| |
| |||||||
Log-Analyse und Auswertung: Mein PC ist vielleicht Infiziert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.04.2012, 16:44
| #1 |
 |  Mein PC ist vielleicht Infiziert. Hallo Liebe Com. Heute wurde ein Acc von mir gehackt in meinem Spiel aber ich weiß nicht wie das Passieren konnte ich habe vor Kurtzem erst meine Vieren Software drüber laufen lassen und komischer weise hat es bei 62% Gestoppt und es ging ein Fenster auf nicht von Avira das eine neue Sofware gefunden wurde und dann habe ich nicht installieren geklickt und dann wurde nicht weiter geprüft avira war dann ,,Fertig,, vielleicht hatte es auch garnichts damit zutuhen naja was kan ich sonnst noch tun um sicher zu gehn das mein PC Vieren und Trojaner frei ist kann mir bitte einer Helfen ? |
|
17.04.2012, 16:55
| #2 |
| /// Malware-holic   |  Mein PC ist vielleicht Infiziert. hi
__________________öffne avira, berichte, suche berichte mit funden, poste sie. avira, ereignisse, poste fundmeldungen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
17.04.2012, 18:00
| #3 |
| |  Mein PC ist vielleicht Infiziert. Hallo ich habe mit Avira nomma gestestet nichts Kein Fund.
__________________Habe aber OTL gemacht. Und weil nebenbei keine Programme Laufen sollen hoffe habe das richtig gemacht einfach den Browser geschlossen. Und am 2.April war der Letzte Fund aber der Passt nicht mehr rein. OTL :OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.04.2012 18:31:10 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Leon\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 592,89 Mb Available Physical Memory | 57,99% Memory free 2,40 Gb Paging File | 1,85 Gb Available in Paging File | 76,86% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97,65 Gb Total Space | 2,64 Gb Free Space | 2,70% Space Free | Partition Type: NTFS Drive H: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LEON3221 | User Name: Leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.17 18:18:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Leon\Desktop\OTL.exe PRC - [2012.03.27 12:13:52 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.03.09 18:53:05 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.08.09 12:06:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.05.25 08:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.12 11:19:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe PRC - [2007.05.10 16:58:42 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe PRC - [2007.02.12 14:50:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe ========== Modules (No Company Name) ========== MOD - [2012.04.12 21:33:06 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll MOD - [2012.04.12 20:08:48 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll MOD - [2012.04.12 20:08:33 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll MOD - [2012.03.24 10:28:36 | 000,190,776 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll MOD - [2012.03.24 10:28:36 | 000,123,192 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll MOD - [2012.03.24 10:28:35 | 001,099,576 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll MOD - [2012.02.16 23:22:00 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll MOD - [2012.02.15 16:16:03 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll MOD - [2012.02.15 16:14:18 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll MOD - [2011.12.06 19:36:23 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011.12.06 18:05:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.04.07 19:24:29 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.31 18:45:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.03.31 18:45:11 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.03.31 18:45:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.03.31 18:45:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.03.31 18:45:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.03.31 18:45:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.03.31 18:45:05 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3075.39054__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2011.03.31 18:45:05 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3075.38696_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2011.03.31 18:45:04 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3075.38732__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.03.31 18:45:04 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3075.39003__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.03.31 18:45:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3075.39000__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.03.31 18:45:04 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3075.38696__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2011.03.31 18:45:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.03.31 18:45:04 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.03.31 18:45:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.03.31 18:45:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.03.31 18:45:04 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2011.03.31 18:45:04 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2011.03.31 18:45:04 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2011.03.31 18:45:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.03.31 18:45:03 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3075.39002__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.05.12 11:19:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnp2std.exe MOD - [2007.02.12 14:50:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe MOD - [2004.09.02 04:33:56 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\xfire_lsp_9028.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update-Dienst (gupdatem) SRV - File not found [Auto | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update-Dienst (gupdate) SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2011.08.09 12:06:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.05.25 08:44:30 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wbymj4iz.sys -- (wbymj4iz.sys) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.10.26 05:01:40 | 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2011.08.09 12:06:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.08.09 12:06:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.03 16:33:46 | 006,404,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010.05.25 09:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2010.05.25 09:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2010.05.25 09:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.05.25 08:44:30 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007.12.06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2007.05.30 19:15:08 | 000,013,184 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.05.10 16:10:50 | 012,179,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2006.02.27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2) DRV - [2004.08.04 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004.08.04 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc= IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Search the web (Softonic)" FF - prefs.js..browser.startup.homepage: "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=13&cc=" FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.11 01:43:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.07 19:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Extensions [2012.03.29 15:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\extensions [2012.03.29 15:03:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.03 15:24:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.11 01:43:32 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\extensions\ffxtlbra@softonic.com [2012.01.27 17:20:42 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\extensions\plugin@yontoo.com [2012.03.29 15:01:21 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-1.xml [2011.12.18 09:11:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-10.xml [2012.03.11 01:43:49 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-11.xml [2011.09.15 12:47:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-2.xml [2011.09.21 20:46:27 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-3.xml [2011.09.29 12:38:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-4.xml [2011.10.06 19:43:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-5.xml [2011.10.18 11:44:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-6.xml [2011.11.06 17:05:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-7.xml [2011.11.18 21:36:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-8.xml [2011.12.11 17:06:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin-9.xml [2011.08.24 15:54:45 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\icqplugin.xml [2012.01.27 17:25:41 | 000,002,060 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\searchplugins\softonic.xml [2012.03.18 16:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.10 13:24:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.18 16:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.10 02:11:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.10 03:39:14 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.10 03:25:15 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.10 03:39:14 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.10 03:39:14 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.10 03:39:14 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.10 03:39:14 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Softonic) (Enabled) CHR - default_search_provider: search_url = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=49&cc= CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Yontoo = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll File not found O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe File not found O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe () O4 - HKLM..\Run: [UIExec] C:\Programme\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [Disker] C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Temp\HIMYM.DLL (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Programme\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Magic-i Visual Effects.lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\Leon\Startmenü\Programme\Autostart\ubisoft register.lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\Leon\Startmenü\Programme\Autostart\Xfire.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\nwprovau.dll File not found O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0BB0B92-9393-4A1C-B9EE-05115E548DC7}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.31 18:19:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.10.05 16:21:18 | 000,000,000 | R--D | M] - H:\Autorun -- [ CDFS ] O32 - AutoRun File - [2004.10.05 19:11:42 | 000,180,224 | R--- | M] () - H:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2004.08.24 17:57:32 | 000,000,042 | R--- | M] () - H:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{ace943a4-5bbc-11e0-a742-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ace943a4-5bbc-11e0-a742-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ace943a4-5bbc-11e0-a742-806d6172696f}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2004.10.05 19:11:42 | 000,180,224 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.17 18:18:09 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Leon\Desktop\OTL.exe [2012.04.15 18:27:49 | 000,000,000 | ---D | C] -- C:\World of Warcraft [2012.04.12 20:57:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Help [2012.04.10 17:55:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\World of Warcraft Public Test [2012.04.07 12:51:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MoonMt2 2012 [2012.04.02 23:32:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leon\Startmenü\Programme\IrfanView [2012.04.02 23:27:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Tinypic [2012.03.21 19:26:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leon\Eigene Dateien\RCT3 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.17 18:26:27 | 000,023,116 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\f.rtf [2012.04.17 18:19:01 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1844823847-839522115-1003UA.job [2012.04.17 18:19:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.17 18:18:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Leon\Desktop\OTL.exe [2012.04.17 17:19:01 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.17 16:50:59 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.17 16:47:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.16 18:24:52 | 000,002,357 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Google Chrome.lnk [2012.04.16 17:58:40 | 000,000,585 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\s.lnk [2012.04.15 12:19:05 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1844823847-839522115-1003Core.job [2012.04.14 15:52:47 | 004,529,067 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Karaoke - Blowing in the wind (Bob Dylan) Full video.mp3 [2012.04.14 01:48:48 | 005,221,748 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Milow - Ayo Technology (Karaoke).mp3 [2012.04.14 01:44:17 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.14 01:44:16 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Free YouTube to MP3 Converter.lnk [2012.04.12 20:06:07 | 000,552,040 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.12 20:06:07 | 000,502,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.12 20:06:07 | 000,115,454 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.12 20:06:07 | 000,088,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.12 19:53:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.04.11 17:38:10 | 000,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Neu RTF-Dokument.rtf [2012.04.10 17:09:04 | 000,000,662 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\gg.rtf [2012.03.31 22:05:33 | 000,000,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Verknüpfung mit .Dark-Fusion2 Patcher.lnk [2012.03.21 19:26:25 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.17 17:45:53 | 000,023,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\f.rtf [2012.04.15 18:45:13 | 000,000,585 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\s.lnk [2012.04.14 15:52:22 | 004,529,067 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Karaoke - Blowing in the wind (Bob Dylan) Full video.mp3 [2012.04.14 01:48:21 | 005,221,748 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Milow - Ayo Technology (Karaoke).mp3 [2012.04.14 01:44:17 | 000,000,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.14 01:44:16 | 000,001,023 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Free YouTube to MP3 Converter.lnk [2012.04.11 17:38:10 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Neu RTF-Dokument.rtf [2012.04.09 20:25:56 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\gg.rtf [2012.03.31 22:05:33 | 000,000,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Desktop\Verknüpfung mit .Dark-Fusion2 Patcher.lnk [2012.02.15 15:57:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.15 06:39:42 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2011.12.11 16:13:35 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.12.11 16:13:31 | 000,242,430 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.12.11 16:13:31 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.12.03 16:55:54 | 000,000,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Metin2_Multibot.cfg [2011.11.22 01:04:33 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.11.08 21:59:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2011.10.25 22:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll [2011.10.24 11:52:34 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe [2011.10.24 11:52:34 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini [2011.10.24 11:52:33 | 012,179,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys [2011.10.24 11:52:33 | 000,025,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys [2011.10.24 11:52:29 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll [2011.10.24 11:52:29 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll [2011.10.24 11:26:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe [2011.10.18 11:44:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.07.23 16:45:07 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.10 08:39:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.06.01 21:47:03 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2011.06.01 21:43:36 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2011.05.19 18:29:34 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.05.08 19:37:10 | 000,064,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.05.08 18:39:10 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\$_hpcst$.hpc [2011.05.07 19:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.04.18 16:04:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011.03.31 20:45:31 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2011.03.31 20:45:31 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2011.03.31 20:45:12 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2011.03.31 19:10:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.03.31 19:03:38 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.03.31 18:47:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.03.31 18:41:38 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2011.03.31 18:40:08 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011.03.31 18:40:01 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2011.03.31 18:34:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.03.31 18:17:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.05.25 08:45:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2010.05.25 08:45:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2010.05.25 08:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2010.05.25 08:45:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll ========== LOP Check ========== [2011.06.01 21:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easy Driver Pro [2011.04.05 16:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2011.05.09 19:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2011.10.31 14:45:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2011.05.08 18:39:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2012.01.27 17:20:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2011.06.01 21:08:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2012.03.18 17:02:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\.minecraft [2011.04.19 13:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Atari [2012.01.27 16:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Chirurgie Simulation [2012.04.14 01:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\DVDVideoSoft [2011.05.07 22:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.08.13 15:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\ICQ [2011.04.01 23:21:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\InterTrust [2011.04.20 18:58:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Leadertech [2011.10.30 19:15:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\LolClient [2012.01.17 14:37:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\OpenOffice.org [2011.05.07 20:35:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Samsung [2012.01.27 17:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Softonic [2011.07.11 20:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\TeamViewer [2012.03.08 22:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\The Creative Assembly [2012.01.02 01:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\TS3Client [2012.01.02 19:40:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\ts3overlay [2011.03.31 20:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\ubi.com [2011.08.08 17:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Windows Desktop Search [2011.08.08 17:57:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leon\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.11 16:05:53 | 000,000,000 | ---D | M] -- C:\ATI [2011.03.31 18:20:04 | 000,000,000 | ---D | M] -- C:\DELL [2011.03.31 19:16:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.09.24 23:54:48 | 000,000,000 | -HSD | M] -- C:\found.000 [2011.07.02 13:27:31 | 000,000,000 | ---D | M] -- C:\pnp [2011.04.05 16:30:00 | 000,000,000 | ---D | M] -- C:\ProgramData [2012.04.10 17:52:52 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.31 18:54:19 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.04.17 18:21:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.05.10 18:57:23 | 000,000,000 | ---D | M] -- C:\UserData [2012.04.12 21:48:36 | 000,000,000 | ---D | M] -- C:\WINDOWS [2012.04.17 17:13:06 | 000,000,000 | ---D | M] -- C:\World of Warcraft < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2011.05.07 22:16:52 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2011.05.07 22:16:52 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2011.05.07 22:16:52 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2011.05.07 22:16:52 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2011.05.07 22:16:52 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2011.05.07 22:16:52 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe < MD5 for: IASTOR.SYS > [2005.04.25 17:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: NVATABUS.SYS > [2005.03.29 19:59:25 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys [2005.03.29 19:59:25 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\system32\drivers\NvAtaBus.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.03.31 20:02:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.03.31 20:02:40 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.03.31 20:02:39 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [22 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.12.09 16:53:03 | 000,002,110 | ---- | M] () -- C:\Dokumente und Einstellungen\Leon\.recently-used.xbel [2012.04.14 13:05:38 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Leon\NTUSER.DAT [2012.04.17 18:35:05 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Leon\ntuser.dat.LOG [2012.04.12 21:44:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Leon\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.02.03 11:57:08 | 001,860,224 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > So und jetzt OTL Extras : OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.04.2012 18:31:10 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Leon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,42 Mb Total Physical Memory | 592,89 Mb Available Physical Memory | 57,99% Memory free
2,40 Gb Paging File | 1,85 Gb Available in Paging File | 76,86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 2,64 Gb Free Space | 2,70% Space Free | Partition Type: NTFS
Drive H: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LEON3221 | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58346:TCP" = 58346:TCP:*:Enabled:Pando Media Booster
"58346:UDP" = 58346:UDP:*:Enabled:Pando Media Booster
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
"58346:TCP" = 58346:TCP:*:Enabled:Pando Media Booster
"58346:UDP" = 58346:UDP:*:Enabled:Pando Media Booster
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Metin2\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Metin2\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Desktop\Metin2\metin2.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Metin2\metin2.bin:*:Enabled:metin2
"C:\Dokumente und Einstellungen\Leon\Desktop\Metin2\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Metin2\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Kopie von Metin2\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Kopie von Metin2\metin2client.bin:*:Enabled:metin2client
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ
"C:\Dokumente und Einstellungen\Leon\Desktop\esayFarmM2\metin2.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\esayFarmM2\metin2.bin:*:Enabled:metin2
"C:\Dokumente und Einstellungen\Leon\Desktop\esayFarmM2\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\esayFarmM2\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Desktop\Hacker (probierrer)\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Hacker (probierrer)\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Desktop\Metin2 (Clean)\metin2.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Metin2 (Clean)\metin2.bin:*:Enabled:metin2
"C:\Dokumente und Einstellungen\Leon\Desktop\Metin2 (Clean)\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Metin2 (Clean)\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Metin2 (Clean)\metin2.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Metin2 (Clean)\metin2.bin:*:Enabled:metin2
"C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Metin2 (Clean)\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\Kopie von Metin2 (Clean)\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Desktop\LongDong\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\LongDong\metin2client.bin:*:Enabled:metin2client
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service
"C:\Dokumente und Einstellungen\Leon\Desktop\M2 Fish erpel\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\M2 Fish erpel\metin2client.bin:*:Enabled:metin2client
"C:\Programme\Metin2 Singapore\metin2.bin" = C:\Programme\Metin2 Singapore\metin2.bin:*:Enabled:metin2
"C:\World of Warcraft\Launcher.exe" = C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = C:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\World of Warcraft\Launcher.patch.exe" = C:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\World of Warcraft\BackgroundDownloader.exe" = C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader -- (Blizzard Entertainment)
"C:\Kopie von World of Warcraft\Launcher.exe" = C:\Kopie von World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Kopie von World of Warcraft\Launcher.patch.exe" = C:\Kopie von World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Kopie von World of Warcraft\BackgroundDownloader.exe" = C:\Kopie von World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\Leon\Desktop\WolfTeam-DE\Wolfteam.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\WolfTeam-DE\Wolfteam.bin:*:Enabled:WolfTeam
"C:\Programme\Steam\steam.exe" = C:\Programme\Steam\steam.exe:*:Disabled:Steam -- (Valve Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Xfire\ua_lsp_inst.exe" = C:\Programme\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst
"C:\Programme\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Programme\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)
"C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Downloads\StarCraft_2_EU_de-DE.exe" = C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Downloads\StarCraft_2_EU_de-DE.exe:*:Enabled:Blizzard Downloader
"C:\Programme\StarCraft II\StarCraft II.exe" = C:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\StarCraft II\Versions\Base19679\SC2.exe" = C:\Programme\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Programme\Metin2\metin2.exe" = C:\Programme\Metin2\metin2.exe:*:Enabled:metin2 -- ()
"C:\Programme\Metin2\metin2client.bin" = C:\Programme\Metin2\metin2client.bin:*:Enabled:metin2client -- (Ymir Entertainment)
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire
"C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII
"C:\Programme\StarCraft II\Versions\Base21029\SC2.exe" = C:\Programme\StarCraft II\Versions\Base21029\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Programme\Steam\SteamApps\common\total war shogun 2\Shogun2.exe" = C:\Programme\Steam\SteamApps\common\total war shogun 2\Shogun2.exe:*:Enabled:Total War: SHOGUN 2 -- (The Creative Assembly Ltd)
"C:\Programme\Steam\SteamApps\common\total war shogun 2\data\encyclopedia\how_to_play.html" = C:\Programme\Steam\SteamApps\common\total war shogun 2\data\encyclopedia\how_to_play.html:*:Enabled:Total War: SHOGUN 2 -- ()
"C:\Programme\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat" = C:\Programme\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat:*:Enabled:Total War: SHOGUN 2 -- ()
"C:\Programme\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat" = C:\Programme\Steam\SteamApps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat:*:Enabled:Total War: SHOGUN 2 -- ()
"C:\Programme\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Programme\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"C:\Dokumente und Einstellungen\Leon\Desktop\client\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\client\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Desktop\gh\client\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Desktop\gh\client\metin2client.bin:*:Enabled:metin2client
"C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\Blaa\SwitchbotIstNichtERLAUBT.bin" = C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\Blaa\SwitchbotIstNichtERLAUBT.bin:*:Enabled:SwitchbotIstNichtERLAUBT
"C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\client\metin2client.bin" = C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\client\metin2client.bin:*:Enabled:metin2client -- ()
"C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\df\Zephion - 2012\metin2client.exe" = C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\df\Zephion - 2012\metin2client.exe:*:Enabled:metin2client
"C:\Programme\MoonMt2 2012\metin2client.exe" = C:\Programme\MoonMt2 2012\metin2client.exe:*:Enabled:metin2client
"I:\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe" = I:\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"I:\World of Warcraft\Launcher.patch.exe" = I:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"I:\World of Warcraft\Launcher.exe" = I:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"I:\World of Warcraft Public Test\Launcher.exe" = I:\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher
"I:\World of Warcraft Public Test\Launcher.patch.exe" = I:\World of Warcraft Public Test\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"I:\World of Warcraft Public Test\BackgroundDownloader.exe" = I:\World of Warcraft Public Test\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"I:\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe" = I:\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{03E494A7-F504-DA41-3079-9E2FB36736BC}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04A94422-A264-81D4-D65E-87276F5B402D}" = Catalyst Control Center Localization Italian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E73A14F-23FD-E1B8-ED38-108ECFA08440}" = Catalyst Control Center Localization Portuguese
"{14BC810B-5907-B9C3-B2F4-12D5EEA253F4}" = Catalyst Control Center Graphics Previews Common
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1A69935D-7AA8-C8E3-66FB-920279E0583A}" = Catalyst Control Center
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23655B51-F898-DC12-A2A1-3348D875F659}" = CCC Help Czech
"{25611B0A-54C2-69B9-723D-668201C22CD4}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27F38AC0-298C-F7E2-F3AE-F7D12BBBE9D5}" = CCC Help Chinese Traditional
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30B695C3-C7B0-69E1-197B-409587BC1FD7}" = CCC Help Norwegian
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{399B10AC-4E84-20F8-5913-82526B16F561}" = Catalyst Control Center Graphics Light
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EC34F85-AF61-5B18-42D6-306B6B80E92E}" = Catalyst Control Center Localization Swedish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B494547-1410-C77E-B6F0-86F394ABAF94}" = CCC Help Hungarian
"{4D7E8B72-AEA2-8493-F5F3-DA10E2EE2D22}" = Catalyst Control Center Localization Chinese Traditional
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
"{55663DF0-3559-AE1E-0B9E-ED5353914B5D}" = CCC Help Japanese
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{59F83B00-970D-511C-D9DE-52B233780020}" = CCC Help Portuguese
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{64ACFE24-FB82-84A6-9FB8-B90539752E5B}" = Catalyst Control Center Localization German
"{68DD4EAE-C5E4-1E34-F991-B99ABA6DC8E3}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = hama PC-Webcam RW-250
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7F4C1C17-C647-3CE0-4426-F368132A66A6}" = CCC Help Turkish
"{81946C2A-5269-A6F5-4566-A9F253007A7E}" = Catalyst Control Center Localization Turkish
"{8615E5FC-8906-AACF-5A1A-FB65046F647B}" = CCC Help Swedish
"{86693815-D500-4887-B6EF-B5F0BFA97736}_is1" = MoonMt2 2012 Version 1.4
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8959A774-3FB3-B315-ACDF-4B7B70F5A169}" = Catalyst Control Center Core Implementation
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{8F747F2A-B5C7-5DA8-E686-7B343EFCFA48}" = Catalyst Control Center InstallProxy
"{906B417C-6F6C-2A5A-DB5E-5C7499941C58}" = CCC Help Spanish
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93CB830F-517E-1695-C61B-2A1AA105CD78}" = Catalyst Control Center Localization French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95DCA618-9717-BBD3-B438-A5A9B1EB30C8}" = CCC Help German
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{984880C1-7AC7-5267-A7D9-AEC19C932950}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3F8688-4F15-B77D-73A1-B0363517D1B1}" = Catalyst Control Center Localization Danish
"{9B1BFDE6-3B65-FB41-BC54-353227EE742A}" = CCC Help Italian
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0793FD9-9505-BF02-FF47-83C984DC814B}" = Catalyst Control Center Localization Chinese Standard
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A0DF0-6650-6503-293D-64AAF212CBF8}" = Catalyst Control Center Localization Japanese
"{A44D0AC2-0891-5AB9-EE23-3EF3339BC2FE}" = Catalyst Control Center Localization Russian
"{A54BEBF5-D7F9-2B34-6475-FB07780C80CA}" = Catalyst Control Center Localization Polish
"{A8280D9A-D6A4-1E52-E85F-99E3BB19CEEA}" = Catalyst Control Center Localization Czech
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A960DA53-C5C4-37A4-3671-C0236BF41E99}" = CCC Help Chinese Standard
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B0D2BC40-119B-AD18-E697-E6073DD6D149}" = ccc-utility
"{B2C78A98-20EA-D90A-69E3-B15587D51588}" = CCC Help Thai
"{B59DA9F5-3630-FFF1-C47C-B2CA172CF876}" = CCC Help Polish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B84AE471-81DD-D81F-CD20-B3464877E525}" = Skins
"{BBFEA1AF-ECCE-1114-2EC8-AC304AB6B753}" = Catalyst Control Center Localization Hungarian
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C397AE7E-CFA4-9D60-880D-D0BA7CF3F596}" = CCC Help Finnish
"{C3BBA5F6-83A0-4B12-A70E-6F391D659BA2}_is1" = Chirurgie-Simulator Version 1.0
"{C5ED7EC9-7C4D-AF4F-6C36-55DCDC6F4117}" = Catalyst Control Center Graphics Previews Common
"{C86492CA-DDD8-A358-75D8-7E86D5A4DE72}" = ccc-utility
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D20100AC-608D-1A4C-372E-75009E7C168E}" = CCC Help Danish
"{D801FEB6-53DF-CE1C-67E2-A977E43A7E8F}" = CCC Help Russian
"{D9CC869F-DA2B-3E9B-EF47-29F831A41619}" = AMD Catalyst Install Manager
"{DAA29BAD-1C06-E8E0-CFE6-557F818C7AF7}" = CCC Help Dutch
"{DB7EBA4A-44AF-DF22-EBA7-6BF4E011E319}" = CCC Help French
"{DBB18C43-FE45-36DF-D171-E209B79A76F3}" = Catalyst Control Center Localization Dutch
"{E1BCF465-85F4-C303-944E-9E416977C560}" = CCC Help Korean
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3AEC354-AD4C-51D3-E345-CEE6CA8A9C3A}" = Catalyst Control Center Localization Greek
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA024A36-5934-05B8-550B-60DA131B90C4}" = CCC Help Greek
"{EE5AC826-8731-6406-9947-D0420143A7BD}" = ccc-core-preinstall
"{EEB193CE-2B04-B568-29FF-FAFA34BB3F19}" = Catalyst Control Center Localization Spanish
"{EEEC1285-F4B2-BD99-C895-BED9881795CC}" = CCC Help English
"{EF0A8C24-E239-45D5-492D-D5895518ACB3}" = Catalyst Control Center Localization Thai
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88183B1-BD65-F87C-855F-BB7D1AA3AEA2}" = Catalyst Control Center Localization Norwegian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC70949F-1417-A3F5-8E84-EBF5ACB93B58}" = Catalyst Control Center Localization Korean
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FE22679C-7CE4-8633-CE7F-8122B52C52CF}" = Catalyst Control Center Localization Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"AutoItv3" = AutoIt v3.3.6.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EADM" = EA Download Manager
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FarmingSimulator2009GoldDE_is1" = Landwirtschafts-Simulator 2009 Gold
"FastStone Capture" = FastStone Capture 5.3
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Audio Converter_is1" = Free Audio Converter version 2.2.17.421
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"M2Fish" = M2Fish 4.1
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"ProPilot Europa" = ProPilot Europa
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"softonic" = Softonic toolbar on IE and Chrome
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 34330" = Total War: SHOGUN 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC classic" = VLC classic
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Wizard101(DE)_is1" = Wizard101(DE)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Metin2 Singapore" = Metin2 Singapore
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.04.2012 16:10:56 | Computer Name = LEON3221 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Wow.exe, Version 4.3.3.15354, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.04.2012 04:46:46 | Computer Name = LEON3221 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 14.04.2012 08:44:10 | Computer Name = LEON3221 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avscan.exe, Version 10.3.0.7, fehlgeschlagenes
Modul avscan.exe, Version 10.3.0.7, Fehleradresse 0x0000df27.
Error - 15.04.2012 03:42:56 | Computer Name = LEON3221 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 15.04.2012 07:14:00 | Computer Name = LEON3221 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 16.04.2012 00:23:04 | Computer Name = LEON3221 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 16.04.2012 00:24:35 | Computer Name = LEON3221 | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\LEON\DESKTOP\BUFFED_WOW.ZIP>
in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex
Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 16.04.2012 11:57:14 | Computer Name = LEON3221 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 17.04.2012 00:42:36 | Computer Name = LEON3221 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 17.04.2012 00:43:16 | Computer Name = LEON3221 | Source = ESENT | ID = 490
Description = svchost (984) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
[ System Events ]
Error - 14.04.2012 04:47:05 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 14.04.2012 08:43:30 | Computer Name = LEON3221 | Source = VolSnap | ID = 393226
Description = Die Schattenkopie von Volume "I:" hat das Installationszeitlimit überschritten.
Error - 15.04.2012 03:43:13 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 15.04.2012 07:14:29 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 16.04.2012 00:23:29 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 16.04.2012 11:57:29 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 17.04.2012 00:42:56 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 17.04.2012 10:50:26 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%3
Error - 17.04.2012 10:51:20 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst
auf Anwendungsebene.
Error - 17.04.2012 10:51:21 | Computer Name = LEON3221 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
17.04.2012, 18:12
| #4 |
| /// Malware-holic | Mein PC ist vielleicht Infiziert. hab ich was von nem neuen suchlauf gesagt, ich will das du guckst ob es logs mit funden gibt, also alte logs, und die postest. bzw unter avira, ereignisse, fundmeldungen posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.04.2012, 18:15
| #5 |
| | Mein PC ist vielleicht Infiziert. Also Hier der Fund vom 2. April : Avira AntiVir Personal Erstellungsdatum der Reportdatei: Montag, 2. April 2012 23:44 Es wird nach 3578474 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 3) [5.1.2600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : LEON3221 Versionsinformationen: BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 09.08.2011 10:06:07 AVSCAN.DLL : 10.0.5.0 57192 Bytes 09.08.2011 10:06:07 LUKE.DLL : 10.3.0.5 45416 Bytes 09.08.2011 10:06:08 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 09.08.2011 10:06:08 AVREG.DLL : 10.3.0.9 88833 Bytes 12.08.2011 17:28:56 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:15:11 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 12:39:09 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 10:53:46 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 11:20:54 VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 11:20:55 VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 11:20:55 VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 11:20:55 VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 11:20:56 VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 11:20:56 VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 11:20:56 VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 11:20:56 VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 11:20:56 VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 11:20:56 VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 11:20:59 VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 19:07:16 VBASE016.VDF : 7.11.26.180 2048 Bytes 02.04.2012 19:07:16 VBASE017.VDF : 7.11.26.181 2048 Bytes 02.04.2012 19:07:17 VBASE018.VDF : 7.11.26.182 2048 Bytes 02.04.2012 19:07:17 VBASE019.VDF : 7.11.26.183 2048 Bytes 02.04.2012 19:07:17 VBASE020.VDF : 7.11.26.184 2048 Bytes 02.04.2012 19:07:17 VBASE021.VDF : 7.11.26.185 2048 Bytes 02.04.2012 19:07:17 VBASE022.VDF : 7.11.26.186 2048 Bytes 02.04.2012 19:07:17 VBASE023.VDF : 7.11.26.187 2048 Bytes 02.04.2012 19:07:17 VBASE024.VDF : 7.11.26.188 2048 Bytes 02.04.2012 19:07:17 VBASE025.VDF : 7.11.26.189 2048 Bytes 02.04.2012 19:07:17 VBASE026.VDF : 7.11.26.190 2048 Bytes 02.04.2012 19:07:18 VBASE027.VDF : 7.11.26.191 2048 Bytes 02.04.2012 19:07:18 VBASE028.VDF : 7.11.26.192 2048 Bytes 02.04.2012 19:07:18 VBASE029.VDF : 7.11.26.193 2048 Bytes 02.04.2012 19:07:18 VBASE030.VDF : 7.11.26.194 2048 Bytes 02.04.2012 19:07:18 VBASE031.VDF : 7.11.26.206 66048 Bytes 02.04.2012 19:07:18 Engineversion : 8.2.10.36 AEVDF.DLL : 8.1.2.2 106868 Bytes 30.11.2011 13:25:07 AESCRIPT.DLL : 8.1.4.15 442747 Bytes 02.04.2012 19:07:37 AESCN.DLL : 8.1.8.2 131444 Bytes 08.02.2012 10:56:42 AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 14:02:00 AERDL.DLL : 8.1.9.15 639348 Bytes 12.10.2011 09:01:48 AEPACK.DLL : 8.2.16.9 807287 Bytes 02.04.2012 19:07:36 AEOFFICE.DLL : 8.1.2.26 201083 Bytes 02.04.2012 19:07:34 AEHEUR.DLL : 8.1.4.10 4551031 Bytes 02.04.2012 19:07:28 AEHELP.DLL : 8.1.19.1 254327 Bytes 02.04.2012 19:07:20 AEGEN.DLL : 8.1.5.23 409973 Bytes 10.03.2012 15:34:43 AEEXP.DLL : 8.1.0.27 82293 Bytes 02.04.2012 19:07:37 AEEMU.DLL : 8.1.3.0 393589 Bytes 28.03.2011 14:14:45 AECORE.DLL : 8.1.25.6 201078 Bytes 18.03.2012 14:20:19 AEBB.DLL : 8.1.1.0 53618 Bytes 28.03.2011 14:14:44 AVWINLL.DLL : 10.0.0.0 19304 Bytes 28.03.2011 14:14:57 AVPREF.DLL : 10.0.3.2 44904 Bytes 09.08.2011 10:06:07 AVREP.DLL : 10.0.0.10 174120 Bytes 18.05.2011 16:59:16 AVARKT.DLL : 10.0.26.1 255336 Bytes 09.08.2011 10:06:07 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 09.08.2011 10:06:07 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 28.03.2011 14:14:57 NETNT.DLL : 10.0.0.0 11624 Bytes 28.03.2011 14:15:04 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 09.08.2011 10:06:06 RCTEXT.DLL : 10.0.64.0 98664 Bytes 09.08.2011 10:06:06 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\TEMP\AVGUARD_c7461037\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Montag, 2. April 2012 23:44 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WinRAR.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AssistantServices.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dgdersvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WindowsSearch.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ccc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Steam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleCrashHandler.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vsnp2std.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'tsnp2std.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FixCamera.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RTHDCPL.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\df\Zephion - 2012\metin2client.exe' C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\df\Zephion - 2012\metin2client.exe [FUND] Ist das Trojanische Pferd TR/Crypt.TPM.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4be0bf3d.qua' verschoben! Ende des Suchlaufs: Montag, 2. April 2012 23:45 Benötigte Zeit: 00:28 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 44 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 43 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise |
|
17.04.2012, 18:17
| #6 |
| /// Malware-holic | Mein PC ist vielleicht Infiziert. woher stammte die gefundene version?
__________________ --> Mein PC ist vielleicht Infiziert. |
|
17.04.2012, 18:21
| #7 |
| | Mein PC ist vielleicht Infiziert. Ich denke mal das du damit jetzt meinst woher ich den Virus habe oder ? Wen ja das weiß ich nicht mehr ist ja scho bissel her. |
|
17.04.2012, 18:25
| #8 |
| /// Malware-holic | Mein PC ist vielleicht Infiziert. woher du das hier hast: C:\Dokumente und Einstellungen\Leon\Eigene Dateien\Eigene Musik\gh\df\Zephion - 2012\metin2client.exe ist ja ein von dir selbst gemachter download nehme ich an
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.04.2012, 18:32
| #9 |
| | Mein PC ist vielleicht Infiziert. Ja ich war auf einer Internet Seite und wollte mir ein Spiel Client Downloaden. Als ich gemerkt habe das dieser ein Virus hat habe ich es gescannt und dann Gelöscht per Avira. |
|
17.04.2012, 18:34
| #10 | |
| /// Malware-holic | Mein PC ist vielleicht Infiziert.Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.04.2012, 19:11
| #11 |
| | Mein PC ist vielleicht Infiziert. Das Programm hat erstmal was von Microsoft runter geladen habe davor extra avira und firewall ausgeamcht. Und Hier das Log : Combofix Logfile: Code:
ATTFilter ComboFix 12-04-16.03 - Leon 17.04.2012 19:44:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1022.471 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Leon\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\Leon\LOKALE~1\Temp\HIMYM.DLL
c:\dokumente und einstellungen\Leon\Lokale Einstellungen\Temp\HIMYM.DLL
c:\dokumente und einstellungen\Leon\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-17 bis 2012-04-17 ))))))))))))))))))))))))))))))
.
.
2012-04-15 16:27 . 2012-04-17 15:13 -------- d-----w- C:\World of Warcraft
2012-04-12 18:57 . 2012-04-12 18:57 -------- d-----w- c:\dokumente und einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Help
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 17:26 . 2011-11-21 23:04 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-03-18 14:59 . 2011-07-17 12:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-18 14:59 . 2011-07-17 12:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-09 05:52 . 2011-08-08 15:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 14:09 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-28 18:49 . 2004-08-04 12:00 672768 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 18:49 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-02-28 18:49 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-02-28 18:47 . 2004-08-04 12:00 371200 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57 . 2004-08-04 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-03-10 00:11 . 2012-03-10 23:43 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\comres.dll
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . D45BBCDDC74A1B0259A0C4B00C190D20 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 8AFBC2E1E5555A1C29953AF854F0FCA5 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\rpcss.dll
[-] 2004-08-04 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 65F6B774819BD727358157CEDEA67B8E . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . A07CA23EA361A01E627D911CF139B950 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\services.exe
[-] 2004-08-04 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\spoolsv.exe
[-] 2004-08-04 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2008-04-14 . 65E60C18DDB0215C201FF75E32D564C8 . 111616 . . [5.4.3790.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\wuauclt.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:30 . D68ED3908C7A0DB446111D34AC40DC18 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\es.dll
[-] 2004-08-04 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . A6F4977F9D2C9506050BFF0EF0B574B5 . 1059840 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . B6053A5FA67EAC4A292A44F585881FFF . 1062912 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\kernel32.dll
[-] 2004-08-04 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[7] 2012-02-28 . 16EFAEA524E4CF8CCD5ED35175EB92FA . 3108864 . . [6.00.2900.6197] . . c:\windows\SoftwareDistribution\Download\9940468349cb3d3bf2042419f069c1e2\sp3gdr\mshtml.dll
[7] 2012-02-28 . 16EFAEA524E4CF8CCD5ED35175EB92FA . 3108864 . . [6.00.2900.6197] . . c:\windows\system32\mshtml.dll
[7] 2012-02-28 . 16EFAEA524E4CF8CCD5ED35175EB92FA . 3108864 . . [6.00.2900.6197] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2012-02-28 . 0936C3FE6EE599B775CA5C2FD465CAB3 . 3109376 . . [6.00.2900.6197] . . c:\windows\$hf_mig$\KB2675157\SP3QFE\mshtml.dll
[7] 2012-02-28 . 0936C3FE6EE599B775CA5C2FD465CAB3 . 3109376 . . [6.00.2900.6197] . . c:\windows\SoftwareDistribution\Download\9940468349cb3d3bf2042419f069c1e2\sp3qfe\mshtml.dll
[7] 2011-12-19 . C09D109CB95A69836B03EF13D4264DA8 . 3108864 . . [6.00.2900.6182] . . c:\windows\$hf_mig$\KB2647516\SP3QFE\mshtml.dll
[7] 2011-12-19 . B004233161F3671CC2647792D3B09850 . 3108352 . . [6.00.2900.6182] . . c:\windows\$NtUninstallKB2675157$\mshtml.dll
[-] 2011-11-03 . A5422905C24FDA0F76CE08A1771AEC8E . 3108352 . . [6.00.2900.6169] . . c:\windows\$NtUninstallKB2647516$\mshtml.dll
[-] 2011-11-03 . C27D3210AA6C0AE77CE4A3C64E952F7A . 3108864 . . [6.00.2900.6169] . . c:\windows\$hf_mig$\KB2618444\SP3QFE\mshtml.dll
[-] 2011-09-05 . A09B036C4996DF8A260610E406424FEE . 3107328 . . [6.00.2900.6148] . . c:\windows\$NtUninstallKB2618444$\mshtml.dll
[-] 2011-09-05 . 378A362C7DCF8899B2942F8B549FBC25 . 3107840 . . [6.00.2900.6148] . . c:\windows\$hf_mig$\KB2586448\SP3QFE\mshtml.dll
[-] 2011-06-28 . A6D644815A45A8AA148161E56687F4BA . 3106304 . . [6.00.2900.6129] . . c:\windows\$hf_mig$\KB2559049\SP3QFE\mshtml.dll
[-] 2011-06-27 . 39CAB716B66F591E9F9EF94C0A931DF5 . 3105792 . . [6.00.2900.6129] . . c:\windows\$NtUninstallKB2586448$\mshtml.dll
[-] 2011-04-25 . 6B73A4BDD27BE437C071381EF6FB3102 . 3100672 . . [6.00.2900.6104] . . c:\windows\$NtUninstallKB2559049$\mshtml.dll
[-] 2011-04-25 . 3250D1FC3F92771EE92D8AD9A9938807 . 3101184 . . [6.00.2900.6104] . . c:\windows\$hf_mig$\KB2530548\SP3QFE\mshtml.dll
[-] 2011-02-17 . D7CDCE52498742BEC353972E6B787783 . 3099648 . . [6.00.2900.6082] . . c:\windows\$NtUninstallKB2530548$\mshtml.dll
[-] 2011-02-17 . 4BD23F7AF946AF64CC63260BB3ED07CB . 3099648 . . [6.00.2900.6082] . . c:\windows\$hf_mig$\KB2497640\SP3QFE\mshtml.dll
[-] 2010-04-16 . 164B4195439F7A0919A6CA7BDEC238AC . 3094016 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll
[-] 2010-04-16 . 164B4195439F7A0919A6CA7BDEC238AC . 3094016 . . [6.00.2900.5969] . . c:\windows\$NtUninstallKB2497640$\mshtml.dll
[-] 2010-04-16 . 65E4FEB30D4307C1425F8635EE75200D . 3094528 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[-] 2010-04-16 . F78A7680EC0A14F1D601364DD4635D7B . 3086336 . . [6.00.2900.3698] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2010-04-16 . 61244206F4B9840DE7AD5BF8DE5B9A49 . 3094016 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll
[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\mshtml.dll
[-] 2004-08-04 . CAC51AD576713E5F0CE2251ED3A7FE82 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB982381$\mshtml.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-04 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\mswsock.dll
[-] 2004-08-04 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[7] 2012-02-28 . 252ADBC04DFF0733D58837BEDB6D2BFE . 672768 . . [6.00.2900.6197] . . c:\windows\SoftwareDistribution\Download\9940468349cb3d3bf2042419f069c1e2\sp3gdr\wininet.dll
[7] 2012-02-28 . 252ADBC04DFF0733D58837BEDB6D2BFE . 672768 . . [6.00.2900.6197] . . c:\windows\system32\wininet.dll
[7] 2012-02-28 . 252ADBC04DFF0733D58837BEDB6D2BFE . 672768 . . [6.00.2900.6197] . . c:\windows\system32\dllcache\wininet.dll
[7] 2012-02-28 . 260420FE90C050A5A738D70F76C09A9B . 674304 . . [6.00.2900.6197] . . c:\windows\$hf_mig$\KB2675157\SP3QFE\wininet.dll
[7] 2012-02-28 . 260420FE90C050A5A738D70F76C09A9B . 674304 . . [6.00.2900.6197] . . c:\windows\SoftwareDistribution\Download\9940468349cb3d3bf2042419f069c1e2\sp3qfe\wininet.dll
[7] 2011-12-19 . FF7F32695A4DD5ED9AA6231713ADBDBB . 672768 . . [6.00.2900.6182] . . c:\windows\$NtUninstallKB2675157$\wininet.dll
[7] 2011-12-19 . 515144C0CA9587C61D7F6FA763060574 . 674304 . . [6.00.2900.6182] . . c:\windows\$hf_mig$\KB2647516\SP3QFE\wininet.dll
[-] 2011-11-01 . B82FB47BDDA4911192DBC27A2056E216 . 672768 . . [6.00.2900.6168] . . c:\windows\$NtUninstallKB2647516$\wininet.dll
[-] 2011-11-01 . C346342087FC2DFC90082F8B9DFCA53D . 674304 . . [6.00.2900.6168] . . c:\windows\$hf_mig$\KB2618444\SP3QFE\wininet.dll
[-] 2011-09-05 . 7B9AB7AB80F0602D578197ACB0B15A54 . 672768 . . [6.00.2900.6148] . . c:\windows\$NtUninstallKB2618444$\wininet.dll
[-] 2011-09-05 . B5AC4AB48CDBFADF9878FCD1E732C89B . 674304 . . [6.00.2900.6148] . . c:\windows\$hf_mig$\KB2586448\SP3QFE\wininet.dll
[-] 2011-06-21 . 9A0A03B1FA9818B569FB2CB806F766E2 . 672768 . . [6.00.2900.6126] . . c:\windows\$NtUninstallKB2586448$\wininet.dll
[-] 2011-06-21 . D3F75779427B44927B101446BBBC7F82 . 674304 . . [6.00.2900.6126] . . c:\windows\$hf_mig$\KB2559049\SP3QFE\wininet.dll
[-] 2011-04-25 . 2FA2FD1C2AEE93315FFEEB110F242400 . 672768 . . [6.00.2900.6104] . . c:\windows\$NtUninstallKB2559049$\wininet.dll
[-] 2011-04-25 . 307F7A9B9E4165138FD278DCE18B726F . 674304 . . [6.00.2900.6104] . . c:\windows\$hf_mig$\KB2530548\SP3QFE\wininet.dll
[-] 2011-02-17 . 8B8AF0B04AD9766EA87C05FABBE8526A . 672768 . . [6.00.2900.6082] . . c:\windows\$NtUninstallKB2530548$\wininet.dll
[-] 2011-02-17 . C6F2390D635C1A14C39F259C2C8A25A9 . 674304 . . [6.00.2900.6082] . . c:\windows\$hf_mig$\KB2497640\SP3QFE\wininet.dll
[-] 2010-04-16 . 0CC0A30F7F06C6A5A40911616CA35085 . 672768 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll
[-] 2010-04-16 . 0CC0A30F7F06C6A5A40911616CA35085 . 672768 . . [6.00.2900.5969] . . c:\windows\$NtUninstallKB2497640$\wininet.dll
[-] 2010-04-16 . 68B82A22151D41988B3BCB7C881E2B0E . 674304 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
[-] 2010-04-16 . C7B31EF1A7F52D99E92BFF1B053D6EB2 . 667648 . . [6.00.2900.3698] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2010-04-16 . 4350AD71E6C5F397BB76DFF7C4BCFCBD . 674304 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll
[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\wininet.dll
[-] 2004-08-04 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB982381$\wininet.dll
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[-] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\regedit.exe
[-] 2004-08-04 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . D684C601EC79D9543D50EB2DB124FE78 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . B28AF7976F2D8109C0DC2CF2460BEDC2 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . B3D7633CF83B09042A49810A7A72ADED . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ole32.dll
[-] 2004-08-04 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\usp10.dll
[-] 2004-08-04 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\shsvcs.dll
[-] 2004-08-04 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\mfc40u.dll
[-] 2004-08-04 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
[-] 2011-10-26 . 525C18123E6FAF032E3853A4B9D8F255 . 2071680 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2011-10-26 . 525C18123E6FAF032E3853A4B9D8F255 . 2071680 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2011-10-26 . 07FD1B85212CB29D3D75932B8C3FD210 . 2029568 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[-] 2011-10-26 . ADD968B4D4A095407FD5B915F89BA8B5 . 2071680 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 7B1CA0A6C042E4B90A18B49ED73CBA76 . 2071680 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 56371A8F18F7D9570A11B1C54D602A2A . 2029568 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-02-17 . FEDB0FDF1FE02ECC7A823A690175B876 . 2066048 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . 4C56EC495229ABC2F62862A7E145A852 . 2019328 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2010-02-16 . 9F24D01B6027FED0423FD28F1055E3DD . 2069120 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . 1DFCBCFD1C9016C051BE6D7243459CCA . 2027008 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-02-10 . 321917CFF934663C48C1E91A930E5D71 . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 6A2980D9805A4285271FE50D91BC5C2A . 2018304 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-09 . 84C1C109552E9E276FF004E181B80C25 . 2065280 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ntkrnlpa.exe
[-] 2004-08-04 . F8D35488D41B19A306A454FFC0ED0336 . 2017792 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
.
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3BFE49B4CDFAC83B0F3C79412895A179 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2008-04-14 . 3BFE49B4CDFAC83B0F3C79412895A179 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\iexplore.exe
[-] 2004-08-04 . B39A6AF04A431E317C85BF061719E705 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
.
[-] 2011-10-26 . 8B4FC0BCA12CABFDE8C2E49B1B9A65E6 . 2195072 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2011-10-26 . 8B4FC0BCA12CABFDE8C2E49B1B9A65E6 . 2195072 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2011-10-26 . 63907C9E2D9EEA3ADA8263F0A8D79797 . 2151424 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[-] 2011-10-26 . 43BA9F58FD87BBF57F958C06241F2C9C . 2195072 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 2A5A8BE47E1F8E55520FB4031E21D129 . 2195072 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . DAC0BE266F11618A2B9A6EC4D1F255ED . 2151424 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-02-17 . 786F98EFD090AD93F03E3BD95FB68714 . 2192256 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 22FB992849C75B08F3A9BFB19B87935D . 2139648 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2010-02-16 . B76CEA13602DC99EE0E655E4798C24AA . 2189184 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . E1BD0FAFF2C1D0A825CBA97DCF0DDDAE . 2148864 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-02-16 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AA84FFABC07AD44176598F6E253EF5EE . 2138624 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-02-09 . E22124EC3A33F40755DCD2F4B1BE8A87 . 2188416 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . FEE1600B76B196D9993CD468DA7524F7 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ntoskrnl.exe
[-] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2004-08-04 . C3EC5DD56E3EB15D80AF9FCEE030CABD . 2150912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-04 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\programme\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\programme\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\programme\Pando Networks\Media Booster\PMB.exe" [2011-10-30 3077528]
"Steam"="c:\programme\Steam\Steam.exe" [2012-03-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 98304]
"UIExec"="c:\programme\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Magic-i Visual Effects.lnk - c:\programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe [N/A]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"178.63.49.78,255.255.255.255,192.168.178.22,1"=""
"203.85.93.210,255.255.255.255,192.168.178.22,1"=""
"176.9.9.227,255.255.255.255,192.168.178.22,1"=""
"80.84.58.203,255.255.255.255,192.168.178.22,1"=""
"188.138.106.112,255.255.255.255,192.168.178.22,1"=""
"199.27.135.167,255.255.255.255,192.168.178.22,1"=""
"199.27.134.167,255.255.255.255,192.168.178.22,1"=""
"79.110.87.198,255.255.255.255,192.168.178.22,1"=""
"94.102.0.108,255.255.255.255,192.168.178.22,1"=""
"203.85.0.92,255.255.255.255,192.168.178.22,1"=""
"188.72.213.65,255.255.255.255,192.168.178.22,1"=""
"176.227.199.194,255.255.255.255,192.168.178.22,1"=""
"188.72.201.254,255.255.255.255,192.168.178.22,1"=""
"184.22.200.176,255.255.255.255,192.168.178.22,1"=""
"46.252.196.1,255.255.255.255,192.168.178.22,1"=""
"80.190.202.43,255.255.255.255,192.168.178.22,1"=""
"173.245.60.150,255.255.255.255,192.168.178.22,1"=""
"85.153.48.2,255.255.255.255,192.168.178.22,1"=""
"184.173.197.241,255.255.255.255,192.168.178.22,1"=""
"80.190.202.44,255.255.255.255,192.168.178.22,1"=""
"91.227.4.115,255.255.255.255,192.168.178.22,1"=""
"31.170.162.61,255.255.255.255,192.168.178.22,1"=""
"199.27.134.58,255.255.255.255,192.168.178.22,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programme\\Steam\\steam.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\StarCraft II\\StarCraft II.exe"=
"c:\\Programme\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
"c:\\Programme\\Metin2\\metin2.exe"=
"c:\\Programme\\Metin2\\metin2client.bin"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\StarCraft II\\Versions\\Base21029\\SC2.exe"=
"c:\\Programme\\Steam\\SteamApps\\common\\total war shogun 2\\Shogun2.exe"=
"c:\\Programme\\Steam\\SteamApps\\common\\total war shogun 2\\data\\encyclopedia\\how_to_play.html"=
"c:\\Programme\\Steam\\SteamApps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat"=
"c:\\Programme\\Steam\\SteamApps\\common\\total war shogun 2\\benchmarks\\benchmark_specify_properties.bat"=
"c:\\Programme\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Dokumente und Einstellungen\\Leon\\Eigene Dateien\\Eigene Musik\\gh\\client\\metin2client.bin"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"58346:TCP"= 58346:TCP:Pando Media Booster
"58346:UDP"= 58346:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [07.05.2011 19:50 136360]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [25.05.2010 08:44 95568]
R2 UI Assistant Service;UI Assistant Service;c:\programme\1&1 Surf-Stick\AssistantServices.exe [07.05.2011 19:35 253264]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [25.05.2010 08:44 18136]
R3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe /svc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [07.05.2011 19:51 1691480]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [24.10.2011 11:27 13184]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys --> c:\windows\system32\DRIVERS\fwlanusb.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe /medsvc --> c:\programme\Google\Update\GoogleUpdate.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07.05.2011 19:35 9216]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [08.05.2011 18:40 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [08.05.2011 18:40 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [08.05.2011 18:40 121576]
S3 wbymj4iz.sys;wbymj4iz.sys;\??\c:\windows\system32\drivers\wbymj4iz.sys --> c:\windows\system32\drivers\wbymj4iz.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - xcpip
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1844823847-839522115-1003Core.job
- c:\dokumente und einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-10 09:47]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1844823847-839522115-1003UA.job
- c:\dokumente und einstellungen\Leon\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-10 09:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=10&cc=
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Leon\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
LSP: xfire_lsp_9028.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Leon\Anwendungsdaten\Mozilla\Firefox\Profiles\hz1cr4u4.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Softonic)
FF - prefs.js: browser.startup.homepage - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=13&cc=
FF - prefs.js: keyword.URL - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extentions.y2layers.installId - 8411ae7c-65c6-4407-bb26-96958bf79f5e
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTab - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - bcf4e128000000000000000e2e9099bf
FF - user.js: extensions.softonic_i.instlDay - 15366
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.516:25
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault_chrome
FF - user.js: extensions.softonic_i.instlRef - MON00016
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\programme\Electronic Arts\EADM\Core.exe
HKCU-Run-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
HKLM-Run-AVMWlanClient - c:\programme\avmwlanstick\FRITZWLANMini.exe
HKLM-Run-ArcSoft Connection Service - c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
AddRemove-EADM - c:\programme\Electronic Arts\EADM\Uninstall.exe
AddRemove-EVEREST Home Edition_is1 - c:\programme\Lavalys\EVEREST Home Edition\unins000.exe
AddRemove-FarmingSimulator2009GoldDE_is1 - c:\programme\Landwirtschafts-Simulator 2009 Gold\unins000.exe
AddRemove-FastStone Capture - c:\programme\FastStone Capture\uninst.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Free Audio CD Burner_is1 - c:\programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Audio Converter_is1 - c:\programme\DVDVideoSoft\Free Audio Converter\unins000.exe
AddRemove-Guitar Explorer 1.0 - c:\programme\Guitar Explorer\uninstall.exe
AddRemove-ICQToolbar - c:\programme\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-InterActual Player - c:\program files\InterActual\InterActual Player\inuninst.exe
AddRemove-IrfanView - c:\programme\IrfanView\iv_uninstall.exe
AddRemove-M2Fish - c:\dokumente und einstellungen\Leon\Desktop\M2Fish\uninst.exe
AddRemove-Microsoft Help Viewer 1.0 - c:\programme\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
AddRemove-Microsoft Help Viewer 1.0 Language Pack - DEU - c:\programme\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0 Language Pack - DEU\install.exe
AddRemove-Microsoft Visual Basic 2010 Express - DEU - c:\programme\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - DEU\setup.exe
AddRemove-ProPilot Europa - c:\windows\IsUn0407.exe
AddRemove-TeamViewer 6 - c:\programme\TeamViewer\Version6\uninstall.exe
AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe
AddRemove-VLC classic - c:\programme\Vlcclassic\uninstall.exe
AddRemove-WinGimp-2.0_is1 - c:\programme\GIMP-2.0\setup\unins000.exe
AddRemove-Wizard101(DE)_is1 - c:\programme\Wizard101(DE)\unins000.exe
AddRemove-Xfire - c:\programme\Xfire\uninst.exe
AddRemove-{520C1D80-935C-42B9-9340-E883849D804F}_is1 - c:\programme\DriverTuner\unins000.exe
AddRemove-{86693815-D500-4887-B6EF-B5F0BFA97736}_is1 - c:\programme\MoonMt2 2012\unins000.exe
AddRemove-{C3BBA5F6-83A0-4B12-A70E-6F391D659BA2}_is1 - c:\programme\Chirurgie-Simulator\unins000.exe
AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - c:\program files\Samsung\USB Drivers\Uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-{E3723A04-A894-4036-A78E-282E18F43C0A}_is1 - c:\programme\Tinypic\unins000.exe
AddRemove-Metin2 Singapore - c:\programme\Metin2 Singapore\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-04-17 20:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1844823847-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,1b,47,bc,8f,ca,63,bd,ed,2f,15,ce,53,f4,28,70,b1,b9,a9,f3,65,
b6,a6,5e,94,0e,50,3c,80,ac,b8,95,a2,a3,f7,c4,fa,aa,ae,1d,af,39,38,02,ac,7b,\
"rkeysecu"=hex:2b,ac,4b,f7,8d,6b,a3,74,c1,0b,4a,27,f1,e4,ce,b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\xfire_lsp_9028.dll
.
- - - - - - - > 'explorer.exe'(4836)
c:\programme\Windows Desktop Search\deskbar.dll
c:\programme\Windows Desktop Search\de-de\dbres.dll.mui
c:\programme\Windows Desktop Search\dbres.dll
c:\programme\Windows Desktop Search\wordwheel.dll
c:\programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui
c:\programme\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-17 20:10:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-17 18:10
.
Vor Suchlauf: 2.709.196.800 Bytes frei
Nach Suchlauf: 4.840.321.024 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 22DA8E18778BA5430A4CC35B7CB058BC
|
|
17.04.2012, 19:18
| #12 |
| /// Malware-holic | Mein PC ist vielleicht Infiziert. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.04.2012, 19:31
| #13 |
| | Mein PC ist vielleicht Infiziert. So habe das Programm gestartet hat auch was gefunden habe dan cure eingestellt und musste halt PC neu starten um es zu ,,Heilen,, habe das grade noch einmal laufen lassen und nichts mehr gefunden also der tdsskiller war das jetzt alles also ist mein pc clean `? |
|
17.04.2012, 19:33
| #14 |
| /// Malware-holic | Mein PC ist vielleicht Infiziert. hab ich irgendwas von cure geschrieben? steht da nicht skip, lies richtig, oder willst du deinen pc beschädigen. wo sind die logs, poste sie, sie sind auf c: als tdss-killer-datum-.txt gespeichert
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.04.2012, 19:38
| #15 |
| | Mein PC ist vielleicht Infiziert. Okay das Problem ist ich habe es 2 mal laufen lassen und habe jetzt 2 verschiedene logs aber werde beide posten : 20:28:38.0234 1936 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 20:28:38.0390 1936 ============================================================ 20:28:38.0390 1936 Current date / time: 2012/04/17 20:28:38.0390 20:28:38.0390 1936 SystemInfo: 20:28:38.0390 1936 20:28:38.0390 1936 OS Version: 5.1.2600 ServicePack: 3.0 20:28:38.0390 1936 Product type: Workstation 20:28:38.0390 1936 ComputerName: LEON3221 20:28:38.0390 1936 UserName: Leon 20:28:38.0390 1936 Windows directory: C:\WINDOWS 20:28:38.0390 1936 System windows directory: C:\WINDOWS 20:28:38.0390 1936 Processor architecture: Intel x86 20:28:38.0390 1936 Number of processors: 2 20:28:38.0390 1936 Page size: 0x1000 20:28:38.0390 1936 Boot type: Normal boot 20:28:38.0390 1936 ============================================================ 20:28:39.0437 1936 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:28:39.0484 1936 \Device\Harddisk0\DR0: 20:28:39.0484 1936 MBR used 20:28:39.0484 1936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D 20:28:39.0562 1936 Initialize success 20:28:39.0562 1936 ============================================================ 20:28:41.0125 2196 ============================================================ 20:28:41.0125 2196 Scan started 20:28:41.0125 2196 Mode: Manual; 20:28:41.0125 2196 ============================================================ 20:28:41.0546 2196 Abiosdsk - ok 20:28:41.0562 2196 abp480n5 - ok 20:28:41.0593 2196 ACDaemon - ok 20:28:41.0671 2196 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:28:41.0687 2196 ACPI - ok 20:28:41.0750 2196 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:28:41.0750 2196 ACPIEC - ok 20:28:41.0781 2196 adpu160m - ok 20:28:41.0843 2196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:28:41.0890 2196 aec - ok 20:28:41.0968 2196 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys 20:28:41.0968 2196 Afc - ok 20:28:42.0046 2196 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:28:42.0062 2196 AFD - ok 20:28:42.0093 2196 Aha154x - ok 20:28:42.0140 2196 aic78u2 - ok 20:28:42.0171 2196 aic78xx - ok 20:28:42.0234 2196 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 20:28:42.0234 2196 Alerter - ok 20:28:42.0281 2196 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 20:28:42.0281 2196 ALG - ok 20:28:42.0312 2196 AliIde - ok 20:28:42.0406 2196 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 20:28:42.0515 2196 Ambfilt - ok 20:28:42.0578 2196 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 20:28:42.0593 2196 AmdPPM - ok 20:28:42.0625 2196 amsint - ok 20:28:42.0703 2196 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe 20:28:42.0703 2196 AntiVirSchedulerService - ok 20:28:42.0718 2196 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe 20:28:42.0718 2196 AntiVirService - ok 20:28:42.0765 2196 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll 20:28:42.0812 2196 AppMgmt - ok 20:28:42.0859 2196 ArcSoftKsUFilter (bf8470e29873dd3f725f18709928c85f) C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys 20:28:42.0859 2196 ArcSoftKsUFilter - ok 20:28:42.0890 2196 asc - ok 20:28:42.0937 2196 asc3350p - ok 20:28:42.0968 2196 asc3550 - ok 20:28:43.0078 2196 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 20:28:43.0093 2196 aspnet_state - ok 20:28:43.0156 2196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:28:43.0156 2196 AsyncMac - ok 20:28:43.0203 2196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:28:43.0203 2196 atapi - ok 20:28:43.0218 2196 Atdisk - ok 20:28:43.0296 2196 Ati HotKey Poller (bf4690ff029aaec1266f32bb3e9633e8) C:\WINDOWS\system32\Ati2evxx.exe 20:28:43.0312 2196 Ati HotKey Poller - ok 20:28:43.0390 2196 ATI Smart (fb796f8fe747225756b870e9564a469c) C:\WINDOWS\system32\ati2sgag.exe 20:28:43.0406 2196 ATI Smart - ok 20:28:43.0625 2196 ati2mtag (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:28:43.0828 2196 ati2mtag - ok 20:28:43.0921 2196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:28:43.0937 2196 Atmarpc - ok 20:28:43.0984 2196 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 20:28:43.0984 2196 AudioSrv - ok 20:28:44.0046 2196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:28:44.0062 2196 audstub - ok 20:28:44.0125 2196 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 20:28:44.0125 2196 avgio - ok 20:28:44.0171 2196 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 20:28:44.0187 2196 avgntflt - ok 20:28:44.0203 2196 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 20:28:44.0218 2196 avipbb - ok 20:28:44.0250 2196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:28:44.0265 2196 Beep - ok 20:28:44.0312 2196 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 20:28:44.0328 2196 BITS - ok 20:28:44.0390 2196 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 20:28:44.0390 2196 Browser - ok 20:28:44.0390 2196 catchme - ok 20:28:44.0437 2196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:28:44.0437 2196 cbidf2k - ok 20:28:44.0500 2196 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:28:44.0500 2196 CCDECODE - ok 20:28:44.0531 2196 cd20xrnt - ok 20:28:44.0593 2196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:28:44.0593 2196 Cdaudio - ok 20:28:44.0640 2196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:28:44.0656 2196 Cdfs - ok 20:28:44.0671 2196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:28:44.0687 2196 Cdrom - ok 20:28:44.0734 2196 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 20:28:44.0734 2196 cercsr6 - ok 20:28:44.0765 2196 Changer - ok 20:28:44.0812 2196 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 20:28:44.0812 2196 CiSvc - ok 20:28:44.0859 2196 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 20:28:44.0859 2196 ClipSrv - ok 20:28:44.0921 2196 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:28:44.0953 2196 clr_optimization_v2.0.50727_32 - ok 20:28:45.0000 2196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:28:45.0062 2196 clr_optimization_v4.0.30319_32 - ok 20:28:45.0093 2196 CmdIde - ok 20:28:45.0093 2196 COMSysApp - ok 20:28:45.0109 2196 Cpqarray - ok 20:28:45.0171 2196 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 20:28:45.0171 2196 CryptSvc - ok 20:28:45.0187 2196 dac2w2k - ok 20:28:45.0203 2196 dac960nt - ok 20:28:45.0234 2196 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 20:28:45.0250 2196 DcomLaunch - ok 20:28:45.0296 2196 dgderdrv (d0d4f3ca1d3a4400e1f40f36a800cd12) C:\WINDOWS\system32\drivers\dgderdrv.sys 20:28:45.0312 2196 dgderdrv - ok 20:28:45.0359 2196 dgdersvc (1f7baca7d1dd1b3d73b4c3934148fad3) C:\WINDOWS\system32\dgdersvc.exe 20:28:45.0359 2196 dgdersvc - ok 20:28:45.0421 2196 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 20:28:45.0421 2196 Dhcp - ok 20:28:45.0453 2196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:28:45.0453 2196 Disk - ok 20:28:45.0468 2196 dmadmin - ok 20:28:45.0531 2196 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 20:28:45.0578 2196 dmboot - ok 20:28:45.0625 2196 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 20:28:45.0640 2196 dmio - ok 20:28:45.0671 2196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:28:45.0671 2196 dmload - ok 20:28:45.0718 2196 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 20:28:45.0718 2196 dmserver - ok 20:28:45.0750 2196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:28:45.0765 2196 DMusic - ok 20:28:45.0796 2196 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 20:28:45.0796 2196 Dnscache - ok 20:28:45.0843 2196 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 20:28:45.0859 2196 Dot3svc - ok 20:28:45.0906 2196 dpti2o - ok 20:28:45.0937 2196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:28:45.0937 2196 drmkaud - ok 20:28:45.0968 2196 EagleNT - ok 20:28:45.0984 2196 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 20:28:46.0000 2196 EapHost - ok 20:28:46.0046 2196 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 20:28:46.0046 2196 ERSvc - ok 20:28:46.0078 2196 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 20:28:46.0093 2196 Eventlog - ok 20:28:46.0140 2196 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 20:28:46.0140 2196 EventSystem - ok 20:28:46.0203 2196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:28:46.0218 2196 Fastfat - ok 20:28:46.0250 2196 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:28:46.0265 2196 FastUserSwitchingCompatibility - ok 20:28:46.0281 2196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:28:46.0296 2196 Fdc - ok 20:28:46.0312 2196 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 20:28:46.0328 2196 Fips - ok 20:28:46.0343 2196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:28:46.0359 2196 Flpydisk - ok 20:28:46.0406 2196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:28:46.0421 2196 FltMgr - ok 20:28:46.0484 2196 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:28:46.0500 2196 FontCache3.0.0.0 - ok 20:28:46.0531 2196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:28:46.0531 2196 Fs_Rec - ok 20:28:46.0562 2196 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:28:46.0562 2196 Ftdisk - ok 20:28:46.0578 2196 FWLANUSB - ok 20:28:46.0609 2196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:28:46.0609 2196 Gpc - ok 20:28:46.0640 2196 gupdate - ok 20:28:46.0656 2196 gupdatem - ok 20:28:46.0687 2196 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:28:46.0703 2196 HDAudBus - ok 20:28:46.0750 2196 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:28:46.0750 2196 helpsvc - ok 20:28:46.0765 2196 HidServ - ok 20:28:46.0796 2196 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 20:28:46.0812 2196 hkmsvc - ok 20:28:46.0828 2196 hpn - ok 20:28:46.0875 2196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:28:46.0875 2196 HTTP - ok 20:28:46.0906 2196 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 20:28:46.0906 2196 HTTPFilter - ok 20:28:46.0937 2196 i2omgmt - ok 20:28:46.0984 2196 i2omp - ok 20:28:47.0046 2196 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:28:47.0046 2196 i8042prt - ok 20:28:47.0093 2196 ICQ Service - ok 20:28:47.0156 2196 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:28:47.0250 2196 idsvc - ok 20:28:47.0265 2196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:28:47.0281 2196 Imapi - ok 20:28:47.0312 2196 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 20:28:47.0328 2196 ImapiService - ok 20:28:47.0343 2196 ini910u - ok 20:28:47.0562 2196 IntcAzAudAddService (4716f7ee8fb7fd02596ece1ec70aff53) C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:28:47.0750 2196 IntcAzAudAddService - ok 20:28:47.0796 2196 IntelIde - ok 20:28:47.0843 2196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:28:47.0859 2196 Ip6Fw - ok 20:28:47.0937 2196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:28:47.0937 2196 IpFilterDriver - ok 20:28:47.0984 2196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:28:47.0984 2196 IpInIp - ok 20:28:48.0031 2196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:28:48.0046 2196 IpNat - ok 20:28:48.0078 2196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:28:48.0078 2196 IPSec - ok 20:28:48.0140 2196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:28:48.0140 2196 IRENUM - ok 20:28:48.0171 2196 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:28:48.0187 2196 isapnp - ok 20:28:48.0312 2196 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe 20:28:48.0312 2196 JavaQuickStarterService - ok 20:28:48.0343 2196 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:28:48.0343 2196 Kbdclass - ok 20:28:48.0375 2196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:28:48.0390 2196 kmixer - ok 20:28:48.0468 2196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:28:48.0468 2196 KSecDD - ok 20:28:48.0546 2196 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 20:28:48.0546 2196 lanmanserver - ok 20:28:48.0609 2196 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 20:28:48.0609 2196 lanmanworkstation - ok 20:28:48.0625 2196 lbrtfdc - ok 20:28:48.0656 2196 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 20:28:48.0656 2196 LmHosts - ok 20:28:48.0703 2196 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys 20:28:48.0703 2196 massfilter - ok 20:28:48.0859 2196 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 20:28:48.0890 2196 Messenger - ok 20:28:49.0187 2196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:28:49.0203 2196 mnmdd - ok 20:28:49.0281 2196 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 20:28:49.0296 2196 mnmsrvc - ok 20:28:49.0343 2196 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 20:28:49.0359 2196 Modem - ok 20:28:49.0437 2196 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 20:28:49.0500 2196 Monfilt - ok 20:28:49.0546 2196 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:28:49.0546 2196 Mouclass - ok 20:28:49.0578 2196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:28:49.0593 2196 MountMgr - ok 20:28:49.0609 2196 mraid35x - ok 20:28:49.0640 2196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:28:49.0656 2196 MRxDAV - ok 20:28:49.0703 2196 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:28:49.0734 2196 MRxSmb - ok 20:28:49.0781 2196 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 20:28:49.0781 2196 MSDTC - ok 20:28:49.0859 2196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:28:49.0859 2196 Msfs - ok 20:28:49.0875 2196 MSIServer - ok 20:28:49.0937 2196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:28:49.0953 2196 MSKSSRV - ok 20:28:50.0000 2196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:28:50.0000 2196 MSPCLOCK - ok 20:28:50.0046 2196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:28:50.0046 2196 MSPQM - ok 20:28:50.0109 2196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:28:50.0125 2196 mssmbios - ok 20:28:50.0203 2196 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 20:28:50.0203 2196 MSTEE - ok 20:28:50.0265 2196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:28:50.0281 2196 Mup - ok 20:28:50.0328 2196 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:28:50.0343 2196 NABTSFEC - ok 20:28:50.0390 2196 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 20:28:50.0437 2196 napagent - ok 20:28:50.0500 2196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:28:50.0515 2196 NDIS - ok 20:28:50.0578 2196 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:28:50.0578 2196 NdisIP - ok 20:28:50.0640 2196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:28:50.0640 2196 NdisTapi - ok 20:28:50.0671 2196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:28:50.0671 2196 Ndisuio - ok 20:28:50.0703 2196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:28:50.0703 2196 NdisWan - ok 20:28:50.0750 2196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:28:50.0750 2196 NDProxy - ok 20:28:50.0781 2196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:28:50.0796 2196 NetBIOS - ok 20:28:50.0828 2196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:28:50.0828 2196 NetBT - ok 20:28:50.0906 2196 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 20:28:50.0921 2196 NetDDE - ok 20:28:50.0937 2196 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 20:28:50.0937 2196 NetDDEdsdm - ok 20:28:50.0968 2196 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:28:50.0968 2196 Netlogon - ok 20:28:51.0000 2196 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 20:28:51.0000 2196 Netman - ok 20:28:51.0078 2196 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 20:28:51.0093 2196 NetTcpPortSharing - ok 20:28:51.0140 2196 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 20:28:51.0140 2196 Nla - ok 20:28:51.0187 2196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:28:51.0187 2196 Npfs - ok 20:28:51.0187 2196 npggsvc - ok 20:28:51.0218 2196 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys 20:28:51.0218 2196 NPPTNT2 - ok 20:28:51.0265 2196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:28:51.0296 2196 Ntfs - ok 20:28:51.0328 2196 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:28:51.0328 2196 NtLmSsp - ok 20:28:51.0390 2196 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 20:28:51.0421 2196 NtmsSvc - ok 20:28:51.0484 2196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:28:51.0484 2196 Null - ok 20:28:51.0531 2196 NWCWorkstation (c34a6a72dec2c317d67355dc18f87090) C:\WINDOWS\System32\nwwks.dll 20:28:51.0531 2196 NWCWorkstation - ok 20:28:51.0562 2196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:28:51.0562 2196 NwlnkFlt - ok 20:28:51.0609 2196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:28:51.0625 2196 NwlnkFwd - ok 20:28:51.0671 2196 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 20:28:51.0687 2196 NwlnkIpx - ok 20:28:51.0703 2196 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 20:28:51.0718 2196 NwlnkNb - ok 20:28:51.0750 2196 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 20:28:51.0750 2196 NwlnkSpx - ok 20:28:51.0812 2196 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 20:28:51.0828 2196 NWRDR - ok 20:28:51.0843 2196 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 20:28:51.0859 2196 Parport - ok 20:28:51.0875 2196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:28:51.0890 2196 PartMgr - ok 20:28:51.0953 2196 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 20:28:51.0968 2196 ParVdm - ok 20:28:51.0984 2196 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 20:28:52.0000 2196 PCI - ok 20:28:52.0015 2196 PCIDump - ok 20:28:52.0078 2196 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:28:52.0078 2196 PCIIde - ok 20:28:52.0125 2196 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:28:52.0140 2196 Pcmcia - ok 20:28:52.0171 2196 PDCOMP - ok 20:28:52.0218 2196 PDFRAME - ok 20:28:52.0234 2196 PDRELI - ok 20:28:52.0265 2196 PDRFRAME - ok 20:28:52.0281 2196 perc2 - ok 20:28:52.0312 2196 perc2hib - ok 20:28:52.0390 2196 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 20:28:52.0390 2196 PlugPlay - ok 20:28:52.0406 2196 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:28:52.0421 2196 PolicyAgent - ok 20:28:52.0453 2196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:28:52.0453 2196 PptpMiniport - ok 20:28:52.0484 2196 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 20:28:52.0484 2196 Processor - ok 20:28:52.0515 2196 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:28:52.0515 2196 ProtectedStorage - ok 20:28:52.0546 2196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:28:52.0546 2196 PSched - ok 20:28:52.0578 2196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:28:52.0593 2196 Ptilink - ok 20:28:52.0625 2196 ql1080 - ok 20:28:52.0640 2196 Ql10wnt - ok 20:28:52.0671 2196 ql12160 - ok 20:28:52.0687 2196 ql1240 - ok 20:28:52.0687 2196 ql1280 - ok 20:28:52.0750 2196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:28:52.0750 2196 RasAcd - ok 20:28:52.0812 2196 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 20:28:52.0812 2196 RasAuto - ok 20:28:52.0828 2196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:28:52.0843 2196 Rasl2tp - ok 20:28:52.0890 2196 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 20:28:52.0890 2196 RasMan - ok 20:28:52.0921 2196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:28:52.0921 2196 RasPppoe - ok 20:28:52.0984 2196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:28:52.0984 2196 Raspti - ok 20:28:53.0031 2196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:28:53.0046 2196 Rdbss - ok 20:28:53.0078 2196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:28:53.0078 2196 RDPCDD - ok 20:28:53.0109 2196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:28:53.0156 2196 rdpdr - ok 20:28:53.0203 2196 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 20:28:53.0218 2196 RDPWD - ok 20:28:53.0265 2196 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 20:28:53.0265 2196 RDSessMgr - ok 20:28:53.0296 2196 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:28:53.0312 2196 redbook - ok 20:28:53.0375 2196 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 20:28:53.0375 2196 RemoteAccess - ok 20:28:53.0421 2196 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll 20:28:53.0437 2196 RemoteRegistry - ok 20:28:53.0468 2196 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 20:28:53.0468 2196 ROOTMODEM - ok 20:28:53.0500 2196 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 20:28:53.0500 2196 RpcLocator - ok 20:28:53.0546 2196 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll 20:28:53.0546 2196 RpcSs - ok 20:28:53.0593 2196 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 20:28:53.0593 2196 RSVP - ok 20:28:53.0625 2196 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 20:28:53.0640 2196 RTL8023xp - ok 20:28:53.0687 2196 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 20:28:53.0703 2196 rtl8139 - ok 20:28:53.0734 2196 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:28:53.0734 2196 SamSs - ok 20:28:53.0781 2196 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 20:28:53.0781 2196 SCardSvr - ok 20:28:53.0828 2196 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 20:28:53.0828 2196 Schedule - ok 20:28:53.0875 2196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:28:53.0875 2196 Secdrv - ok 20:28:53.0906 2196 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 20:28:53.0906 2196 seclogon - ok 20:28:53.0953 2196 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 20:28:53.0953 2196 SENS - ok 20:28:53.0984 2196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:28:53.0984 2196 serenum - ok 20:28:54.0015 2196 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 20:28:54.0015 2196 Serial - ok 20:28:54.0093 2196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:28:54.0093 2196 Sfloppy - ok 20:28:54.0140 2196 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 20:28:54.0156 2196 SharedAccess - ok 20:28:54.0203 2196 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:28:54.0203 2196 ShellHWDetection - ok 20:28:54.0234 2196 Simbad - ok 20:28:54.0296 2196 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:28:54.0312 2196 SLIP - ok 20:28:54.0609 2196 SNP2STD (97b19508eb11097eac08f0c195ee948d) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys 20:28:54.0921 2196 SNP2STD - ok 20:28:54.0968 2196 Sparrow - ok 20:28:55.0000 2196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:28:55.0015 2196 splitter - ok 20:28:55.0078 2196 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 20:28:55.0078 2196 Spooler - ok 20:28:55.0093 2196 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 20:28:55.0093 2196 sr - ok 20:28:55.0140 2196 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 20:28:55.0156 2196 srservice - ok 20:28:55.0218 2196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:28:55.0234 2196 Srv - ok 20:28:55.0265 2196 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys 20:28:55.0281 2196 ssadbus - ok 20:28:55.0328 2196 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 20:28:55.0328 2196 ssadmdfl - ok 20:28:55.0375 2196 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 20:28:55.0390 2196 ssadmdm - ok 20:28:55.0453 2196 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 20:28:55.0453 2196 SSDPSRV - ok 20:28:55.0500 2196 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 20:28:55.0500 2196 ssmdrv - ok 20:28:55.0593 2196 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 20:28:55.0593 2196 stisvc - ok 20:28:55.0656 2196 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:28:55.0671 2196 streamip - ok 20:28:55.0718 2196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:28:55.0734 2196 swenum - ok 20:28:55.0750 2196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:28:55.0750 2196 swmidi - ok 20:28:55.0796 2196 SwPrv - ok 20:28:55.0828 2196 symc810 - ok 20:28:55.0843 2196 symc8xx - ok 20:28:55.0875 2196 sym_hi - ok 20:28:55.0906 2196 sym_u3 - ok 20:28:55.0968 2196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:28:55.0968 2196 sysaudio - ok 20:28:56.0015 2196 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 20:28:56.0031 2196 SysmonLog - ok 20:28:56.0093 2196 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 20:28:56.0093 2196 TapiSrv - ok 20:28:56.0171 2196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:28:56.0187 2196 Tcpip - ok 20:28:56.0234 2196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:28:56.0234 2196 TDPIPE - ok 20:28:56.0281 2196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:28:56.0281 2196 TDTCP - ok 20:28:56.0312 2196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:28:56.0328 2196 TermDD - ok 20:28:56.0375 2196 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 20:28:56.0375 2196 TermService - ok 20:28:56.0437 2196 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:28:56.0453 2196 Themes - ok 20:28:56.0484 2196 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe 20:28:56.0484 2196 TlntSvr - ok 20:28:56.0500 2196 TosIde - ok 20:28:56.0531 2196 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 20:28:56.0531 2196 TrkWks - ok 20:28:56.0562 2196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:28:56.0578 2196 Udfs - ok 20:28:56.0656 2196 UI Assistant Service (13bff97e926bf8d9c1230cecc371a0c0) C:\Programme\1&1 Surf-Stick\AssistantServices.exe 20:28:56.0656 2196 UI Assistant Service - ok 20:28:56.0671 2196 ultra - ok 20:28:56.0703 2196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:28:56.0718 2196 Update - ok 20:28:56.0734 2196 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 20:28:56.0750 2196 upnphost - ok 20:28:56.0781 2196 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 20:28:56.0796 2196 UPS - ok 20:28:56.0828 2196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:28:56.0828 2196 usbccgp - ok 20:28:56.0859 2196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:28:56.0859 2196 usbehci - ok 20:28:56.0875 2196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:28:56.0890 2196 usbhub - ok 20:28:56.0921 2196 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 20:28:56.0921 2196 usbohci - ok 20:28:56.0953 2196 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:28:56.0953 2196 usbstor - ok 20:28:56.0984 2196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:28:56.0984 2196 VgaSave - ok 20:28:57.0015 2196 ViaIde - ok 20:28:57.0062 2196 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 20:28:57.0062 2196 VolSnap - ok 20:28:57.0109 2196 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 20:28:57.0125 2196 VSS - ok 20:28:57.0171 2196 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 20:28:57.0171 2196 W32Time - ok 20:28:57.0218 2196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:28:57.0234 2196 Wanarp - ok 20:28:57.0265 2196 wbymj4iz.sys - ok 20:28:57.0296 2196 WDICA - ok 20:28:57.0359 2196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:28:57.0359 2196 wdmaud - ok 20:28:57.0390 2196 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 20:28:57.0406 2196 WebClient - ok 20:28:57.0453 2196 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:28:57.0453 2196 winmgmt - ok 20:28:57.0515 2196 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll 20:28:57.0531 2196 WmdmPmSN - ok 20:28:57.0593 2196 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll 20:28:57.0625 2196 Wmi - ok 20:28:57.0703 2196 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:28:57.0703 2196 WmiApSrv - ok 20:28:57.0812 2196 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe 20:28:57.0906 2196 WMPNetworkSvc - ok 20:28:57.0984 2196 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:28:57.0984 2196 WpdUsb - ok 20:28:58.0171 2196 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:28:58.0187 2196 WPFFontCache_v0400 - ok 20:28:58.0218 2196 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:28:58.0218 2196 WS2IFSL - ok 20:28:58.0250 2196 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 20:28:58.0250 2196 wscsvc - ok 20:28:58.0265 2196 WSearch - ok 20:28:58.0328 2196 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:28:58.0328 2196 WSTCODEC - ok 20:28:58.0375 2196 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 20:28:58.0390 2196 wuauserv - ok 20:28:58.0437 2196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:28:58.0437 2196 WudfPf - ok 20:28:58.0500 2196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:28:58.0515 2196 WudfRd - ok 20:28:58.0593 2196 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 20:28:58.0593 2196 WudfSvc - ok 20:28:58.0640 2196 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 20:28:58.0656 2196 WZCSVC - ok 20:28:58.0687 2196 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 20:28:58.0703 2196 xmlprov - ok 20:28:58.0734 2196 xpsec - ok 20:28:58.0812 2196 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 20:28:58.0828 2196 yukonwxp - ok 20:28:58.0906 2196 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys 20:28:58.0906 2196 ZTEusbmdm6k - ok 20:28:58.0953 2196 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys 20:28:58.0953 2196 ZTEusbnmea - ok 20:28:59.0000 2196 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys 20:28:59.0000 2196 ZTEusbser6k - ok 20:28:59.0031 2196 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 20:28:59.0125 2196 \Device\Harddisk0\DR0 - ok 20:28:59.0125 2196 Boot (0x1200) (52f8e7d5a3c4541149f103f5aa567709) \Device\Harddisk0\DR0\Partition0 20:28:59.0125 2196 \Device\Harddisk0\DR0\Partition0 - ok 20:28:59.0125 2196 ============================================================ 20:28:59.0125 2196 Scan finished 20:28:59.0125 2196 ============================================================ 20:28:59.0140 2356 Detected object count: 0 20:28:59.0140 2356 Actual detected object count: 0 20:29:03.0968 2524 ============================================================ 20:29:03.0968 2524 Scan started 20:29:03.0968 2524 Mode: Manual; 20:29:03.0968 2524 ============================================================ 20:29:04.0109 2524 Abiosdsk - ok 20:29:04.0125 2524 abp480n5 - ok 20:29:04.0171 2524 ACDaemon - ok 20:29:04.0218 2524 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:29:04.0218 2524 ACPI - ok 20:29:04.0250 2524 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:29:04.0250 2524 ACPIEC - ok 20:29:04.0281 2524 adpu160m - ok 20:29:04.0296 2524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:29:04.0296 2524 aec - ok 20:29:04.0343 2524 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys 20:29:04.0343 2524 Afc - ok 20:29:04.0390 2524 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:29:04.0390 2524 AFD - ok 20:29:04.0421 2524 Aha154x - ok 20:29:04.0437 2524 aic78u2 - ok 20:29:04.0468 2524 aic78xx - ok 20:29:04.0531 2524 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 20:29:04.0531 2524 Alerter - ok 20:29:04.0578 2524 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 20:29:04.0578 2524 ALG - ok 20:29:04.0593 2524 AliIde - ok 20:29:04.0671 2524 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 20:29:04.0687 2524 Ambfilt - ok 20:29:04.0796 2524 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 20:29:04.0796 2524 AmdPPM - ok 20:29:04.0812 2524 amsint - ok 20:29:04.0890 2524 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe 20:29:04.0890 2524 AntiVirSchedulerService - ok 20:29:04.0906 2524 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe 20:29:04.0906 2524 AntiVirService - ok 20:29:04.0968 2524 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll 20:29:04.0968 2524 AppMgmt - ok 20:29:05.0031 2524 ArcSoftKsUFilter (bf8470e29873dd3f725f18709928c85f) C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys 20:29:05.0031 2524 ArcSoftKsUFilter - ok 20:29:05.0062 2524 asc - ok 20:29:05.0109 2524 asc3350p - ok 20:29:05.0156 2524 asc3550 - ok 20:29:05.0234 2524 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 20:29:05.0250 2524 aspnet_state - ok 20:29:05.0281 2524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:29:05.0281 2524 AsyncMac - ok 20:29:05.0328 2524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:29:05.0328 2524 atapi - ok 20:29:05.0343 2524 Atdisk - ok 20:29:05.0406 2524 Ati HotKey Poller (bf4690ff029aaec1266f32bb3e9633e8) C:\WINDOWS\system32\Ati2evxx.exe 20:29:05.0421 2524 Ati HotKey Poller - ok 20:29:05.0468 2524 ATI Smart (fb796f8fe747225756b870e9564a469c) C:\WINDOWS\system32\ati2sgag.exe 20:29:05.0468 2524 ATI Smart - ok 20:29:05.0671 2524 ati2mtag (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:29:05.0734 2524 ati2mtag - ok 20:29:05.0843 2524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:29:05.0843 2524 Atmarpc - ok 20:29:05.0906 2524 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 20:29:05.0906 2524 AudioSrv - ok 20:29:05.0937 2524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:29:05.0937 2524 audstub - ok 20:29:06.0000 2524 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 20:29:06.0000 2524 avgio - ok 20:29:06.0015 2524 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 20:29:06.0015 2524 avgntflt - ok 20:29:06.0046 2524 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 20:29:06.0046 2524 avipbb - ok 20:29:06.0093 2524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:29:06.0093 2524 Beep - ok 20:29:06.0156 2524 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 20:29:06.0156 2524 BITS - ok 20:29:06.0187 2524 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll 20:29:06.0187 2524 Browser - ok 20:29:06.0187 2524 catchme - ok 20:29:06.0218 2524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:29:06.0218 2524 cbidf2k - ok 20:29:06.0281 2524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:29:06.0281 2524 CCDECODE - ok 20:29:06.0312 2524 cd20xrnt - ok 20:29:06.0359 2524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:29:06.0359 2524 Cdaudio - ok 20:29:06.0406 2524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:29:06.0406 2524 Cdfs - ok 20:29:06.0421 2524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:29:06.0437 2524 Cdrom - ok 20:29:06.0468 2524 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 20:29:06.0468 2524 cercsr6 - ok 20:29:06.0500 2524 Changer - ok 20:29:06.0562 2524 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 20:29:06.0562 2524 CiSvc - ok 20:29:06.0593 2524 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 20:29:06.0593 2524 ClipSrv - ok 20:29:06.0671 2524 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:29:06.0671 2524 clr_optimization_v2.0.50727_32 - ok 20:29:06.0734 2524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:29:06.0734 2524 clr_optimization_v4.0.30319_32 - ok 20:29:06.0750 2524 CmdIde - ok 20:29:06.0765 2524 COMSysApp - ok 20:29:06.0781 2524 Cpqarray - ok 20:29:06.0812 2524 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 20:29:06.0812 2524 CryptSvc - ok 20:29:06.0843 2524 dac2w2k - ok 20:29:06.0875 2524 dac960nt - ok 20:29:06.0937 2524 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 20:29:06.0937 2524 DcomLaunch - ok 20:29:06.0968 2524 dgderdrv (d0d4f3ca1d3a4400e1f40f36a800cd12) C:\WINDOWS\system32\drivers\dgderdrv.sys 20:29:06.0968 2524 dgderdrv - ok 20:29:07.0000 2524 dgdersvc (1f7baca7d1dd1b3d73b4c3934148fad3) C:\WINDOWS\system32\dgdersvc.exe 20:29:07.0000 2524 dgdersvc - ok 20:29:07.0031 2524 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 20:29:07.0031 2524 Dhcp - ok 20:29:07.0046 2524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:29:07.0046 2524 Disk - ok 20:29:07.0078 2524 dmadmin - ok 20:29:07.0125 2524 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 20:29:07.0140 2524 dmboot - ok 20:29:07.0171 2524 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 20:29:07.0171 2524 dmio - ok 20:29:07.0203 2524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:29:07.0203 2524 dmload - ok 20:29:07.0250 2524 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 20:29:07.0250 2524 dmserver - ok 20:29:07.0296 2524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:29:07.0296 2524 DMusic - ok 20:29:07.0328 2524 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 20:29:07.0343 2524 Dnscache - ok 20:29:07.0390 2524 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 20:29:07.0390 2524 Dot3svc - ok 20:29:07.0406 2524 dpti2o - ok 20:29:07.0437 2524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:29:07.0437 2524 drmkaud - ok 20:29:07.0437 2524 EagleNT - ok 20:29:07.0500 2524 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 20:29:07.0500 2524 EapHost - ok 20:29:07.0546 2524 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 20:29:07.0546 2524 ERSvc - ok 20:29:07.0609 2524 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 20:29:07.0609 2524 Eventlog - ok 20:29:07.0656 2524 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 20:29:07.0656 2524 EventSystem - ok 20:29:07.0718 2524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:29:07.0718 2524 Fastfat - ok 20:29:07.0765 2524 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:29:07.0781 2524 FastUserSwitchingCompatibility - ok 20:29:07.0828 2524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:29:07.0828 2524 Fdc - ok 20:29:07.0859 2524 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 20:29:07.0859 2524 Fips - ok 20:29:07.0875 2524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:29:07.0875 2524 Flpydisk - ok 20:29:07.0937 2524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:29:07.0937 2524 FltMgr - ok 20:29:08.0015 2524 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:29:08.0015 2524 FontCache3.0.0.0 - ok 20:29:08.0062 2524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:29:08.0062 2524 Fs_Rec - ok 20:29:08.0093 2524 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:29:08.0093 2524 Ftdisk - ok 20:29:08.0109 2524 FWLANUSB - ok 20:29:08.0187 2524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:29:08.0187 2524 Gpc - ok 20:29:08.0218 2524 gupdate - ok 20:29:08.0218 2524 gupdatem - ok 20:29:08.0281 2524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:29:08.0281 2524 HDAudBus - ok 20:29:08.0375 2524 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:29:08.0375 2524 helpsvc - ok 20:29:08.0375 2524 HidServ - ok 20:29:08.0421 2524 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 20:29:08.0421 2524 hkmsvc - ok 20:29:08.0437 2524 hpn - ok 20:29:08.0500 2524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:29:08.0500 2524 HTTP - ok 20:29:08.0562 2524 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 20:29:08.0562 2524 HTTPFilter - ok 20:29:08.0562 2524 i2omgmt - ok 20:29:08.0593 2524 i2omp - ok 20:29:08.0656 2524 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:29:08.0656 2524 i8042prt - ok 20:29:08.0703 2524 ICQ Service - ok 20:29:08.0781 2524 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:29:08.0796 2524 idsvc - ok 20:29:08.0812 2524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:29:08.0812 2524 Imapi - ok 20:29:08.0859 2524 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 20:29:08.0859 2524 ImapiService - ok 20:29:08.0875 2524 ini910u - ok 20:29:09.0062 2524 IntcAzAudAddService (4716f7ee8fb7fd02596ece1ec70aff53) C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:29:09.0109 2524 IntcAzAudAddService - ok 20:29:09.0140 2524 IntelIde - ok 20:29:09.0187 2524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:29:09.0187 2524 Ip6Fw - ok 20:29:09.0265 2524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:29:09.0265 2524 IpFilterDriver - ok 20:29:09.0296 2524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:29:09.0296 2524 IpInIp - ok 20:29:09.0312 2524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:29:09.0312 2524 IpNat - ok 20:29:09.0343 2524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:29:09.0343 2524 IPSec - ok 20:29:09.0390 2524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:29:09.0390 2524 IRENUM - ok 20:29:09.0421 2524 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:29:09.0421 2524 isapnp - ok 20:29:09.0531 2524 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe 20:29:09.0546 2524 JavaQuickStarterService - ok 20:29:09.0578 2524 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:29:09.0578 2524 Kbdclass - ok 20:29:09.0609 2524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:29:09.0609 2524 kmixer - ok 20:29:09.0656 2524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:29:09.0656 2524 KSecDD - ok 20:29:09.0703 2524 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 20:29:09.0703 2524 lanmanserver - ok 20:29:09.0796 2524 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 20:29:09.0796 2524 lanmanworkstation - ok 20:29:09.0812 2524 lbrtfdc - ok 20:29:09.0875 2524 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 20:29:09.0875 2524 LmHosts - ok 20:29:09.0890 2524 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys 20:29:09.0890 2524 massfilter - ok 20:29:09.0921 2524 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 20:29:09.0937 2524 Messenger - ok 20:29:09.0984 2524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:29:09.0984 2524 mnmdd - ok 20:29:10.0015 2524 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 20:29:10.0015 2524 mnmsrvc - ok 20:29:10.0046 2524 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 20:29:10.0046 2524 Modem - ok 20:29:10.0109 2524 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 20:29:10.0125 2524 Monfilt - ok 20:29:10.0156 2524 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:29:10.0156 2524 Mouclass - ok 20:29:10.0187 2524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:29:10.0187 2524 MountMgr - ok 20:29:10.0203 2524 mraid35x - ok 20:29:10.0234 2524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:29:10.0234 2524 MRxDAV - ok 20:29:10.0296 2524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:29:10.0296 2524 MRxSmb - ok 20:29:10.0343 2524 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 20:29:10.0343 2524 MSDTC - ok 20:29:10.0375 2524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:29:10.0375 2524 Msfs - ok 20:29:10.0406 2524 MSIServer - ok 20:29:10.0453 2524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:29:10.0453 2524 MSKSSRV - ok 20:29:10.0500 2524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:29:10.0500 2524 MSPCLOCK - ok 20:29:10.0546 2524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:29:10.0546 2524 MSPQM - ok 20:29:10.0578 2524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:29:10.0578 2524 mssmbios - ok 20:29:10.0625 2524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 20:29:10.0625 2524 MSTEE - ok 20:29:10.0703 2524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:29:10.0703 2524 Mup - ok 20:29:10.0734 2524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:29:10.0734 2524 NABTSFEC - ok 20:29:10.0781 2524 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 20:29:10.0796 2524 napagent - ok 20:29:10.0812 2524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:29:10.0828 2524 NDIS - ok 20:29:10.0859 2524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:29:10.0859 2524 NdisIP - ok 20:29:10.0906 2524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:29:10.0906 2524 NdisTapi - ok 20:29:10.0937 2524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:29:10.0937 2524 Ndisuio - ok 20:29:10.0953 2524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:29:10.0953 2524 NdisWan - ok 20:29:11.0000 2524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:29:11.0000 2524 NDProxy - ok 20:29:11.0031 2524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:29:11.0031 2524 NetBIOS - ok 20:29:11.0062 2524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:29:11.0062 2524 NetBT - ok 20:29:11.0109 2524 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 20:29:11.0109 2524 NetDDE - ok 20:29:11.0125 2524 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 20:29:11.0125 2524 NetDDEdsdm - ok 20:29:11.0171 2524 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:29:11.0171 2524 Netlogon - ok 20:29:11.0203 2524 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 20:29:11.0203 2524 Netman - ok 20:29:11.0265 2524 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 20:29:11.0265 2524 NetTcpPortSharing - ok 20:29:11.0296 2524 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 20:29:11.0312 2524 Nla - ok 20:29:11.0343 2524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:29:11.0343 2524 Npfs - ok 20:29:11.0359 2524 npggsvc - ok 20:29:11.0390 2524 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys 20:29:11.0390 2524 NPPTNT2 - ok 20:29:11.0421 2524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:29:11.0437 2524 Ntfs - ok 20:29:11.0468 2524 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:29:11.0468 2524 NtLmSsp - ok 20:29:11.0500 2524 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 20:29:11.0500 2524 NtmsSvc - ok 20:29:11.0546 2524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:29:11.0546 2524 Null - ok 20:29:11.0593 2524 NWCWorkstation (c34a6a72dec2c317d67355dc18f87090) C:\WINDOWS\System32\nwwks.dll 20:29:11.0593 2524 NWCWorkstation - ok 20:29:11.0625 2524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:29:11.0625 2524 NwlnkFlt - ok 20:29:11.0656 2524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:29:11.0656 2524 NwlnkFwd - ok 20:29:11.0718 2524 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 20:29:11.0718 2524 NwlnkIpx - ok 20:29:11.0734 2524 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 20:29:11.0734 2524 NwlnkNb - ok 20:29:11.0765 2524 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 20:29:11.0781 2524 NwlnkSpx - ok 20:29:11.0828 2524 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 20:29:11.0828 2524 NWRDR - ok 20:29:11.0843 2524 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 20:29:11.0859 2524 Parport - ok 20:29:11.0875 2524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:29:11.0875 2524 PartMgr - ok 20:29:11.0921 2524 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 20:29:11.0921 2524 ParVdm - ok 20:29:11.0968 2524 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 20:29:11.0968 2524 PCI - ok 20:29:12.0000 2524 PCIDump - ok 20:29:12.0046 2524 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:29:12.0046 2524 PCIIde - ok 20:29:12.0109 2524 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:29:12.0109 2524 Pcmcia - ok 20:29:12.0140 2524 PDCOMP - ok 20:29:12.0203 2524 PDFRAME - ok 20:29:12.0218 2524 PDRELI - ok 20:29:12.0234 2524 PDRFRAME - ok 20:29:12.0281 2524 perc2 - ok 20:29:12.0312 2524 perc2hib - ok 20:29:12.0359 2524 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 20:29:12.0375 2524 PlugPlay - ok 20:29:12.0390 2524 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:29:12.0390 2524 PolicyAgent - ok 20:29:12.0421 2524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:29:12.0421 2524 PptpMiniport - ok 20:29:12.0453 2524 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 20:29:12.0453 2524 Processor - ok 20:29:12.0468 2524 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:29:12.0468 2524 ProtectedStorage - ok 20:29:12.0515 2524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:29:12.0515 2524 PSched - ok 20:29:12.0546 2524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:29:12.0546 2524 Ptilink - ok 20:29:12.0578 2524 ql1080 - ok 20:29:12.0625 2524 Ql10wnt - ok 20:29:12.0656 2524 ql12160 - ok 20:29:12.0671 2524 ql1240 - ok 20:29:12.0718 2524 ql1280 - ok 20:29:12.0750 2524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:29:12.0750 2524 RasAcd - ok 20:29:12.0812 2524 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 20:29:12.0812 2524 RasAuto - ok 20:29:12.0843 2524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:29:12.0843 2524 Rasl2tp - ok 20:29:12.0906 2524 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 20:29:12.0906 2524 RasMan - ok 20:29:12.0937 2524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:29:12.0937 2524 RasPppoe - ok 20:29:12.0984 2524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:29:12.0984 2524 Raspti - ok 20:29:13.0015 2524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:29:13.0015 2524 Rdbss - ok 20:29:13.0062 2524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:29:13.0062 2524 RDPCDD - ok 20:29:13.0093 2524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:29:13.0093 2524 rdpdr - ok 20:29:13.0140 2524 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 20:29:13.0140 2524 RDPWD - ok 20:29:13.0187 2524 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 20:29:13.0187 2524 RDSessMgr - ok 20:29:13.0218 2524 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:29:13.0218 2524 redbook - ok 20:29:13.0250 2524 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 20:29:13.0250 2524 RemoteAccess - ok 20:29:13.0281 2524 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll 20:29:13.0296 2524 RemoteRegistry - ok 20:29:13.0343 2524 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 20:29:13.0343 2524 ROOTMODEM - ok 20:29:13.0390 2524 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 20:29:13.0390 2524 RpcLocator - ok 20:29:13.0453 2524 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll 20:29:13.0468 2524 RpcSs - ok 20:29:13.0500 2524 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 20:29:13.0500 2524 RSVP - ok 20:29:13.0546 2524 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 20:29:13.0546 2524 RTL8023xp - ok 20:29:13.0609 2524 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 20:29:13.0609 2524 rtl8139 - ok 20:29:13.0656 2524 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:29:13.0656 2524 SamSs - ok 20:29:13.0687 2524 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 20:29:13.0687 2524 SCardSvr - ok 20:29:13.0765 2524 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 20:29:13.0781 2524 Schedule - ok 20:29:13.0828 2524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:29:13.0828 2524 Secdrv - ok 20:29:13.0875 2524 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 20:29:13.0875 2524 seclogon - ok 20:29:13.0906 2524 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 20:29:13.0906 2524 SENS - ok 20:29:13.0937 2524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:29:13.0937 2524 serenum - ok 20:29:13.0968 2524 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 20:29:13.0968 2524 Serial - ok 20:29:14.0015 2524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:29:14.0015 2524 Sfloppy - ok 20:29:14.0046 2524 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 20:29:14.0062 2524 SharedAccess - ok 20:29:14.0109 2524 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:29:14.0109 2524 ShellHWDetection - ok 20:29:14.0140 2524 Simbad - ok 20:29:14.0187 2524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:29:14.0187 2524 SLIP - ok 20:29:14.0484 2524 SNP2STD (97b19508eb11097eac08f0c195ee948d) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys 20:29:14.0578 2524 SNP2STD - ok 20:29:14.0609 2524 Sparrow - ok 20:29:14.0671 2524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:29:14.0671 2524 splitter - ok 20:29:14.0734 2524 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 20:29:14.0734 2524 Spooler - ok 20:29:14.0765 2524 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 20:29:14.0765 2524 sr - ok 20:29:14.0796 2524 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 20:29:14.0812 2524 srservice - ok 20:29:14.0843 2524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:29:14.0843 2524 Srv - ok 20:29:14.0875 2524 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys 20:29:14.0875 2524 ssadbus - ok 20:29:14.0921 2524 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 20:29:14.0921 2524 ssadmdfl - ok 20:29:14.0953 2524 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 20:29:14.0953 2524 ssadmdm - ok 20:29:15.0015 2524 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 20:29:15.0015 2524 SSDPSRV - ok 20:29:15.0062 2524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 20:29:15.0062 2524 ssmdrv - ok 20:29:15.0109 2524 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 20:29:15.0125 2524 stisvc - ok 20:29:15.0171 2524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:29:15.0171 2524 streamip - ok 20:29:15.0234 2524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:29:15.0234 2524 swenum - ok 20:29:15.0265 2524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:29:15.0265 2524 swmidi - ok 20:29:15.0281 2524 SwPrv - ok 20:29:15.0312 2524 symc810 - ok 20:29:15.0343 2524 symc8xx - ok 20:29:15.0359 2524 sym_hi - ok 20:29:15.0390 2524 sym_u3 - ok 20:29:15.0421 2524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:29:15.0421 2524 sysaudio - ok 20:29:15.0453 2524 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 20:29:15.0453 2524 SysmonLog - ok 20:29:15.0500 2524 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 20:29:15.0500 2524 TapiSrv - ok 20:29:15.0562 2524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:29:15.0562 2524 Tcpip - ok 20:29:15.0609 2524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:29:15.0609 2524 TDPIPE - ok 20:29:15.0656 2524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:29:15.0656 2524 TDTCP - ok 20:29:15.0687 2524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:29:15.0687 2524 TermDD - ok 20:29:15.0734 2524 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 20:29:15.0734 2524 TermService - ok 20:29:15.0781 2524 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:29:15.0796 2524 Themes - ok 20:29:15.0828 2524 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe 20:29:15.0828 2524 TlntSvr - ok 20:29:15.0859 2524 TosIde - ok 20:29:15.0921 2524 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 20:29:15.0921 2524 TrkWks - ok 20:29:15.0953 2524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:29:15.0953 2524 Udfs - ok 20:29:16.0031 2524 UI Assistant Service (13bff97e926bf8d9c1230cecc371a0c0) C:\Programme\1&1 Surf-Stick\AssistantServices.exe 20:29:16.0031 2524 UI Assistant Service - ok 20:29:16.0062 2524 ultra - ok 20:29:16.0109 2524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:29:16.0109 2524 Update - ok 20:29:16.0140 2524 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 20:29:16.0140 2524 upnphost - ok 20:29:16.0187 2524 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 20:29:16.0187 2524 UPS - ok 20:29:16.0218 2524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:29:16.0218 2524 usbccgp - ok 20:29:16.0265 2524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:29:16.0265 2524 usbehci - ok 20:29:16.0296 2524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:29:16.0296 2524 usbhub - ok 20:29:16.0328 2524 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 20:29:16.0328 2524 usbohci - ok 20:29:16.0359 2524 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:29:16.0359 2524 usbstor - ok 20:29:16.0390 2524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:29:16.0390 2524 VgaSave - ok 20:29:16.0406 2524 ViaIde - ok 20:29:16.0453 2524 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 20:29:16.0453 2524 VolSnap - ok 20:29:16.0484 2524 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 20:29:16.0484 2524 VSS - ok 20:29:16.0531 2524 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 20:29:16.0546 2524 W32Time - ok 20:29:16.0578 2524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:29:16.0578 2524 Wanarp - ok 20:29:16.0593 2524 wbymj4iz.sys - ok 20:29:16.0625 2524 WDICA - ok 20:29:16.0656 2524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:29:16.0656 2524 wdmaud - ok 20:29:16.0703 2524 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 20:29:16.0703 2524 WebClient - ok 20:29:16.0781 2524 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:29:16.0781 2524 winmgmt - ok 20:29:16.0843 2524 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll 20:29:16.0843 2524 WmdmPmSN - ok 20:29:16.0906 2524 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll 20:29:16.0906 2524 Wmi - ok 20:29:16.0953 2524 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:29:16.0953 2524 WmiApSrv - ok 20:29:17.0062 2524 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe 20:29:17.0078 2524 WMPNetworkSvc - ok 20:29:17.0109 2524 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:29:17.0109 2524 WpdUsb - ok 20:29:17.0234 2524 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:29:17.0234 2524 WPFFontCache_v0400 - ok 20:29:17.0281 2524 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:29:17.0281 2524 WS2IFSL - ok 20:29:17.0312 2524 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 20:29:17.0328 2524 wscsvc - ok 20:29:17.0343 2524 WSearch - ok 20:29:17.0390 2524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:29:17.0390 2524 WSTCODEC - ok 20:29:17.0453 2524 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 20:29:17.0453 2524 wuauserv - ok 20:29:17.0484 2524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:29:17.0484 2524 WudfPf - ok 20:29:17.0515 2524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:29:17.0515 2524 WudfRd - ok 20:29:17.0562 2524 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 20:29:17.0562 2524 WudfSvc - ok 20:29:17.0625 2524 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 20:29:17.0625 2524 WZCSVC - ok 20:29:17.0656 2524 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 20:29:17.0671 2524 xmlprov - ok 20:29:17.0671 2524 xpsec - ok 20:29:17.0703 2524 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 20:29:17.0718 2524 yukonwxp - ok 20:29:17.0750 2524 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys 20:29:17.0750 2524 ZTEusbmdm6k - ok 20:29:17.0765 2524 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys 20:29:17.0765 2524 ZTEusbnmea - ok 20:29:17.0812 2524 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys 20:29:17.0812 2524 ZTEusbser6k - ok 20:29:17.0828 2524 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 20:29:17.0921 2524 \Device\Harddisk0\DR0 - ok 20:29:17.0921 2524 Boot (0x1200) (52f8e7d5a3c4541149f103f5aa567709) \Device\Harddisk0\DR0\Partition0 20:29:17.0921 2524 \Device\Harddisk0\DR0\Partition0 - ok 20:29:17.0937 2524 ============================================================ 20:29:17.0937 2524 Scan finished 20:29:17.0937 2524 ============================================================ 20:29:17.0937 2488 Detected object count: 0 20:29:17.0937 2488 Actual detected object count: 0 20:29:46.0437 2096 Deinitialize success |
|
| Themen zu Mein PC ist vielleicht Infiziert. |
| avira, fenster, fertig, garnichts, gefunde, gehackt, geklickt, gestoppt, infiziert, infiziert., installiere, installieren, komischer, konnte, laufe, laufen, liebe, neue, passieren, software, sofware, spiel, troja, trojaner, vieren |
Linear-Darstellung
