| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WEB.DE wird permanent innerhalb weniger Minuten gehacktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2012, 21:55
| #1 |
| |  WEB.DE wird permanent innerhalb weniger Minuten gehackt Hallo zusammen, mein WEB.DE Account wird permanent innerhalb weniger Minuten gehackt. Danach bekomme ich immer "Mail Delivery" - Mails, weil der Empfänger unbekannt ist. Weder Norton noch Avira haben etwas gefunden. Ich benutze mehrere Rechner, ich weiß nicht auf welchem Rechner das Problem liegt. iphone und ipad schließe ich mal als Quelle aus (oder ist das nicht gerechtfertigt?). Ich fange jetzt mal mit dem ersten Rechner an: Defogger läuft nicht durch: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:28 on 09/07/2012 (Sarah)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.07.2012 22:33:37 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sarah\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,21% Memory free 8,00 Gb Paging File | 6,06 Gb Available in Paging File | 75,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 353,70 Gb Free Space | 75,96% Space Free | Partition Type: NTFS Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.09 22:33:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe PRC - [2012.06.23 15:43:12 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012.06.21 12:35:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.09.01 11:38:56 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe PRC - [2011.09.01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2011.08.04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE PRC - [2011.08.04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011.05.26 07:05:01 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011.01.15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2008.11.07 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2012.06.23 15:43:12 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012.06.21 12:35:18 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008.11.07 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Win32 Services (SafeList) ========== SRV - [2012.06.23 15:43:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.21 12:35:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360) SRV - [2011.09.01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.07 17:49:10 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.17 21:15:02 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.03.29 08:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.03.29 08:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2012.03.29 00:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS) DRV:64bit: - [2012.03.29 00:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.03.29 00:28:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS) DRV:64bit: - [2012.03.29 00:06:26 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.29 16:44:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2011.07.06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.09.26 10:57:00 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2008.09.26 10:56:00 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2008.09.26 10:56:00 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2008.09.26 10:55:00 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2007.05.03 09:11:46 | 000,244,736 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MRVW13C.sys -- (MRV6X64P) DRV:64bit: - [2007.03.30 18:19:40 | 000,051,200 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2007.03.01 17:53:40 | 000,087,808 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2007.02.22 20:55:54 | 000,143,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.07.09 19:52:20 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120709.003\ex64.sys -- (NAVEX15) DRV - [2012.07.09 19:52:20 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120709.003\eng64.sys -- (NAVENG) DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.06.14 20:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120705.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.05.31 09:01:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.05.31 09:01:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=119998&babsrc=HP_ss&mntrId=781ddecc00000000000090e6ba46ac56 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 12 51 A9 BA AC CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101008155724\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=781ddecc00000000000090e6ba46ac56 IE - HKCU\..\SearchScopes\{27ED2856-4ABE-4918-B5E6-99D4E05FC34F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=119998&babsrc=adbartrp&mntrId=781ddecc00000000000090e6ba46ac56&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.20 13:43:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011.10.21 18:16:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012.05.18 08:01:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012.07.09 17:32:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 12:35:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 16:06:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.28 16:06:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 12:35:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 16:06:59 | 000,000,000 | ---D | M] [2010.02.14 10:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2010.02.14 10:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.04 11:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\wqta5u4n.default\extensions [2010.04.28 22:44:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\wqta5u4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.09 15:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.11 13:19:30 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQTA5U4N.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.06.21 12:35:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.21 12:35:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.28 15:15:21 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.21 12:35:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.21 12:35:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 12:35:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 12:35:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 12:35:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101008155724\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe (Hewlett-Packard) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pampers Pregnancy Widget.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1450186B-CDAE-4EAC-A3FE-5E9968619C69}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A2AF38-BDDB-464C-9686-EABB3234ED96}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c0034554-49ff-11df-a9ca-90e6ba46bc04}\Shell - "" = AutoRun O33 - MountPoints2\{c0034554-49ff-11df-a9ca-90e6ba46bc04}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Sigel [2012.07.04 19:37:23 | 000,374,272 | ---- | C] (Herd Software Entwicklung/ Ketteler Str. 35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) -- C:\Windows\SysWow64\Dav3_32.dll [2012.07.04 19:37:23 | 000,143,360 | ---- | C] (Herd Software Entwicklung/ Ketteler Str.35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ eMail:info@herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) -- C:\Windows\SysWow64\leon3_32.dll [2012.07.04 19:37:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel [2012.07.04 19:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel [2012.07.04 19:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigel [2012.06.25 10:53:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2012.06.23 21:30:06 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Macromedia [2012.06.22 12:01:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\My Curse [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.09 22:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.09 22:27:49 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable [2012.07.09 22:27:08 | 000,050,477 | ---- | M] () -- C:\Users\Sarah\Desktop\Defogger.exe [2012.07.09 17:39:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.09 17:39:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.09 17:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.09 17:31:59 | 3220,471,808 | -HS- | M] () -- C:\hiberfil.sys [2012.07.08 19:24:57 | 000,000,600 | ---- | M] () -- C:\Users\Sarah\AppData\Local\PUTTY.RND [2012.07.04 19:37:56 | 000,016,386 | ---- | M] () -- C:\Windows\SysWow64\sigas207.dll [2012.07.04 19:37:23 | 000,001,142 | ---- | M] () -- C:\Users\Sarah\Desktop\GastroDesigner plus Demo.lnk [2012.06.26 12:56:24 | 000,181,982 | ---- | M] () -- C:\Users\Sarah\Desktop\Ligamannschaft.jpg [2012.06.25 10:53:07 | 000,000,318 | ---- | M] () -- C:\Users\Sarah\Desktop\Curse Client.appref-ms [2012.06.24 20:12:29 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2012.06.24 20:12:29 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk [2012.06.24 20:12:26 | 000,328,526 | ---- | M] () -- C:\Users\Sarah\Desktop\illusion-clean-style-2990.jpg [2012.06.22 23:01:15 | 000,001,469 | ---- | M] () -- C:\Users\Sarah\Desktop\flagge-griechenland.gif [2012.06.14 13:10:53 | 000,380,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 23:14:53 | 001,533,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 23:14:53 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 23:14:53 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 23:14:53 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 23:14:53 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 16:22:55 | 000,026,063 | ---- | M] () -- C:\Users\Sarah\Desktop\Party1.jpg [2012.06.13 16:19:07 | 000,047,710 | ---- | M] () -- C:\Users\Sarah\Desktop\party.gif [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.09 22:27:49 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable [2012.07.09 22:27:05 | 000,050,477 | ---- | C] () -- C:\Users\Sarah\Desktop\Defogger.exe [2012.07.04 19:37:56 | 000,016,386 | ---- | C] () -- C:\Windows\SysWow64\sigas207.dll [2012.07.04 19:37:23 | 000,001,142 | ---- | C] () -- C:\Users\Sarah\Desktop\GastroDesigner plus Demo.lnk [2012.06.26 12:56:23 | 000,181,982 | ---- | C] () -- C:\Users\Sarah\Desktop\Ligamannschaft.jpg [2012.06.25 10:53:07 | 000,000,318 | ---- | C] () -- C:\Users\Sarah\Desktop\Curse Client.appref-ms [2012.06.24 20:12:25 | 000,328,526 | ---- | C] () -- C:\Users\Sarah\Desktop\illusion-clean-style-2990.jpg [2012.06.22 23:01:14 | 000,001,469 | ---- | C] () -- C:\Users\Sarah\Desktop\flagge-griechenland.gif [2012.06.13 16:22:55 | 000,026,063 | ---- | C] () -- C:\Users\Sarah\Desktop\Party1.jpg [2012.06.13 16:19:06 | 000,047,710 | ---- | C] () -- C:\Users\Sarah\Desktop\party.gif [2012.02.23 22:11:27 | 000,003,584 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.21 18:16:19 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.10.11 19:36:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\Chkv3_32.dll [2011.08.24 09:51:34 | 000,001,099 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\ShiftN.ini [2011.08.18 20:18:13 | 000,049,873 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\UserTile.png [2011.06.15 20:23:50 | 000,001,940 | ---- | C] () -- C:\Users\Sarah\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.02.10 18:34:51 | 000,000,600 | ---- | C] () -- C:\Users\Sarah\AppData\Local\PUTTY.RND [2010.02.13 17:44:18 | 000,000,760 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\setup_ldm.iss ========== LOP Check ========== [2012.02.28 15:15:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon [2010.12.12 20:50:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\becker [2012.04.06 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canon [2010.11.22 22:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\CD-LabelPrint [2012.07.09 18:23:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox [2011.12.02 23:42:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Foxit Software [2010.02.26 12:48:21 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ [2010.02.13 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech [2011.08.20 13:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MAGIX [2012.07.04 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Sigel [2010.02.14 10:22:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird [2011.08.20 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Tific [2010.04.18 19:00:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TS3Client [2012.05.16 19:22:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > OTL Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.07.2012 22:33:37 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,21% Memory free
8,00 Gb Paging File | 6,06 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 353,70 Gb Free Space | 75,96% Space Free | Partition Type: NTFS
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0047CEB0-4F64-4A4F-AF99-1248FEC0618C}" = rport=445 | protocol=6 | dir=out | app=system |
"{08BC8460-8245-433F-8945-77EDFE3953E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12094905-386E-4032-82F4-02E21E8C0A7A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{177F7C08-9081-4164-9218-A91E0BA39960}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1EF5B9B4-9248-4FF5-93F7-32D060EBC6B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FD3E88F-88FC-4751-87E2-FDD24EA6F318}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5075AAEF-C1FB-4BD6-B7DB-830DE6046F95}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe |
"{5348F6A2-0B82-4728-B7B4-9B9AB8D44760}" = lport=138 | protocol=17 | dir=in | app=system |
"{573898C8-D276-4886-8BD3-1689ED45ABCE}" = lport=139 | protocol=6 | dir=in | app=system |
"{7ABA3BD7-EBF2-4417-930A-0F0646FAAD76}" = rport=137 | protocol=17 | dir=out | app=system |
"{859F58A8-1EA1-4512-8C04-2A3B2900E27D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85E65165-90CB-487B-9592-4B61EDAF43B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A1EE3A6-7362-4C2A-8709-D12BD87B4CE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93907D6B-2B4D-4FD6-8097-9E3C2270D24C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A921E1E2-EBFD-425D-8993-F652DC42CA4B}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD2ED41B-0C68-457B-8010-180AB1FE5125}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7493B30-9564-48EF-AE81-8DE6157CB9A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B74B3A7D-0765-4BB2-B6C3-9E9B47030277}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBBFDEC8-6649-484E-BE35-D4CE921A1CF2}" = lport=137 | protocol=17 | dir=in | app=system |
"{D05C191E-E675-4B2C-A373-175B64F750C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D0FBEF15-DEC5-4E71-9E6B-A5034D403843}" = lport=445 | protocol=6 | dir=in | app=system |
"{D58C7CD3-5BDE-44EE-B18D-3A15A70BEB40}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe |
"{E6FE34E3-D042-4464-9433-5CA884BC1E1A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F6DBEAC6-F5EA-45AC-B365-6CA845C90978}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F775EF-0516-4921-81FE-B9325A523A92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0F745980-7830-45C0-83C9-853608AAAFF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{109B6929-D2A0-4B5E-8A4A-DD813F28D630}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1BD85400-6091-4593-93FF-528C9677529A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2AE8CBD8-F927-4E24-B93E-A195111DCAE2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35564C65-164B-48FF-AFE3-178352A654D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3571AD4A-6A3E-4355-92E3-998F6EA87684}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A7E6770-985A-48E9-93C9-DBEFAFFC4998}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"{5B38B02F-0B1C-487C-A3B7-B3FE0F8F1D38}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D10DD0F-53F0-47C6-8792-E0D279C4BFFA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6D657D7A-DD03-4F05-95BE-EAF8173760DF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6DB6C977-8CE6-4D24-BB3F-B29EDF353EF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72C73EA0-63EC-47C2-B415-7AB3C1771237}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"{74CAEDB6-2877-4849-9E4F-4E7440367D16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A2FD5F2-CAD7-412E-938A-275AE2FBDDB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89BFB2BB-6B18-42BD-9683-F9BDC2C2BEE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F8D25BF-B3A5-4B34-ABA1-1D2B2232E1B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97F9A01B-0CBE-47DF-A1D7-A3AE42660618}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AF6A08A7-EE13-4643-8D65-BEDD8B150D62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B5BB01CA-9A77-49C3-A199-20DEC6B38ADC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C39C45B7-D834-4BC5-BF40-DD658FFC564F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1FB03EA-CD35-4A87-A5E3-39BC7ED7B9ED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FBC5E64F-5CE2-4BF2-9F1A-E556F6A93808}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{310E4313-30C4-46B1-8AE2-D82D862ED365}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{3A5241E3-3629-4600-91CF-E9720BA073D2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{5B22217E-5685-472C-B060-E7B463D591D3}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{81DD50C9-DEC8-4364-8046-CF75FE372554}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"TCP Query User{BA75F9A6-258A-4807-B21C-C15B9C9AA6AA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{0A00A625-4B5F-4147-8731-963A02CD0A40}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"UDP Query User{3FDCD0CA-6EE1-44FF-BAF8-2AA2C2028488}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{73C0EB54-90B4-4FC2-864B-D96346730230}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{930B6CF3-396B-4FC2-952E-CD837733D278}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{BA07511A-E4BA-49C5-B936-A398D4B74BC2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{39AD21D1-93E3-4E10-9635-DFDD2EDB5BA3}" = MAGIX Screenshare
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{516C52F1-F593-49C2-BA32-7CA91009F300}" = MAGIX Foto & Grafik Designer 7
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f392fd7e-fb7d-4b2b-8876-3c2c3a49aeaf}" = Nero 9
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"Browser Defender_is1" = Browser Defender 3.0
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Content Manager 2" = Content Manager 2
"Digital Editions" = Adobe Digital Editions
"dlancockpit" = devolo dLAN Cockpit
"dm-Fotowelt" = dm-Fotowelt
"Dungeon Keeper II" = Dungeon Keeper 2
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Foxit Reader_is1" = Foxit Reader 5.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"MAGIX_MSI_Foto_Grafik_Designer_7" = MAGIX Foto & Grafik Designer 7
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"N360" = Norton 360
"OnlineFotoservice" = OnlineFotoservice
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Sigel GastroDesigner plus Demo" = Sigel GastroDesigner plus Demo
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
"FoxTab Video Converter" = FoxTab Video Converter
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2011 04:27:05 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 21.11.2011 04:00:56 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.11.2011 04:01:10 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 21.11.2011 04:01:11 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 22.11.2011 03:45:23 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 22.11.2011 03:45:37 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.11.2011 03:45:37 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 23.11.2011 02:26:05 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 23.11.2011 02:26:24 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 23.11.2011 02:26:25 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ OSession Events ]
Error - 18.03.2012 06:34:15 | Computer Name = Sarah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.07.2012 04:29:02 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 05.07.2012 04:30:04 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description =
Error - 06.07.2012 01:23:44 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 06.07.2012 01:24:46 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description =
Error - 06.07.2012 04:43:52 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 06.07.2012 04:44:54 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description =
Error - 08.07.2012 05:05:25 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 08.07.2012 05:06:27 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description =
Error - 09.07.2012 11:32:23 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.07.2012 11:33:24 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Vorab schon mal herzlichen Dank |
|
10.07.2012, 10:40
| #2 | |
| /// Malware-holic   | WEB.DE wird permanent innerhalb weniger Minuten gehacktCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
10.07.2012, 11:04
| #3 |
| | WEB.DE wird permanent innerhalb weniger Minuten gehackt Hallo, vielen Dank für die prompte Antwort.
__________________Habe gerade noch Malwarebytes Anti Malware laufen lassen und folgendes erhalten: Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.10.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Sarah :: SARAH-PC [Administrator] Schutz: Aktiviert 10.07.2012 11:37:58 mbam-log-2012-07-10 (11-37-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207969 Laufzeit: 2 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Sarah\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sarah\Downloads\VideoConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sarah\Downloads\VideoToMp3Setup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Werde jetzt aber direkt Combofix starten wie du mir enpfohlen hast. Vielen Dank für deine prompte Hilfe. Ich poste die Logfile sobald Combofix fertig ist! So hier nun der Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-10.01 - Sarah 10.07.2012 12:34:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2695 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-10 bis 2012-07-10 ))))))))))))))))))))))))))))))
.
.
2012-07-10 09:37 . 2012-07-10 09:37 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-07-10 09:36 . 2012-07-10 09:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-10 09:36 . 2012-07-10 09:36 -------- d-----w- c:\programdata\Malwarebytes
2012-07-10 09:36 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 17:37 . 2012-07-04 17:37 16386 ----a-w- c:\windows\SysWow64\sigas207.dll
2012-07-04 17:37 . 2012-07-04 17:37 -------- d-----w- c:\users\Sarah\AppData\Roaming\Sigel
2012-07-04 17:37 . 2003-06-25 09:17 374272 ----a-w- c:\windows\SysWow64\Dav3_32.dll
2012-07-04 17:37 . 2003-06-24 11:35 143360 ----a-w- c:\windows\SysWow64\leon3_32.dll
2012-07-04 17:37 . 2012-07-04 17:37 -------- d-----w- c:\program files (x86)\Sigel
2012-06-24 14:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 14:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 14:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 14:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 14:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 14:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 14:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 14:57 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 14:57 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 19:30 . 2012-06-23 19:30 -------- d-----w- c:\users\Sarah\AppData\Local\Macromedia
2012-06-21 10:35 . 2012-06-21 10:35 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 10:35 . 2012-06-21 10:35 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 05:29 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 05:29 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 05:29 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 05:29 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 05:29 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 05:29 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:43 . 2012-05-24 11:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:43 . 2011-07-13 05:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Update 3400C"="c:\sj652\hpupdate.exe" [2002-02-01 32768]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-26 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-09-01 247760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-14 0]
Dropbox.lnk - c:\users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Pampers Pregnancy Widget.lnk - c:\users\Sarah\AppData\Local\Temp\Temp1_PGPregnancyWidget_Win_de_DE.zip\PampersPregnancyWidget.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-13 1200144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [2007-05-03 244736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-09-01 337872]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 236544]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=119998&babsrc=HP_ss&mntrId=781ddecc00000000000090e6ba46ac56
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\wqta5u4n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=119998&babsrc=adbartrp&mntrId=781ddecc00000000000090e6ba46ac56&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119998
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 781ddecc00000000000090e6ba46ac56
FF - user.js: extensions.BabylonToolbar_i.hardId - 781ddecc00000000000090e6ba46ac56
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15398
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Dungeon Keeper II - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-10 12:48:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-10 10:48
.
Vor Suchlauf: 11 Verzeichnis(se), 384.193.937.408 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 384.121.044.992 Bytes frei
.
- - End Of File - - 19E5EF89D9BC7B90F6310AE993D11D07
|
|
12.07.2012, 17:56
| #4 |
| /// Malware-holic | WEB.DE wird permanent innerhalb weniger Minuten gehackt hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.07.2012, 13:16
| #5 |
| | WEB.DE wird permanent innerhalb weniger Minuten gehackt Hallo, hier der Log: Code:
ATTFilter 14:10:41.0836 1380 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:10:42.0846 1380 ============================================================
14:10:42.0846 1380 Current date / time: 2012/07/13 14:10:42.0846
14:10:42.0846 1380 SystemInfo:
14:10:42.0846 1380
14:10:42.0846 1380 OS Version: 6.1.7601 ServicePack: 1.0
14:10:42.0846 1380 Product type: Workstation
14:10:42.0847 1380 ComputerName: SARAH-PC
14:10:42.0847 1380 UserName: Sarah
14:10:42.0847 1380 Windows directory: C:\Windows
14:10:42.0847 1380 System windows directory: C:\Windows
14:10:42.0847 1380 Running under WOW64
14:10:42.0847 1380 Processor architecture: Intel x64
14:10:42.0847 1380 Number of processors: 2
14:10:42.0847 1380 Page size: 0x1000
14:10:42.0847 1380 Boot type: Normal boot
14:10:42.0847 1380 ============================================================
14:10:44.0180 1380 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:10:44.0305 1380 ============================================================
14:10:44.0305 1380 \Device\Harddisk0\DR0:
14:10:44.0305 1380 MBR partitions:
14:10:44.0305 1380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:10:44.0305 1380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:10:44.0305 1380 ============================================================
14:10:44.0338 1380 C: <-> \Device\Harddisk0\DR0\Partition1
14:10:44.0338 1380 ============================================================
14:10:44.0338 1380 Initialize success
14:10:44.0338 1380 ============================================================
14:11:16.0403 2124 ============================================================
14:11:16.0403 2124 Scan started
14:11:16.0403 2124 Mode: Manual; SigCheck; TDLFS;
14:11:16.0403 2124 ============================================================
14:11:17.0021 2124 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:11:17.0136 2124 1394ohci - ok
14:11:17.0190 2124 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:11:17.0206 2124 ACPI - ok
14:11:17.0237 2124 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:11:17.0291 2124 AcpiPmi - ok
14:11:17.0425 2124 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:17.0436 2124 AdobeFlashPlayerUpdateSvc - ok
14:11:17.0510 2124 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:11:17.0530 2124 adp94xx - ok
14:11:17.0562 2124 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:11:17.0579 2124 adpahci - ok
14:11:17.0605 2124 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:11:17.0619 2124 adpu320 - ok
14:11:17.0648 2124 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:11:17.0766 2124 AeLookupSvc - ok
14:11:17.0880 2124 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:11:17.0937 2124 AFD - ok
14:11:17.0974 2124 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:11:17.0986 2124 agp440 - ok
14:11:18.0013 2124 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:11:18.0080 2124 ALG - ok
14:11:18.0102 2124 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:11:18.0114 2124 aliide - ok
14:11:18.0130 2124 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:11:18.0141 2124 amdide - ok
14:11:18.0168 2124 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:11:18.0238 2124 AmdK8 - ok
14:11:18.0258 2124 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:11:18.0304 2124 AmdPPM - ok
14:11:18.0338 2124 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:11:18.0351 2124 amdsata - ok
14:11:18.0370 2124 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:11:18.0384 2124 amdsbs - ok
14:11:18.0396 2124 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:11:18.0407 2124 amdxata - ok
14:11:18.0452 2124 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:11:18.0578 2124 AppID - ok
14:11:18.0602 2124 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:11:18.0655 2124 AppIDSvc - ok
14:11:18.0712 2124 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:11:18.0764 2124 Appinfo - ok
14:11:18.0904 2124 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:11:18.0914 2124 Apple Mobile Device - ok
14:11:18.0964 2124 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:11:18.0977 2124 arc - ok
14:11:18.0996 2124 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:11:19.0008 2124 arcsas - ok
14:11:19.0038 2124 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:19.0096 2124 AsyncMac - ok
14:11:19.0134 2124 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:11:19.0144 2124 atapi - ok
14:11:19.0215 2124 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:19.0281 2124 AudioEndpointBuilder - ok
14:11:19.0288 2124 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:19.0323 2124 AudioSrv - ok
14:11:19.0377 2124 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:11:19.0440 2124 AxInstSV - ok
14:11:19.0500 2124 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:11:19.0572 2124 b06bdrv - ok
14:11:19.0623 2124 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:11:19.0679 2124 b57nd60a - ok
14:11:19.0717 2124 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:11:19.0766 2124 BDESVC - ok
14:11:19.0776 2124 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:11:19.0834 2124 Beep - ok
14:11:19.0913 2124 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:11:19.0961 2124 BFE - ok
14:11:20.0182 2124 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
14:11:20.0223 2124 BHDrvx64 - ok
14:11:20.0343 2124 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:11:20.0410 2124 BITS - ok
14:11:20.0461 2124 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:11:20.0485 2124 blbdrive - ok
14:11:20.0615 2124 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:11:20.0629 2124 Bonjour Service - ok
14:11:20.0669 2124 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:11:20.0721 2124 bowser - ok
14:11:20.0742 2124 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:11:20.0832 2124 BrFiltLo - ok
14:11:20.0843 2124 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:11:20.0857 2124 BrFiltUp - ok
14:11:20.0898 2124 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:11:20.0942 2124 BridgeMP - ok
14:11:20.0985 2124 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:11:21.0016 2124 Browser - ok
14:11:21.0117 2124 Browser Defender Update Service (c6b40dbc558a6cec5832c34a1854aa2a) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
14:11:21.0130 2124 Browser Defender Update Service - ok
14:11:21.0159 2124 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:11:21.0232 2124 Brserid - ok
14:11:21.0251 2124 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:11:21.0284 2124 BrSerWdm - ok
14:11:21.0305 2124 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:11:21.0345 2124 BrUsbMdm - ok
14:11:21.0367 2124 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:11:21.0398 2124 BrUsbSer - ok
14:11:21.0420 2124 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:11:21.0453 2124 BTHMODEM - ok
14:11:21.0552 2124 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:11:21.0630 2124 BTHPORT - ok
14:11:21.0656 2124 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:11:21.0702 2124 bthserv - ok
14:11:21.0728 2124 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:11:21.0756 2124 BTHUSB - ok
14:11:21.0783 2124 catchme - ok
14:11:21.0830 2124 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:11:21.0876 2124 cdfs - ok
14:11:21.0939 2124 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:11:21.0953 2124 cdrom - ok
14:11:21.0998 2124 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:22.0047 2124 CertPropSvc - ok
14:11:22.0078 2124 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:11:22.0092 2124 circlass - ok
14:11:22.0132 2124 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:11:22.0148 2124 CLFS - ok
14:11:22.0205 2124 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:22.0217 2124 clr_optimization_v2.0.50727_32 - ok
14:11:22.0255 2124 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:11:22.0266 2124 clr_optimization_v2.0.50727_64 - ok
14:11:22.0336 2124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:22.0348 2124 clr_optimization_v4.0.30319_32 - ok
14:11:22.0391 2124 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:11:22.0402 2124 clr_optimization_v4.0.30319_64 - ok
14:11:22.0435 2124 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:22.0466 2124 CmBatt - ok
14:11:22.0512 2124 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:11:22.0524 2124 cmdide - ok
14:11:22.0577 2124 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:11:22.0601 2124 CNG - ok
14:11:22.0620 2124 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:11:22.0632 2124 Compbatt - ok
14:11:22.0665 2124 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:11:22.0703 2124 CompositeBus - ok
14:11:22.0725 2124 COMSysApp - ok
14:11:22.0746 2124 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:11:22.0757 2124 crcdisk - ok
14:11:22.0802 2124 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:11:22.0850 2124 CryptSvc - ok
14:11:22.0929 2124 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:22.0983 2124 DcomLaunch - ok
14:11:23.0036 2124 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:11:23.0084 2124 defragsvc - ok
14:11:23.0284 2124 DevoloNetworkService (d2600494c45b98adfdae290205ad7cd3) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
14:11:23.0327 2124 DevoloNetworkService - ok
14:11:23.0458 2124 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:11:23.0509 2124 DfsC - ok
14:11:23.0597 2124 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:11:23.0650 2124 Dhcp - ok
14:11:23.0680 2124 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:11:23.0730 2124 discache - ok
14:11:23.0772 2124 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:11:23.0784 2124 Disk - ok
14:11:23.0824 2124 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:11:23.0890 2124 Dnscache - ok
14:11:23.0928 2124 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:11:23.0978 2124 dot3svc - ok
14:11:24.0019 2124 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:11:24.0066 2124 DPS - ok
14:11:24.0099 2124 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:11:24.0130 2124 drmkaud - ok
14:11:24.0203 2124 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:11:24.0230 2124 DXGKrnl - ok
14:11:24.0262 2124 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:11:24.0311 2124 EapHost - ok
14:11:24.0491 2124 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:11:24.0568 2124 ebdrv - ok
14:11:24.0694 2124 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:11:24.0710 2124 eeCtrl - ok
14:11:24.0815 2124 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:11:24.0866 2124 EFS - ok
14:11:24.0956 2124 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:11:24.0992 2124 ehRecvr - ok
14:11:25.0022 2124 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:11:25.0075 2124 ehSched - ok
14:11:25.0167 2124 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:11:25.0187 2124 elxstor - ok
14:11:25.0277 2124 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:11:25.0288 2124 EraserUtilRebootDrv - ok
14:11:25.0321 2124 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:11:25.0357 2124 ErrDev - ok
14:11:25.0426 2124 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:11:25.0460 2124 EventSystem - ok
14:11:25.0503 2124 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:11:25.0550 2124 exfat - ok
14:11:25.0586 2124 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:11:25.0638 2124 fastfat - ok
14:11:25.0721 2124 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:11:25.0782 2124 Fax - ok
14:11:25.0915 2124 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:11:25.0936 2124 fdc - ok
14:11:26.0092 2124 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:11:26.0141 2124 fdPHost - ok
14:11:26.0159 2124 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:11:26.0211 2124 FDResPub - ok
14:11:26.0236 2124 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:11:26.0247 2124 FileInfo - ok
14:11:26.0260 2124 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:11:26.0310 2124 Filetrace - ok
14:11:26.0315 2124 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:26.0357 2124 flpydisk - ok
14:11:26.0417 2124 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:11:26.0432 2124 FltMgr - ok
14:11:26.0510 2124 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:11:26.0588 2124 FontCache - ok
14:11:26.0679 2124 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:11:26.0689 2124 FontCache3.0.0.0 - ok
14:11:26.0743 2124 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:11:26.0755 2124 FsDepends - ok
14:11:26.0780 2124 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:11:26.0791 2124 Fs_Rec - ok
14:11:26.0849 2124 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:11:26.0866 2124 fvevol - ok
14:11:26.0891 2124 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:11:26.0905 2124 gagp30kx - ok
14:11:26.0953 2124 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:11:26.0964 2124 GEARAspiWDM - ok
14:11:27.0032 2124 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:11:27.0084 2124 gpsvc - ok
14:11:27.0218 2124 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:11:27.0230 2124 gusvc - ok
14:11:27.0252 2124 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:11:27.0296 2124 hcw85cir - ok
14:11:27.0361 2124 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:11:27.0402 2124 HdAudAddService - ok
14:11:27.0444 2124 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:11:27.0480 2124 HDAudBus - ok
14:11:27.0497 2124 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:11:27.0530 2124 HidBatt - ok
14:11:27.0569 2124 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:11:27.0603 2124 HidBth - ok
14:11:27.0628 2124 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:11:27.0676 2124 HidIr - ok
14:11:27.0709 2124 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:11:27.0757 2124 hidserv - ok
14:11:27.0809 2124 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:11:27.0821 2124 HidUsb - ok
14:11:27.0854 2124 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:11:27.0909 2124 hkmsvc - ok
14:11:27.0956 2124 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:11:28.0018 2124 HomeGroupListener - ok
14:11:28.0052 2124 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:11:28.0086 2124 HomeGroupProvider - ok
14:11:28.0136 2124 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:11:28.0148 2124 HpSAMD - ok
14:11:28.0217 2124 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:11:28.0275 2124 HTTP - ok
14:11:28.0302 2124 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:11:28.0313 2124 hwpolicy - ok
14:11:28.0331 2124 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:11:28.0344 2124 i8042prt - ok
14:11:28.0375 2124 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:11:28.0393 2124 iaStorV - ok
14:11:28.0466 2124 ICQ Service (848edebb3c1d6fec50e09eda95c21e84) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
14:11:28.0477 2124 ICQ Service - ok
14:11:28.0624 2124 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:11:28.0648 2124 idsvc - ok
14:11:28.0821 2124 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120712.001\IDSvia64.sys
14:11:28.0837 2124 IDSVia64 - ok
14:11:28.0946 2124 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:11:28.0958 2124 iirsp - ok
14:11:29.0029 2124 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:11:29.0088 2124 IKEEXT - ok
14:11:29.0127 2124 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:11:29.0138 2124 intelide - ok
14:11:29.0164 2124 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:11:29.0192 2124 intelppm - ok
14:11:29.0232 2124 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:11:29.0281 2124 IPBusEnum - ok
14:11:29.0320 2124 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:29.0373 2124 IpFilterDriver - ok
14:11:29.0429 2124 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:11:29.0485 2124 iphlpsvc - ok
14:11:29.0512 2124 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:11:29.0526 2124 IPMIDRV - ok
14:11:29.0579 2124 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:11:29.0627 2124 IPNAT - ok
14:11:29.0779 2124 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:11:29.0798 2124 iPod Service - ok
14:11:29.0825 2124 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:11:29.0896 2124 IRENUM - ok
14:11:29.0921 2124 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:11:29.0933 2124 isapnp - ok
14:11:29.0976 2124 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:11:29.0991 2124 iScsiPrt - ok
14:11:30.0014 2124 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:30.0026 2124 kbdclass - ok
14:11:30.0050 2124 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:30.0078 2124 kbdhid - ok
14:11:30.0111 2124 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:30.0123 2124 KeyIso - ok
14:11:30.0154 2124 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:11:30.0166 2124 KSecDD - ok
14:11:30.0199 2124 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:11:30.0213 2124 KSecPkg - ok
14:11:30.0232 2124 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:11:30.0282 2124 ksthunk - ok
14:11:30.0329 2124 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:11:30.0386 2124 KtmRm - ok
14:11:30.0420 2124 L8042Kbd (3fb80db5ec01b6153572d27438fbea20) C:\Windows\system32\DRIVERS\L8042Kbd.sys
14:11:30.0430 2124 L8042Kbd - ok
14:11:30.0476 2124 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:11:30.0529 2124 LanmanServer - ok
14:11:30.0572 2124 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:11:30.0618 2124 LanmanWorkstation - ok
14:11:30.0697 2124 LBTServ (3f98db70009e420c332f48891de39fba) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
14:11:30.0708 2124 LBTServ - ok
14:11:30.0730 2124 LHidFilt (b45686101f9473b52d7a501c544dda5d) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:11:30.0739 2124 LHidFilt - ok
14:11:30.0792 2124 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:11:30.0846 2124 lltdio - ok
14:11:30.0892 2124 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:11:30.0941 2124 lltdsvc - ok
14:11:30.0963 2124 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:11:30.0993 2124 lmhosts - ok
14:11:30.0998 2124 LMouFilt (9980bb086248ca45772eff2559aa62d3) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:11:31.0008 2124 LMouFilt - ok
14:11:31.0035 2124 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:11:31.0047 2124 LSI_FC - ok
14:11:31.0072 2124 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:11:31.0084 2124 LSI_SAS - ok
14:11:31.0217 2124 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:11:31.0228 2124 LSI_SAS2 - ok
14:11:31.0251 2124 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:11:31.0264 2124 LSI_SCSI - ok
14:11:31.0283 2124 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:11:31.0330 2124 luafv - ok
14:11:31.0366 2124 LUsbFilt (a1eb1db073972c7ce252daa3456bbbe7) C:\Windows\system32\Drivers\LUsbFilt.Sys
14:11:31.0375 2124 LUsbFilt - ok
14:11:31.0441 2124 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:11:31.0451 2124 MBAMProtector - ok
14:11:31.0594 2124 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:11:31.0610 2124 MBAMService - ok
14:11:31.0639 2124 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:11:31.0670 2124 Mcx2Svc - ok
14:11:31.0694 2124 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:11:31.0705 2124 megasas - ok
14:11:31.0735 2124 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:11:31.0751 2124 MegaSR - ok
14:11:31.0789 2124 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:31.0837 2124 MMCSS - ok
14:11:31.0855 2124 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:11:31.0903 2124 Modem - ok
14:11:31.0960 2124 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:11:31.0994 2124 monitor - ok
14:11:32.0049 2124 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:11:32.0061 2124 mouclass - ok
14:11:32.0080 2124 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:11:32.0109 2124 mouhid - ok
14:11:32.0154 2124 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:11:32.0166 2124 mountmgr - ok
14:11:32.0245 2124 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:11:32.0256 2124 MozillaMaintenance - ok
14:11:32.0277 2124 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:11:32.0291 2124 mpio - ok
14:11:32.0305 2124 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:11:32.0351 2124 mpsdrv - ok
14:11:32.0417 2124 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:11:32.0478 2124 MpsSvc - ok
14:11:32.0537 2124 MRV6X64P (bb56a50c1b9b352b3fc52a0e2931572a) C:\Windows\system32\DRIVERS\MRVW13C.sys
14:11:32.0591 2124 MRV6X64P - ok
14:11:32.0652 2124 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:11:32.0682 2124 MRxDAV - ok
14:11:32.0715 2124 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:32.0763 2124 mrxsmb - ok
14:11:32.0813 2124 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:32.0840 2124 mrxsmb10 - ok
14:11:32.0891 2124 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:32.0903 2124 mrxsmb20 - ok
14:11:32.0929 2124 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:11:32.0939 2124 msahci - ok
14:11:32.0980 2124 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:11:32.0994 2124 msdsm - ok
14:11:33.0018 2124 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:11:33.0033 2124 MSDTC - ok
14:11:33.0061 2124 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:11:33.0091 2124 Msfs - ok
14:11:33.0116 2124 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:11:33.0159 2124 mshidkmdf - ok
14:11:33.0184 2124 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:11:33.0195 2124 msisadrv - ok
14:11:33.0225 2124 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:11:33.0257 2124 MSiSCSI - ok
14:11:33.0260 2124 msiserver - ok
14:11:33.0278 2124 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:11:33.0329 2124 MSKSSRV - ok
14:11:33.0355 2124 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:33.0402 2124 MSPCLOCK - ok
14:11:33.0416 2124 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:11:33.0466 2124 MSPQM - ok
14:11:33.0510 2124 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:11:33.0527 2124 MsRPC - ok
14:11:33.0553 2124 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:11:33.0564 2124 mssmbios - ok
14:11:33.0575 2124 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:11:33.0617 2124 MSTEE - ok
14:11:33.0637 2124 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:11:33.0649 2124 MTConfig - ok
14:11:33.0690 2124 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
14:11:33.0738 2124 MTsensor - ok
14:11:33.0750 2124 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:11:33.0762 2124 Mup - ok
14:11:33.0898 2124 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
14:11:33.0908 2124 N360 - ok
14:11:33.0953 2124 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:11:34.0005 2124 napagent - ok
14:11:34.0110 2124 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:11:34.0145 2124 NativeWifiP - ok
14:11:34.0280 2124 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120712.034\ENG64.SYS
14:11:34.0289 2124 NAVENG - ok
14:11:34.0413 2124 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120712.034\EX64.SYS
14:11:34.0447 2124 NAVEX15 - ok
14:11:34.0661 2124 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:11:34.0688 2124 NDIS - ok
14:11:34.0714 2124 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:11:34.0760 2124 NdisCap - ok
14:11:34.0792 2124 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:34.0842 2124 NdisTapi - ok
14:11:34.0879 2124 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:34.0923 2124 Ndisuio - ok
14:11:34.0957 2124 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:35.0010 2124 NdisWan - ok
14:11:35.0028 2124 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:11:35.0078 2124 NDProxy - ok
14:11:35.0226 2124 Nero BackItUp Scheduler 4.0 (27fe4b70c12a2c67a58d799b9a4e8d81) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:11:35.0249 2124 Nero BackItUp Scheduler 4.0 - ok
14:11:35.0278 2124 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:11:35.0331 2124 NetBIOS - ok
14:11:35.0374 2124 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:11:35.0405 2124 NetBT - ok
14:11:35.0433 2124 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:35.0445 2124 Netlogon - ok
14:11:35.0487 2124 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:11:35.0540 2124 Netman - ok
14:11:35.0596 2124 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:11:35.0657 2124 netprofm - ok
14:11:35.0759 2124 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:11:35.0770 2124 NetTcpPortSharing - ok
14:11:35.0815 2124 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:11:35.0826 2124 nfrd960 - ok
14:11:35.0882 2124 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:11:35.0930 2124 NlaSvc - ok
14:11:35.0951 2124 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:11:35.0980 2124 Npfs - ok
14:11:36.0124 2124 NPF_devolo (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
14:11:36.0133 2124 NPF_devolo - ok
14:11:36.0153 2124 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:11:36.0207 2124 nsi - ok
14:11:36.0251 2124 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:11:36.0320 2124 nsiproxy - ok
14:11:36.0423 2124 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:11:36.0461 2124 Ntfs - ok
14:11:36.0592 2124 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:11:36.0622 2124 Null - ok
14:11:37.0165 2124 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:11:37.0388 2124 nvlddmkm - ok
14:11:37.0531 2124 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:11:37.0545 2124 nvraid - ok
14:11:37.0571 2124 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:11:37.0586 2124 nvstor - ok
14:11:37.0623 2124 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:11:37.0636 2124 nv_agp - ok
14:11:37.0739 2124 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:11:37.0755 2124 odserv - ok
14:11:37.0783 2124 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:11:37.0813 2124 ohci1394 - ok
14:11:37.0853 2124 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:37.0864 2124 ose - ok
14:11:37.0903 2124 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:37.0958 2124 p2pimsvc - ok
14:11:37.0998 2124 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:11:38.0015 2124 p2psvc - ok
14:11:38.0035 2124 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:11:38.0048 2124 Parport - ok
14:11:38.0081 2124 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:11:38.0092 2124 partmgr - ok
14:11:38.0117 2124 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:11:38.0157 2124 PcaSvc - ok
14:11:38.0209 2124 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:11:38.0222 2124 pci - ok
14:11:38.0235 2124 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:11:38.0246 2124 pciide - ok
14:11:38.0272 2124 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:11:38.0286 2124 pcmcia - ok
14:11:38.0304 2124 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:11:38.0316 2124 pcw - ok
14:11:38.0363 2124 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:11:38.0422 2124 PEAUTH - ok
14:11:38.0495 2124 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:11:38.0530 2124 PerfHost - ok
14:11:38.0630 2124 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:11:38.0695 2124 pla - ok
14:11:38.0768 2124 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:11:38.0795 2124 PlugPlay - ok
14:11:38.0820 2124 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:11:38.0849 2124 PNRPAutoReg - ok
14:11:38.0888 2124 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:38.0902 2124 PNRPsvc - ok
14:11:38.0957 2124 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:11:39.0016 2124 PolicyAgent - ok
14:11:39.0060 2124 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:11:39.0108 2124 Power - ok
14:11:39.0186 2124 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:11:39.0234 2124 PptpMiniport - ok
14:11:39.0263 2124 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:11:39.0293 2124 Processor - ok
14:11:39.0357 2124 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:11:39.0404 2124 ProfSvc - ok
14:11:39.0425 2124 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:39.0437 2124 ProtectedStorage - ok
14:11:39.0482 2124 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:11:39.0529 2124 Psched - ok
14:11:39.0620 2124 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:11:39.0656 2124 ql2300 - ok
14:11:39.0764 2124 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:11:39.0777 2124 ql40xx - ok
14:11:39.0805 2124 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:11:39.0823 2124 QWAVE - ok
14:11:39.0846 2124 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:11:39.0883 2124 QWAVEdrv - ok
14:11:39.0905 2124 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:11:39.0958 2124 RasAcd - ok
14:11:40.0002 2124 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:11:40.0032 2124 RasAgileVpn - ok
14:11:40.0054 2124 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:11:40.0085 2124 RasAuto - ok
14:11:40.0119 2124 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:40.0166 2124 Rasl2tp - ok
14:11:40.0201 2124 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:11:40.0250 2124 RasMan - ok
14:11:40.0278 2124 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:40.0331 2124 RasPppoe - ok
14:11:40.0361 2124 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:11:40.0406 2124 RasSstp - ok
14:11:40.0457 2124 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:11:40.0489 2124 rdbss - ok
14:11:40.0503 2124 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:11:40.0539 2124 rdpbus - ok
14:11:40.0566 2124 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:40.0596 2124 RDPCDD - ok
14:11:40.0614 2124 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:11:40.0667 2124 RDPENCDD - ok
14:11:40.0687 2124 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:11:40.0718 2124 RDPREFMP - ok
14:11:40.0755 2124 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:11:40.0803 2124 RDPWD - ok
14:11:40.0852 2124 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:11:40.0866 2124 rdyboost - ok
14:11:40.0889 2124 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:11:40.0937 2124 RemoteAccess - ok
14:11:40.0978 2124 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:11:41.0032 2124 RemoteRegistry - ok
14:11:41.0065 2124 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:11:41.0110 2124 RpcEptMapper - ok
14:11:41.0138 2124 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:11:41.0181 2124 RpcLocator - ok
14:11:41.0245 2124 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:41.0278 2124 RpcSs - ok
14:11:41.0319 2124 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:11:41.0377 2124 rspndr - ok
14:11:41.0405 2124 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:41.0416 2124 SamSs - ok
14:11:41.0477 2124 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:11:41.0489 2124 sbp2port - ok
14:11:41.0524 2124 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:11:41.0576 2124 SCardSvr - ok
14:11:41.0603 2124 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:11:41.0645 2124 scfilter - ok
14:11:41.0726 2124 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:11:41.0793 2124 Schedule - ok
14:11:41.0836 2124 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:41.0864 2124 SCPolicySvc - ok
14:11:41.0909 2124 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:11:41.0956 2124 SDRSVC - ok
14:11:42.0021 2124 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:11:42.0066 2124 secdrv - ok
14:11:42.0083 2124 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:11:42.0132 2124 seclogon - ok
14:11:42.0226 2124 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:11:42.0276 2124 SENS - ok
14:11:42.0300 2124 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:11:42.0329 2124 SensrSvc - ok
14:11:42.0345 2124 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:11:42.0357 2124 Serenum - ok
14:11:42.0377 2124 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:11:42.0403 2124 Serial - ok
14:11:42.0429 2124 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:11:42.0441 2124 sermouse - ok
14:11:42.0484 2124 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:11:42.0534 2124 SessionEnv - ok
14:11:42.0574 2124 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:11:42.0603 2124 sffdisk - ok
14:11:42.0608 2124 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:11:42.0648 2124 sffp_mmc - ok
14:11:42.0652 2124 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:11:42.0687 2124 sffp_sd - ok
14:11:42.0714 2124 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:11:42.0748 2124 sfloppy - ok
14:11:42.0805 2124 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:11:42.0860 2124 SharedAccess - ok
14:11:42.0898 2124 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:11:42.0931 2124 ShellHWDetection - ok
14:11:42.0956 2124 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:11:42.0967 2124 SiSRaid2 - ok
14:11:42.0991 2124 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:11:43.0003 2124 SiSRaid4 - ok
14:11:43.0026 2124 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:11:43.0057 2124 Smb - ok
14:11:43.0098 2124 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:11:43.0135 2124 SNMPTRAP - ok
14:11:43.0166 2124 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:11:43.0177 2124 spldr - ok
14:11:43.0215 2124 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:11:43.0250 2124 Spooler - ok
14:11:43.0436 2124 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:11:43.0525 2124 sppsvc - ok
14:11:43.0618 2124 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:11:43.0649 2124 sppuinotify - ok
14:11:43.0770 2124 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
14:11:43.0790 2124 SRTSP - ok
14:11:43.0817 2124 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
14:11:43.0826 2124 SRTSPX - ok
14:11:43.0879 2124 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:11:43.0932 2124 srv - ok
14:11:43.0963 2124 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:11:43.0999 2124 srv2 - ok
14:11:44.0027 2124 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:11:44.0060 2124 srvnet - ok
14:11:44.0107 2124 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:11:44.0155 2124 SSDPSRV - ok
14:11:44.0179 2124 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:11:44.0211 2124 SstpSvc - ok
14:11:44.0235 2124 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:11:44.0247 2124 stexstor - ok
14:11:44.0304 2124 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:11:44.0349 2124 stisvc - ok
14:11:44.0383 2124 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:11:44.0394 2124 swenum - ok
14:11:44.0429 2124 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:11:44.0478 2124 swprv - ok
14:11:44.0570 2124 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
14:11:44.0586 2124 SymDS - ok
14:11:44.0673 2124 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
14:11:44.0697 2124 SymEFA - ok
14:11:44.0727 2124 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:11:44.0738 2124 SymEvent - ok
14:11:44.0790 2124 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
14:11:44.0802 2124 SymIRON - ok
14:11:44.0834 2124 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
14:11:44.0850 2124 SymNetS - ok
14:11:44.0957 2124 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:11:44.0996 2124 SysMain - ok
14:11:45.0098 2124 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:11:45.0132 2124 TabletInputService - ok
14:11:45.0174 2124 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:11:45.0229 2124 TapiSrv - ok
14:11:45.0263 2124 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:11:45.0317 2124 TBS - ok
14:11:45.0482 2124 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:11:45.0524 2124 Tcpip - ok
14:11:45.0679 2124 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:11:45.0712 2124 TCPIP6 - ok
14:11:45.0779 2124 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:11:45.0821 2124 tcpipreg - ok
14:11:45.0866 2124 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:11:45.0896 2124 TDPIPE - ok
14:11:45.0929 2124 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:11:45.0959 2124 TDTCP - ok
14:11:46.0029 2124 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:11:46.0081 2124 tdx - ok
14:11:46.0120 2124 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:11:46.0132 2124 TermDD - ok
14:11:46.0189 2124 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:11:46.0243 2124 TermService - ok
14:11:46.0274 2124 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:11:46.0306 2124 Themes - ok
14:11:46.0352 2124 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:46.0382 2124 THREADORDER - ok
14:11:46.0459 2124 TOSHIBA Bluetooth Service - ok
14:11:46.0506 2124 Tosrfbd (9d0c8bf8d22268503030a333f1bfef4f) C:\Windows\system32\DRIVERS\tosrfbd.sys
14:11:46.0531 2124 Tosrfbd - ok
14:11:46.0534 2124 Tosrfcom - ok
14:11:46.0565 2124 Tosrfhid (33c90b98b74d01d179e1963a5bf5edf9) C:\Windows\system32\DRIVERS\Tosrfhid.sys
14:11:46.0600 2124 Tosrfhid - ok
14:11:46.0620 2124 Tosrfusb (3b2cec108c442e62ce6a4609b3d7e87f) C:\Windows\system32\DRIVERS\tosrfusb.sys
14:11:46.0647 2124 Tosrfusb - ok
14:11:46.0659 2124 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:11:46.0713 2124 TrkWks - ok
14:11:46.0790 2124 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:11:46.0831 2124 TrustedInstaller - ok
14:11:46.0861 2124 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:46.0890 2124 tssecsrv - ok
14:11:46.0934 2124 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:11:46.0983 2124 TsUsbFlt - ok
14:11:47.0022 2124 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:11:47.0071 2124 tunnel - ok
14:11:47.0105 2124 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:11:47.0117 2124 uagp35 - ok
14:11:47.0164 2124 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:11:47.0211 2124 udfs - ok
14:11:47.0244 2124 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:11:47.0280 2124 UI0Detect - ok
14:11:47.0331 2124 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:11:47.0343 2124 uliagpkx - ok
14:11:47.0366 2124 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:11:47.0393 2124 umbus - ok
14:11:47.0417 2124 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:11:47.0429 2124 UmPass - ok
14:11:47.0455 2124 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:11:47.0490 2124 upnphost - ok
14:11:47.0528 2124 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:11:47.0550 2124 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
14:11:47.0550 2124 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
14:11:47.0578 2124 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:47.0618 2124 usbccgp - ok
14:11:47.0660 2124 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:11:47.0675 2124 usbcir - ok
14:11:47.0681 2124 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:11:47.0710 2124 usbehci - ok
14:11:47.0760 2124 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:11:47.0797 2124 usbhub - ok
14:11:47.0827 2124 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:11:47.0909 2124 usbohci - ok
14:11:48.0065 2124 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:11:48.0101 2124 usbprint - ok
14:11:48.0128 2124 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:48.0174 2124 USBSTOR - ok
14:11:48.0196 2124 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:48.0225 2124 usbuhci - ok
14:11:48.0264 2124 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:11:48.0313 2124 UxSms - ok
14:11:48.0339 2124 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:48.0351 2124 VaultSvc - ok
14:11:48.0370 2124 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:11:48.0381 2124 vdrvroot - ok
14:11:48.0457 2124 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:11:48.0515 2124 vds - ok
14:11:48.0559 2124 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:48.0573 2124 vga - ok
14:11:48.0586 2124 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:11:48.0632 2124 VgaSave - ok
14:11:48.0672 2124 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:11:48.0686 2124 vhdmp - ok
14:11:48.0707 2124 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:11:48.0719 2124 viaide - ok
14:11:48.0735 2124 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:11:48.0746 2124 volmgr - ok
14:11:48.0791 2124 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:11:48.0807 2124 volmgrx - ok
14:11:48.0838 2124 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:11:48.0853 2124 volsnap - ok
14:11:48.0892 2124 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:11:48.0906 2124 vsmraid - ok
14:11:49.0015 2124 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:11:49.0080 2124 VSS - ok
14:11:49.0192 2124 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:11:49.0224 2124 vwifibus - ok
14:11:49.0300 2124 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:11:49.0335 2124 W32Time - ok
14:11:49.0358 2124 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:11:49.0393 2124 WacomPen - ok
14:11:49.0455 2124 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:49.0499 2124 WANARP - ok
14:11:49.0502 2124 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:49.0531 2124 Wanarpv6 - ok
14:11:49.0625 2124 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:11:49.0669 2124 wbengine - ok
14:11:49.0769 2124 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:11:49.0787 2124 WbioSrvc - ok
14:11:49.0832 2124 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:11:49.0871 2124 wcncsvc - ok
14:11:49.0897 2124 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:11:49.0926 2124 WcsPlugInService - ok
14:11:49.0983 2124 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:11:49.0995 2124 Wd - ok
14:11:50.0035 2124 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:11:50.0056 2124 Wdf01000 - ok
14:11:50.0074 2124 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:50.0148 2124 WdiServiceHost - ok
14:11:50.0151 2124 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:50.0168 2124 WdiSystemHost - ok
14:11:50.0256 2124 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:11:50.0289 2124 WebClient - ok
14:11:50.0331 2124 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:11:50.0386 2124 Wecsvc - ok
14:11:50.0408 2124 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:11:50.0439 2124 wercplsupport - ok
14:11:50.0473 2124 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:11:50.0519 2124 WerSvc - ok
14:11:50.0583 2124 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:11:50.0612 2124 WfpLwf - ok
14:11:50.0626 2124 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:11:50.0637 2124 WIMMount - ok
14:11:50.0677 2124 WinDefend - ok
14:11:50.0682 2124 WinHttpAutoProxySvc - ok
14:11:50.0734 2124 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:11:50.0766 2124 Winmgmt - ok
14:11:50.0892 2124 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:11:50.0947 2124 WinRM - ok
14:11:51.0068 2124 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:11:51.0102 2124 WinUsb - ok
14:11:51.0163 2124 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:11:51.0209 2124 Wlansvc - ok
14:11:51.0245 2124 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:11:51.0257 2124 WmiAcpi - ok
14:11:51.0313 2124 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:11:51.0343 2124 wmiApSrv - ok
14:11:51.0409 2124 WMPNetworkSvc - ok
14:11:51.0425 2124 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:11:51.0446 2124 WPCSvc - ok
14:11:51.0476 2124 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:11:51.0492 2124 WPDBusEnum - ok
14:11:51.0515 2124 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:11:51.0559 2124 ws2ifsl - ok
14:11:51.0594 2124 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:11:51.0631 2124 wscsvc - ok
14:11:51.0683 2124 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:11:51.0711 2124 WSDPrintDevice - ok
14:11:51.0734 2124 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
14:11:51.0748 2124 WSDScan - ok
14:11:51.0751 2124 WSearch - ok
14:11:51.0899 2124 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:11:51.0950 2124 wuauserv - ok
14:11:52.0067 2124 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:11:52.0110 2124 WudfPf - ok
14:11:52.0149 2124 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:52.0193 2124 WUDFRd - ok
14:11:52.0230 2124 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:11:52.0260 2124 wudfsvc - ok
14:11:52.0291 2124 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:11:52.0326 2124 WwanSvc - ok
14:11:52.0381 2124 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:11:52.0411 2124 yukonw7 - ok
14:11:52.0451 2124 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:11:52.0686 2124 \Device\Harddisk0\DR0 - ok
14:11:52.0689 2124 Boot (0x1200) (f3c53ea8ee235cce253497991f690076) \Device\Harddisk0\DR0\Partition0
14:11:52.0690 2124 \Device\Harddisk0\DR0\Partition0 - ok
14:11:52.0722 2124 Boot (0x1200) (e00211eadf52c28735ba2b1933b9ec9e) \Device\Harddisk0\DR0\Partition1
14:11:52.0724 2124 \Device\Harddisk0\DR0\Partition1 - ok
14:11:52.0724 2124 ============================================================
14:11:52.0724 2124 Scan finished
14:11:52.0725 2124 ============================================================
14:11:52.0737 3100 Detected object count: 1
14:11:52.0737 3100 Actual detected object count: 1
14:14:00.0179 3100 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:14:00.0179 3100 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.07.2012, 17:14
| #6 |
| /// Malware-holic | WEB.DE wird permanent innerhalb weniger Minuten gehackt lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> WEB.DE wird permanent innerhalb weniger Minuten gehackt |
|
13.07.2012, 20:08
| #7 |
| | WEB.DE wird permanent innerhalb weniger Minuten gehackt Hallo, was habe ich mir denn eingefangen? Schicke dir hier meine Liste Code:
ATTFilter 7-Zip 9.20 13.06.2011 --> notwendig Adobe AIR Adobe Systems Incorporated 11.03.2012 3.1.0.4880 --> unbekannt Adobe Digital Editions 06.08.2011 --> unnötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.07.2012 6,00MB 11.3.300.265 --> notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.07.2012 6,00MB 11.3.300.265 --> unnötig Adobe Reader 9.3 - Deutsch Adobe Systems Incorporated 13.02.2010 239MB 9.3.0 --> notwendig Apple Application Support Apple Inc. 15.03.2012 60,9MB 2.1.7 --> unbekannt Apple Mobile Device Support Apple Inc. 15.03.2012 24,4MB 5.1.1.4 --> unbekannt Apple Software Update Apple Inc. 06.07.2011 2,38MB 2.1.3.127 --> unbekannt Babylon toolbar on IE 28.02.2012 --> unnötig Bonjour Apple Inc. 13.10.2011 2,00MB 3.0.0.10 --> unbekannt Browser Defender 3.0 Threat Expert Ltd. 21.10.2011 19,4MB 3.0.0.314 --> unbekannt Canon Easy-PhotoPrint EX 06.04.2012 --> notwendig Canon Easy-WebPrint EX 06.04.2012 --> notwendig Canon IJ Network Scanner Selector EX 06.04.2012 --> notwendig Canon IJ Network Tool 06.04.2012 --> notwendig Canon Inkjet Printer Driver Add-On Module 22.11.2010 --> notwendig Canon MG5300 series Benutzerregistrierung 06.04.2012 --> notwendig Canon MG5300 series MP Drivers 06.04.2012 --> notwendig Canon MG5300 series On-screen Manual 06.04.2012 --> notwendig Canon MP Navigator EX 5.0 06.04.2012 --> notwendig Canon My Printer 06.04.2012 --> notwendig Canon Solution Menu EX 06.04.2012 --> notwendig CCleaner Piriform 22.06.2012 3.20 --> notwendig CD-LabelPrint 22.11.2010 --> notwendig Content Manager 2 Harman Becker Automotive Systems 14.02.2010 2.0.4.60 --> notwendig Curse Client Curse 25.06.2012 5.1.1.370 --> notwendig CutePDF Writer 2.8 19.11.2011 --> unnötig devolo dLAN Cockpit devolo AG 09.09.2011 1.0 --> notwendig Die Sims™ 3 Electronic Arts 27.03.2012 1.33.2 --> notwendig dm-Fotowelt 25.01.2011 --> notwendig Dropbox Dropbox, Inc. 07.06.2012 1.4.7 --> notwendig Dungeon Keeper 2 13.06.2011 --> unnötig EA Download Manager Electronic Arts, Inc. 02.09.2011 5.0.0.255 --> notwendig Foxit Reader 5.0 Foxit Corporation 15.08.2011 24,8MB 5.0.2.718 --> unnötig FoxTab Video Converter 28.02.2012 --> unnötig Free M4a to MP3 Converter 6.2 ManiacTools.com 23.02.2012 3,92MB --> unnötig iCloud Apple Inc. 15.03.2012 33,2MB 1.1.0.40 --> notwendig ICQ Toolbar ICQ 13.02.2010 3.0.0 --> unnötig iTunes Apple Inc. 12.04.2012 156MB 10.6.1.7 --> notwendig Java(TM) 6 Update 29 Oracle 25.01.2011 94,9MB 6.0.290 --> notwendig Logitech SetPoint Logitech 13.02.2010 4.70 --> notwendig MAGIX Foto & Grafik Designer 7 MAGIX AG 20.08.2011 7.1.2.17532 --> unnötig MAGIX Screenshare MAGIX AG 20.08.2011 1,54MB 4.3.6.1987 --> unnötig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 12.07.2012 18,7MB 1.62.0.1300 --> notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.12.2010 38,8MB 4.0.30319 --> notwendig Microsoft Office File Validation Add-In Microsoft Corporation 03.12.2011 7,95MB 14.0.5130.5003 --> unnötig Microsoft Office Home and Student 2007 Microsoft Corporation 13.03.2012 12.0.6612.1000 --> notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 30.04.2012 508KB 2.0.4024.1 --> unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 15.02.2010 260KB 8.0.50727.4053 --> notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 15.02.2010 252KB 8.0.50727.4053 --> notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.56336 --> notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 13.02.2010 708KB 8.0.61000 --> notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 15.02.2010 212KB 9.0.30729.4148 --> notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 26.05.2010 200KB 9.0.30729.4148 --> notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.02.2010 788KB 9.0.30729 --> notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.06.2011 788KB 9.0.30729.6161 --> notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 24.05.2010 1,25MB 9.0.21022 --> notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 25.01.2011 604KB 9.0.30729 --> notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 --> notwendig Microsoft WSE 3.0 Runtime Microsoft Corp. 02.09.2011 942KB 3.0.5305.0 --> unbekannt MozBackup 1.4.10 Pavel Cvrcek 14.02.2010 --> notwendig Mozilla Firefox 13.0.1 (x86 de) Mozilla 21.06.2012 37,6MB 13.0.1 --> notwendig Mozilla Maintenance Service Mozilla 21.06.2012 309KB 13.0.1 --> notwendig Mozilla Thunderbird 12.0.1 (x86 de) Mozilla 11.07.2012 39,5MB 12.0.1 --> notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 15.02.2010 1,27MB 4.20.9870.0 --> unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 15.02.2010 1,33MB 4.20.9876.0 --> unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 20.08.2011 1,47MB 4.30.2100.0 --> unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 11.07.2012 1,53MB 4.30.2114.0 --> unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 20.08.2011 1,53MB 4.30.2107.0 --> unbekannt Naviextras Toolbox Prerequesities Nav N Go Ltd. 14.02.2010 4,04MB 1.0.0 --> unbekannt Nero 9 Nero AG 13.02.2010 --> notwendig Norton 360 Symantec Corporation 10.07.2012 5.2.2.3 --> notwendig OnlineFotoservice 24.05.2010 --> unnötig Picasa 3 Google, Inc. 23.02.2012 3.8 --> notwendig QuickTime Apple Inc. 28.10.2011 73,2MB 7.71.80.42 --> notwendig RealPlayer RealNetworks 26.05.2011 --> notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.02.2010 6.0.1.6043 --> notwendig Roadkil's Unstoppable Copier Version 5.2 Roadkil.Net 23.12.2011 812KB --> unnötig Sigel GastroDesigner plus Demo 04.07.2012 --> unnötig TeamSpeak 2 RC2 Dominating Bytes Design 14.02.2010 2.0.32.60 --> unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 14.02.2010 --> notwendig World of Warcraft Blizzard Entertainment 07.12.2010 4.0.3.13329 --> notwendig |
|
15.07.2012, 21:15
| #8 |
| /// Malware-holic | WEB.DE wird permanent innerhalb weniger Minuten gehackt hi, also ich sehe nichts malware technisches, aber wir können natürlich neu aufsetzen und den pc absichern. weist du wie man neu aufsetzt oder ist ne anleitung nötig?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu WEB.DE wird permanent innerhalb weniger Minuten gehackt |
| 7-zip, alternate, avira, babylon toolbar, babylontoolbar, bho, bonjour, browser, canon, converter, email, error, firefox, flash player, helper, home, install.exe, langs, logfile, mail delivery, mehrere rechner, microsoft office word, mp3, object, office 2007, plug-in, problem, realtek, registry, richtlinie, scan, search the web, searchscopes, security, senden, software, svchost.exe, symantec, teamspeak, version., windows |
Linear-Darstellung
