Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: CouponDropDown Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2013, 14:56   #1
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Hallo,

seit etwa einer Woche plage ich mich nun schon mit dem sogenannten "CouponDropDown Virus" herum. (Hier eine kurze Erklärung: hxxp://www.2-removevirus.com/de/entfernen-coupondropdown-virus/ )
Da er meinen PC extrem verlangsamt, bin es nun langsam leid, dass ich ihn nicht loswerde.
Mein McAffee entdeckt ihn nicht und die Programme, wie SpyHunter oder Spyware Terminator 2012, die den Virus angeblich erkennen sollen, löschen diesen nur wenn man die Vollversion kauft. Klingt aber irgendwie nach Geldabzocke, dieser Virus.
Ich habe im Internet noch 2 weitere Möglichkeiten gefunden, durch die der Virus angeblich gelöscht werden soll - dennoch funktionieren beide bei mir nicht.
Das wäre zum 1. bei Google Chrome über Tools -> Erweiterungen und dort "CouponDropDown" entfernen. Diese Variante konnte ich nicht durchführen, weil es die sog. Erweiterung bei mir nicht gab.

Dasselbe Problem hatte ich bei der 2. Variante:
"Remove browser Hijacks


Note: All your browsers will likely be hooked by the adware. As a result, you have to remove the CouponDropDown extension or add-on in each browser. You may or may not have the following add-ons. If you do, remove them as well.

CouponDropDown
FBPhotoZoom
GoPhoto.it
HDvid Codec
IB Updater
OneClickDownload
OneClickDownloader
Online HD TV
PutLockerDownloader
StartNow
TornTV
TorrentHandler
Yontoo
ZoomIt"
(hxxp://malwaretips.com/Thread-How-to-remove-CouponDropDown-Uninstall-Guide)
Nicht ein einziges von diesen Programmen fand ich.


-Ich hoffe ich habe jetzt alles wichtiges erwähnt.

Freue mich über Hilfe!
MfG
Soph6297

Alt 04.07.2013, 15:05   #2
markusg
/// Malware-holic
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.07.2013, 17:08   #3
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Hallo!
Danke für die schnelle Hilfe

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.07.2013 16:17:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mustermann\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,51% Memory free
3,98 Gb Paging File | 2,50 Gb Available in Paging File | 62,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,59 Gb Total Space | 137,64 Gb Free Space | 62,11% Space Free | Partition Type: NTFS
 
Computer Name: MUSTERMANNS-PC | User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mustermann\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Windows\System32\jmdp\stij.exe ()
PRC - C:\Windows\System32\dmwu.exe ()
PRC - C:\Programme\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\mcafee\systemcore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
PRC - C:\Programme\Bamboo Dock\BambooCore.exe ()
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.)
PRC - C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\mcafee\core\mchost.exe (McAfee, Inc.)
PRC - C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Programme\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Atheros\Ath_CoexAgent.exe (Atheros)
PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.)
PRC - C:\Programme\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications)
PRC - C:\Programme\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
PRC - C:\Programme\Atheros\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
PRC - C:\Programme\Dell\duo Stage\duoStage.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\System32\jmdp\stij.exe ()
MOD - C:\Windows\System32\jmdp\lmrn.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\System32\jmdp\sqlite3.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Bamboo Dock\BambooCore.exe ()
MOD - C:\Programme\Bamboo Dock\BambooWinTab.dll ()
MOD - C:\Programme\Tablet\Pen\libxml2.dll ()
MOD - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\AccMagDriver.dll ()
MOD - C:\Programme\Dell\duo Stage\de-DE\UI\MiniStageUI.dll ()
MOD - C:\Programme\Dell\duo Stage\QtGui4.dll ()
MOD - C:\Programme\Dell\duo Stage\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtSql4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtCore4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtNetwork4.dll ()
MOD - C:\Programme\Dell\duo Stage\QtXml4.dll ()
MOD - C:\Programme\Dell\duo Stage\kgl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (IB Updater) -- C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
SRV - (WTabletServiceCon) -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV - (McODS) -- C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (AdobeActiveFileMonitor11.0) -- C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Programme\Atheros\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
SRV - (CxUSBDock) -- C:\Windows\System32\CxUSBDock32.exe (Conexant Systems Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (McAWFwk) -- c:\Programme\McAfee\msc\McAWFwk.exe (McAfee, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (wacomvhid) -- system32\DRIVERS\wacomvhid.sys File not found
DRV - (wacommousefilter) -- system32\DRIVERS\wacommousefilter.sys File not found
DRV - (mfeavfk01) --  File not found
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (WacHidRouter) -- C:\Windows\System32\drivers\wachidrouter.sys (Wacom Technology)
DRV - (hidkmdf) -- C:\Windows\System32\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV - (wacomrouterfilter) -- C:\Windows\System32\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros)
DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros)
DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros)
DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros)
DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros)
DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (LSM303DLH) -- C:\Windows\System32\drivers\LSM303DLH.sys (STMicroelectronics)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (QWARQNet) -- C:\Windows\System32\drivers\QWARQNet.sys (ConnectSoft, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AX88178) -- C:\Windows\System32\drivers\ax88178.sys (ASIX Electronics Corp.)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {2DFABFBF-D2BD-4C9D-A6E9-746AD71AF001}
IE - HKLM\..\SearchScopes\{2DFABFBF-D2BD-4C9D-A6E9-746AD71AF001}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.neopets.com/index.phtml
IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyXGrdoBl&i=26
IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\..\SearchScopes\{EEB58F62-A789-46C8-B604-D53ADCF995DB}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-4097651500-996847305-4119585860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013.07.02 02:07:35 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.07.02 02:06:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.07.02 02:06:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.07.02 02:07:11 | 000,000,000 | ---D | M]
 
[2012.03.04 00:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: hxxp://iumen.deviantart.com/art/Artist-Switch = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjdglknfedaglpkidjhikljomnapnho\2013.6.6.45291_0\
CHR - Extension: YouTube = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IB Updater = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0\
CHR - Extension: New Tab for Chrome = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Google Mail = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Programme\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Dell Magneto Popup] C:\Programme\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe (STMicroelectronics)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Syncables] C:\Programme\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKU\S-1-5-21-4097651500-996847305-4119585860-1000..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-4097651500-996847305-4119585860-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4097651500-996847305-4119585860-1000..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Programme\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A328656F-58B9-4C95-A9BB-A858ACCD8DF3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2568eefe-e8f9-11e1-ba48-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{2568eefe-e8f9-11e1-ba48-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2568ef14-e8f9-11e1-ba48-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{2568ef14-e8f9-11e1-ba48-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{720ddab4-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{720ddab4-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{720ddab8-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{720ddab8-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{720ddae7-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{720ddae7-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{720ddaed-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{720ddaed-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{720ddb0f-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{720ddb0f-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{720ddb13-b8da-11e2-83bc-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{720ddb13-b8da-11e2-83bc-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f4f744a0-9b52-11e0-a349-0a00560228e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f4f744a0-9b52-11e0-a349-0a00560228e1}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{f4f744a0-9b52-11e0-a349-0a00560228e1}\Shell\setup\command - "" = D:\setup.exe
O33 - MountPoints2\{fad1d874-a025-11e1-adb5-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{fad1d874-a025-11e1-adb5-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{fad1d87d-a025-11e1-adb5-e0b9a51263aa}\Shell - "" = AutoRun
O33 - MountPoints2\{fad1d87d-a025-11e1-adb5-e0b9a51263aa}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\D\Shell\setup\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - C:\Windows\system32\wscript.exe "C:\Program Files\Dell\duo Stage\PinItem.vbs"
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.04 14:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.07.04 14:02:36 | 000,000,000 | R--D | C] -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.07.03 17:48:07 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\WTablet
[2013.07.03 12:01:32 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.07.03 12:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2013.07.02 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
[2013.07.02 22:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Purplehills
[2013.07.02 21:46:42 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Wildlife Park 2 - Abenteuer auf der Ranch
[2013.07.02 21:46:42 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
[2013.07.02 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Wildlife Park 2
[2013.07.02 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2
[2013.07.01 07:26:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Spyware Terminator
[2013.07.01 07:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.07.01 07:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.07.01 07:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2013.06.30 20:21:24 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.06.30 20:21:20 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.06.30 20:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.11 21:07:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
[2013.06.10 17:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.06.10 14:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.06.10 14:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Users\Mustermann\Desktop\*.tmp files -> C:\Users\Mustermann\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.04 16:42:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000UA.job
[2013.07.04 16:33:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.04 14:09:33 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 14:09:33 | 000,021,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 14:01:56 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.07.04 14:01:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.07.04 14:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.04 14:00:27 | 1601,069,056 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.03 21:18:33 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000Core.job
[2013.07.03 12:08:56 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk
[2013.07.02 10:59:09 | 000,002,375 | ---- | M] () -- C:\Users\Mustermann\Desktop\Google Chrome.lnk
[2013.06.16 17:52:40 | 000,901,752 | ---- | M] () -- C:\Users\Mustermann\Desktop\Stolpersteine.png
[2013.06.15 17:09:06 | 000,000,132 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
[2013.06.12 20:42:45 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.12 20:42:45 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.12 20:42:45 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.12 20:42:45 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.10 17:34:00 | 000,002,006 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Users\Mustermann\Desktop\*.tmp files -> C:\Users\Mustermann\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.03 12:08:56 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk
[2013.06.16 17:52:34 | 000,901,752 | ---- | C] () -- C:\Users\Mustermann\Desktop\Stolpersteine.png
[2013.06.10 14:37:36 | 000,002,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.06.10 14:37:18 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.14 12:20:04 | 000,000,132 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
[2013.01.25 16:54:21 | 000,008,259 | ---- | C] () -- C:\Users\Mustermann\.recently-used.xbel
[2012.12.19 20:08:03 | 001,156,400 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.12.19 20:08:03 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.02.03 17:28:26 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012.02.03 17:28:26 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.07.03 17:58:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.19 18:51:36 | 000,007,168 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2013.07.01 19:44:14 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.24 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Ambient Design
[2013.01.25 23:25:51 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\com.gugga.radiomini
[2013.05.05 15:00:39 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2013.07.04 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\go
[2013.07.02 02:08:51 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\gtk-2.0
[2012.02.03 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PC Suite
[2011.07.03 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PCDr
[2012.03.29 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PlayFirst
[2013.07.02 02:08:55 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Primtext
[2012.02.03 17:27:35 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Samsung
[2013.07.01 07:26:58 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Spyware Terminator
[2012.12.19 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\SYSTEMAX Software Development
[2012.12.07 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\TeamViewer
[2012.12.12 15:15:20 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Wacom
[2012.07.20 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013.07.02 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2
[2013.07.02 21:46:42 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.13 13:22:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.07.02 02:06:08 | 000,000,000 | ---D | M] -- C:\dell
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.06.19 10:17:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.08 23:28:08 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.06.05 05:01:12 | 000,000,000 | ---D | M] -- C:\Intel
[2011.07.03 16:50:34 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.02 22:11:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.02 01:10:08 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.06.19 10:17:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.06.30 20:22:17 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2011.06.19 10:50:02 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2013.07.04 16:32:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.13 15:08:22 | 000,000,000 | ---D | M] -- C:\Temp
[2013.07.02 02:13:11 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.04 13:58:16 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 23:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.09.08 14:48:10 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000Core.job
[2011.09.08 14:48:10 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000UA.job
[2013.06.10 14:37:18 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.06.08 17:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\drivers\iaStor.sys
[2010.06.08 17:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_20f8d1b2e876a71d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2012.07.20 13:44:19 | 000,000,002 | ---- | M] () -- C:\Users\Mustermann\.bdockinstall.log
[2013.01.25 16:54:21 | 000,008,259 | ---- | M] () -- C:\Users\Mustermann\.recently-used.xbel
[2013.07.04 17:48:14 | 002,883,584 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat
[2013.07.04 17:48:14 | 000,262,144 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG1
[2011.06.19 10:18:05 | 000,000,000 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG2
[2011.06.19 11:00:50 | 000,065,536 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.06.19 11:00:50 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.06.19 11:00:50 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.07.01 22:25:49 | 000,065,536 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat{842bd426-e275-11e2-9353-e0b9a51263aa}.TM.blf
[2013.07.01 22:25:49 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat{842bd426-e275-11e2-9353-e0b9a51263aa}.TMContainer00000000000000000001.regtrans-ms
[2013.07.01 22:25:49 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat{842bd426-e275-11e2-9353-e0b9a51263aa}.TMContainer00000000000000000002.regtrans-ms
[2011.06.19 10:18:05 | 000,000,020 | -HS- | M] () -- C:\Users\Mustermann\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


Extra.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.07.2013 16:17:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mustermann\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,51% Memory free
3,98 Gb Paging File | 2,50 Gb Available in Paging File | 62,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,59 Gb Total Space | 137,64 Gb Free Space | 62,11% Space Free | Partition Type: NTFS
 
Computer Name: MUSTERMANNS-PC | User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07122FFF-7D0E-4282-BC22-EC5EED86F747}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0BB83FC6-ECA7-4DEF-B61F-5E498D1A40EB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0DFF9405-2C9B-45D2-8D2C-A310CE6FFF20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1EF5769A-D6AD-49EA-9629-86B01A205349}" = lport=445 | protocol=6 | dir=in | app=system | 
"{218201C2-81F3-47C0-8171-AAE3819E1C92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{40AB3D47-03D7-435C-9A9D-1BEFB6DDF52C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5348A3E6-4FAA-4632-A97F-5F83704F6ABE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{57C356A2-EB1A-41E8-B630-0C37C0DFBE52}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{5F11058D-CA7F-4656-B7EC-1462AE98F461}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{669D366C-DCF3-4BD2-BB06-73E1E47541E0}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{6901AB43-08E1-4AD4-890A-45F81CB3A465}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CE525DA-6CFF-43C8-ABAB-B5F9B3D2868F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{80EF0D74-EA40-4033-BA4B-55A295A24126}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{82F3B916-E40A-4187-80B8-30C71B4D60A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8889A3DD-D5AF-49E3-811E-4117A5688CD9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{90D9A153-3567-4613-876C-1EC069B19726}" = rport=139 | protocol=6 | dir=out | app=system | 
"{96CE5638-EF03-4D8E-9CC3-9CC05E4D9C2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98C048E5-03A6-4DDD-AE7F-AFB8A4FFB483}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A998FE3A-A108-4779-85E1-A5C4F354265F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AA55D6EB-FCC9-4898-8196-CE01DBEB4B62}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CB1CFB88-B9EF-4D97-B511-156C018AAE8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CFB6CA49-DF30-4471-A6D4-E75AC501E708}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{D0D83B1D-DAD5-4CB7-BB66-633E576324BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBBB60BC-8581-4253-9C1E-1701E4246A54}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DE5D5399-0642-4131-89B3-6DD46DDF90F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{F87EA2FE-1AE3-4FE9-BCF6-6EF4D1EFC85C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FD6E7BE7-1BD8-4945-9322-74DC609D328C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09170FB6-5A70-457B-9EFB-0413E5EE941A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{0E826D40-FC9A-4B94-8720-737A76A7B81A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{16B03F67-710B-4ED2-B266-E75F888B2053}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{1CF346DF-4616-4356-B964-6613EDB1F18D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{28121647-B58E-492B-A992-5F7EE36B33E7}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{2E6A96C5-2757-45A6-8297-CC2D74384C90}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{30B3898F-8494-4CB8-ABC5-81BE0D1FB605}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{33FF3D45-B798-4C9B-A760-A23305D34E8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{452C79FA-C22E-4240-9581-06F787014D7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4824EA28-0247-4C4D-BE12-6871900CDF47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49039E79-C2D3-443B-960F-38E5EDDD75B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4950184B-39C1-46D0-940B-9150CE3BB835}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{4D9EF57C-809B-4C53-A6FB-74F781E02241}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4F6DBB45-F8ED-4511-A994-FB4EAD9E4EB9}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{5A39AEB3-7B26-4A2C-AF38-7FB2A4A7280D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6474D954-8F8B-4833-A2FE-4A575D918E23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{68D6EE7A-52E7-4A40-8DD9-CD6C6A94E548}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{817D5384-B20D-4288-9CF8-A22996D33BC5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{8FE35A85-9829-4548-B547-7CE2CBC6B9BE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{97ECC1B8-5ACA-4AA2-A868-165BFF85E4AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C379598-00B5-4944-88B7-15ED848D5C40}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A4A47622-C4E4-4415-9890-2EF372056CFD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B0EC86A5-3F9C-43D9-B22B-F1CB037F8A44}" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{B3B994D5-98B1-4B50-A9BA-33962DE62969}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BD0E34C8-9E4B-4715-8A37-12F93A887616}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{BE070EBD-8D90-485B-B60E-1F8B2C5DE78F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BED52022-72AF-4B6D-8DDD-D84C5B9D283C}" = protocol=6 | dir=out | app=system | 
"{D0279614-00A1-4BCA-ADD8-221B55558B84}" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"{D37EFA4B-9D7B-4D94-B6BE-81A15224BD34}" = dir=in | app=c:\program files\dell\videostage\videostage.exe | 
"{D683096D-A71F-4BD5-A72B-7ECA18BB69FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DBD6D2EB-05EF-4EF0-8E94-D029514A0FD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFF105E7-541D-47F2-8269-6D758FEC880D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{E45E2A50-DD81-4BE9-9801-3F049EBF193F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{E5B22977-4720-4AE1-9196-9D0740216366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6598143-6CC0-4303-B3E6-C1AE61CA5F53}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6863162-E6F1-48B8-819C-10AFD625D480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E755FF01-15CD-46B7-8867-49E82C5C8EAA}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{ED4CCBEE-03C8-4046-A4FB-42E47EC1996D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EEDCE3FC-322B-4AAD-9C9E-4B4B86F1064D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F6886979-02AC-46AD-9FAB-70AFC476A52D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{FFD0F031-DA78-43BB-A3DC-C7B79A7AA848}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"TCP Query User{257C8F15-00AD-4A99-A4B6-FC701ED5B0C1}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{5558EC8A-FC0C-400F-940B-E0CB76AFF8D6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{E2651483-BBF9-4EB5-BC92-39AA5A11D12F}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{8A795E0D-5CA8-4D78-A26E-8A42FB3E9183}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{8B414ACB-D7F4-429B-B238-D2D4891B7D58}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{F4BB5DB4-3C2C-4874-8F6F-E6129BFE96C0}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{068E5E60-C039-4706-AB3D-F9589B8BACA2}" = WolfQuest
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.575
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F92C742-08BE-9C7A-DF0C-3E1CD06C46C2}" = Sumo Paint Bamboo 2.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{7082E27E-2637-4ED5-9156-E19B57A3B5B0}" = ArtRage Studio Pro
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A855F2D-24D4-4B93-BFA9-824289902063}" = Dell duo Stage
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{862892F1-2158-451D-82EC-4112E5DD8A93}" = Accelerometer-Magnetometer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CA856-294B-484A-BCFB-A8AA542D297F}" = syncables desktop
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2312A99-3F31-4ED0-854D-61424B78B0F7}" = Broadcom CrystalHD Decoder
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B70C64B3-0F06-4A9C-900E-CF95CBD5B9FA}" = Primtext
"{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"{BEBD8B5B-2EC8-6489-1585-47B78EA6832A}" = Bamboo Dock
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCA7747-0813-AEBA-886F-732E1CBD79EA}" = MoodTuner
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D9FE1AFC-8C6D-484F-B3FD-E50780153234}" = Evernote
"{DBA77958-961F-4161-A094-2E7CD5CD974F}" = Dell duo Station
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FD271FAB-2F69-6983-A6A4-828F357940C4}" = Livebrush Mini
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Bamboo Dock" = Bamboo Dock
"Cellosoft JTablet 2" = Cellosoft JTablet 1.2.5-alpha
"Christmas Magic" = Christmas Magic
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.gugga.radiomini" = MoodTuner
"com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1" = Livebrush Mini
"com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1" = Sumo Paint Bamboo 2.2
"Dell Webcam Central" = Dell Webcam Central
"EADM" = EA Download Manager
"eyrie_screensaver" = eyrie_screensaver
"FarmFrenzy" = FarmFrenzy
"Fiesta Online DE" = Fiesta Online DE 1.04.053
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{BB2D820C-76AF-4CEE-9AE0-70E64B2784DA}" = Qwarq
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSC" = McAfee SecurityCenter
"PaintToolSAI" = PaintTool SAI Ver.1
"Pen Tablet Driver" = Wacom
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold!
"softonic" = Softonic toolbar  on IE and Chrome
"SRS Premium Sound APO for Conexant USB Audio" = SRS Premium Sound APO for Conexant USB Audio
"STANDARD" = Microsoft Office Standard 2007
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TSR Watermark Image - Free version_is1" = TSR Watermark Image software version 2.3.4.1 - Free version
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live Essentials
"WNLT" = IB Updater Service
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4097651500-996847305-4119585860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = GameXN GO
"Google Chrome" = Google Chrome
"JoinMe" = join.me
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.03.2013 08:47:37 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.03.2013 08:55:12 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.03.2013 10:17:04 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2013 10:29:38 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.03.2013 15:55:03 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.03.2013 08:57:00 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.03.2013 06:46:22 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 06:21:44 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 15:59:43 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 10:06:40 | Computer Name = Mustermanns-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Dell Events ]
Error - 05.07.2011 14:04:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.07.2011 14:04:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.07.2011 14:14:54 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 05.07.2011 14:14:54 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 06.07.2011 13:46:24 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 06.07.2011 13:46:24 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.07.2011 14:42:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.07.2011 14:42:42 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 13.07.2011 08:42:06 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 13.07.2011 08:42:06 | Computer Name = Mustermanns-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ Media Center Events ]
Error - 19.06.2011 12:46:04 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0
Description = 18:46:04 - Fehler beim Herstellen der Internetverbindung.  18:46:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.07.2011 13:56:07 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0
Description = 19:55:57 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)  
 
Error - 14.07.2011 07:46:18 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0
Description = 13:46:18 - Fehler beim Herstellen der Internetverbindung.  13:46:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2011 07:46:30 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0
Description = 13:46:23 - Fehler beim Herstellen der Internetverbindung.  13:46:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.08.2011 05:39:02 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0
Description = 11:39:02 - Fehler beim Herstellen der Internetverbindung.  11:39:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.08.2011 05:39:14 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0
Description = 11:39:07 - Fehler beim Herstellen der Internetverbindung.  11:39:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.08.2011 06:37:01 | Computer Name = Mustermanns-PC | Source = MCUpdate | ID = 0
Description = 12:36:59 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
[ OSession Events ]
Error - 14.10.2011 15:21:40 | Computer Name = Mustermanns-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 676
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 08.04.2012 16:32:30 | Computer Name = Mustermanns-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3763
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 04.07.2013 08:01:56 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 04.07.2013 08:03:01 | Computer Name = Mustermanns-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 04.07.2013 08:03:01 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 04.07.2013 08:03:01 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 04.07.2013 08:03:08 | Computer Name = Mustermanns-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 04.07.2013 08:03:09 | Computer Name = Mustermanns-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 04.07.2013 08:03:08 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 04.07.2013 08:03:08 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 04.07.2013 08:03:09 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 04.07.2013 08:03:09 | Computer Name = Mustermanns-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
 
< End of report >
         
--- --- ---

MfG
__________________
__________________

Alt 04.07.2013, 17:22   #4
markusg
/// Malware-holic
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2013, 22:06   #5
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Weiter gehts:

PHP-Code:
23:00:20.0077 5496  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23
:00:22.0117 5496  ============================================================
23:00:22.0117 5496  Current date time2013/07/04 23:00:22.0117
23
:00:22.0118 5496  SystemInfo:
23:00:22.0118 5496  
23
:00:22.0118 5496  OS Version6.1.7601 ServicePack1.0
23
:00:22.0118 5496  Product typeWorkstation
23
:00:22.0119 5496  ComputerNameMustermannS-PC
23
:00:22.0120 5496  UserNameMustermann
23
:00:22.0120 5496  Windows directoryC:\Windows
23
:00:22.0120 5496  System windows directoryC:\Windows
23
:00:22.0120 5496  Processor architectureIntel x86
23
:00:22.0120 5496  Number of processors4
23
:00:22.0120 5496  Page size0x1000
23
:00:22.0120 5496  Boot typeNormal boot
23
:00:22.0120 5496  ============================================================
23:00:24.0493 5496  Drive \Device\Harddisk0\DR0 Size0x3A38B2E000 (232.89 Gb), SectorSize0x200Cylinders0x76C1SectorsPerTrack0x3FTracksPerCylinder0xFFType 'K0'Flags 0x00000050
23
:00:24.0570 5496  ============================================================
23:00:24.0570 5496  \Device\Harddisk0\DR0:
23:00:24.0579 5496  MBR partitions:
23:00:24.0579 5496  \Device\Harddisk0\DR0\Partition1MBRType 0x7StartLBA 0x14000BlocksNum 0x1680000
23
:00:24.0579 5496  \Device\Harddisk0\DR0\Partition2MBRType 0x7StartLBA 0x1694000BlocksNum 0x1BB30000
23
:00:24.0579 5496  ============================================================
23:00:24.0740 5496  C: <-> \Device\Harddisk0\DR0\Partition2
23
:00:24.0781 5496  ============================================================
23:00:24.0781 5496  Initialize success
23
:00:24.0781 5496  ============================================================
23:00:57.0600 7404  ============================================================
23:00:57.0600 7404  Scan started
23
:00:57.0600 7404  ModeManualSigCheckTDLFS
23:00:57.0600 7404  ============================================================
23:00:58.0981 7404  ================ Scan system memory ========================
23:00:58.0982 7404  System memory ok
23
:00:58.0983 7404  ================ Scan services =============================
23:00:59.0879 7404  1B133875B8AA8AC48969BD3458AFE9F5 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23
:01:00.0290 7404  1394ohci ok
23
:01:00.0383 7404  CEA80C80BED809AA0DA6FEBC04733349 ACPI            C:\Windows\system32\drivers\ACPI.sys
23
:01:00.0468 7404  ACPI ok
23
:01:00.0507 7404  79D6B28027C398B728CE7CD0570248B0 acpials         C:\Windows\system32\DRIVERS\acpials.sys
23
:01:00.0629 7404  acpials ok
23
:01:00.0682 7404  1EFBC664ABFF416D1D07DB115DCB264F AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23
:01:00.0857 7404  AcpiPmi ok
23
:01:01.0080 7404  835CE0647E4E9F01BEB26201DA6705B4 AdobeActiveFileMonitor11.0 C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
23
:01:01.0161 7404  AdobeActiveFileMonitor11.0 ok
23
:01:01.0291 7404  9915504F602D277EE47FD843A677FD15 AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23
:01:01.0351 7404  AdobeFlashPlayerUpdateSvc ok
23
:01:01.0417 7404  21E785EBD7DC90A06391141AAC7892FB adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23
:01:01.0509 7404  adp94xx ok
23
:01:01.0576 7404  0C676BC278D5B59FF5ABD57BBE9123F2 adpahci         C:\Windows\system32\drivers\adpahci.sys
23
:01:01.0657 7404  adpahci ok
23
:01:01.0746 7404  7C7B5EE4B7B822EC85321FE23A27DB33 adpu320         C:\Windows\system32\drivers\adpu320.sys
23
:01:01.0808 7404  adpu320 ok
23
:01:01.0875 7404  8B5EEFEEC1E6D1A72A06C526628AD161 AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23
:01:02.0270 7404  AeLookupSvc ok
23
:01:02.0356 7404  9EBBBA55060F786F0FCAA3893BFA2806 AFD             C:\Windows\system32\drivers\afd.sys
23
:01:02.0526 7404  AFD ok
23
:01:02.0588 7404  507812C3054C21CEF746B6EE3D04DD6E agp440          C:\Windows\system32\drivers\agp440.sys
23
:01:02.0672 7404  agp440 ok
23
:01:02.0770 7404  8B30250D573A8F6B4BD23195160D8707 aic78xx         C:\Windows\system32\drivers\djsvs.sys
23
:01:02.0823 7404  aic78xx ok
23
:01:02.0921 7404  18A54E132947CD98FEA9ACCC57F98F13 ALG             C:\Windows\System32\alg.exe
23
:01:03.0046 7404  ALG ok
23
:01:03.0099 7404  0D40BCF52EA90FC7DF2AEAB6503DEA44 aliide          C:\Windows\system32\drivers\aliide.sys
23
:01:03.0155 7404  aliide ok
23
:01:03.0176 7404  3C6600A0696E90A463771C7422E23AB5 amdagp          C:\Windows\system32\drivers\amdagp.sys
23
:01:03.0226 7404  amdagp ok
23
:01:03.0268 7404  CD5914170297126B6266860198D1D4F0 amdide          C:\Windows\system32\drivers\amdide.sys
23
:01:03.0319 7404  amdide ok
23
:01:03.0338 7404  00DDA200D71BAC534BF56A9DB5DFD666 AmdK8           C:\Windows\system32\drivers\amdk8.sys
23
:01:03.0423 7404  AmdK8 ok
23
:01:03.0449 7404  3CBF30F5370FDA40DD3E87DF38EA53B6 AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23
:01:03.0542 7404  AmdPPM ok
23
:01:03.0574 7404  D320BF87125326F996D4904FE24300FC amdsata         C:\Windows\system32\drivers\amdsata.sys
23
:01:03.0629 7404  amdsata ok
23
:01:03.0659 7404  EA43AF0C423FF267355F74E7A53BDABA amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23
:01:03.0725 7404  amdsbs ok
23
:01:03.0746 7404  46387FB17B086D16DEA267D5BE23A2F2 amdxata         C:\Windows\system32\drivers\amdxata.sys
23
:01:03.0800 7404  amdxata ok
23
:01:03.0866 7404  AEA177F783E20150ACE5383EE368DA19 AppID           C:\Windows\system32\drivers\appid.sys
23
:01:03.0984 7404  AppID ok
23
:01:04.0060 7404  62A9C86CB6085E20DB4823E4E97826F5 AppIDSvc        C:\Windows\System32\appidsvc.dll
23
:01:04.0160 7404  AppIDSvc ok
23
:01:04.0183 7404  EACFDF31921F51C097629F1F3C9129B4 Appinfo         C:\Windows\System32\appinfo.dll
23
:01:04.0418 7404  Appinfo ok
23
:01:04.0468 7404  2932004F49677BD84DBC72EDB754FFB3 arc             C:\Windows\system32\drivers\arc.sys
23
:01:04.0521 7404  arc ok
23
:01:04.0559 7404  5D6F36C46FD283AE1B57BD2E9FEB0BC7 arcsas          C:\Windows\system32\drivers\arcsas.sys
23
:01:04.0615 7404  arcsas ok
23
:01:04.0886 7404  776ACEFA0CA9DF0FAA51A5FB2F435705 aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23
:01:04.0941 7404  aspnet_state ok
23
:01:04.0992 7404  ADD2ADE1C2B285AB8378D2DAAF991481 AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23
:01:05.0193 7404  AsyncMac ok
23
:01:05.0248 7404  338C86357871C167A96AB976519BF59E atapi           C:\Windows\system32\drivers\atapi.sys
23
:01:05.0299 7404  atapi ok
23
:01:05.0363 7404  882EDBAFCC227852C9DCA23EA48D2E78 AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
23
:01:05.0512 7404  AthBTPort ok
23
:01:05.0602 7404  DD6AC7B2ADCA59433150B631604AFAAA Atheros Bt&Wlan Coex Agent C:\Program Files\Atheros\Ath_CoexAgent.exe
23
:01:05.0662 7404  Atheros Bt&Wlan Coex Agent UnsignedFile.Multi.Generic ) - warning
23
:01:05.0663 7404  Atheros Bt&Wlan Coex Agent detected UnsignedFile.Multi.Generic (1)
23:01:05.0755 7404  CFE2A4535711A08AA724F50083C3EA7F AtherosSvc      C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe
23
:01:05.0811 7404  AtherosSvc UnsignedFile.Multi.Generic ) - warning
23
:01:05.0811 7404  AtherosSvc detected UnsignedFile.Multi.Generic (1)
23:01:05.0965 7404  FD08D220342C0F5556EE1D1A618817DD athr            C:\Windows\system32\DRIVERS\athr.sys
23
:01:06.0200 7404  athr ok
23
:01:06.0298 7404  CE3B4E731638D2EF62FCB419BE0D39F0 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23
:01:06.0435 7404  AudioEndpointBuilder ok
23
:01:06.0484 7404  CE3B4E731638D2EF62FCB419BE0D39F0 Audiosrv        C:\Windows\System32\Audiosrv.dll
23
:01:06.0591 7404  Audiosrv ok
23
:01:06.0674 7404  E608916DB28BE5F2EFF1DABAAE5FAC80 AX88178         C:\Windows\system32\DRIVERS\ax88178.sys
23
:01:06.0841 7404  AX88178 ok
23
:01:06.0915 7404  6E30D02AAC9CAC84F421622E3A2F6178 AxInstSV        C:\Windows\System32\AxInstSV.dll
23
:01:07.0094 7404  AxInstSV ok
23
:01:07.0199 7404  1A231ABEC60FD316EC54C66715543CEC b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
23
:01:07.0357 7404  b06bdrv ok
23
:01:07.0413 7404  BD8869EB9CDE6BBE4508D869929869EE b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23
:01:07.0494 7404  b57nd60x ok
23
:01:07.0588 7404  EE1E9C3BB8228AE423DD38DB69128E71 BDESVC          C:\Windows\System32\bdesvc.dll
23
:01:07.0799 7404  BDESVC ok
23
:01:07.0880 7404  505506526A9D467307B3C393DEDAF858 Beep            C:\Windows\system32\drivers\Beep.sys
23
:01:07.0999 7404  Beep ok
23
:01:08.0264 7404  1E2BAC209D184BB851E1A187D8A29136 BFE             C:\Windows\System32\bfe.dll
23
:01:08.0385 7404  BFE ok
23
:01:08.0465 7404  E585445D5021971FAE10393F0F1C3961 BITS            C:\Windows\System32\qmgr.dll
23
:01:08.0589 7404  BITS ok
23
:01:08.0647 7404  2287078ED48FCFC477B05B20CF38F36F blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23
:01:08.0719 7404  blbdrive ok
23
:01:08.0751 7404  8F2DA3028D5FCBD1A060A3DE64CD6506 bowser          C:\Windows\system32\DRIVERS\bowser.sys
23
:01:08.0890 7404  bowser ok
23
:01:08.0941 7404  A829CAE879189857448F0E05C982F592 BRCMDECO        C:\Windows\system32\DRIVERS\BRCMHD32.sys
23
:01:09.0068 7404  BRCMDECO ok
23
:01:09.0103 7404  9F9ACC7F7CCDE8A15C282D3F88B43309 BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23
:01:09.0209 7404  BrFiltLo ok
23
:01:09.0241 7404  56801AD62213A41F6497F96DEE83755A BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23
:01:09.0336 7404  BrFiltUp ok
23
:01:09.0416 7404  3DAA727B5B0A45039B0E1C9A211B8400 Browser         C:\Windows\System32\browser.dll
23
:01:09.0655 7404  Browser ok
23
:01:09.0696 7404  845B8CE732E67F3B4133164868C666EA Brserid         C:\Windows\System32\Drivers\Brserid.sys
23
:01:09.0846 7404  Brserid ok
23
:01:09.0881 7404  203F0B1E73ADADBBB7B7B1FABD901F6B BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23
:01:09.0983 7404  BrSerWdm ok
23
:01:10.0002 7404  BD456606156BA17E60A04E18016AE54B BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23
:01:10.0096 7404  BrUsbMdm ok
23
:01:10.0128 7404  AF72ED54503F717A43268B3CC5FAEC2E BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23
:01:10.0204 7404  BrUsbSer ok
23
:01:10.0240 7404  D57BC943ED4EF85A51165F408E4C15A7 BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
23
:01:10.0329 7404  BTATH_A2DP ok
23
:01:10.0374 7404  F60E0C722442EA91F0C253B7814D8192 BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
23
:01:10.0430 7404  BTATH_BUS ok
23
:01:10.0468 7404  F31E369DB8258B28E3DCF66705AEA9E9 BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
23
:01:10.0550 7404  BTATH_HCRP ok
23
:01:10.0604 7404  6651798266FDE23159D961463A63A77D BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
23
:01:10.0686 7404  BTATH_LWFLT ok
23
:01:10.0709 7404  08EF5298DF80BC136523BCD2ED8B9C37 BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
23
:01:10.0779 7404  BTATH_RCP ok
23
:01:10.0834 7404  C35D12C1DE34B69C46056C973349A5AA BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
23
:01:10.0953 7404  BtFilter ok
23
:01:10.0995 7404  2865A5C8E98C70C605F417908CEBB3A4 BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23
:01:11.0170 7404  BthEnum ok
23
:01:11.0193 7404  ED3DF7C56CE0084EB2034432FC56565A BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23
:01:11.0318 7404  BTHMODEM ok
23
:01:11.0357 7404  AD1872E5829E8A2C3B5B4B641C3EAB0E BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23
:01:11.0445 7404  BthPan ok
23
:01:11.0500 7404  1153DE2E4F5941E10C399CB5592F78A1 BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23
:01:11.0601 7404  BTHPORT ok
23
:01:11.0715 7404  1DF19C96EEF6C29D1C3E1A8678E07190 bthserv         C:\Windows\system32\bthserv.dll
23
:01:11.0843 7404  bthserv ok
23
:01:11.0873 7404  C81E9413A25A439F436B1D4B6A0CF9E9 BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23
:01:11.0957 7404  BTHUSB ok
23
:01:12.0086 7404  77EA11B065E0A8AB902D78145CA51E10 cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23
:01:12.0201 7404  cdfs ok
23
:01:12.0234 7404  BE167ED0FDB9C1FA1133953C18D5A6C9 cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23
:01:12.0313 7404  cdrom ok
23
:01:12.0393 7404  319C6B309773D063541D01DF8AC6F55F CertPropSvc     C:\Windows\System32\certprop.dll
23
:01:12.0493 7404  CertPropSvc ok
23
:01:12.0578 7404  25C323075C5EA4A2555E35355A01F793 cfwids          C:\Windows\system32\drivers\cfwids.sys
23
:01:12.0647 7404  cfwids ok
23
:01:12.0680 7404  3FE3FE94A34DF6FB06E6418D0F6A0060 circlass        C:\Windows\system32\drivers\circlass.sys
23
:01:12.0752 7404  circlass ok
23
:01:12.0827 7404  635181E0E9BBF16871BF5380D71DB02D CLFS            C:\Windows\system32\CLFS.sys
23
:01:12.0889 7404  CLFS ok
23
:01:13.0027 7404  D88040F816FDA31C3B466F0FA0918F29 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23
:01:13.0087 7404  clr_optimization_v2.0.50727_32 ok
23
:01:13.0164 7404  C5A75EB48E2344ABDC162BDA79E16841 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23
:01:13.0396 7404  clr_optimization_v4.0.30319_32 ok
23
:01:13.0495 7404  DEA805815E587DAD1DD2C502220B5616 CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23
:01:13.0635 7404  CmBatt ok
23
:01:13.0659 7404  C537B1DB64D495B9B4717B4D6D9EDBF2 cmdide          C:\Windows\system32\drivers\cmdide.sys
23
:01:13.0724 7404  cmdide ok
23
:01:13.0771 7404  247B4CE2DAB1160CD422D532D5241E1F CNG             C:\Windows\system32\Drivers\cng.sys
23
:01:13.0922 7404  CNG ok
23
:01:14.0054 7404  A08D9A4EB4F9D2FAA1D4E10BC91B695C CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
23
:01:14.0167 7404  CnxtHdAudService ok
23
:01:14.0237 7404  A6023D3823C37043986713F118A89BEE Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23
:01:14.0341 7404  Compbatt ok
23
:01:14.0404 7404  CBE8C58A8579CFE5FCCF809E6F114E89 CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23
:01:14.0498 7404  CompositeBus ok
23
:01:14.0562 7404  COMSysApp ok
23
:01:14.0594 7404  2C4EBCFC84A9B44F209DFF6C6E6C61D1 crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23
:01:14.0661 7404  crcdisk ok
23
:01:14.0765 7404  3897DFF247D9ED0006190349DE264E14 CryptSvc        C:\Windows\system32\cryptsvc.dll
23
:01:15.0025 7404  CryptSvc ok
23
:01:15.0189 7404  0F538DF1673E5216F3BAACB6911D9D0F CtAudDrv        C:\Windows\system32\Drivers\CtAudDrv.sys
23
:01:15.0312 7404  CtAudDrv ok
23
:01:15.0426 7404  CEBA8413F9B2C73A4E9E16DBD127DC25 CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
23
:01:15.0517 7404  CtClsFlt ok
23
:01:15.0653 7404  CD7D70034967DA6E0F48CD24FD8BB9E5 CxAudMsg        C:\Windows\system32\CxAudMsg32.exe
23
:01:15.0764 7404  CxAudMsg ok
23
:01:15.0845 7404  B3A4EFEADFE5EE9D3E34F23852550277 CxUSBDock       C:\Windows\system32\CxUSBDock32.exe
23
:01:15.0907 7404  CxUSBDock ok
23
:01:16.0040 7404  7660F01D3B38ACA1747E397D21D790AF DcomLaunch      C:\Windows\system32\rpcss.dll
23
:01:16.0236 7404  DcomLaunch ok
23
:01:16.0318 7404  8D6E10A2D9A5EED59562D9B82CF804E1 defragsvc       C:\Windows\System32\defragsvc.dll
23
:01:16.0470 7404  defragsvc ok
23
:01:16.0573 7404  F024449C97EC1E464AAFFDA18593DB88 DfsC            C:\Windows\system32\Drivers\dfsc.sys
23
:01:16.0869 7404  DfsC ok
23
:01:17.0010 7404  E9E01EB683C132F7FA27CD607B8A2B63 Dhcp            C:\Windows\system32\dhcpcore.dll
23
:01:17.0272 7404  Dhcp ok
23
:01:17.0312 7404  1A050B0274BFB3890703D490F330C0DA discache        C:\Windows\system32\drivers\discache.sys
23
:01:17.0476 7404  discache ok
23
:01:17.0531 7404  565003F326F99802E68CA78F2A68E9FF Disk            C:\Windows\system32\drivers\disk.sys
23
:01:17.0592 7404  Disk ok
23
:01:17.0668 7404  33EF4861F19A0736B11314AAD9AE28D0 Dnscache        C:\Windows\System32\dnsrslvr.dll
23
:01:17.0866 7404  Dnscache ok
23
:01:17.0910 7404  366BA8FB4B7BB7435E3B9EACB3843F67 dot3svc         C:\Windows\System32\dot3svc.dll
23
:01:18.0085 7404  dot3svc ok
23
:01:18.0154 7404  8EC04CA86F1D68DA9E11952EB85973D6 DPS             C:\Windows\system32\dps.dll
23
:01:18.0300 7404  DPS ok
23
:01:18.0339 7404  B918E7C5F9BF77202F89E1A9539F2EB4 drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23
:01:18.0445 7404  drmkaud ok
23
:01:18.0570 7404  16498EBC04AE9DD07049A8884B205C05 DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23
:01:18.0699 7404  DXGKrnl ok
23
:01:18.0763 7404  8600142FA91C1B96367D3300AD0F3F3A EapHost         C:\Windows\System32\eapsvc.dll
23
:01:18.0903 7404  EapHost ok
23
:01:19.0143 7404  024E1B5CAC09731E4D868E64DBFB4AB0 ebdrv           C:\Windows\system32\drivers\evbdx.sys
23
:01:19.0462 7404  ebdrv ok
23
:01:19.0529 7404  81951F51E318AECC2D68559E47485CC4 EFS             C:\Windows\System32\lsass.exe
23
:01:19.0743 7404  EFS ok
23
:01:19.0912 7404  A8C362018EFC87BEB013EE28F29C0863 ehRecvr         C:\Windows\ehome\ehRecvr.exe
23
:01:20.0137 7404  ehRecvr ok
23
:01:20.0210 7404  D389BFF34F80CAEDE417BF9D1507996A ehSched         C:\Windows\ehome\ehsched.exe
23
:01:20.0306 7404  ehSched ok
23
:01:20.0370 7404  0ED67910C8C326796FAA00B2BF6D9D3C elxstor         C:\Windows\system32\drivers\elxstor.sys
23
:01:20.0455 7404  elxstor ok
23
:01:20.0511 7404  8FC3208352DD3912C94367A206AB3F11 ErrDev          C:\Windows\system32\drivers\errdev.sys
23
:01:20.0614 7404  ErrDev ok
23
:01:20.0753 7404  F6916EFC29D9953D5D0DF06882AE8E16 EventSystem     C:\Windows\system32\es.dll
23
:01:20.0895 7404  EventSystem ok
23
:01:21.0049 7404  2DC9108D74081149CC8B651D3A26207F exfat           C:\Windows\system32\drivers\exfat.sys
23
:01:21.0177 7404  exfat ok
23
:01:21.0203 7404  7E0AB74553476622FB6AE36F73D97D35 fastfat         C:\Windows\system32\drivers\fastfat.sys
23
:01:21.0346 7404  fastfat ok
23
:01:21.0442 7404  967EA5B213E9984CBE270205DF37755B Fax             C:\Windows\system32\fxssvc.exe
23
:01:21.0609 7404  Fax ok
23
:01:21.0648 7404  E817A017F82DF2A1F8CFDBDA29388B29 fdc             C:\Windows\system32\drivers\fdc.sys
23
:01:21.0754 7404  fdc ok
23
:01:21.0814 7404  F3222C893BD2F5821A0179E5C71E88FB fdPHost         C:\Windows\system32\fdPHost.dll
23
:01:21.0957 7404  fdPHost ok
23
:01:21.0980 7404  7DBE8CBFE79EFBDEB98C9FB08D3A9A5B FDResPub        C:\Windows\system32\fdrespub.dll
23
:01:22.0132 7404  FDResPub ok
23
:01:22.0183 7404  6CF00369C97F3CF563BE99BE983D13D8 FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23
:01:22.0261 7404  FileInfo ok
23
:01:22.0329 7404  42C51DC94C91DA21CB9196EB64C45DB9 Filetrace       C:\Windows\system32\drivers\filetrace.sys
23
:01:22.0506 7404  Filetrace ok
23
:01:22.0542 7404  87907AA70CB3C56600F1C2FB8841579B flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23
:01:22.0656 7404  flpydisk ok
23
:01:22.0704 7404  7520EC808E0C35E0EE6F841294316653 FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23
:01:22.0766 7404  FltMgr ok
23
:01:22.0863 7404  E12C4928B32ACE04610259647F072635 FontCache       C:\Windows\system32\FntCache.dll
23
:01:23.0106 7404  FontCache ok
23
:01:23.0238 7404  E56F39F6B7FDA0AC77A79B0FD3DE1A2F FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23
:01:23.0295 7404  FontCache3.0.0.0 ok
23
:01:23.0369 7404  1A16B57943853E598CFF37FE2B8CBF1D FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23
:01:23.0440 7404  FsDepends ok
23
:01:23.0535 7404  790A4CA68F44BE35967B3DF61F3E4675 FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
23
:01:23.0578 7404  FsUsbExDisk UnsignedFile.Multi.Generic ) - warning
23
:01:23.0578 7404  FsUsbExDisk detected UnsignedFile.Multi.Generic (1)
23:01:23.0641 7404  D3F9205CC4CB07553F2F9472C767EA87 FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
23
:01:23.0702 7404  FsUsbExService UnsignedFile.Multi.Generic ) - warning
23
:01:23.0702 7404  FsUsbExService detected UnsignedFile.Multi.Generic (1)
23:01:23.0747 7404  7DAE5EBCC80E45D3253F4923DC424D05 Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23
:01:23.0805 7404  Fs_Rec ok
23
:01:23.0864 7404  E306A24D9694C724FA2491278BF50FDB fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23
:01:23.0963 7404  fvevol ok
23
:01:24.0092 7404  65EE0C7A58B65E74AE05637418153938 gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23
:01:24.0169 7404  gagp30kx ok
23
:01:24.0291 7404  E897EAF5ED6BA41E081060C9B447A673 gpsvc           C:\Windows\System32\gpsvc.dll
23
:01:24.0483 7404  gpsvc ok
23
:01:24.0557 7404  C44E3C2BAB6837DB337DDEE7544736DB hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23
:01:24.0729 7404  hcw85cir ok
23
:01:24.0783 7404  9036377B8A6C15DC2EEC53E489D159B5 HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23
:01:24.0853 7404  HDAudBus ok
23
:01:24.0878 7404  1D58A7F3E11A9731D0EAAAA8405ACC36 HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23
:01:25.0073 7404  HidBatt ok
23
:01:25.0152 7404  89448F40E6DF260C206A193A4683BA78 HidBth          C:\Windows\system32\drivers\hidbth.sys
23
:01:25.0242 7404  HidBth ok
23
:01:25.0280 7404  CF50B4CF4A4F229B9F3C08351F99CA5E HidIr           C:\Windows\system32\drivers\hidir.sys
23
:01:25.0370 7404  HidIr ok
23
:01:25.0463 7404  7DDA322DF3022ABADA4DAE8E87C611D0 hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
23
:01:25.0528 7404  hidkmdf ok
23
:01:25.0618 7404  2BC6F6A1992B3A77F5F41432CA6B3B6B hidserv         C:\Windows\system32\hidserv.dll
23
:01:25.0746 7404  hidserv ok
23
:01:25.0821 7404  10C19F8290891AF023EAEC0832E1EB4D HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23
:01:25.0923 7404  HidUsb ok
23
:01:26.0007 7404  D61E53E3FEC0C92BC8DD3969FAD63F87 HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
23
:01:26.0079 7404  HipShieldK ok
23
:01:26.0181 7404  196B4E3F4CCCC24AF836CE58FACBB699 hkmsvc          C:\Windows\system32\kmsvc.dll
23
:01:26.0309 7404  hkmsvc ok
23
:01:26.0348 7404  6658F4404DE03D75FE3BA09F7ABA6A30 HomeGroupListener C:\Windows\system32\ListSvc.dll
23
:01:26.0535 7404  HomeGroupListener ok
23
:01:26.0635 7404  DBC02D918FFF1CAD628ACBE0C0EAA8E8 HomeGroupProvider C:\Windows\system32\provsvc.dll
23
:01:26.0744 7404  HomeGroupProvider ok
23
:01:26.0815 7404  295FDC419039090EB8B49FFDBB374549 HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23
:01:26.0894 7404  HpSAMD ok
23
:01:26.0969 7404  871917B07A141BFF43D76D8844D48106 HTTP            C:\Windows\system32\drivers\HTTP.sys
23
:01:27.0109 7404  HTTP ok
23
:01:27.0205 7404  1FC7A63148E4F2BD831DAB0DC732026D hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
23
:01:27.0389 7404  hwdatacard ok
23
:01:27.0437 7404  0C4E035C7F105F1299258C90886C64C5 hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23
:01:27.0496 7404  hwpolicy ok
23
:01:27.0618 7404  F151F0BDC47F4A28B1B20A0818EA36D6 i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23
:01:27.0704 7404  i8042prt ok
23
:01:27.0782 7404  D80AA0907748D7CC8EFAB3773F32629B iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23
:01:27.0872 7404  iaStor ok
23
:01:28.0082 7404  A9BE186ABF28B3D3D698CB855EDF457E IAStorDataMgrSvc C:\Program Files\Intel\Intel(RRapid Storage Technology\IAStorDataMgrSvc.exe
23
:01:28.0132 7404  IAStorDataMgrSvc ok
23
:01:28.0250 7404  5CD5F9A5444E6CDCB0AC89BD62D8B76E iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23
:01:28.0339 7404  iaStorV ok
23
:01:28.0483 7404  2B794D16EA8D5A8BBFC2E066E855D790 IB Updater      C:\Program Files\IB Updater\ExtensionUpdaterService.exe
23
:01:28.0570 7404  IB Updater ok
23
:01:28.0724 7404  81EACB021DC52E908187861FD92370B4 IBUpdaterService C:\Windows\system32\dmwu.exe
23
:01:28.0864 7404  IBUpdaterService ok
23
:01:29.0059 7404  C521D7EB6497BB1AF6AFA89E322FB43C idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23
:01:29.0209 7404  idsvc ok
23
:01:29.0496 7404  9F1A6C47834B63C6CD901FC75F0178F2 igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23
:01:29.0964 7404  igfx ok
23
:01:30.0040 7404  4173FF5708F3236CF25195FECD742915 iirsp           C:\Windows\system32\drivers\iirsp.sys
23
:01:30.0109 7404  iirsp ok
23
:01:30.0215 7404  F95622F161474511B8D80D6B093AA610 IKEEXT          C:\Windows\System32\ikeext.dll
23
:01:30.0405 7404  IKEEXT ok
23
:01:30.0451 7404  A0F12F2C9BA6C72F3987CE780E77C130 intelide        C:\Windows\system32\drivers\intelide.sys
23
:01:30.0512 7404  intelide ok
23
:01:30.0598 7404  3B514D27BFC4ACCB4037BC6685F766E0 intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23
:01:30.0689 7404  intelppm ok
23
:01:30.0758 7404  ACB364B9075A45C0736E5C47BE5CAE19 IPBusEnum       C:\Windows\system32\ipbusenum.dll
23
:01:30.0873 7404  IPBusEnum ok
23
:01:30.0933 7404  709D1761D3B19A932FF0238EA6D50200 IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23
:01:31.0088 7404  IpFilterDriver ok
23
:01:31.0173 7404  58F67245D041FBE7AF88F4EAF79DF0FA iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23
:01:31.0357 7404  iphlpsvc ok
23
:01:31.0400 7404  4BD7134618C1D2A27466A099062547BF IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23
:01:31.0487 7404  IPMIDRV ok
23
:01:31.0523 7404  A5FA468D67ABCDAA36264E463A7BB0CD IPNAT           C:\Windows\system32\drivers\ipnat.sys
23
:01:31.0693 7404  IPNAT ok
23
:01:31.0838 7404  42996CFF20A3084A56017B7902307E9F IRENUM          C:\Windows\system32\drivers\irenum.sys
23
:01:31.0936 7404  IRENUM ok
23
:01:31.0969 7404  1F32BB6B38F62F7DF1A7AB7292638A35 isapnp          C:\Windows\system32\drivers\isapnp.sys
23
:01:32.0044 7404  isapnp ok
23
:01:32.0093 7404  CB7A9ABB12B8415BCE5D74994C7BA3AE iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23
:01:32.0199 7404  iScsiPrt ok
23
:01:32.0273 7404  ADEF52CA1AEAE82B50DF86B56413107E kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23
:01:32.0357 7404  kbdclass ok
23
:01:32.0430 7404  9E3CED91863E6EE98C24794D05E27A71 kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23
:01:32.0511 7404  kbdhid ok
23
:01:32.0569 7404  81951F51E318AECC2D68559E47485CC4 KeyIso          C:\Windows\system32\lsass.exe
23
:01:32.0658 7404  KeyIso ok
23
:01:32.0703 7404  B7895B4182C0D16F6EFADEB8081E8D36 KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23
:01:32.0778 7404  KSecDD ok
23
:01:32.0809 7404  D30159AC9237519FBC62C6EC247D2D46 KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23
:01:32.0882 7404  KSecPkg ok
23
:01:33.0035 7404  89A7B9CC98D0D80C6F31B91C0A310FCD KtmRm           C:\Windows\system32\msdtckrm.dll
23
:01:33.0172 7404  KtmRm ok
23
:01:33.0281 7404  D64AF876D53ECA3668BB97B51B4E70AB LanmanServer    C:\Windows\system32\srvsvc.dll
23
:01:33.0447 7404  LanmanServer ok
23
:01:33.0516 7404  58405E4F68BA8E4057C6E914F326ABA2 LanmanWorkstation C:\Windows\System32\wkssvc.dll
23
:01:33.0660 7404  LanmanWorkstation ok
23
:01:33.0761 7404  F7611EC07349979DA9B0AE1F18CCC7A6 lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23
:01:33.0929 7404  lltdio ok
23
:01:34.0091 7404  5700673E13A2117FA3B9020C852C01E2 lltdsvc         C:\Windows\System32\lltdsvc.dll
23
:01:34.0256 7404  lltdsvc ok
23
:01:34.0285 7404  55CA01BA19D0006C8F2639B6C045E08B lmhosts         C:\Windows\System32\lmhsvc.dll
23
:01:34.0449 7404  lmhosts ok
23
:01:34.0531 7404  EB119A53CCF2ACC000AC71B065B78FEF LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23
:01:34.0607 7404  LSI_FC ok
23
:01:34.0636 7404  8ADE1C877256A22E49B75D1CC9161F9C LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23
:01:34.0706 7404  LSI_SAS ok
23
:01:34.0740 7404  DC9DC3D3DAA0E276FD2EC262E38B11E9 LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23
:01:34.0826 7404  LSI_SAS2 ok
23
:01:34.0882 7404  0A036C7D7CAB643A7F07135AC47E0524 LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23
:01:34.0967 7404  LSI_SCSI ok
23
:01:35.0025 7404  558C83BCFB81950D91A607997D177288 LSM303DLH       C:\Windows\system32\DRIVERS\LSM303DLH.sys
23
:01:35.0073 7404  LSM303DLH ok
23
:01:35.0096 7404  6703E366CC18D3B6E534F5CF7DF39CEE luafv           C:\Windows\system32\drivers\luafv.sys
23
:01:35.0224 7404  luafv ok
23
:01:35.0356 7404  1A77A98DFF5B43B1C50220E650C89BE6 McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
23
:01:35.0428 7404  McAWFwk ok
23
:01:35.0637 7404  DDCC236009C707761D60E5C76D639176 McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
23
:01:35.0731 7404  McComponentHostService ok
23
:01:35.0855 7404  ECAB006AC6136F1307E140B633CDB8C2 McMPFSvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23
:01:35.0917 7404  McMPFSvc ok
23
:01:35.0993 7404  ECAB006AC6136F1307E140B633CDB8C2 mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23
:01:36.0070 7404  mcmscsvc ok
23
:01:36.0093 7404  ECAB006AC6136F1307E140B633CDB8C2 McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23
:01:36.0163 7404  McNaiAnn ok
23
:01:36.0200 7404  ECAB006AC6136F1307E140B633CDB8C2 McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23
:01:36.0271 7404  McNASvc ok
23
:01:36.0400 7404  C7DA06C9A9AEEFBE37AAC281EA6385D5 McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
23
:01:36.0490 7404  McODS ok
23
:01:36.0534 7404  ECAB006AC6136F1307E140B633CDB8C2 McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23
:01:36.0615 7404  McOobeSv ok
23
:01:36.0655 7404  ECAB006AC6136F1307E140B633CDB8C2 McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23
:01:36.0716 7404  McProxy ok
23
:01:36.0819 7404  6FE0532CB16300C09D098F808EAAEE9D McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23
:01:36.0910 7404  McShield ok
23
:01:36.0971 7404  BFB9EE8EE977EFE85D1A3105ABEF6DD1 Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23
:01:37.0040 7404  Mcx2Svc ok
23
:01:37.0132 7404  0FFF5B045293002AB38EB1FD1FC2FB74 megasas         C:\Windows\system32\drivers\megasas.sys
23
:01:37.0199 7404  megasas ok
23
:01:37.0248 7404  DCBAB2920C75F390CAF1D29F675D03D6 MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23
:01:37.0315 7404  MegaSR ok
23
:01:37.0372 7404  6708AD7D9ABDD6FDE1EB9B54FFE426B0 mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
23
:01:37.0455 7404  mfeapfk ok
23
:01:37.0500 7404  375DE90B68533D9D0D7766D4CCB4CA32 mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
23
:01:37.0590 7404  mfeavfk ok
23
:01:37.0669 7404  mfeavfk01 ok
23
:01:37.0743 7404  5ED806D4DF27AC11236BD9AD2CC10B7E mfebopk         C:\Windows\system32\drivers\mfebopk.sys
23
:01:37.0830 7404  mfebopk ok
23
:01:37.0902 7404  1A427BB508ACBEE09A88F08D1CA38E2F mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23
:01:37.0998 7404  mfefire ok
23
:01:38.0140 7404  16BF9475BFCFAA420A8CB29E40284457 mfefirek        C:\Windows\system32\drivers\mfefirek.sys
23
:01:38.0220 7404  mfefirek ok
23
:01:38.0315 7404  875452ECDF4AEBE12B8C2EFD8599A36F mfehidk         C:\Windows\system32\drivers\mfehidk.sys
23
:01:38.0438 7404  mfehidk ok
23
:01:38.0544 7404  D669ACBE7672819109706C3CFF6BD1DB mferkdet        C:\Windows\system32\drivers\mferkdet.sys
23
:01:38.0598 7404  mferkdet ok
23
:01:38.0670 7404  D66A1A16166897A5F7D04961F582F03B mfevtp          C:\Windows\system32\mfevtps.exe
23
:01:38.0760 7404  mfevtp ok
23
:01:38.0830 7404  28A9A52052006AC4B5EF1992C2984252 mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
23
:01:38.0893 7404  mfewfpk ok
23
:01:38.0974 7404  146B6F43A673379A3C670E86D89BE5EA MMCSS           C:\Windows\system32\mmcss.dll
23
:01:39.0145 7404  MMCSS ok
23
:01:39.0205 7404  F001861E5700EE84E2D4E52C712F4964 Modem           C:\Windows\system32\drivers\modem.sys
23
:01:39.0322 7404  Modem ok
23
:01:39.0349 7404  79D10964DE86B292320E9DFE02282A23 monitor         C:\Windows\system32\DRIVERS\monitor.sys
23
:01:39.0454 7404  monitor ok
23
:01:39.0551 7404  FB18CC1D4C2E716B6B903B0AC0CC0609 mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23
:01:39.0632 7404  mouclass ok
23
:01:39.0696 7404  2C388D2CD01C9042596CF3C8F3C7B24D mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23
:01:39.0789 7404  mouhid ok
23
:01:39.0837 7404  FC8771F45ECCCFD89684E38842539B9B mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23
:01:39.0911 7404  mountmgr ok
23
:01:39.0948 7404  2D699FB6E89CE0D8DA14ECC03B3EDFE0 mpio            C:\Windows\system32\drivers\mpio.sys
23
:01:40.0009 7404  mpio ok
23
:01:40.0066 7404  AD2723A7B53DD1AACAE6AD8C0BFBF4D0 mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23
:01:40.0225 7404  mpsdrv ok
23
:01:40.0302 7404  9835584E999D25004E1EE8E5F3E3B881 MpsSvc          C:\Windows\system32\mpssvc.dll
23
:01:40.0451 7404  MpsSvc ok
23
:01:40.0494 7404  CEB46AB7C01C9F825F8CC6BABC18166A MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23
:01:40.0598 7404  MRxDAV ok
23
:01:40.0654 7404  5D16C921E3671636C0EBA3BBAAC5FD25 mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23
:01:40.0780 7404  mrxsmb ok
23
:01:40.0871 7404  6D17A4791ACA19328C685D256349FEFC mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23
:01:40.0954 7404  mrxsmb10 ok
23
:01:40.0985 7404  B81F204D146000BE76651A50670A5E9E mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23
:01:41.0089 7404  mrxsmb20 ok
23
:01:41.0131 7404  012C5F4E9349E711E11E0F19A8589F0A msahci          C:\Windows\system32\drivers\msahci.sys
23
:01:41.0198 7404  msahci ok
23
:01:41.0235 7404  55055F8AD8BE27A64C831322A780A228 msdsm           C:\Windows\system32\drivers\msdsm.sys
23
:01:41.0313 7404  msdsm ok
23
:01:41.0403 7404  E1BCE74A3BD9902B72599C0192A07E27 MSDTC           C:\Windows\System32\msdtc.exe
23
:01:41.0487 7404  MSDTC ok
23
:01:41.0562 7404  DAEFB28E3AF5A76ABCC2C3078C07327F Msfs            C:\Windows\system32\drivers\Msfs.sys
23
:01:41.0700 7404  Msfs ok
23
:01:41.0723 7404  3E1E5767043C5AF9367F0056295E9F84 mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23
:01:41.0855 7404  mshidkmdf ok
23
:01:41.0887 7404  0A4E5757AE09FA9622E3158CC1AEF114 msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23
:01:41.0974 7404  msisadrv ok
23
:01:42.0059 7404  90F7D9E6B6F27E1A707D4A297F077828 MSiSCSI         C:\Windows\system32\iscsiexe.dll
23
:01:42.0184 7404  MSiSCSI ok
23
:01:42.0223 7404  msiserver ok
23
:01:42.0286 7404  ECAB006AC6136F1307E140B633CDB8C2 MSK80Service    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23
:01:42.0363 7404  MSK80Service ok
23
:01:42.0458 7404  8C0860D6366AAFFB6C5BB9DF9448E631 MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23
:01:42.0611 7404  MSKSSRV ok
23
:01:42.0641 7404  3EA8B949F963562CEDBB549EAC0C11CE MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23
:01:42.0795 7404  MSPCLOCK ok
23
:01:42.0820 7404  F456E973590D663B1073E9C463B40932 MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23
:01:42.0952 7404  MSPQM ok
23
:01:43.0008 7404  0E008FC4819D238C51D7C93E7B41E560 MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23
:01:43.0106 7404  MsRPC ok
23
:01:43.0167 7404  FC6B9FF600CC585EA38B12589BD4E246 mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23
:01:43.0225 7404  mssmbios ok
23
:01:43.0276 7404  B42C6B921F61A6E55159B8BE6CD54A36 MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23
:01:43.0434 7404  MSTEE ok
23
:01:43.0461 7404  33599130F44E1F34631CEA241DE8AC84 MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23
:01:43.0539 7404  MTConfig ok
23
:01:43.0587 7404  159FAD02F64E6381758C990F753BCC80 Mup             C:\Windows\system32\Drivers\mup.sys
23
:01:43.0665 7404  Mup ok
23
:01:43.0739 7404  61D57A5D7C6D9AFE10E77DAE6E1B445E napagent        C:\Windows\system32\qagentRT.dll
23
:01:43.0888 7404  napagent ok
23
:01:44.0012 7404  26384429FCD85D83746F63E798AB1480 NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23
:01:44.0114 7404  NativeWifiP ok
23
:01:44.0210 7404  8C9C922D71F1CD4DEF73F186416B7896 NDIS            C:\Windows\system32\drivers\ndis.sys
23
:01:44.0314 7404  NDIS ok
23
:01:44.0347 7404  0E1787AA6C9191D3D319E8BAFE86F80C NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23
:01:44.0506 7404  NdisCap ok
23
:01:44.0582 7404  E4A8AEC125A2E43A9E32AFEEA7C9C888 NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23
:01:44.0708 7404  NdisTapi ok
23
:01:44.0805 7404  D8A65DAFB3EB41CBB622745676FCD072 Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23
:01:44.0949 7404  Ndisuio ok
23
:01:44.0974 7404  38FBE267E7E6983311179230FACB1017 NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23
:01:45.0116 7404  NdisWan ok
23
:01:45.0175 7404  A4BDC541E69674FBFF1A8FF00BE913F2 NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23
:01:45.0300 7404  NDProxy ok
23
:01:45.0331 7404  80B275B1CE3B0E79909DB7B39AF74D51 NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23
:01:45.0470 7404  NetBIOS ok
23
:01:45.0572 7404  280122DDCF04B378EDD1AD54D71C1E54 NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23
:01:45.0717 7404  NetBT ok
23
:01:45.0764 7404  81951F51E318AECC2D68559E47485CC4 Netlogon        C:\Windows\system32\lsass.exe
23
:01:45.0872 7404  Netlogon ok
23
:01:45.0975 7404  7CCCFCA7510684768DA22092D1FA4DB2 Netman          C:\Windows\System32\netman.dll
23
:01:46.0132 7404  Netman ok
23
:01:46.0291 7404  D22CD77D4F0D63D1169BB35911BFF12D NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23
:01:46.0396 7404  NetMsmqActivator ok
23
:01:46.0416 7404  D22CD77D4F0D63D1169BB35911BFF12D NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23
:01:46.0485 7404  NetPipeActivator ok
23
:01:46.0568 7404  8C338238C16777A802D6A9211EB2BA50 netprofm        C:\Windows\System32\netprofm.dll
23
:01:46.0720 7404  netprofm ok
23
:01:46.0774 7404  D22CD77D4F0D63D1169BB35911BFF12D NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23
:01:46.0845 7404  NetTcpActivator ok
23
:01:46.0870 7404  D22CD77D4F0D63D1169BB35911BFF12D NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23
:01:46.0940 7404  NetTcpPortSharing ok
23
:01:47.0014 7404  1D85C4B390B0EE09C7A46B91EFB2C097 nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23
:01:47.0100 7404  nfrd960 ok
23
:01:47.0176 7404  374071043F9E4231EE43BE2BB48DD36D NlaSvc          C:\Windows\System32\nlasvc.dll
23
:01:47.0286 7404  NlaSvc ok
23
:01:47.0353 7404  1DB262A9F8C087E8153D89BEF3D2235F Npfs            C:\Windows\system32\drivers\Npfs.sys
23
:01:47.0490 7404  Npfs ok
23
:01:47.0554 7404  BA387E955E890C8A88306D9B8D06BF17 nsi             C:\Windows\system32\nsisvc.dll
23
:01:47.0738 7404  nsi ok
23
:01:47.0787 7404  E9A0A4D07E53D8FEA2BB8387A3293C58 nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23
:01:47.0896 7404  nsiproxy ok
23
:01:47.0993 7404  5E43D2B0EE64123D4880DFA6626DEFDE Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23
:01:48.0142 7404  Ntfs ok
23
:01:48.0189 7404  F9756A98D69098DCA8945D62858A812C Null            C:\Windows\system32\drivers\Null.sys
23
:01:48.0315 7404  Null ok
23
:01:48.0365 7404  B3E25EE28883877076E0E1FF877D02E0 nvraid          C:\Windows\system32\drivers\nvraid.sys
23
:01:48.0447 7404  nvraid ok
23
:01:48.0520 7404  4380E59A170D88C4F1022EFF6719A8A4 nvstor          C:\Windows\system32\drivers\nvstor.sys
23
:01:48.0621 7404  nvstor ok
23
:01:48.0665 7404  5A0983915F02BAE73267CC2A041F717D nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23
:01:48.0726 7404  nv_agp ok
23
:01:48.0845 7404  785F487A64950F3CB8E9F16253BA3B7B odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23
:01:48.0937 7404  odserv ok
23
:01:48.0996 7404  08A70A1F2CDDE9BB49B885CB817A66EB ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23
:01:49.0081 7404  ohci1394 ok
23
:01:49.0154 7404  5A432A042DAE460ABE7199B758E8606C ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23
:01:49.0229 7404  ose ok
23
:01:49.0329 7404  82A8521DDC60710C3D3D3E7325209BEC p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23
:01:49.0512 7404  p2pimsvc ok
23
:01:49.0607 7404  59C3DDD501E39E006DAC31BF55150D91 p2psvc          C:\Windows\system32\p2psvc.dll
23
:01:49.0701 7404  p2psvc ok
23
:01:49.0757 7404  2EA877ED5DD9713C5AC74E8EA7348D14 Parport         C:\Windows\system32\drivers\parport.sys
23
:01:49.0853 7404  Parport ok
23
:01:49.0912 7404  3F34A1B4C5F6475F320C275E63AFCE9B partmgr         C:\Windows\system32\drivers\partmgr.sys
23
:01:49.0999 7404  partmgr ok
23
:01:50.0034 7404  EB0A59F29C19B86479D36B35983DAADC Parvdm          C:\Windows\system32\drivers\parvdm.sys
23
:01:50.0101 7404  Parvdm ok
23
:01:50.0166 7404  358AB7956D3160000726574083DFC8A6 PcaSvc          C:\Windows\System32\pcasvc.dll
23
:01:50.0266 7404  PcaSvc ok
23
:01:50.0336 7404  175CC28DCF819F78CAA3FBD44AD9E52A pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
23
:01:50.0477 7404  pccsmcfd ok
23
:01:50.0557 7404  673E55C3498EB970088E812EA820AA8F pci             C:\Windows\system32\drivers\pci.sys
23
:01:50.0654 7404  pci ok
23
:01:50.0684 7404  AFE86F419014DB4E5593F69FFE26CE0A pciide          C:\Windows\system32\drivers\pciide.sys
23
:01:50.0748 7404  pciide ok
23
:01:50.0783 7404  F396431B31693E71E8A80687EF523506 pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23
:01:50.0862 7404  pcmcia ok
23
:01:50.0939 7404  250F6B43D2B613172035C6747AEEB19F pcw             C:\Windows\system32\drivers\pcw.sys
23
:01:51.0014 7404  pcw ok
23
:01:51.0077 7404  9E0104BA49F4E6973749A02BF41344ED PEAUTH          C:\Windows\system32\drivers\peauth.sys
23
:01:51.0224 7404  PEAUTH ok
23
:01:51.0431 7404  414BBA67A3DED1D28437EB66AEB8A720 pla             C:\Windows\system32\pla.dll
23
:01:51.0633 7404  pla ok
23
:01:51.0742 7404  EC7BC28D207DA09E79B3E9FAF8B232CA PlugPlay        C:\Windows\system32\umpnpmgr.dll
23
:01:51.0907 7404  PlugPlay ok
23
:01:52.0022 7404  63FF8572611249931EB16BB8EED6AFC8 PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23
:01:52.0143 7404  PNRPAutoReg ok
23
:01:52.0196 7404  82A8521DDC60710C3D3D3E7325209BEC PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23
:01:52.0309 7404  PNRPsvc ok
23
:01:52.0382 7404  53946B69BA0836BD95B03759530C81EC PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23
:01:52.0505 7404  PolicyAgent ok
23
:01:52.0613 7404  F87D30E72E03D579A5199CCB3831D6EA Power           C:\Windows\system32\umpo.dll
23
:01:52.0770 7404  Power ok
23
:01:52.0848 7404  631E3E205AD6D86F2AED6A4A8E69F2DB PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23
:01:52.0977 7404  PptpMiniport ok
23
:01:53.0025 7404  85B1E3A0C7585BC4AAE6899EC6FCF011 Processor       C:\Windows\system32\drivers\processr.sys
23
:01:53.0118 7404  Processor ok
23
:01:53.0192 7404  CADEFAC453040E370A1BDFF3973BE00D ProfSvc         C:\Windows\system32\profsvc.dll
23
:01:53.0370 7404  ProfSvc ok
23
:01:53.0422 7404  81951F51E318AECC2D68559E47485CC4 ProtectedStorage C:\Windows\system32\lsass.exe
23
:01:53.0539 7404  ProtectedStorage ok
23
:01:53.0600 7404  6270CCAE2A86DE6D146529FE55B3246A Psched          C:\Windows\system32\DRIVERS\pacer.sys
23
:01:53.0776 7404  Psched ok
23
:01:53.0881 7404  B6A1692FC131F1FE5162513D78A9B6FC PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
23
:01:53.0953 7404  PxHelp20 ok
23
:01:54.0042 7404  AB95ECF1F6659A60DDC166D8315B0751 ql2300          C:\Windows\system32\drivers\ql2300.sys
23
:01:54.0189 7404  ql2300 ok
23
:01:54.0244 7404  B4DD51DD25182244B86737DC51AF2270 ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23
:01:54.0323 7404  ql40xx ok
23
:01:54.0374 7404  03A79A2CF1FD2CAF00CCAFAA55D01DA1 QWARQNet        C:\Windows\system32\DRIVERS\QWARQNet.sys
23
:01:54.0475 7404  QWARQNet ok
23
:01:54.0541 7404  31AC809E7707EB580B2BDB760390765A QWAVE           C:\Windows\system32\qwave.dll
23
:01:54.0668 7404  QWAVE ok
23
:01:54.0736 7404  584078CA1B95CA72DF2A27C336F9719D QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23
:01:54.0835 7404  QWAVEdrv ok
23
:01:54.0858 7404  30A81B53C766D0133BB86D234E5556AB RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23
:01:55.0034 7404  RasAcd ok
23
:01:55.0112 7404  57EC4AEF73660166074D8F7F31C0D4FD RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23
:01:55.0257 7404  RasAgileVpn ok
23
:01:55.0330 7404  A60F1839849C0C00739787FD5EC03F13 RasAuto         C:\Windows\System32\rasauto.dll
23
:01:55.0510 7404  RasAuto ok
23
:01:55.0557 7404  D9F91EAFEC2815365CBE6D167E4E332A Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23
:01:55.0704 7404  Rasl2tp ok
23
:01:55.0823 7404  CB9E04DC05EACF5B9A36CA276D475006 RasMan          C:\Windows\System32\rasmans.dll
23
:01:55.0968 7404  RasMan ok
23
:01:56.0047 7404  0FE8B15916307A6AC12BFB6A63E45507 RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23
:01:56.0180 7404  RasPppoe ok
23
:01:56.0211 7404  44101F495A83EA6401D886E7FD70096B RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23
:01:56.0343 7404  RasSstp ok
23
:01:56.0376 7404  D528BC58A489409BA40334EBF96A311B rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23
:01:56.0520 7404  rdbss ok
23
:01:56.0546 7404  0D8F05481CB76E70E1DA06EE9F0DA9DF rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23
:01:56.0617 7404  rdpbus ok
23
:01:56.0689 7404  23DAE03F29D253AE74C44F99E515F9A1 RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23
:01:56.0851 7404  RDPCDD ok
23
:01:56.0923 7404  5A53CA1598DD4156D44196D200C94B8A RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23
:01:57.0072 7404  RDPENCDD ok
23
:01:57.0126 7404  44B0A53CD4F27D50ED461DAE0C0B4E1F RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23
:01:57.0266 7404  RDPREFMP ok
23
:01:57.0339 7404  F031683E6D1FEA157ABB2FF260B51E61 RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23
:01:57.0510 7404  RDPWD ok
23
:01:57.0576 7404  518395321DC96FE2C9F0E96AC743B656 rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23
:01:57.0654 7404  rdyboost ok
23
:01:57.0752 7404  7B5E1419717FAC363A31CC302895217A RemoteAccess    C:\Windows\System32\mprdim.dll
23
:01:57.0880 7404  RemoteAccess ok
23
:01:57.0956 7404  CB9A8683F4EF2BF99E123D79950D7935 RemoteRegistry  C:\Windows\system32\regsvc.dll
23
:01:58.0080 7404  RemoteRegistry ok
23
:01:58.0151 7404  CB928D9E6DAF51879DD6BA8D02F01321 RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23
:01:58.0258 7404  RFCOMM ok
23
:01:58.0334 7404  78D072F35BC45D9E4E1B61895C152234 RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23
:01:58.0483 7404  RpcEptMapper ok
23
:01:58.0556 7404  94D36C0E44677DD26981D2BFEEF2A29D RpcLocator      C:\Windows\system32\locator.exe
23
:01:58.0644 7404  RpcLocator ok
23
:01:58.0718 7404  7660F01D3B38ACA1747E397D21D790AF RpcSs           C:\Windows\system32\rpcss.dll
23
:01:58.0863 7404  RpcSs ok
23
:01:58.0951 7404  032B0D36AD92B582D869879F5AF5B928 rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23
:01:59.0098 7404  rspndr ok
23
:01:59.0159 7404  A633399432491BB173BB3CF3B41B9C55 RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
23
:01:59.0223 7404  RSUSBSTOR ok
23
:01:59.0284 7404  D5EDE44CA85899E0478208C8413C1C31 RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
23
:01:59.0366 7404  RTL8167 ok
23
:01:59.0454 7404  81951F51E318AECC2D68559E47485CC4 SamSs           C:\Windows\system32\lsass.exe
23
:01:59.0556 7404  SamSs ok
23
:01:59.0608 7404  05D860DA1040F111503AC416CCEF2BCA sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23
:01:59.0677 7404  sbp2port ok
23
:01:59.0755 7404  8FC518FFE9519C2631D37515A68009C4 SCardSvr        C:\Windows\System32\SCardSvr.dll
23
:01:59.0913 7404  SCardSvr ok
23
:01:59.0963 7404  0693B5EC673E34DC147E195779A4DCF6 scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23
:02:00.0102 7404  scfilter ok
23
:02:00.0203 7404  A04BB13F8A72F8B6E8B4071723E4E336 Schedule        C:\Windows\system32\schedsvc.dll
23
:02:00.0378 7404  Schedule ok
23
:02:00.0452 7404  319C6B309773D063541D01DF8AC6F55F SCPolicySvc     C:\Windows\System32\certprop.dll
23
:02:00.0572 7404  SCPolicySvc ok
23
:02:00.0642 7404  08236C4BCE5EDD0A0318A438AF28E0F7 SDRSVC          C:\Windows\System32\SDRSVC.dll
23
:02:00.0863 7404  SDRSVC ok
23
:02:00.0948 7404  90A3935D05B494A5A39D37E71F09A677 secdrv          C:\Windows\system32\drivers\secdrv.sys
23
:02:01.0122 7404  secdrv ok
23
:02:01.0194 7404  A59B3A4442C52060CC7A85293AA3546F seclogon        C:\Windows\system32\seclogon.dll
23
:02:01.0328 7404  seclogon ok
23
:02:01.0391 7404  DCB7FCDCC97F87360F75D77425B81737 SENS            C:\Windows\System32\sens.dll
23
:02:01.0553 7404  SENS ok
23
:02:01.0629 7404  50087FE1EE447009C9CC2997B90DE53F SensrSvc        C:\Windows\system32\sensrsvc.dll
23
:02:01.0730 7404  SensrSvc ok
23
:02:01.0778 7404  9AD8B8B515E3DF6ACD4212EF465DE2D1 Serenum         C:\Windows\system32\drivers\serenum.sys
23
:02:01.0872 7404  Serenum ok
23
:02:01.0901 7404  5FB7FCEA0490D821F26F39CC5EA3D1E2 Serial          C:\Windows\system32\drivers\serial.sys
23
:02:01.0991 7404  Serial ok
23
:02:02.0094 7404  79BFFB520327FF916A582DFEA17AA813 sermouse        C:\Windows\system32\drivers\sermouse.sys
23
:02:02.0198 7404  sermouse ok
23
:02:02.0346 7404  9D38320BB32230349379DF5DDBBF7FCE ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23
:02:02.0396 7404  ServiceLayer UnsignedFile.Multi.Generic ) - warning
23
:02:02.0396 7404  ServiceLayer detected UnsignedFile.Multi.Generic (1)
23:02:02.0532 7404  4AE380F39A0032EAB7DD953030B26D28 SessionEnv      C:\Windows\system32\sessenv.dll
23
:02:02.0681 7404  SessionEnv ok
23
:02:02.0749 7404  9F976E1EB233DF46FCE808D9DEA3EB9C sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23
:02:02.0864 7404  sffdisk ok
23
:02:02.0889 7404  932A68EE27833CFD57C1639D375F2731 sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23
:02:02.0975 7404  sffp_mmc ok
23
:02:02.0997 7404  6D4CCAEDC018F1CF52866BBBAA235982 sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23
:02:03.0103 7404  sffp_sd ok
23
:02:03.0185 7404  DB96666CC8312EBC45032F30B007A547 sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23
:02:03.0280 7404  sfloppy ok
23
:02:03.0451 7404  74EC60E20516AAA573BE74F31175270F SftService      C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
23
:02:03.0618 7404  SftService ok
23
:02:03.0701 7404  D1A079A0DE2EA524513B6930C24527A2 SharedAccess    C:\Windows\System32\ipnathlp.dll
23
:02:03.0874 7404  SharedAccess ok
23
:02:03.0964 7404  414DA952A35BF5D50192E28263B40577 ShellHWDetection C:\Windows\System32\shsvcs.dll
23
:02:04.0138 7404  ShellHWDetection ok
23
:02:04.0228 7404  2565CAC0DC9FE0371BDCE60832582B2E sisagp          C:\Windows\system32\drivers\sisagp.sys
23
:02:04.0287 7404  sisagp ok
23
:02:04.0320 7404  A9F0486851BECB6DDA1D89D381E71055 SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23
:02:04.0388 7404  SiSRaid2 ok
23
:02:04.0419 7404  3727097B55738E2F554972C3BE5BC1AA SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23
:02:04.0486 7404  SiSRaid4 ok
23
:02:04.0634 7404  7C15061CD0372487903B07B9BB03AFAD SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23
:02:04.0688 7404  SkypeUpdate ok
23
:02:04.0793 7404  3E21C083B8A01CB70BA1F09303010FCE Smb             C:\Windows\system32\DRIVERS\smb.sys
23
:02:04.0943 7404  Smb ok
23
:02:05.0078 7404  6A984831644ECA1A33FFEAE4126F4F37 SNMPTRAP        C:\Windows\System32\snmptrap.exe
23
:02:05.0164 7404  SNMPTRAP ok
23
:02:05.0211 7404  95CF1AE7527FB70F7816563CBC09D942 spldr           C:\Windows\system32\drivers\spldr.sys
23
:02:05.0280 7404  spldr ok
23
:02:05.0373 7404  9AEA093B8F9C37CF45538382CABA2475 Spooler         C:\Windows\System32\spoolsv.exe
23
:02:05.0597 7404  Spooler ok
23
:02:05.0832 7404  CF87A1DE791347E75B98885214CED2B8 sppsvc          C:\Windows\system32\sppsvc.exe
23
:02:06.0111 7404  sppsvc ok
23
:02:06.0178 7404  B0180B20B065D89232A78A40FE56EAA6 sppuinotify     C:\Windows\system32\sppuinotify.dll
23
:02:06.0362 7404  sppuinotify ok
23
:02:06.0468 7404  E4C2764065D66EA1D2D3EBC28FE99C46 srv             C:\Windows\system32\DRIVERS\srv.sys
23
:02:06.0625 7404  srv ok
23
:02:06.0703 7404  03F0545BD8D4C77FA0AE1CEEDFCC71AB srv2            C:\Windows\system32\DRIVERS\srv2.sys
23
:02:06.0819 7404  srv2 ok
23
:02:06.0915 7404  BE6BD660CAA6F291AE06A718A4FA8ABC srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23
:02:07.0015 7404  srvnet ok
23
:02:07.0109 7404  D887C9FD02AC9FA880F6E5027A43E118 SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23
:02:07.0299 7404  SSDPSRV ok
23
:02:07.0343 7404  D318F23BE45D5E3A107469EB64815B50 SstpSvc         C:\Windows\system32\sstpsvc.dll
23
:02:07.0522 7404  SstpSvc ok
23
:02:07.0639 7404  EAA66218CD39F5BB1B4853A78C67C787 ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
23
:02:07.0698 7404  ss_bbus ok
23
:02:07.0747 7404  91765F99914ED8693D8BC76524F21581 ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
23
:02:07.0827 7404  ss_bmdfl ok
23
:02:07.0854 7404  840E7B738B03C10EE91D9B7D3D6EFF15 ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
23
:02:07.0924 7404  ss_bmdm ok
23
:02:07.0965 7404  DB32D325C192B801DF274BFD12A7E72B stexstor        C:\Windows\system32\drivers\stexstor.sys
23
:02:08.0046 7404  stexstor ok
23
:02:08.0161 7404  E1FB3706030FB4578A0D72C2FC3689E4 StiSvc          C:\Windows\System32\wiaservc.dll
23
:02:08.0311 7404  StiSvc ok
23
:02:08.0392 7404  E58C78A848ADD9610A4DB6D214AF5224 swenum          C:\Windows\system32\DRIVERS\swenum.sys
23
:02:08.0454 7404  swenum ok
23
:02:08.0531 7404  A28BD92DF340E57B024BA433165D34D7 swprv           C:\Windows\System32\swprv.dll
23
:02:08.0720 7404  swprv ok
23
:02:08.0831 7404  957539E35BCD76D4EF08DF5136C6D382 SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23
:02:09.0009 7404  SynTP ok
23
:02:09.0122 7404  36650D618CA34C9D357DFD3D89B2C56F SysMain         C:\Windows\system32\sysmain.dll
23
:02:09.0274 7404  SysMain ok
23
:02:09.0334 7404  763FECDC3D30C815FE72DD57936C6CD1 TabletInputService C:\Windows\System32\TabSvc.dll
23
:02:09.0454 7404  TabletInputService ok
23
:02:09.0517 7404  613BF4820361543956909043A265C6AC TapiSrv         C:\Windows\System32\tapisrv.dll
23
:02:09.0686 7404  TapiSrv ok
23
:02:09.0735 7404  B799D9FDB26111737F58288D8DC172D9 TBS             C:\Windows\System32\tbssvc.dll
23
:02:09.0887 7404  TBS ok
23
:02:10.0012 7404  D32FDAC73FCD76B85389C39BC1087F2A Tcpip           C:\Windows\system32\drivers\tcpip.sys
23
:02:10.0184 7404  Tcpip ok
23
:02:10.0318 7404  D32FDAC73FCD76B85389C39BC1087F2A TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23
:02:10.0455 7404  TCPIP6 ok
23
:02:10.0574 7404  3EEBD3BD93DA46A26E89893C7AB2FF3B tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23
:02:10.0685 7404  tcpipreg ok
23
:02:10.0774 7404  1CB91B2BD8F6DD367DFC2EF26FD751B2 TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23
:02:10.0920 7404  TDPIPE ok
23
:02:10.0948 7404  2C2C5AFE7EE4F620D69C23C0617651A8 TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23
:02:11.0021 7404  TDTCP ok
23
:02:11.0047 7404  B459575348C20E8121D6039DA063C704 tdx             C:\Windows\system32\DRIVERS\tdx.sys
23
:02:11.0193 7404  tdx ok
23
:02:11.0226 7404  04DBF4B01EA4BF25A9A3E84AFFAC9B20 TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23
:02:11.0338 7404  TermDD ok
23
:02:11.0412 7404  382C804C92811BE57829D8E550A900E2 TermService     C:\Windows\System32\termsrv.dll
23
:02:11.0585 7404  TermService ok
23
:02:11.0640 7404  42FB6AFD6B79D9FE07381609172E7CA4 Themes          C:\Windows\system32\themeservice.dll
23
:02:11.0740 7404  Themes ok
23
:02:11.0832 7404  146B6F43A673379A3C670E86D89BE5EA THREADORDER     C:\Windows\system32\mmcss.dll
23
:02:11.0978 7404  THREADORDER ok
23
:02:12.0046 7404  4792C0378DB99A9BC2AE2DE6CFFF0C3A TrkWks          C:\Windows\System32\trkwks.dll
23
:02:12.0192 7404  TrkWks ok
23
:02:12.0316 7404  2C49B175AEE1D4364B91B531417FE583 TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23
:02:12.0460 7404  TrustedInstaller ok
23
:02:12.0526 7404  254BB140EEE3C59D6114C1A86B636877 tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23
:02:12.0682 7404  tssecsrv ok
23
:02:12.0713 7404  FD1D6C73E6333BE727CBCC6054247654 TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23
:02:12.0908 7404  TsUsbFlt ok
23
:02:12.0986 7404  01246F0BAAD7B68EC0F472AA41E33282 TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23
:02:13.0069 7404  TsUsbGD ok
23
:02:13.0138 7404  B2FA25D9B17A68BB93D58B0556E8C90D tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23
:02:13.0284 7404  tunnel ok
23
:02:13.0322 7404  750FBCB269F4D7DD2E420C56B795DB6D uagp35          C:\Windows\system32\drivers\uagp35.sys
23
:02:13.0400 7404  uagp35 ok
23
:02:13.0463 7404  EE43346C7E4B5E63E54F927BABBB32FF udfs            C:\Windows\system32\DRIVERS\udfs.sys
23
:02:13.0612 7404  udfs ok
23
:02:13.0745 7404  8344FD4FCE927880AA1AA7681D4927E5 UI0Detect       C:\Windows\system32\UI0Detect.exe
23
:02:13.0864 7404  UI0Detect ok
23
:02:13.0969 7404  44E8048ACE47BEFBFDC2E9BE4CBC8880 uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23
:02:14.0051 7404  uliagpkx ok
23
:02:14.0119 7404  D295BED4B898F0FD999FCFA9B32B071B umbus           C:\Windows\system32\DRIVERS\umbus.sys
23
:02:14.0217 7404  umbus ok
23
:02:14.0314 7404  7550AD0C6998BA1CB4843E920EE0FEAC UmPass          C:\Windows\system32\drivers\umpass.sys
23
:02:14.0404 7404  UmPass ok
23
:02:14.0484 7404  833FBB672460EFCE8011D262175FAD33 upnphost        C:\Windows\System32\upnphost.dll
23
:02:14.0670 7404  upnphost ok
23
:02:14.0786 7404  1D9F2BD026E8E2D45033A4DF3F16B78C usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23
:02:14.0852 7404  usbaudio ok
23
:02:14.0876 7404  4663AD7F61519E88687393BFCB154E4C usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23
:02:15.0108 7404  usbccgp ok
23
:02:15.0223 7404  04EC7CEC62EC3B6D9354EEE93327FC82 usbcir          C:\Windows\system32\drivers\usbcir.sys
23
:02:15.0303 7404  usbcir ok
23
:02:15.0351 7404  F92DE757E4B7CE9C07C5E65423F3AE3B usbehci         C:\Windows\system32\drivers\usbehci.sys
23
:02:15.0447 7404  usbehci ok
23
:02:15.0511 7404  57CA3E7C775C22C62927A41838E10938 usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23
:02:15.0595 7404  usbhub ok
23
:02:15.0650 7404  A6FB7957EA7AFB1165991E54CE934B74 usbohci         C:\Windows\system32\drivers\usbohci.sys
23
:02:15.0756 7404  usbohci ok
23
:02:15.0791 7404  797D862FE0875E75C7CC4C1AD7B30252 usbprint        C:\Windows\system32\drivers\usbprint.sys
23
:02:15.0901 7404  usbprint ok
23
:02:15.0963 7404  F991AB9CC6B908DB552166768176896A USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23
:02:16.0166 7404  USBSTOR ok
23
:02:16.0219 7404  68DF884CF41CDADA664BEB01DAF67E3D usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23
:02:16.0293 7404  usbuhci ok
23
:02:16.0356 7404  45F4E7BF43DB40A6C6B4D92C76CBC3F2 usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23
:02:16.0458 7404  usbvideo ok
23
:02:16.0527 7404  081E6E1C91AEC36758902A9F727CD23C UxSms           C:\Windows\System32\uxsms.dll
23
:02:16.0674 7404  UxSms ok
23
:02:16.0721 7404  81951F51E318AECC2D68559E47485CC4 VaultSvc        C:\Windows\system32\lsass.exe
23
:02:16.0798 7404  VaultSvc ok
23
:02:16.0855 7404  A059C4C3EDB09E07D21A8E5C0AABD3CB vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23
:02:16.0916 7404  vdrvroot ok
23
:02:17.0010 7404  C3CD30495687C2A2F66A65CA6FD89BE9 vds             C:\Windows\System32\vds.exe
23
:02:17.0162 7404  vds ok
23
:02:17.0245 7404  17C408214EA61696CEC9C66E388B14F3 vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23
:02:17.0322 7404  vga ok
23
:02:17.0354 7404  8E38096AD5C8570A6F1570A61E251561 VgaSave         C:\Windows\System32\drivers\vga.sys
23
:02:17.0478 7404  VgaSave ok
23
:02:17.0511 7404  5461686CCA2FDA57B024547733AB42E3 vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23
:02:17.0596 7404  vhdmp ok
23
:02:17.0690 7404  C829317A37B4BEA8F39735D4B076E923 viaagp          C:\Windows\system32\drivers\viaagp.sys
23
:02:17.0769 7404  viaagp ok
23
:02:17.0801 7404  E02F079A6AA107F06B16549C6E5C7B74 ViaC7           C:\Windows\system32\drivers\viac7.sys
23
:02:17.0900 7404  ViaC7 ok
23
:02:17.0950 7404  E43574F6A56A0EE11809B48C09E4FD3C viaide          C:\Windows\system32\drivers\viaide.sys
23
:02:18.0013 7404  viaide ok
23
:02:18.0049 7404  4C63E00F2F4B5F86AB48A58CD990F212 volmgr          C:\Windows\system32\drivers\volmgr.sys
23
:02:18.0126 7404  volmgr ok
23
:02:18.0177 7404  B5BB72067DDDDBBFB04B2F89FF8C3C87 volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23
:02:18.0266 7404  volmgrx ok
23
:02:18.0317 7404  F497F67932C6FA693D7DE2780631CFE7 volsnap         C:\Windows\system32\drivers\volsnap.sys
23
:02:18.0407 7404  volsnap ok
23
:02:18.0480 7404  9DFA0CC2F8855A04816729651175B631 vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23
:02:18.0569 7404  vsmraid ok
23
:02:18.0679 7404  209A3B1901B83AEB8527ED211CCE9E4C VSS             C:\Windows\system32\vssvc.exe
23
:02:18.0890 7404  VSS ok
23
:02:18.0969 7404  90567B1E658001E79D7C8BBD3DDE5AA6 vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23
:02:19.0058 7404  vwifibus ok
23
:02:19.0137 7404  7090D3436EEB4E7DA3373090A23448F7 vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23
:02:19.0241 7404  vwififlt ok
23
:02:19.0320 7404  55187FD710E27D5095D10A472C8BAF1C W32Time         C:\Windows\system32\w32time.dll
23
:02:19.0467 7404  W32Time ok
23
:02:19.0540 7404  CD2CBF2254239D4CD12A439863C2219F WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
23
:02:19.0641 7404  WacHidRouter ok
23
:02:19.0687 7404  wacommousefilter ok
23
:02:19.0761 7404  DE3721E89C653AA281428C8A69745D90 WacomPen        C:\Windows\system32\drivers\wacompen.sys
23
:02:19.0895 7404  WacomPen ok
23
:02:20.0028 7404  FA09D4F768703D0B89A67C4267DEF9BA wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
23
:02:20.0089 7404  wacomrouterfilter ok
23
:02:20.0131 7404  wacomvhid ok
23
:02:20.0178 7404  3C3C78515F5AB448B022BDF5B8FFDD2E WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23
:02:20.0292 7404  WANARP ok
23
:02:20.0311 7404  3C3C78515F5AB448B022BDF5B8FFDD2E Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23
:02:20.0417 7404  Wanarpv6 ok
23
:02:20.0585 7404  353A04C273EC58475D8633E75CCD5604 WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23
:02:20.0851 7404  WatAdminSvc ok
23
:02:21.0022 7404  691E3285E53DCA558E1A84667F13E15A wbengine        C:\Windows\system32\wbengine.exe
23
:02:21.0232 7404  wbengine ok
23
:02:21.0278 7404  9614B5D29DC76AC3C29F6D2D3AA70E67 WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23
:02:21.0373 7404  WbioSrvc ok
23
:02:21.0455 7404  34EEE0DFAADB4F691D6D5308A51315DC wcncsvc         C:\Windows\System32\wcncsvc.dll
23
:02:21.0549 7404  wcncsvc ok
23
:02:21.0576 7404  5D930B6357A6D2AF4D7653BDABBF352F WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23
:02:21.0830 7404  WcsPlugInService ok
23
:02:21.0910 7404  1112A9BADACB47B7C0BB0392E3158DFF Wd              C:\Windows\system32\drivers\wd.sys
23
:02:22.0013 7404  Wd ok
23
:02:22.0119 7404  A840213F1ACDCC175B4D1D5AAEAC0D7A Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23
:02:22.0282 7404  Wdf01000 ok
23
:02:22.0367 7404  46EF9DC96265FD0B423DB72E7C38C2A5 WdiServiceHost  C:\Windows\system32\wdi.dll
23
:02:22.0647 7404  WdiServiceHost ok
23
:02:22.0713 7404  46EF9DC96265FD0B423DB72E7C38C2A5 WdiSystemHost   C:\Windows\system32\wdi.dll
23
:02:22.0902 7404  WdiSystemHost ok
23
:02:23.0031 7404  A9D880F97530D5B8FEE278923349929D WebClient       C:\Windows\System32\webclnt.dll
23
:02:23.0195 7404  WebClient ok
23
:02:23.0296 7404  760F0AFE937A77CFF27153206534F275 Wecsvc          C:\Windows\system32\wecsvc.dll
23
:02:23.0452 7404  Wecsvc ok
23
:02:23.0504 7404  AC804569BB2364FB6017370258A4091B wercplsupport   C:\Windows\System32\wercplsupport.dll
23
:02:23.0630 7404  wercplsupport ok
23
:02:23.0738 7404  08E420D873E4FD85241EE2421B02C4A4 WerSvc          C:\Windows\System32\WerSvc.dll
23
:02:23.0885 7404  WerSvc ok
23
:02:23.0944 7404  8B9A943F3B53861F2BFAF6C186168F79 WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23
:02:24.0044 7404  WfpLwf ok
23
:02:24.0091 7404  F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
23
:02:24.0143 7404  WimFltr ok
23
:02:24.0197 7404  5CF95B35E59E2A38023836FFF31BE64C WIMMount        C:\Windows\system32\drivers\wimmount.sys
23
:02:24.0250 7404  WIMMount ok
23
:02:24.0375 7404  3FAE8F94296001C32EAB62CD7D82E0FD WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23
:02:24.0510 7404  WinDefend ok
23
:02:24.0555 7404  WinHttpAutoProxySvc ok
23
:02:24.0704 7404  F62E510B6AD4C21EB9FE8668ED251826 Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23
:02:24.0812 7404  Winmgmt ok
23
:02:24.0934 7404  1B91CD34EA3A90AB6A4EF0550174F4CC WinRM           C:\Windows\system32\WsmSvc.dll
23
:02:25.0112 7404  WinRM ok
23
:02:25.0270 7404  A67E5F9A400F3BD1BE3D80613B45F708 WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23
:02:25.0357 7404  WinUsb ok
23
:02:25.0458 7404  16935C98FF639D185086A3529B1F2067 Wlansvc         C:\Windows\System32\wlansvc.dll
23
:02:25.0580 7404  Wlansvc ok
23
:02:25.0696 7404  6067ACEF367E79914AF628FA1E9B5330 wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23
:02:25.0764 7404  wlcrasvc ok
23
:02:25.0967 7404  0A70F4022EC2E14C159EFC4F69AA2477 wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23
:02:26.0209 7404  wlidsvc ok
23
:02:26.0314 7404  0217679B8FCA58714C3BF2726D2CA84E WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23
:02:26.0419 7404  WmiAcpi ok
23
:02:26.0522 7404  6EB6B66517B048D87DC1856DDF1F4C3F wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23
:02:26.0620 7404  wmiApSrv ok
23
:02:26.0816 7404  3B40D3A61AA8C21B88AE57C58AB3122E WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23
:02:27.0035 7404  WMPNetworkSvc ok
23
:02:27.0098 7404  A2F0EC770A92F2B3F9DE6D518E11409C WPCSvc          C:\Windows\System32\wpcsvc.dll
23
:02:27.0275 7404  WPCSvc ok
23
:02:27.0340 7404  AA53356D60AF47EACC85BC617A4F3F66 WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23
:02:27.0439 7404  WPDBusEnum ok
23
:02:27.0503 7404  6DB3276587B853BF886B69528FDB048C ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23
:02:27.0625 7404  ws2ifsl ok
23
:02:27.0690 7404  6F5D49EFE0E7164E03AE773A3FE25340 wscsvc          C:\Windows\System32\wscsvc.dll
23
:02:27.0774 7404  wscsvc ok
23
:02:27.0802 7404  WSearch ok
23
:02:27.0970 7404  622B5D17E5C1E738A3C6E9D455794EC9 WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
23
:02:28.0042 7404  WTabletServiceCon ok
23
:02:28.0426 7404  FC3EC24FCE372C89423E015A2AC1A31E wuauserv        C:\Windows\system32\wuaueng.dll
23
:02:28.0625 7404  wuauserv ok
23
:02:28.0672 7404  06E6F32C8D0A3F66D956F57B43A2E070 WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23
:02:28.0757 7404  WudfPf ok
23
:02:28.0809 7404  867C301E8B790040AE9CF6486E8041DF WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23
:02:28.0886 7404  WUDFRd ok
23
:02:28.0958 7404  FE47B7BC8EA320C2D9B5E5BF6E303765 wudfsvc         C:\Windows\System32\WUDFSvc.dll
23
:02:29.0017 7404  wudfsvc ok
23
:02:29.0070 7404  3C5E51C05BE9B56EAFF4E388C3AB25E4 WwanSvc         C:\Windows\System32\wwansvc.dll
23
:02:29.0250 7404  WwanSvc ok
23
:02:29.0379 7404  ================ Scan global ===============================
23:02:29.0447 7404  DAB748AE0439955ED2FA22357533DDDB C:\Windows\system32\basesrv.dll
23
:02:29.0511 7404  1F5F07091D50244F17DD8D5147A628CC C:\Windows\system32\winsrv.dll
23
:02:29.0546 7404  1F5F07091D50244F17DD8D5147A628CC C:\Windows\system32\winsrv.dll
23
:02:29.0622 7404  364455805E64882844EE9ACB72522830 C:\Windows\system32\sxssrv.dll
23
:02:29.0661 7404  5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\system32\services.exe
23
:02:29.0675 7404  [Global] - ok
23
:02:29.0679 7404  ================ Scan MBR ==================================
23:02:29.0712 7404  5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23
:02:30.0450 7404  \Device\Harddisk0\DR0 ok
23
:02:30.0452 7404  ================ Scan VBR ==================================
23:02:30.0494 7404  F920CEE3EE0F4B5F8DFAC7DDCF92D0DE ] \Device\Harddisk0\DR0\Partition1
23
:02:30.0507 7404  \Device\Harddisk0\DR0\Partition1 ok
23
:02:30.0539 7404  B72442A55778396164B2A963E06EA46E ] \Device\Harddisk0\DR0\Partition2
23
:02:30.0543 7404  \Device\Harddisk0\DR0\Partition2 ok
23
:02:30.0546 7404  ============================================================
23:02:30.0546 7404  Scan finished
23
:02:30.0546 7404  ============================================================
23:02:30.0602 3068  Detected object count5
23
:02:30.0602 3068  Actual detected object count5
23
:02:58.0086 3068  Atheros Bt&Wlan Coex Agent UnsignedFile.Multi.Generic ) - skipped by user
23
:02:58.0086 3068  Atheros Bt&Wlan Coex Agent UnsignedFile.Multi.Generic ) - User select actionSkip 
23
:02:58.0089 3068  AtherosSvc UnsignedFile.Multi.Generic ) - skipped by user
23
:02:58.0089 3068  AtherosSvc UnsignedFile.Multi.Generic ) - User select actionSkip 
23
:02:58.0095 3068  FsUsbExDisk UnsignedFile.Multi.Generic ) - skipped by user
23
:02:58.0095 3068  FsUsbExDisk UnsignedFile.Multi.Generic ) - User select actionSkip 
23
:02:58.0101 3068  FsUsbExService UnsignedFile.Multi.Generic ) - skipped by user
23
:02:58.0101 3068  FsUsbExService UnsignedFile.Multi.Generic ) - User select actionSkip 
23
:02:58.0109 3068  ServiceLayer UnsignedFile.Multi.Generic ) - skipped by user
23
:02:58.0109 3068  ServiceLayer UnsignedFile.Multi.Generic ) - User select actionSkip 

__________________
"You can close your eyes to things you don't want to see
but you can't close your heart to things you don't want to feel."

-Johnny Depp

Alt 05.07.2013, 14:34   #6
markusg
/// Malware-holic
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> CouponDropDown Virus

Alt 05.07.2013, 15:20   #7
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Jetzt ergibt sich ein kleines Problem.

Nachdem ich die Installation bestätigt habe, tauchte ein grauer Kasten mit grauen Balken auf. Als dieser bei 100% war, erschien zunächst ein weiteres Fenster, mit Ladebalken und einer grünen Schrift auf schwarzen Untergrund. Als der Ladebalken etwa zur Hälfte voll war, öffnete sich ein weiteres Fenster, wo mir gesagt wurde, das ... von 10 Ordnern gespeichert werden.
Danach war plötzlich Schluss und es kam diese Meldung:

"Du kannst Combofix nicht in 196290~1 umbenennen.
Bitte nutze einen anderen Namen. Vorzugsweise aus alphabetischen Zeichen bestehend."

Auf meinen Desktop habe ich nun folgende Software:

Continue Download helper Installation
Optimizer Pro

Wo liegt mein Fehler?
vG
__________________
"You can close your eyes to things you don't want to see
but you can't close your heart to things you don't want to feel."

-Johnny Depp

Alt 05.07.2013, 15:44   #8
markusg
/// Malware-holic
 
CouponDropDown Virus - Standard

CouponDropDown Virus



hast du combofix ausgeführt wie ganggeben? lösche es und versuchs noch malb
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.07.2013, 17:31   #9
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Es hat geklappt.
Habe alles gelöscht und den Download noch einmal durchgeführt.

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-04.01 - Mustermann 05.07.2013  16:56:34.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2036.1117 [GMT 2:00]
ausgeführt von:: c:\users\Mustermann\Downloads\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\windows\system32\pt
c:\windows\system32\pt\Lagoon.resources.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-05 bis 2013-07-05  ))))))))))))))))))))))))))))))
.
.
2013-07-05 16:04 . 2013-07-05 16:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-05 14:00 . 2013-07-05 14:00	--------	d-----w-	c:\users\Mustermann\AppData\Roaming\Delta
2013-07-05 14:00 . 2013-07-05 14:00	--------	d-----w-	c:\users\Mustermann\AppData\Local\Wajam
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\users\Mustermann\AppData\Local\DealPlyLive
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\program files\DealPlyLive
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\programdata\DealPlyLive
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\users\Mustermann\AppData\Local\Programs
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\users\Mustermann\AppData\Local\Babylon
2013-07-05 13:59 . 2013-07-05 14:00	--------	d-----w-	c:\program files\Wajam
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\users\Mustermann\AppData\Roaming\Dealply
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\programdata\Babylon
2013-07-05 13:59 . 2013-07-05 13:59	--------	d-----w-	c:\users\Mustermann\AppData\Roaming\Babylon
2013-07-03 15:48 . 2013-07-03 15:48	--------	d-----w-	c:\users\Mustermann\AppData\Roaming\WTablet
2013-07-02 20:11 . 2013-07-02 20:11	--------	d-----w-	c:\program files\Purplehills
2013-07-02 19:46 . 2013-07-02 19:46	--------	d-----w-	c:\users\Mustermann\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
2013-07-02 19:46 . 2013-07-02 19:46	--------	d-----w-	c:\users\Mustermann\AppData\Roaming\Wildlife Park 2
2013-07-01 20:20 . 2013-06-08 11:13	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-07-01 20:20 . 2013-06-08 11:41	218112	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-07-01 18:17 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\system32\d3d11.dll
2013-07-01 18:17 . 2013-05-10 03:20	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-07-01 18:16 . 2013-04-26 04:55	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-07-01 18:15 . 2013-05-13 03:08	903168	----a-w-	c:\windows\system32\certutil.exe
2013-07-01 18:15 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-07-01 18:15 . 2013-05-13 04:45	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-01 18:15 . 2013-05-13 04:45	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-01 18:15 . 2013-05-13 03:08	43008	----a-w-	c:\windows\system32\certenc.dll
2013-07-01 18:14 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-07-01 18:14 . 2013-05-06 05:06	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-01 18:14 . 2013-05-06 05:06	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-07-01 18:14 . 2013-05-08 05:38	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-07-01 05:26 . 2013-07-02 00:04	--------	d-----w-	c:\programdata\Spyware Terminator
2013-07-01 05:26 . 2013-07-01 05:26	--------	d-----w-	c:\users\Mustermann\AppData\Roaming\Spyware Terminator
2013-07-01 05:26 . 2013-07-02 00:04	--------	d-----w-	c:\program files\Spyware Terminator
2013-06-30 18:21 . 2013-06-30 18:21	110080	----a-r-	c:\users\Mustermann\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconF7A21AF7.exe
2013-06-30 18:21 . 2013-06-30 18:22	--------	d-----w-	C:\sh4ldr
2013-06-30 18:21 . 2013-06-30 18:21	--------	d-----w-	c:\program files\Enigma Software Group
2013-06-10 12:37 . 2013-07-02 00:07	--------	d-----w-	c:\programdata\McAfee Security Scan
2013-06-10 12:37 . 2013-07-02 00:07	--------	d-----w-	c:\program files\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 19:52 . 2013-02-17 14:05	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-11 19:52 . 2011-07-30 12:28	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-11 10:29 . 2013-05-11 10:29	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-11 10:29 . 2013-05-11 10:29	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-05-11 10:29 . 2013-05-11 10:29	158720	----a-w-	c:\windows\system32\msls31.dll
2013-05-11 10:29 . 2013-05-11 10:29	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-05-11 10:29 . 2013-05-11 10:29	138752	----a-w-	c:\windows\system32\wextract.exe
2013-05-11 10:29 . 2013-05-11 10:29	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-05-11 10:29 . 2013-05-11 10:29	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-05-11 10:29 . 2013-05-11 10:29	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-11 10:29 . 2013-05-11 10:29	12800	----a-w-	c:\windows\system32\mshta.exe
2013-05-11 10:29 . 2013-05-11 10:29	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-11 10:29 . 2013-05-11 10:29	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-11 10:29 . 2013-05-11 10:29	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-11 10:29 . 2013-05-11 10:29	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-05-11 10:29 . 2013-05-11 10:29	361984	----a-w-	c:\windows\system32\html.iec
2013-05-11 10:29 . 2013-05-11 10:29	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-11 10:29 . 2013-05-11 10:29	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-11 10:29 . 2013-05-11 10:29	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-13 04:45 . 2013-05-15 15:59	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:59	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:29	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 15:58	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 15:58	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 16:04	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-04-07 08:54 . 2012-12-19 18:08	1156400	----a-w-	c:\windows\system32\dmwu.exe
2013-04-07 08:52 . 2012-12-19 18:08	27136	----a-w-	c:\windows\system32\ImHttpComm.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:29	170840	----a-w-	c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29	241872	----a-w-	c:\program files\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2012-02-03 102400]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2012-04-05 347008]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-08-13 1873192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-25 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-25 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"AtherosBtStack"="c:\program files\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 486560]
"AthBtTray"="c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 302240]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Magneto Popup"="c:\program files\STMicroelectronics\Accelerometer-Magnetometer\PopUp_DM.exe" [2010-11-03 111216]
"Syncables"="c:\program files\syncables\syncables desktop\syncables.exe" [2010-01-20 370480]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-12-12 646744]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Del18859101"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell duo Stage.lnk - c:\program files\Dell\duo Stage\duoStage.exe -bgr [2010-10-22 1022016]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 148000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys [2009-10-02 47104]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 148000]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 11680]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 146872]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 198904]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-25 191008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 70048]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-15 13728]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-01 1343400]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 210608]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-23 171600]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [2010-12-28 135168]
S2 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 56480]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2013-01-29 188760]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-04-07 1156400]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 172416]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2013-05-02 109064]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 528256]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 258720]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-26 239776]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 60920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 LSM303DLH;STMicroelectronics™ 3-Achs Beschleunigungssensor/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 363080]
S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14	141824	----a-w-	c:\windows\System32\wscript.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 19:52]
.
2013-07-05 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 13:59]
.
2013-07-05 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-07-05 13:59]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000Core.job
- c:\users\Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:47]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097651500-996847305-4119585860-1000UA.job
- c:\users\Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-08 12:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=1060E0B9A51263AA&affID=119357&tt=040713_ctrl&tsp=4934
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - c:\program files\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
HKLM-Run-NPSStartup - (no file)
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PaintToolSAI - c:\users\Mustermann\Desktop\PaintToolSAI\uninst.exe
AddRemove-Santa Claus in trouble ... gold! - d:\progra~1\SANTAC~1.GOL\UNINST~1\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-05  18:11:43
ComboFix-quarantined-files.txt  2013-07-05 16:11
.
Vor Suchlauf: 11 Verzeichnis(se), 148.268.077.056 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 165.945.049.088 Bytes frei
.
- - End Of File - - 71F9F38FF4F9A2DBC4EC349C2EDE748B
         
--- --- ---
5C616939100B85E558DA92B899A0FC36
[/PHP]


Ich war mir nicht sicher, wie ich Code-Tags erstelle...
MfG
__________________
"You can close your eyes to things you don't want to see
but you can't close your heart to things you don't want to feel."

-Johnny Depp

Alt 05.07.2013, 17:37   #10
markusg
/// Malware-holic
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 09:38   #11
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Fertig, nach 8 Std:

PHP-Code:
Malwarebytes Anti-Malware (Test1.75.0.1300
www
.malwarebytes.org

Datenbank Version
v2013.07.05.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Mustermann 
:: MustermannS-PC [Administrator]

SchutzAktiviert

05.07.2013 18
:52:42
mbam
-log-2013-07-05 (18-52-42).txt

Art des Suchlaufs
Vollständiger Suchlauf (C:\|)
Aktivierte SuchlaufeinstellungenSpeicher Autostart Registrierung Dateisystem Heuristiks/Extra HeuristiKs/Shuriken PUP PUM
Deaktivierte Suchlaufeinstellungen
P2P
Durchsuchte Objekte
356551
Laufzeit
5 Stunde(n), 26 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse1
C
:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1292 -> Löschen bei Neustart.

Infizierte Speichermodule0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel1
HKLM
\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse1
C
:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien7
C
:\Users\Mustermann\Downloads\etype2_V_Setup.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\SMustermann\Downloads\Hüter_des_Lichts.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mustermann\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mustermann\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mustermann\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Löschen bei Neustart.

(
Ende
__________________
"You can close your eyes to things you don't want to see
but you can't close your heart to things you don't want to feel."

-Johnny Depp

Alt 06.07.2013, 12:28   #12
markusg
/// Malware-holic
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Sorry, das dauert normalerweise nicht so lang.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 14:30   #13
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Wenn ich es soweit gemacht habe und die Liste gespeichert habe - wo soll ich hinschreiben, ob etwas brauche oder nicht?
Die txt Datei editieren? Und wenn ja, soll ich "notwendig,etc." hinter den Name oder hinter die Zahlen schreiben?

Bsp.
Dell DataSafe Local Backup Dell (hier..) 04.06.2011 9.4.60 (...oder hier?)
__________________
"You can close your eyes to things you don't want to see
but you can't close your heart to things you don't want to feel."

-Johnny Depp

Alt 06.07.2013, 14:31   #14
markusg
/// Malware-holic
 
CouponDropDown Virus - Standard

CouponDropDown Virus



ja klar in die txt, hinter die programm version.
also zb
adobe reader version xy nötig
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2013, 14:49   #15
Soph6297
 
CouponDropDown Virus - Standard

CouponDropDown Virus



Ok, hoffe habe jetzt nichts übersehen.

PHP-Code:
Accelerometer-Magnetometer    STMicroelectronics    unbekannt 04.06.2011        1.00.0028
Adobe AIR    Adobe Systems Incorporated    nötig 24.05.2013        3.7.0.1860
Adobe Flash Player 11 ActiveX    Adobe Systems Incorporated    nötig 11.06.2013    6
,00MB    11.7.700.224
Adobe Flash Player 11 Plugin    Adobe Systems Incorporated    nötig     11.06.2013    6
,00MB    11.7.700.224
Adobe Photoshop Elements 11    Adobe Systems Incorporated    nötig 24.03.2013    2
,60GB    11.0
Adobe Reader X MUI    Adobe Systems Incorporated    nötig 04.06.2011    470MB    10.0.0
Advanced Audio FX Engine    Creative Technology Ltd    unbekannt 05.06.2011        1.12.05
ArtRage Studio Pro    Ambient Design    24.03.2013    nötig 86
,2MB    3.5.4
Atheros WLAN 
and Bluetooth Client Installation Program    Atheros    nötig 04.06.2011        9.0
Bamboo Dock    Wacom Co
., Ltd.    nötig 20.07.2012        3.9
Bing Maps 3D    Microsoft Corporation    unbekannt 04.06.2011    15
,0MB    4.0.903.16005
Broadcom CrystalHD Decoder    Broadcom Corporation    unbekannt 04.06.2011    7
,99MB    3.5.0.32
CCleaner    Piriform    nötig 19.06.2013        4.03
Cellosoft JTablet 1.2.5
-alpha    Cellosoft    nötig 05.03.2013        1.2.5-alpha
Christmas Magic        nötig 20.12.2012        
Cisco EAP
-FAST Module    Cisco SystemsInc.    unbekannt 04.06.2011    1,15MB    2.2.14
Cisco LEAP Module    Cisco Systems
Inc.    unbekannt 04.06.2011    492KB    1.0.19
Cisco PEAP Module    Cisco Systems
Inc.    unbekannt 04.06.2011    924KB    1.1.6
Conexant HD Audio    Conexant    nötig 05.06.2011        4.126.0.62
CyberLink YouPaint    CyberLink Corp
.    nötig 04.06.2011    72,1MB    1.2.2124
Dealply        unnötig 05.07.2013        
Dell DataSafe Local Backup    Dell    nötig 04.06.2011        9.4.60
Dell DataSafe Local Backup 
Support Software    Dell    nötig 04.06.2011        9.4.60
Dell duo Stage    ArcSoft    04.06.2011    20
,8MB    1.0.0.12
Dell duo Station    ArcSoft    nötig 04.06.2011        1.0.7.34
Dell Getting Started Guide    Dell Inc
.    nötig 04.06.2011        1.00.0000
Dell MusicStage    Fingertapps    nötig 04.06.2011        nötig 1.4.162.0
Dell PhotoStage    ArcSoft    nötig 04.06.2011    101MB    1.5.0.30
Dell VideoStage    CyberLink Corp
.    nötig 04.06.2011        1.1.1.1408
Dell Webcam Central    Creative Technology Ltd    nötig 05.06.2011        2.00.35
Die Sims™ 3    Electronic Arts    unnötig 24.12.2011        1.26.89
Die Sims™ 3 Einfach tierisch    Electronic Arts    unnötig24.12.2011        10.0.96
EA Download Manager    Electronic Arts
Inc.    unnötig 28.10.2011        5.0.0.255
eyrie_screensaver        unnötig 21.03.2013        
FarmFrenzy        nötig 02.07.2013        
Fiesta Online DE 1.04.053    Gamigo Games    nötig 14.06.2012        1.04.053
GameXN GO    GameXN 
AS    nötig 05.04.2012        
GIMP 2.6.12    The GIMP Team    nötig 04.03.2012    114MB    2.6.12
Google Chrome    Google Inc
.    nötig 08.09.2011        27.0.1453.116
IB Updater 2.0.0.575    IncrediBar    unbekannt16.03.2013    2
,06MB    2.0.0.575
IB Updater Service        unbekannt 09.04.2013        3.0.4.6
Intel
(RGraphics Media Accelerator Driver    Intel Corporation     unbekannt 05.06.2011    54,2MB    8.14.10.2308
Intel
(RRapid Storage Technology    Intel Corporation            unbekannt 9.6.4.1002
Java 7 Update 17    Oracle    nötig 05.03.2013    129MB    7.0.170
Java
(TM6 Update 24    Oracle    nötig 04.06.2011    96,9MB    6.0.240
join
.me    LogMeInInc.    nötig 07.12.2012        1.7.0.138
Livebrush Mini    MoreMeYou    nötig 28.03.2013        1.5
Malwarebytes Anti
-Malware Version 1.75.0.1300    Malwarebytes Corporation    nötig 05.07.2013    19,2MB    1.75.0.1300
McAfee Security Scan Plus    McAfee
Inc.    nötig 10.06.2013    10,2MB    3.0.318.3
McAfee SecurityCenter    McAfee
Inc.    nötig 30.05.2013        11.6.511
Microsoft 
.NET Framework 4 Client Profile    Microsoft Corporation    nötig  11.02.2011    38,8MB    4.0.30319
Microsoft 
.NET Framework 4 Extended    Microsoft Corporation    unbekannt 11.02.2011     51,9MB    4.0.30319
Microsoft Office File Validation Add
-In    Microsoft Corporation    unbekannt 17.09.2011    7,95MB    14.0.5130.5003
Microsoft Office Live Add
-in 1.5    Microsoft Corporation    unbekannt 22.10.2012    508KB    2.0.4024.1
Microsoft Office Standard 2007    Microsoft Corporation    nötig 30.03.2012        12.0.6612.1000
Microsoft Silverlight    Microsoft Corporation    unbekannt 13.03.2013    122MB    5.1.20125.0
Microsoft SQL Server 2005 Compact Edition 
[ENU]    Microsoft Corporation    unbekannt 04.06.2011    1,69MB    3.1.0000
Microsoft Touch Pack 
for Windows 7    Microsoft Corporation    nötig 04.06.2011    325MB    1.0.40517.00
Microsoft Visual C
++ 2005 ATL Update kb973923 x86 8.0.50727.4053    Microsoft Corporation    unbekannt 25.01.2012    252KB    8.0.50727.4053
Microsoft Visual C
++ 2005 Redistributable    Microsoft Corporation    unbekannt 05.07.2011    2,58MB    8.0.58299
Microsoft Visual C
++ 2005 Redistributable KB2467175    Microsoft Corporation    unbekannt 31.10.2011    2,64MB    8.0.51011
Microsoft Visual C
++ 2008 Redistributable x86 9.0.30729    Microsoft Corporation    unbekannt 23.09.2011    234KB    9.0.30729
Microsoft Visual C
++ 2008 Redistributable x86 9.0.30729.17    Microsoft Corporation    unbekannt 04.06.2011    595KB    9.0.30729
Microsoft Visual C
++ 2008 Redistributable x86 9.0.30729.6161    Microsoft Corporation    unbekannt 03.07.2011    600KB    9.0.30729.6161
Microsoft Visual C
++ 2010  x86 Redistributable 10.0.40219    Microsoft Corporation    unbekannt 20.01.2013    12,3MB    10.0.40219
Microsoft WSE 3.0 Runtime    Microsoft Corp
.    unbekannt 28.10.2011    942KB    3.0.5305.0
Microsoft XNA Framework Redistributable 3.0    Microsoft Corporation    unbekannt 04.06.2011    7
,61MB    3.0.11010.0
MoodTuner    GUGA EOOD    nötig 25.01.2013        1.1
MSXML 4.0 SP2 
(KB954430)         Microsoft Corporation    unbekannt 04.02.2012    1,27MB    4.20.9870.0
MSXML 4.0 SP2 
(KB973688)    Microsoft Corporation    unbekannt 05.02.2012    1,33MB    4.20.9876.0
Paint
.NET v3.5.10    dotPDN LLC    nötig 14.11.2011    10,6MB    3.60.0
PC Connectivity Solution    Nokia    nötig 03.02.2012    9
,21MB    8.15.0.0
Primtext    Fa
Ellen Hoche Lehrund Lernmittel    unbekannt 13.07.2011    5,94MB    4.10.0000
QuickSet32    Dell Inc
.    unbekannt 04.06.2011        10.5.030
Qwarq    ConnectSoft
Inc.    unbekannt 04.06.2011        1.0.66.29331
SAMSUNG Mobile Composite Device Software        nötig 03.02.2012        
Samsung Mobile Modem Device Software        nötig 03.02.2012        
SAMSUNG Mobile Modem Driver Set        nötig 03.02.2012        
Samsung Mobile phone USB driver Drive Software        nötig 03.02.2012        
SAMSUNG Mobile USB Modem 1.0 Software        nötig 03.02.2012        
SAMSUNG Mobile USB Modem Software        nötig 03.02.2012        
Samsung 
New PC Studio    Samsung Electronics Co., Ltd.    nötig 03.02.2012    200MB    1.00.0000
SAMSUNG USB Mobile Device Software        nötig 03.02.2012        
SamsungConnectivityCableDriver    Samsung    nötig 03.02.2012    633KB    6.83.6.2.1
Skype Toolbars    Skype Technologies S
.A.    nötig 04.06.2011    5,36MB    1.0.4051
Skype™ 6.3    Skype Technologies S
.A.    nötig 03.06.2013    21,1MB    6.3.107
Softonic toolbar  on IE 
and Chrome        nötig 04.03.2012        
SRS Premium Sound APO 
for Conexant USB Audio        nötig 21.07.2011        
SRS Premium Sound Control Panel    SRS Labs
Inc.    nötig 04.06.2011    1,38MB    1.10.15.0
StreamTransport version
1.0.2.2171        unbekannt 23.05.2013        
Sumo Paint Bamboo 2.2    UNKNOWN    nötig 28.03.2013        v2.2
Surf 
E-Mail-Stick    Huawei Technologies Co.,Ltd    nötig 17.05.2012        16.001.06.02.35
Synaptics Pointing Device Driver    Synaptics Incorporated    unbekannt 05.06.2011    46
,4MB    15.1.8.0
syncables desktop    syncables    unbekannt 04.06.2011        5.5.525.8403
TSR Watermark Image software version 2.3.4.1 
Free version        nötig 04.04.2013    5,09MB    
Wacom    Wacom Technology Corp
.    nötig 11.06.2013        5.3.2-1
Wajam    Wajam    unbekannt 05.07.2013        1.80
WebTablet FB Plugin 32 bit    Wacom Technology Corp
.    nötig 17.02.2013        2.1.0.2
WebTablet IE Plugin    Wacom Technology Corp
.    nötig 20.07.2012        1.1.0.12
WebTablet Netscape Plugin    Wacom Technology Corp
.    nötig 20.07.2012        1.1.0.10
Windows Live Essentials    Microsoft Corporation    unbekannt 04.06.2011        15.4.3508.1109
Windows Live Mesh ActiveX control 
for remote connections    Microsoft Corporation    unbekannt 04.06.2011    5,57MB    15.4.5722.2
Windows
-Treiberpaket Nokia pccsmcfd  (10/12/2007 6.85.4.0)    Nokia    nötig 03.02.2012        10/12/2007 6.85.4.0
WolfQuest    eduweb    unnötig 24.07.2012    219MB    1.6.4
Zoo Tycoon
Complete Collection        nötig 03.07.2013        
Zylom Games Player Plugin    Zylom Games    nötig 09.03.2012 
__________________
"You can close your eyes to things you don't want to see
but you can't close your heart to things you don't want to feel."

-Johnny Depp

Antwort

Themen zu CouponDropDown Virus
angeblich, browser, coupondropdown, entdeck, entdeckt, entfernen, erkennen, erklärung, extension, funktionieren, gelöscht, google, hoffe, interne, internet, konnte, kurze, löschen, problem, programme, programmen, spyware, tools, variante, virus, vollversion, woche



Ähnliche Themen: CouponDropDown Virus


  1. Ad by CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (8)
  2. coupondropdown
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (5)
  3. Windows 8 - CouponDropDown Virus - Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (9)
  4. Win 7: CouponDropDown entfernen
    Log-Analyse und Auswertung - 24.08.2013 (10)
  5. Win 7: Clicktocontinue by CouponDropDown-Virus
    Log-Analyse und Auswertung - 10.08.2013 (7)
  6. CouponDropDown entfernen?
    Log-Analyse und Auswertung - 18.07.2013 (12)
  7. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (21)
  8. Virus Coupondropdown auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (33)
  9. CouponDropDown
    Log-Analyse und Auswertung - 14.07.2013 (21)
  10. CouponDropDown - Virus?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (13)
  11. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (15)
  12. CouponDropDown entfernen
    Log-Analyse und Auswertung - 26.04.2013 (9)
  13. Malware CouponDropDown löschen
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (5)
  14. CouponDropDown
    Log-Analyse und Auswertung - 16.04.2013 (24)
  15. Coupondropdown
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (58)
  16. CouponDropDown entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (17)
  17. Coupondropdown und akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)

Zum Thema CouponDropDown Virus - Hallo, seit etwa einer Woche plage ich mich nun schon mit dem sogenannten "CouponDropDown Virus" herum. (Hier eine kurze Erklärung: hxxp://www.2-removevirus.com/de/entfernen-coupondropdown-virus/ ) Da er meinen PC extrem verlangsamt, bin es - CouponDropDown Virus...
Archiv
Du betrachtest: CouponDropDown Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.