920 9264 Bonjour Service - ok 21:19:31.0950 9264 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:19:31.0990 9264 bowser - ok 21:19:32.0040 9264 [ 597FFFAC47605337B1C719B4975238F0 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys 21:19:32.0090 9264 bpenum - ok 21:19:32.0130 9264 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:19:32.0160 9264 BrFiltLo - ok 21:19:32.0160 9264 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:19:32.0190 9264 BrFiltUp - ok 21:19:32.0230 9264 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:19:32.0270 9264 Browser - ok 21:19:32.0290 9264 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:19:32.0320 9264 Brserid - ok 21:19:32.0330 9264 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:19:32.0370 9264 BrSerWdm - ok 21:19:32.0390 9264 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:19:32.0420 9264 BrUsbMdm - ok 21:19:32.0420 9264 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:19:32.0440 9264 BrUsbSer - ok 21:19:32.0460 9264 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:19:32.0490 9264 BTHMODEM - ok 21:19:32.0540 9264 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:19:32.0590 9264 bthserv - ok 21:19:32.0630 9264 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 21:19:32.0640 9264 BTHSSecurityMgr - ok 21:19:32.0650 9264 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:19:32.0690 9264 cdfs - ok 21:19:32.0710 9264 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:19:32.0740 9264 cdrom - ok 21:19:32.0780 9264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:19:32.0830 9264 CertPropSvc - ok 21:19:32.0860 9264 [ E02C9CDB15F13DE4EB2FF67660E62317 ] cfwids C:\Windows\system32\drivers\cfwids.sys 21:19:32.0870 9264 cfwids - ok 21:19:32.0900 9264 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:19:32.0910 9264 circlass - ok 21:19:32.0940 9264 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:19:32.0960 9264 CLFS - ok 21:19:33.0010 9264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:19:33.0020 9264 clr_optimization_v2.0.50727_32 - ok 21:19:33.0050 9264 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:19:33.0060 9264 clr_optimization_v2.0.50727_64 - ok 21:19:33.0130 9264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:19:33.0140 9264 clr_optimization_v4.0.30319_32 - ok 21:19:33.0180 9264 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:19:33.0190 9264 clr_optimization_v4.0.30319_64 - ok 21:19:33.0220 9264 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:19:33.0300 9264 CmBatt - ok 21:19:33.0320 9264 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:19:33.0330 9264 cmdide - ok 21:19:33.0370 9264 [ 784CE219B4A02C20BCBC7A9A16F3E141 ] cmntnet C:\Windows\system32\DRIVERS\cmntnet.sys 21:19:33.0430 9264 cmntnet - ok 21:19:33.0460 9264 [ C0B41B0A669F1E06E85050A86320E0AF ] cmnuusbser C:\Windows\system32\DRIVERS\cmnuusbser.sys 21:19:33.0510 9264 cmnuusbser - ok 21:19:33.0560 9264 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 21:19:33.0600 9264 CNG - ok 21:19:33.0650 9264 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:19:33.0660 9264 Compbatt - ok 21:19:33.0690 9264 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:19:33.0730 9264 CompositeBus - ok 21:19:33.0750 9264 COMSysApp - ok 21:19:33.0840 9264 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 21:19:33.0850 9264 cphs - ok 21:19:33.0870 9264 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:19:33.0880 9264 crcdisk - ok 21:19:33.0940 9264 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:19:33.0990 9264 CryptSvc - ok 21:19:34.0030 9264 CtClsFlt - ok 21:19:34.0070 9264 [ 0FEF994D890C92D8F23442BC52D4FEA9 ] d554gps C:\Windows\system32\DRIVERS\d554gps64.sys 21:19:34.0080 9264 d554gps - ok 21:19:34.0100 9264 [ 95DA07E4859396912D8E5630DA5A9324 ] d554scard C:\Windows\system32\DRIVERS\d554scard.sys 21:19:34.0110 9264 d554scard - ok 21:19:34.0140 9264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:19:34.0190 9264 DcomLaunch - ok 21:19:34.0220 9264 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:19:34.0270 9264 defragsvc - ok 21:19:34.0290 9264 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:19:34.0340 9264 DfsC - ok 21:19:34.0380 9264 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:19:34.0430 9264 Dhcp - ok 21:19:34.0450 9264 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:19:34.0480 9264 discache - ok 21:19:34.0510 9264 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:19:34.0520 9264 Disk - ok 21:19:34.0600 9264 [ FD6780D8E79A4A0037DBCB339582F091 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe 21:19:34.0630 9264 DMAgent ( UnsignedFile.Multi.Generic ) - warning 21:19:34.0630 9264 DMAgent - detected UnsignedFile.Multi.Generic (1) 21:19:34.0670 9264 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:19:34.0720 9264 Dnscache - ok 21:19:34.0750 9264 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:19:34.0800 9264 dot3svc - ok 21:19:34.0830 9264 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:19:34.0890 9264 DPS - ok 21:19:34.0930 9264 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:19:34.0960 9264 drmkaud - ok 21:19:35.0000 9264 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:19:35.0040 9264 DXGKrnl - ok 21:19:35.0070 9264 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:19:35.0120 9264 EapHost - ok 21:19:35.0200 9264 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 21:19:35.0290 9264 ebdrv - ok 21:19:35.0330 9264 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys 21:19:35.0340 9264 ecnssndis - ok 21:19:35.0350 9264 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys 21:19:35.0360 9264 ecnssndisfltr - ok 21:19:35.0380 9264 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:19:35.0430 9264 EFS - ok 21:19:35.0480 9264 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:19:35.0520 9264 ehRecvr - ok 21:19:35.0550 9264 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:19:35.0590 9264 ehSched - ok 21:19:35.0640 9264 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:19:35.0660 9264 elxstor - ok 21:19:35.0690 9264 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:19:35.0720 9264 ErrDev - ok 21:19:35.0780 9264 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:19:35.0830 9264 EventSystem - ok 21:19:36.0060 9264 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 21:19:36.0080 9264 EvtEng - ok 21:19:36.0100 9264 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:19:36.0130 9264 exfat - ok 21:19:36.0220 9264 Fabs - ok 21:19:36.0240 9264 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:19:36.0290 9264 fastfat - ok 21:19:36.0340 9264 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:19:36.0410 9264 Fax - ok 21:19:36.0430 9264 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:19:36.0450 9264 fdc - ok 21:19:36.0480 9264 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:19:36.0540 9264 fdPHost - ok 21:19:36.0540 9264 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:19:36.0580 9264 FDResPub - ok 21:19:36.0610 9264 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:19:36.0620 9264 FileInfo - ok 21:19:36.0630 9264 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:19:36.0660 9264 Filetrace - ok 21:19:36.0750 9264 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe 21:19:36.0820 9264 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 21:19:36.0820 9264 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 21:19:36.0840 9264 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:19:36.0860 9264 flpydisk - ok 21:19:36.0880 9264 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:19:36.0900 9264 FltMgr - ok 21:19:36.0950 9264 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 21:19:37.0010 9264 FontCache - ok 21:19:37.0090 9264 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:19:37.0100 9264 FontCache3.0.0.0 - ok 21:19:37.0120 9264 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:19:37.0140 9264 FsDepends - ok 21:19:37.0160 9264 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:19:37.0170 9264 Fs_Rec - ok 21:19:37.0220 9264 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:19:37.0230 9264 fvevol - ok 21:19:37.0270 9264 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:19:37.0280 9264 gagp30kx - ok 21:19:37.0300 9264 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:19:37.0310 9264 GEARAspiWDM - ok 21:19:37.0370 9264 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:19:37.0440 9264 gpsvc - ok 21:19:37.0520 9264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:19:37.0530 9264 gupdate - ok 21:19:37.0560 9264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:19:37.0570 9264 gupdatem - ok 21:19:37.0580 9264 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:19:37.0630 9264 hcw85cir - ok 21:19:37.0680 9264 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:19:37.0691 9264 HdAudAddService - ok 21:19:37.0741 9264 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:19:37.0781 9264 HDAudBus - ok 21:19:37.0811 9264 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:19:37.0831 9264 HidBatt - ok 21:19:37.0861 9264 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:19:37.0891 9264 HidBth - ok 21:19:37.0931 9264 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:19:37.0961 9264 HidIr - ok 21:19:37.0991 9264 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:19:38.0051 9264 hidserv - ok 21:19:38.0081 9264 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:19:38.0091 9264 HidUsb - ok 21:19:38.0111 9264 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:19:38.0161 9264 hkmsvc - ok 21:19:38.0201 9264 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:19:38.0241 9264 HomeGroupListener - ok 21:19:38.0271 9264 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:19:38.0281 9264 HomeGroupProvider - ok 21:19:38.0301 9264 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:19:38.0311 9264 HpSAMD - ok 21:19:38.0361 9264 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:19:38.0461 9264 HTTP - ok 21:19:38.0511 9264 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:19:38.0541 9264 hwpolicy - ok 21:19:38.0551 9264 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:19:38.0561 9264 i8042prt - ok 21:19:38.0611 9264 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 21:19:38.0641 9264 iaStor - ok 21:19:38.0771 9264 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:19:38.0781 9264 IAStorDataMgrSvc - ok 21:19:38.0821 9264 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:19:38.0841 9264 iaStorV - ok 21:19:38.0901 9264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:19:38.0921 9264 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:19:38.0921 9264 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:19:38.0961 9264 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:19:38.0991 9264 idsvc - ok 21:19:39.0151 9264 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:19:39.0311 9264 igfx - ok 21:19:39.0341 9264 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:19:39.0351 9264 iirsp - ok 21:19:39.0391 9264 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:19:39.0461 9264 IKEEXT - ok 21:19:39.0511 9264 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 21:19:39.0551 9264 Impcd - ok 21:19:39.0611 9264 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 21:19:39.0681 9264 IntcAzAudAddService - ok 21:19:39.0711 9264 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 21:19:39.0771 9264 IntcDAud - ok 21:19:39.0791 9264 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:19:39.0801 9264 intelide - ok 21:19:39.0831 9264 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:19:39.0861 9264 intelppm - ok 21:19:39.0891 9264 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:19:39.0941 9264 IPBusEnum - ok 21:19:39.0971 9264 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:19:40.0001 9264 IpFilterDriver - ok 21:19:40.0061 9264 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:19:40.0101 9264 iphlpsvc - ok 21:19:40.0111 9264 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:19:40.0141 9264 IPMIDRV - ok 21:19:40.0161 9264 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:19:40.0211 9264 IPNAT - ok 21:19:40.0301 9264 [ 2872B90D57C8310194A78A9787406467 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:19:40.0321 9264 iPod Service - ok 21:19:40.0341 9264 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:19:40.0371 9264 IRENUM - ok 21:19:40.0401 9264 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:19:40.0411 9264 isapnp - ok 21:19:40.0431 9264 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:19:40.0441 9264 iScsiPrt - ok 21:19:40.0481 9264 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 21:19:40.0491 9264 JMCR - ok 21:19:40.0521 9264 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 21:19:40.0531 9264 kbdclass - ok 21:19:40.0541 9264 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:19:40.0571 9264 kbdhid - ok 21:19:40.0591 9264 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:19:40.0611 9264 KeyIso - ok 21:19:40.0631 9264 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:19:40.0651 9264 KSecDD - ok 21:19:40.0681 9264 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:19:40.0701 9264 KSecPkg - ok 21:19:40.0702 9264 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:19:40.0762 9264 ksthunk - ok 21:19:40.0792 9264 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:19:40.0842 9264 KtmRm - ok 21:19:40.0872 9264 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:19:40.0932 9264 LanmanServer - ok 21:19:40.0962 9264 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:19:41.0012 9264 LanmanWorkstation - ok 21:19:41.0042 9264 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:19:41.0092 9264 lltdio - ok 21:19:41.0142 9264 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:19:41.0192 9264 lltdsvc - ok 21:19:41.0222 9264 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:19:41.0252 9264 lmhosts - ok 21:19:41.0282 9264 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:19:41.0292 9264 LMS - ok 21:19:41.0322 9264 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:19:41.0342 9264 LSI_FC - ok 21:19:41.0352 9264 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:19:41.0362 9264 LSI_SAS - ok 21:19:41.0372 9264 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:19:41.0382 9264 LSI_SAS2 - ok 21:19:41.0392 9264 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:19:41.0402 9264 LSI_SCSI - ok 21:19:41.0422 9264 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:19:41.0472 9264 luafv - ok 21:19:41.0512 9264 [ 62732AF9512B911C330ACBBDBCC2F284 ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys 21:19:41.0532 9264 Mbm3CBus - ok 21:19:41.0562 9264 [ BDC2D259CA9CFCED092B3B0B8557322D ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys 21:19:41.0592 9264 Mbm3DevMt - ok 21:19:41.0622 9264 [ E55689A5E9349182C24312EFC9DF09FB ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys 21:19:41.0632 9264 Mbm3mdfl - ok 21:19:41.0662 9264 [ FC1059C857D7B1083086BE04DB5EE09C ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys 21:19:41.0682 9264 Mbm3Mdm - ok 21:19:41.0762 9264 [ 461EABB62F1827B965F508092160EDDC ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 21:19:41.0782 9264 McShield - ok 21:19:41.0812 9264 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:19:41.0842 9264 Mcx2Svc - ok 21:19:41.0872 9264 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:19:41.0882 9264 megasas - ok 21:19:41.0892 9264 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:19:41.0912 9264 MegaSR - ok 21:19:41.0942 9264 [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:19:41.0952 9264 MEIx64 - ok 21:19:41.0982 9264 [ C1556CA9695FCD6BBD23D75D402FD43D ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 21:19:41.0992 9264 mfeapfk - ok 21:19:42.0012 9264 [ 8857EE8B49F3338FC1FAD476BFCCA146 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 21:19:42.0022 9264 mfeavfk - ok 21:19:42.0042 9264 [ DD92E94E265864306377F091B100D0D0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 21:19:42.0052 9264 mfefire - ok 21:19:42.0082 9264 [ 19C44295F6BF085C83352D48397F7870 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 21:19:42.0102 9264 mfefirek - ok 21:19:42.0122 9264 [ 5F915E20AB56121C41C6BF9A91A83BDA ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 21:19:42.0142 9264 mfehidk - ok 21:19:42.0152 9264 [ 23AE332E32FF615CA5E5224C8D91AF11 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys 21:19:42.0172 9264 mfenlfk - ok 21:19:42.0192 9264 [ 9C7A9273E345F8D653394B5C542BF86A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 21:19:42.0202 9264 mferkdet - ok 21:19:42.0232 9264 [ AECD0C9ABDFDC61BE31163B624C4170F ] mfevtp C:\Windows\system32\mfevtps.exe 21:19:42.0252 9264 mfevtp - ok 21:19:42.0262 9264 [ 3140B2C56D7119BA314F68FC785683F0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 21:19:42.0272 9264 mfewfpk - ok 21:19:42.0342 9264 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 21:19:42.0352 9264 Microsoft Office Groove Audit Service - ok 21:19:42.0372 9264 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:19:42.0412 9264 MMCSS - ok 21:19:42.0442 9264 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:19:42.0492 9264 Modem - ok 21:19:42.0522 9264 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:19:42.0552 9264 monitor - ok 21:19:42.0582 9264 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:19:42.0592 9264 mouclass - ok 21:19:42.0612 9264 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:19:42.0622 9264 mouhid - ok 21:19:42.0652 9264 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:19:42.0662 9264 mountmgr - ok 21:19:42.0692 9264 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:19:42.0702 9264 mpio - ok 21:19:42.0722 9264 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:19:42.0762 9264 mpsdrv - ok 21:19:42.0792 9264 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:19:42.0842 9264 MpsSvc - ok 21:19:42.0872 9264 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:19:42.0892 9264 MRxDAV - ok 21:19:42.0912 9264 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:19:42.0962 9264 mrxsmb - ok 21:19:42.0992 9264 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:19:43.0022 9264 mrxsmb10 - ok 21:19:43.0042 9264 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:19:43.0052 9264 mrxsmb20 - ok 21:19:43.0062 9264 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 21:19:43.0082 9264 msahci - ok 21:19:43.0102 9264 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:19:43.0112 9264 msdsm - ok 21:19:43.0122 9264 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:19:43.0162 9264 MSDTC - ok 21:19:43.0192 9264 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:19:43.0222 9264 Msfs - ok 21:19:43.0252 9264 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:19:43.0302 9264 mshidkmdf - ok 21:19:43.0322 9264 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:19:43.0332 9264 msisadrv - ok 21:19:43.0362 9264 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:19:43.0412 9264 MSiSCSI - ok 21:19:43.0422 9264 msiserver - ok 21:19:43.0452 9264 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:19:43.0502 9264 MSKSSRV - ok 21:19:43.0512 9264 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:19:43.0562 9264 MSPCLOCK - ok 21:19:43.0582 9264 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:19:43.0632 9264 MSPQM - ok 21:19:43.0662 9264 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:19:43.0682 9264 MsRPC - ok 21:19:43.0692 9264 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:19:43.0712 9264 mssmbios - ok 21:19:43.0732 9264 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:19:43.0762 9264 MSTEE - ok 21:19:43.0772 9264 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:19:43.0782 9264 MTConfig - ok 21:19:43.0802 9264 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:19:43.0822 9264 Mup - ok 21:19:43.0862 9264 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 21:19:43.0872 9264 MyWiFiDHCPDNS - ok 21:19:43.0902 9264 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:19:43.0962 9264 napagent - ok 21:19:43.0992 9264 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:19:44.0032 9264 NativeWifiP - ok 21:19:44.0092 9264 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:19:44.0142 9264 NDIS - ok 21:19:44.0152 9264 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:19:44.0202 9264 NdisCap - ok 21:19:44.0232 9264 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:19:44.0282 9264 NdisTapi - ok 21:19:44.0302 9264 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:19:44.0352 9264 Ndisuio - ok 21:19:44.0382 9264 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:19:44.0432 9264 NdisWan - ok 21:19:44.0462 9264 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:19:44.0502 9264 NDProxy - ok 21:19:44.0522 9264 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:19:44.0552 9264 NetBIOS - ok 21:19:44.0582 9264 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:19:44.0632 9264 NetBT - ok 21:19:44.0652 9264 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:19:44.0662 9264 Netlogon - ok 21:19:44.0692 9264 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:19:44.0742 9264 Netman - ok 21:19:44.0802 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:19:44.0812 9264 NetMsmqActivator - ok 21:19:44.0832 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:19:44.0842 9264 NetPipeActivator - ok 21:19:44.0862 9264 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:19:44.0912 9264 netprofm - ok 21:19:44.0942 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:19:44.0952 9264 NetTcpActivator - ok 21:19:44.0962 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:19:44.0972 9264 NetTcpPortSharing - ok 21:19:45.0152 9264 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys 21:19:45.0402 9264 NETwNs64 - ok 21:19:45.0442 9264 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:19:45.0452 9264 nfrd960 - ok 21:19:45.0482 9264 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:19:45.0522 9264 NlaSvc - ok 21:19:45.0552 9264 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys 21:19:45.0612 9264 nmwcd - ok 21:19:45.0632 9264 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys 21:19:45.0652 9264 nmwcdc - ok 21:19:45.0682 9264 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys 21:19:45.0712 9264 nmwcdnsucx64 - ok 21:19:45.0762 9264 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys 21:19:45.0792 9264 nmwcdnsux64 - ok 21:19:45.0902 9264 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 21:19:45.0982 9264 NOBU - ok 21:19:45.0992 9264 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:19:46.0022 9264 Npfs - ok 21:19:46.0052 9264 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:19:46.0112 9264 nsi - ok 21:19:46.0212 9264 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:19:46.0282 9264 nsiproxy - ok 21:19:46.0342 9264 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:19:46.0392 9264 Ntfs - ok 21:19:46.0402 9264 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:19:46.0432 9264 Null - ok 21:19:46.0452 9264 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 21:19:46.0472 9264 nusb3hub - ok 21:19:46.0512 9264 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 21:19:46.0532 9264 nusb3xhc - ok 21:19:46.0562 9264 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 21:19:46.0582 9264 NVHDA - ok 21:19:46.0622 9264 [ 9C13BE8806D430B72CC2E80BA72990FB ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys 21:19:46.0642 9264 nvkflt - ok 21:19:46.0832 9264 [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:19:47.0112 9264 nvlddmkm - ok 21:19:47.0132 9264 [ 1B43B01078D3CC3F0322A49E7CEDC99B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 21:19:47.0142 9264 nvpciflt - ok 21:19:47.0182 9264 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:19:47.0192 9264 nvraid - ok 21:19:47.0212 9264 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:19:47.0222 9264 nvstor - ok 21:19:47.0262 9264 [ 9E01B716C8085F7ADB1CDC10103CEEF8 ] NvStUSB C:\Windows\system32\DRIVERS\nvstusb.sys 21:19:47.0272 9264 NvStUSB - ok 21:19:47.0342 9264 [ B9F3591981D761A5CA1D24C369764D96 ] NVSvc C:\Windows\system32\nvvsvc.exe 21:19:47.0372 9264 NVSvc - ok 21:19:47.0452 9264 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 21:19:47.0522 9264 nvUpdatusService - ok 21:19:47.0552 9264 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:19:47.0562 9264 nv_agp - ok 21:19:47.0622 9264 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:19:47.0652 9264 odserv - ok 21:19:47.0662 9264 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:19:47.0682 9264 ohci1394 - ok 21:19:47.0713 9264 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:19:47.0723 9264 ose - ok 21:19:47.0753 9264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:19:47.0803 9264 p2pimsvc - ok 21:19:47.0813 9264 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:19:47.0833 9264 p2psvc - ok 21:19:47.0853 9264 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:19:47.0893 9264 Parport - ok 21:19:47.0933 9264 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:19:47.0963 9264 partmgr - ok 21:19:47.0973 9264 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:19:47.0993 9264 PcaSvc - ok 21:19:48.0013 9264 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 21:19:48.0063 9264 pccsmcfd - ok 21:19:48.0093 9264 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:19:48.0103 9264 pci - ok 21:19:48.0143 9264 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:19:48.0173 9264 pciide - ok 21:19:48.0183 9264 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:19:48.0203 9264 pcmcia - ok 21:19:48.0213 9264 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:19:48.0223 9264 pcw - ok 21:19:48.0243 9264 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:19:48.0333 9264 PEAUTH - ok 21:19:48.0413 9264 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:19:48.0433 9264 PerfHost - ok 21:19:48.0493 9264 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:19:48.0573 9264 pla - ok 21:19:48.0613 9264 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:19:48.0663 9264 PlugPlay - ok 21:19:48.0683 9264 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:19:48.0713 9264 PNRPAutoReg - ok 21:19:48.0733 9264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:19:48.0743 9264 PNRPsvc - ok 21:19:48.0763 9264 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:19:48.0823 9264 PolicyAgent - ok 21:19:48.0863 9264 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:19:48.0913 9264 Power - ok 21:19:48.0933 9264 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:19:48.0983 9264 PptpMiniport - ok 21:19:49.0013 9264 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:19:49.0043 9264 Processor - ok 21:19:49.0083 9264 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:19:49.0113 9264 ProfSvc - ok 21:19:49.0123 9264 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:19:49.0143 9264 ProtectedStorage - ok 21:19:49.0173 9264 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:19:49.0223 9264 Psched - ok 21:19:49.0253 9264 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 21:19:49.0263 9264 PxHlpa64 - ok 21:19:49.0293 9264 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys 21:19:49.0303 9264 qicflt - ok 21:19:49.0333 9264 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:19:49.0383 9264 ql2300 - ok 21:19:49.0413 9264 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:19:49.0423 9264 ql40xx - ok 21:19:49.0443 9264 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:19:49.0473 9264 QWAVE - ok 21:19:49.0503 9264 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:19:49.0513 9264 QWAVEdrv - ok 21:19:49.0583 9264 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 21:19:49.0593 9264 RapiMgr - ok 21:19:49.0593 9264 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:19:49.0643 9264 RasAcd - ok 21:19:49.0673 9264 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:19:49.0703 9264 RasAgileVpn - ok 21:19:49.0733 9264 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:19:49.0763 9264 RasAuto - ok 21:19:49.0783 9264 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:19:49.0833 9264 Rasl2tp - ok 21:19:49.0873 9264 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:19:49.0943 9264 RasMan - ok 21:19:49.0983 9264 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:19:50.0033 9264 RasPppoe - ok 21:19:50.0063 9264 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:19:50.0113 9264 RasSstp - ok 21:19:50.0143 9264 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:19:50.0193 9264 rdbss - ok 21:19:50.0213 9264 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:19:50.0233 9264 rdpbus - ok 21:19:50.0253 9264 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:19:50.0293 9264 RDPCDD - ok 21:19:50.0313 9264 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:19:50.0373 9264 RDPENCDD - ok 21:19:50.0403 9264 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:19:50.0433 9264 RDPREFMP - ok 21:19:50.0493 9264 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 21:19:50.0543 9264 RdpVideoMiniport - ok 21:19:50.0573 9264 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:19:50.0593 9264 RDPWD - ok 21:19:50.0623 9264 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:19:50.0633 9264 rdyboost - ok 21:19:50.0703 9264 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 21:19:50.0713 9264 RegSrvc - ok 21:19:50.0734 9264 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:19:50.0784 9264 RemoteAccess - ok 21:19:50.0814 9264 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:19:50.0864 9264 RemoteRegistry - ok 21:19:50.0994 9264 [ BDDC447AB46625A54619808575D5CB46 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 21:19:51.0034 9264 RoxMediaDB12OEM - ok 21:19:51.0064 9264 [ CE203243ADF512540249DF9C264F12DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 21:19:51.0074 9264 RoxWatch12 - ok 21:19:51.0104 9264 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:19:51.0154 9264 RpcEptMapper - ok 21:19:51.0194 9264 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:19:51.0234 9264 RpcLocator - ok 21:19:51.0284 9264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:19:51.0324 9264 RpcSs - ok 21:19:51.0344 9264 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:19:51.0394 9264 rspndr - ok 21:19:51.0544 9264 [ 81FE3CDBA210F2DCFB451F2C24258780 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:19:51.0584 9264 RTL8167 - ok 21:19:51.0604 9264 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:19:51.0624 9264 SamSs - ok 21:19:51.0684 9264 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:19:51.0704 9264 sbp2port - ok 21:19:51.0724 9264 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:19:51.0764 9264 SCardSvr - ok 21:19:51.0784 9264 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:19:51.0834 9264 scfilter - ok 21:19:51.0874 9264 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:19:51.0954 9264 Schedule - ok 21:19:51.0984 9264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:19:52.0014 9264 SCPolicySvc - ok 21:19:52.0044 9264 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 21:19:52.0074 9264 sdbus - ok 21:19:52.0104 9264 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:19:52.0154 9264 SDRSVC - ok 21:19:52.0174 9264 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:19:52.0224 9264 secdrv - ok 21:19:52.0254 9264 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:19:52.0304 9264 seclogon - ok 21:19:52.0344 9264 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:19:52.0374 9264 SENS - ok 21:19:52.0404 9264 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:19:52.0424 9264 SensrSvc - ok 21:19:52.0434 9264 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:19:52.0444 9264 Serenum - ok 21:19:52.0474 9264 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:19:52.0504 9264 Serial - ok 21:19:52.0524 9264 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:19:52.0544 9264 sermouse - ok 21:19:52.0614 9264 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 21:19:52.0644 9264 ServiceLayer - ok 21:19:52.0674 9264 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:19:52.0724 9264 SessionEnv - ok 21:19:52.0744 9264 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 21:19:52.0774 9264 sffdisk - ok 21:19:52.0794 9264 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:19:52.0814 9264 sffp_mmc - ok 21:19:52.0824 9264 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 21:19:52.0864 9264 sffp_sd - ok 21:19:52.0894 9264 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:19:52.0914 9264 sfloppy - ok 21:19:52.0984 9264 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 21:19:53.0004 9264 SftService - ok 21:19:53.0024 9264 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:19:53.0084 9264 SharedAccess - ok 21:19:53.0114 9264 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:19:53.0164 9264 ShellHWDetection - ok 21:19:53.0194 9264 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:19:53.0204 9264 SiSRaid2 - ok 21:19:53.0214 9264 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:19:53.0234 9264 SiSRaid4 - ok 21:19:53.0254 9264 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:19:53.0304 9264 Smb - ok 21:19:53.0354 9264 [ E11C9E13E92DA6747363924CFFCBD7EF ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 21:19:53.0364 9264 SmbDrvI - ok 21:19:53.0414 9264 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:19:53.0454 9264 SNMPTRAP - ok 21:19:53.0474 9264 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:19:53.0484 9264 spldr - ok 21:19:53.0524 9264 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:19:53.0554 9264 Spooler - ok 21:19:53.0614 9264 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:19:53.0734 9264 sppsvc - ok 21:19:53.0764 9264 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:19:53.0814 9264 sppuinotify - ok 21:19:53.0864 9264 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\Windows\system32\DRIVERS\stflt.sys 21:19:53.0874 9264 sp_rsdrv2 - ok 21:19:53.0904 9264 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:19:53.0964 9264 srv - ok 21:19:53.0974 9264 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:19:54.0014 9264 srv2 - ok 21:19:54.0034 9264 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:19:54.0064 9264 srvnet - ok 21:19:54.0094 9264 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:19:54.0144 9264 SSDPSRV - ok 21:19:54.0164 9264 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:19:54.0204 9264 SstpSvc - ok 21:19:54.0274 9264 [ 24543AAF056D3AFCED3F4FF487F53C90 ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe 21:19:54.0324 9264 ST2012_Svc - ok 21:19:54.0384 9264 Steam Client Service - ok 21:19:54.0424 9264 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:19:54.0434 9264 stexstor - ok 21:19:54.0464 9264 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:19:54.0504 9264 stisvc - ok 21:19:54.0544 9264 [ 9E182DD94496550A22A392CC1A8E0F52 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 21:19:54.0554 9264 stllssvr - ok 21:19:54.0574 9264 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:19:54.0584 9264 swenum - ok 21:19:54.0604 9264 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:19:54.0664 9264 swprv - ok 21:19:54.0714 9264 [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:19:54.0764 9264 SynTP - ok 21:19:54.0804 9264 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:19:54.0884 9264 SysMain - ok 21:19:54.0914 9264 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:19:54.0934 9264 TabletInputService - ok 21:19:54.0964 9264 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:19:55.0014 9264 TapiSrv - ok 21:19:55.0054 9264 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:19:55.0104 9264 TBS - ok 21:19:55.0174 9264 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:19:55.0234 9264 Tcpip - ok 21:19:55.0314 9264 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:19:55.0354 9264 TCPIP6 - ok 21:19:55.0394 9264 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:19:55.0404 9264 tcpipreg - ok 21:19:55.0424 9264 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:19:55.0454 9264 TDPIPE - ok 21:19:55.0484 9264 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:19:55.0494 9264 TDTCP - ok 21:19:55.0524 9264 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:19:55.0554 9264 tdx - ok 21:19:55.0584 9264 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:19:55.0594 9264 TermDD - ok 21:19:55.0614 9264 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:19:55.0664 9264 TermService - ok 21:19:55.0694 9264 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys 21:19:55.0704 9264 TFsExDisk - ok 21:19:55.0735 9264 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:19:55.0765 9264 Themes - ok 21:19:55.0795 9264 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:19:55.0825 9264 THREADORDER - ok 21:19:55.0835 9264 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:19:55.0885 9264 TrkWks - ok 21:19:55.0925 9264 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:19:55.0985 9264 TrustedInstaller - ok 21:19:56.0005 9264 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:19:56.0045 9264 tssecsrv - ok 21:19:56.0075 9264 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:19:56.0125 9264 TsUsbFlt - ok 21:19:56.0165 9264 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:19:56.0205 9264 tunnel - ok 21:19:56.0225 9264 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:19:56.0235 9264 uagp35 - ok 21:19:56.0255 9264 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:19:56.0325 9264 udfs - ok 21:19:56.0375 9264 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:19:56.0505 9264 UI0Detect - ok 21:19:56.0535 9264 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:19:56.0555 9264 uliagpkx - ok 21:19:56.0575 9264 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:19:56.0605 9264 umbus - ok 21:19:56.0635 9264 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:19:56.0645 9264 UmPass - ok 21:19:56.0725 9264 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:19:56.0795 9264 UNS - ok 21:19:56.0825 9264 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:19:56.0885 9264 upnphost - ok 21:19:56.0945 9264 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 21:19:57.0005 9264 upperdev - ok 21:19:57.0035 9264 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 21:19:57.0045 9264 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 21:19:57.0045 9264 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 21:19:57.0065 9264 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:19:57.0125 9264 usbccgp - ok 21:19:57.0155 9264 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:19:57.0175 9264 usbcir - ok 21:19:57.0185 9264 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:19:57.0215 9264 usbehci - ok 21:19:57.0255 9264 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:19:57.0285 9264 usbhub - ok 21:19:57.0315 9264 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:19:57.0355 9264 usbohci - ok 21:19:57.0395 9264 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:19:57.0435 9264 usbprint - ok 21:19:57.0455 9264 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:19:57.0465 9264 usbscan - ok 21:19:57.0525 9264 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 21:19:57.0565 9264 UsbserFilt - ok 21:19:57.0615 9264 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:19:57.0665 9264 USBSTOR - ok 21:19:57.0675 9264 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:19:57.0705 9264 usbuhci - ok 21:19:57.0735 9264 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:19:57.0755 9264 usbvideo - ok 21:19:57.0785 9264 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 21:19:57.0805 9264 usb_rndisx - ok 21:19:57.0825 9264 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:19:57.0865 9264 UxSms - ok 21:19:57.0915 9264 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:19:57.0925 9264 VaultSvc - ok 21:19:57.0945 9264 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:19:57.0955 9264 vdrvroot - ok 21:19:57.0995 9264 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:19:58.0045 9264 vds - ok 21:19:58.0075 9264 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:19:58.0085 9264 vga - ok 21:19:58.0095 9264 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:19:58.0145 9264 VgaSave - ok 21:19:58.0165 9264 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:19:58.0185 9264 vhdmp - ok 21:19:58.0195 9264 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:19:58.0205 9264 viaide - ok 21:19:58.0235 9264 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:19:58.0245 9264 volmgr - ok 21:19:58.0275 9264 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:19:58.0285 9264 volmgrx - ok 21:19:58.0305 9264 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:19:58.0315 9264 volsnap - ok 21:19:58.0335 9264 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:19:58.0355 9264 vsmraid - ok 21:19:58.0465 9264 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:19:58.0585 9264 VSS - ok 21:19:58.0605 9264 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:19:58.0635 9264 vwifibus - ok 21:19:58.0655 9264 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:19:58.0685 9264 vwififlt - ok 21:19:58.0705 9264 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:19:58.0725 9264 vwifimp - ok 21:19:58.0785 9264 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:19:58.0865 9264 W32Time - ok 21:19:58.0895 9264 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:19:58.0935 9264 WacomPen - ok 21:19:58.0955 9264 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:19:59.0005 9264 WANARP - ok 21:19:59.0025 9264 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:19:59.0065 9264 Wanarpv6 - ok 21:19:59.0335 9264 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:19:59.0435 9264 wbengine - ok 21:19:59.0465 9264 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:19:59.0495 9264 WbioSrvc - ok 21:19:59.0545 9264 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 21:19:59.0565 9264 WcesComm - ok 21:19:59.0585 9264 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:19:59.0635 9264 wcncsvc - ok 21:19:59.0665 9264 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:19:59.0685 9264 WcsPlugInService - ok 21:19:59.0705 9264 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:19:59.0725 9264 Wd - ok 21:19:59.0765 9264 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:19:59.0805 9264 Wdf01000 - ok 21:19:59.0845 9264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:19:59.0945 9264 WdiServiceHost - ok 21:19:59.0955 9264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:19:59.0965 9264 WdiSystemHost - ok 21:20:00.0005 9264 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys 21:20:00.0015 9264 wdkmd - ok 21:20:00.0055 9264 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:20:00.0075 9264 WebClient - ok 21:20:00.0115 9264 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:20:00.0155 9264 Wecsvc - ok 21:20:00.0175 9264 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:20:00.0225 9264 wercplsupport - ok 21:20:00.0255 9264 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:20:00.0295 9264 WerSvc - ok 21:20:00.0315 9264 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:20:00.0355 9264 WfpLwf - ok 21:20:00.0465 9264 [ 49F06C7D5517DE53D848F38B9AE86A7C ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe 21:20:00.0505 9264 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning 21:20:00.0505 9264 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1) 21:20:00.0555 9264 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 21:20:00.0565 9264 WimFltr - ok 21:20:00.0575 9264 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:20:00.0585 9264 WIMMount - ok 21:20:00.0595 9264 WinDefend - ok 21:20:00.0605 9264 WinHttpAutoProxySvc - ok 21:20:00.0895 9264 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:20:00.0935 9264 Winmgmt - ok 21:20:01.0015 9264 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll 21:20:01.0105 9264 WinRM - ok 21:20:01.0145 9264 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:20:01.0185 9264 WinUsb - ok 21:20:01.0215 9264 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:20:01.0275 9264 Wlansvc - ok 21:20:01.0325 9264 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 21:20:01.0335 9264 wlcrasvc - ok 21:20:01.0455 9264 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:20:01.0525 9264 wlidsvc - ok 21:20:01.0825 9264 WMCoreService - ok 21:20:01.0885 9264 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:20:01.0895 9264 WmiAcpi - ok 21:20:02.0045 9264 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:20:02.0075 9264 wmiApSrv - ok 21:20:02.0115 9264 WMPNetworkSvc - ok 21:20:02.0165 9264 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:20:02.0185 9264 WPCSvc - ok 21:20:02.0205 9264 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:20:02.0225 9264 WPDBusEnum - ok 21:20:02.0235 9264 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:20:02.0285 9264 ws2ifsl - ok 21:20:02.0345 9264 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:20:02.0385 9264 wscsvc - ok 21:20:02.0385 9264 WSearch - ok 21:20:02.0505 9264 [ 7E1FE51770D0E2E02EBBC4D11113FC85 ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe 21:20:02.0525 9264 WTGService - ok 21:20:02.0595 9264 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:20:02.0665 9264 wuauserv - ok 21:20:02.0705 9264 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:20:02.0755 9264 WudfPf - ok 21:20:02.0765 9264 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:20:02.0785 9264 WUDFRd - ok 21:20:02.0805 9264 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:20:02.0835 9264 wudfsvc - ok 21:20:02.0865 9264 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:20:02.0915 9264 WwanSvc - ok 21:20:02.0945 9264 [ 498A41CE2B68D338C8D92F48B664DBBB ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys 21:20:02.0955 9264 WwanUsbServ - ok 21:20:03.0375 9264 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 21:20:03.0475 9264 ZeroConfigService - ok 21:20:03.0505 9264 ================ Scan global =============================== 21:20:03.0515 9264 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:20:03.0555 9264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:20:03.0565 9264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:20:03.0595 9264 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:20:03.0645 9264 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:20:03.0655 9264 [Global] - ok 21:20:03.0655 9264 ================ Scan MBR ================================== 21:20:03.0675 9264 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 21:20:04.0545 9264 \Device\Harddisk0\DR0 - ok 21:20:04.0545 9264 ================ Scan VBR ================================== 21:20:04.0575 9264 [ F95D22E461B4B58C3145EE1A4A67027E ] \Device\Harddisk0\DR0\Partition1 21:20:04.0575 9264 \Device\Harddisk0\DR0\Partition1 - ok 21:20:04.0585 9264 [ C845D5C8BB657EE4EBCDF33A84300C9A ] \Device\Harddisk0\DR0\Partition2 21:20:04.0595 9264 \Device\Harddisk0\DR0\Partition2 - ok 21:20:04.0595 9264 ============================================================ 21:20:04.0595 9264 Scan finished 21:20:04.0595 9264 ============================================================ 21:20:04.0595 8748 Detected object count: 5 21:20:04.0595 8748 Actual detected object count: 5 21:20:41.0466 8748 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user 21:20:41.0466 8748 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:20:41.0466 8748 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 21:20:41.0466 8748 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:20:41.0466 8748 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:20:41.0466 8748 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:20:41.0466 8748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 21:20:41.0466 8748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:20:41.0466 8748 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user 21:20:41.0466 8748 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
15.06.2013, 13:50
| #11 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 20:24
| #12 |
| | GVU Trojaner (Rechner läuft aber noch) Hallo Markus, vielen Dank schon mal für die Zeit, die Du bisher geopfert hast. bin ja mal gespannt, wie das ausgeht. Hier das Ergebnis von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-15.01 - *** 15.06.2013 21:08:48.1.8 - x64
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\5e1499b7-780b-4b0e-8240-0221e699a647.dll
c:\programdata\PCDr\6261\AddOnDownloaded\7a273375-a427-45b1-8925-a4fd3312f55b.dll
c:\programdata\Roaming
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-15 bis 2013-06-15 ))))))))))))))))))))))))))))))
.
.
2013-06-14 11:56 . 2013-06-14 11:56 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A231FA-2360-48EC-8B61-5DC1B9A36E8B}\offreg.dll
2013-06-14 11:55 . 2013-06-14 11:55 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-06-14 11:55 . 2013-06-14 15:42 -------- d-----w- c:\programdata\Spyware Terminator
2013-06-14 11:55 . 2013-06-14 11:55 -------- d-----w- c:\users\***\AppData\Roaming\Spyware Terminator
2013-06-14 11:55 . 2013-06-14 11:55 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-06-14 09:23 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A231FA-2360-48EC-8B61-5DC1B9A36E8B}\mpengine.dll
2013-06-11 22:02 . 2013-06-11 22:09 -------- d-----w- c:\programdata\HitmanPro
2013-06-11 21:09 . 2013-06-11 21:09 -------- d-----w- c:\programdata\imkn
2013-06-11 19:08 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-11 19:04 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-01 20:03 . 2013-06-01 20:03 -------- d-----w- c:\users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-06-01 19:54 . 2013-06-01 20:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-05-25 17:27 . 2013-05-25 17:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 17:27 . 2013-05-25 17:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 17:27 . 2013-05-25 17:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 17:27 . 2013-05-25 17:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 17:27 . 2013-05-25 17:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 17:27 . 2013-05-25 17:27 -------- d-----w- c:\program files (x86)\QuickTime
2013-05-24 21:28 . 2013-06-01 13:33 -------- d-----w- c:\program files\My Dell
2013-05-23 19:55 . 2013-05-23 19:55 -------- d-----w- c:\windows\SysWow64\NV
2013-05-23 19:55 . 2013-05-23 19:55 -------- d-----w- c:\windows\system32\NV
2013-05-23 19:53 . 2013-02-25 05:27 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-05-23 19:53 . 2013-02-25 05:27 194848 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-05-23 19:53 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-05-21 19:15 . 2013-05-21 19:15 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-21 19:15 . 2013-05-21 19:15 -------- d-----w- c:\program files\iTunes
2013-05-21 19:15 . 2013-05-21 19:15 -------- d-----w- c:\program files (x86)\iTunes
2013-05-21 19:15 . 2013-05-21 19:15 -------- d-----w- c:\program files\iPod
2013-05-20 12:10 . 2013-05-20 12:10 -------- d-----w- c:\program files (x86)\SilverFast Application
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 19:58 . 2012-06-10 15:53 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 19:58 . 2011-06-15 18:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 19:58 . 2013-05-15 06:58 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 19:10 . 2011-03-19 19:02 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 17:15 . 2012-11-16 11:00 123904 ----a-w- c:\windows\system32\drivers\cmnuusbser.sys
2013-05-15 17:15 . 2012-11-16 11:00 117888 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2013-05-15 17:15 . 2012-11-16 11:00 63648 ----a-w- c:\windows\system32\drivers\smsbda.sys
2013-05-15 17:15 . 2012-11-16 11:00 141824 ----a-w- c:\windows\system32\drivers\cmntnet.sys
2013-05-15 17:15 . 2012-11-16 11:00 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
2013-05-15 17:15 . 2012-11-16 11:00 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
2013-05-15 17:15 . 2012-11-16 11:00 112640 ----a-w- c:\windows\system32\drivers\cm_net32.sys
2013-05-15 17:15 . 2012-11-16 11:00 103680 ----a-w- c:\windows\system32\drivers\cm_ser32.sys
2013-05-12 21:42 . 2012-10-08 09:42 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-05-12 21:42 . 2011-03-16 01:20 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2011-03-16 01:20 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-05-12 21:42 . 2011-03-16 01:20 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-05-12 21:42 . 2011-03-16 01:19 2935696 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-12 20:34 . 2011-02-18 10:19 6491936 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2011-02-18 10:19 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2011-02-18 10:19 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2011-02-18 10:19 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2010-11-29 04:35 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2011-02-18 10:19 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-05-12 20:34 . 2011-02-18 10:19 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-12 20:34 . 2011-02-18 10:19 1025312 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-05-12 06:06 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 14:13 . 2011-02-18 10:19 3165737 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-07 17:40 . 2013-05-07 17:41 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-05 20:04 . 2013-05-05 20:04 73728 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-05-05 20:04 . 2013-05-05 20:04 73728 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-05-05 20:04 . 2013-05-05 20:04 53248 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2013-05-05 20:04 . 2013-05-05 20:04 49152 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2013-05-05 20:04 . 2013-05-05 20:04 49152 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2013-05-02 00:06 . 2011-03-18 23:21 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-23 12:32 . 2013-04-23 12:32 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 12:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:05 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-12 12:50 . 2013-04-12 12:50 5268480 ----a-w- c:\windows\system32\MF5000_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50 5268480 ------w- c:\windows\SysWow64\MF5000_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50 5165568 ----a-w- c:\windows\system32\PF7250PRO3_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50 5165568 ------w- c:\windows\SysWow64\PF7250PRO3_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50 5192192 ----a-w- c:\windows\system32\DD6000_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50 5192192 ------w- c:\windows\SysWow64\DD6000_x64.dll
2013-04-12 12:48 . 2013-04-12 12:48 3712512 ----a-w- c:\windows\system32\PF7250PRO3.dll
2013-04-12 12:48 . 2013-04-12 12:48 3712512 ------w- c:\windows\SysWow64\PF7250PRO3.dll
2013-04-12 12:26 . 2013-04-12 12:26 3734528 ----a-w- c:\windows\system32\DD6000.dll
2013-04-12 12:26 . 2013-04-12 12:26 3734528 ------w- c:\windows\SysWow64\DD6000.dll
2013-04-12 12:24 . 2013-04-12 12:24 3817472 ----a-w- c:\windows\system32\MF5000.dll
2013-04-12 12:24 . 2013-04-12 12:24 3817472 ------w- c:\windows\SysWow64\MF5000.dll
2013-04-10 06:01 . 2013-05-15 12:05 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 12:05 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 12:04 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-08 19:47 . 2013-04-08 19:52 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-08 19:47 . 2013-04-08 19:52 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-08 19:47 . 2013-04-08 19:52 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-11 19:24 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-15 12:05 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-15 12:05 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-11 19:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 19:24 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 19:24 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 19:24 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 19:24 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys;c:\windows\SYSNATIVE\DRIVERS\cmntnet.sys [x]
S3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnuusbser.sys [x]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys;c:\windows\SYSNATIVE\DRIVERS\d554gps64.sys [x]
S3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys;c:\windows\SYSNATIVE\DRIVERS\d554scard.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Mbm3CBus;Dell Wireless 5540 HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 14586479
*NewlyCreated* - SP_RSDRV2
*Deregistered* - 14586479
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 20:32]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 19:04]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 19:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Preispiratensuche nach markiertem Text - c:\\Program Files (x86)\\Preispiraten6\\preispiraten.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\aumr8uax.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Tomb Raider III - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-15 21:20:41
ComboFix-quarantined-files.txt 2013-06-15 19:20
.
Vor Suchlauf: 13 Verzeichnis(se), 276.011.048.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 275.673.542.656 Bytes frei
.
- - End Of File - - 43B929E616E1563B7F36ED99F01F6F33
5C616939100B85E558DA92B899A0FC36 |
|
16.06.2013, 18:55
| #13 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 06:08
| #14 |
| | GVU Trojaner (Rechner läuft aber noch) Hi Markus, der Suchlauf mit Malwarebytes brachte keinen Fund. Mittlerweile erscheinen auf meinem Rechner ständig die Datei-Endungen, die ja standardmäßig unterdrückt sind. So heißen meine Fotos, die bisher nur nummeriert waren, jetzt z.B. 234.jpg Auch werde ich jetzt vom IE dauernd darauf hingewiesen, dass ich im Begriff bin, mir Seiten über eine sichere Verbindung anzeigen zu lassen. Das sind alles so kleine Veränderungen, die ich nicht eingerichtet habe, jetzt aber plötzlich auftauchen. Hast Du ne Erklärung dafür??? Hier das Ergebnis von Malwarebyte: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 *** :: ***-PC [Administrator] Schutz: Aktiviert 16.06.2013 23:05:08 mbam-log-2013-06-16 (23-05-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 496905 Laufzeit: 1 Stunde(n), 29 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Schöne Grüße Ralf Geändert von Bonner (17.06.2013 um 06:14 Uhr) |
|
17.06.2013, 13:46
| #15 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner (Rechner läuft aber noch) |
| anderen, antivir, beendet, board, ergebnisse, folgende, funktioniert, geblockt, lösung, nicht mehr, probleme, quarantäne, rechner, registry, seite, spyware, taskmanager, tr/dldr.nymaim.b.69, tr/drop.xpaj.a, trojaner, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
