Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Weißer Bildschirm, Ukash Zahlungsaufforderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.09.2012, 16:02   #1
Teamobil
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Hallo!
Auf dem PC meiner Schwester hat sich ein Virus eingeschlichen, der, der hier nun auch schon öfter mit "weißer Bildschirm" und "Bundespolizeivirus" beschrieben wurde. Habe dann probiert, im abgesicherten Modus wieder an den PC heran zu kommen. Hier startete der Virus allerdings auch mit.. Habe mich dann hier im Forum erkundigt, wie man ansonsten vorgehen kann und daraufhin den REATOGO-X-PE Desktop genutzt. Die resultierende Textdatei habe ich angehängt.
Hoffe, ich habe soweit alles richtig gemacht!
Beste Grüße,
Teamobil

Alt 05.09.2012, 19:07   #2
Larusso
/// Selecta Jahrusso
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.


  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:otl
O20 - HKU\Mareike_ON_D Winlogon: Shell - (C:\Users\Mareike\AppData\Roaming\msconfig.dat) - D:\Users\Mareike\AppData\Roaming\msconfig.dat ()
:commands
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread


Berichte mal, ob du wieder normal auf deinem PC zugreifen kannst.
__________________

__________________

Alt 06.09.2012, 12:34   #3
Teamobil
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Hallo Daniel!
Erstmal vielen Dank für die schnelle und ausführliche Antwort! Hier die Logdatei:

Zitat:
========== OTL ==========
Registry value HKEY_USERS\Mareike_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Mareike\AppData\Roaming\msconfig.dat deleted successfully.
D:\Users\Mareike\AppData\Roaming\msconfig.dat moved successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 09062012_160637
Der PC startet auch wieder normal ohne das Fenster mit der Zahlungsaufforderung zu starten!
Beste Grüße
Timo
__________________

Alt 06.09.2012, 14:23   #4
Larusso
/// Selecta Jahrusso
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.09.2012, 15:48   #5
Teamobil
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Alles klar, log-Datei erstellt:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-05.02 - Mareike 06.09.2012  16:29:27.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2047.1290 [GMT 2:00]
ausgeführt von:: c:\users\Mareike\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mareike\4.0
c:\users\Mareike\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Mareike\AppData\Roaming\msconfig.ini
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-06 bis 2012-09-06  ))))))))))))))))))))))))))))))
.
.
2012-09-06 20:06 . 2012-09-06 20:06	--------	d-----w-	C:\_OTL
2012-09-06 20:06 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2012-09-06 11:38 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F543F8BB-69A6-4511-BB2B-22D4A92B64AA}\mpengine.dll
2012-08-17 16:02 . 2012-06-29 00:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-17 16:02 . 2012-06-29 01:00	140920	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-08-17 16:02 . 2012-06-29 00:06	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-08-17 16:02 . 2012-06-29 00:06	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-08-17 16:02 . 2012-06-29 00:09	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-17 16:02 . 2012-06-29 00:04	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-17 16:01 . 2012-06-29 01:00	748664	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-08-17 16:01 . 2012-06-29 00:16	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-17 16:01 . 2012-06-29 00:10	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-08-17 16:01 . 2012-06-29 00:10	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-08-17 16:01 . 2012-06-29 00:08	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-16 15:32 . 2012-05-05 07:46	400896	----a-w-	c:\windows\system32\srcore.dll
2012-08-16 15:32 . 2012-07-18 17:47	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-08-16 15:32 . 2012-02-11 05:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2012-08-16 15:32 . 2012-02-11 05:37	317440	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-16 15:32 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2012-08-16 15:32 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2012-08-16 15:32 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 17:42 . 2012-04-22 10:58	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-17 17:42 . 2011-05-14 07:39	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 07:02 . 2011-01-04 14:10	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-06-26 07:02 . 2011-01-05 20:22	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-06-26 07:02 . 2011-01-04 14:10	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-07-30 15:33 . 2011-04-07 14:34	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-16 975800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17	3514176	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-07-16 04:23	3524536	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 12:37	135536	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07	252296	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 17:42]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 14:34]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 14:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Mareike\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Mareike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\7ddmqqh3.default\
FF - prefs.js: browser.startup.homepage - hxxp://ecosia.org
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST350041 rev.CC46 -> Harddisk1\DR1 -> \Device\00000061 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-06  16:41:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-06 14:41
.
Vor Suchlauf: 11 Verzeichnis(se), 128.626.880.512 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 128.529.395.712 Bytes frei
.
- - End Of File - - FC78E1ABEC18834E4C7C672C4B1C42F8[/QUOTE]
         
--- --- ---

Beste Grüße
Timo


Alt 06.09.2012, 16:23   #6
Larusso
/// Selecta Jahrusso
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
--> Weißer Bildschirm, Ukash Zahlungsaufforderung

Alt 06.09.2012, 18:59   #7
Teamobil
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Alles klar, durchgeführt:
Zitat:
19:54:37.0114 0972 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:54:37.0130 0972 ============================================================
19:54:37.0130 0972 Current date / time: 2012/09/06 19:54:37.0130
19:54:37.0130 0972 SystemInfo:
19:54:37.0130 0972
19:54:37.0130 0972 OS Version: 6.1.7601 ServicePack: 1.0
19:54:37.0130 0972 Product type: Workstation
19:54:37.0130 0972 ComputerName: SANDER-PC
19:54:37.0130 0972 UserName: Mareike
19:54:37.0130 0972 Windows directory: C:\Windows
19:54:37.0130 0972 System windows directory: C:\Windows
19:54:37.0130 0972 Processor architecture: Intel x86
19:54:37.0130 0972 Number of processors: 2
19:54:37.0130 0972 Page size: 0x1000
19:54:37.0130 0972 Boot type: Normal boot
19:54:37.0130 0972 ============================================================
19:54:39.0829 0972 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:54:39.0844 0972 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:54:39.0844 0972 Drive \Device\Harddisk2\DR2 - Size: 0xF040000 (0.23 Gb), SectorSize: 0x200, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:54:39.0844 0972 ============================================================
19:54:39.0844 0972 \Device\Harddisk0\DR0:
19:54:39.0844 0972 MBR partitions:
19:54:39.0844 0972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:54:39.0844 0972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:54:39.0844 0972 \Device\Harddisk1\DR1:
19:54:39.0844 0972 MBR partitions:
19:54:39.0844 0972 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
19:54:39.0844 0972 \Device\Harddisk2\DR2:
19:54:39.0844 0972 MBR partitions:
19:54:39.0844 0972 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0x781DF
19:54:39.0844 0972 ============================================================
19:54:39.0875 0972 C: <-> \Device\Harddisk1\DR1\Partition1
19:54:39.0907 0972 D: <-> \Device\Harddisk0\DR0\Partition2
19:54:39.0907 0972 ============================================================
19:54:39.0907 0972 Initialize success
19:54:39.0907 0972 ============================================================
19:54:43.0994 3008 ============================================================
19:54:43.0994 3008 Scan started
19:54:43.0994 3008 Mode: Manual;
19:54:43.0994 3008 ============================================================
19:54:45.0367 3008 ================ Scan system memory ========================
19:54:45.0367 3008 System memory - ok
19:54:45.0367 3008 ================ Scan services =============================
19:54:45.0679 3008 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:54:45.0694 3008 1394ohci - ok
19:54:45.0772 3008 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:54:45.0788 3008 ACPI - ok
19:54:45.0819 3008 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:54:45.0835 3008 AcpiPmi - ok
19:54:46.0022 3008 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:46.0022 3008 AdobeARMservice - ok
19:54:46.0162 3008 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:46.0178 3008 AdobeFlashPlayerUpdateSvc - ok
19:54:46.0240 3008 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:46.0256 3008 adp94xx - ok
19:54:46.0287 3008 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:54:46.0303 3008 adpahci - ok
19:54:46.0318 3008 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:54:46.0318 3008 adpu320 - ok
19:54:46.0349 3008 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:54:46.0349 3008 AeLookupSvc - ok
19:54:46.0443 3008 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:54:46.0443 3008 AFD - ok
19:54:46.0521 3008 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:54:46.0568 3008 agp440 - ok
19:54:46.0583 3008 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:54:46.0583 3008 aic78xx - ok
19:54:46.0615 3008 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:54:46.0615 3008 ALG - ok
19:54:46.0630 3008 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:54:46.0646 3008 aliide - ok
19:54:46.0661 3008 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:54:46.0661 3008 amdagp - ok
19:54:46.0661 3008 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:54:46.0677 3008 amdide - ok
19:54:46.0693 3008 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:54:46.0693 3008 AmdK8 - ok
19:54:46.0724 3008 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:54:46.0724 3008 AmdPPM - ok
19:54:46.0771 3008 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:54:46.0771 3008 amdsata - ok
19:54:46.0802 3008 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:46.0802 3008 amdsbs - ok
19:54:46.0817 3008 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:54:46.0817 3008 amdxata - ok
19:54:46.0958 3008 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:54:46.0958 3008 AntiVirSchedulerService - ok
19:54:46.0973 3008 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:54:46.0973 3008 AntiVirService - ok
19:54:47.0051 3008 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:54:47.0051 3008 AppID - ok
19:54:47.0067 3008 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:54:47.0067 3008 AppIDSvc - ok
19:54:47.0129 3008 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:54:47.0129 3008 Appinfo - ok
19:54:47.0254 3008 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:47.0254 3008 Apple Mobile Device - ok
19:54:47.0270 3008 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:54:47.0270 3008 AppMgmt - ok
19:54:47.0301 3008 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:54:47.0301 3008 arc - ok
19:54:47.0332 3008 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:54:47.0332 3008 arcsas - ok
19:54:47.0348 3008 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:47.0363 3008 AsyncMac - ok
19:54:47.0410 3008 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:54:47.0410 3008 atapi - ok
19:54:47.0551 3008 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:47.0551 3008 AudioEndpointBuilder - ok
19:54:47.0566 3008 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:54:47.0566 3008 Audiosrv - ok
19:54:47.0644 3008 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:54:47.0644 3008 avgntflt - ok
19:54:47.0691 3008 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:54:47.0691 3008 avipbb - ok
19:54:47.0707 3008 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:54:47.0707 3008 avkmgr - ok
19:54:47.0753 3008 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:54:47.0753 3008 AxInstSV - ok
19:54:47.0816 3008 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:54:47.0816 3008 b06bdrv - ok
19:54:47.0863 3008 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:54:47.0863 3008 b57nd60x - ok
19:54:47.0909 3008 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:54:47.0909 3008 BDESVC - ok
19:54:47.0925 3008 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:54:47.0925 3008 Beep - ok
19:54:48.0019 3008 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:54:48.0034 3008 BFE - ok
19:54:48.0112 3008 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\Windows\system32\drivers\BIOS.sys
19:54:48.0128 3008 BIOS - ok
19:54:48.0175 3008 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:54:48.0175 3008 BITS - ok
19:54:48.0190 3008 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:48.0190 3008 blbdrive - ok
19:54:48.0299 3008 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:54:48.0315 3008 Bonjour Service - ok
19:54:48.0362 3008 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:54:48.0377 3008 bowser - ok
19:54:48.0409 3008 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:48.0409 3008 BrFiltLo - ok
19:54:48.0424 3008 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:48.0424 3008 BrFiltUp - ok
19:54:48.0502 3008 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:54:48.0502 3008 BridgeMP - ok
19:54:48.0565 3008 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:54:48.0580 3008 Browser - ok
19:54:48.0611 3008 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:54:48.0611 3008 Brserid - ok
19:54:48.0627 3008 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:48.0627 3008 BrSerWdm - ok
19:54:48.0658 3008 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:48.0658 3008 BrUsbMdm - ok
19:54:48.0674 3008 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:48.0674 3008 BrUsbSer - ok
19:54:48.0689 3008 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:48.0705 3008 BTHMODEM - ok
19:54:48.0736 3008 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:54:48.0736 3008 bthserv - ok
19:54:48.0892 3008 catchme - ok
19:54:48.0939 3008 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:54:48.0939 3008 cdfs - ok
19:54:49.0017 3008 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:54:49.0017 3008 cdrom - ok
19:54:49.0079 3008 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:54:49.0079 3008 CertPropSvc - ok
19:54:49.0111 3008 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:54:49.0111 3008 circlass - ok
19:54:49.0142 3008 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:54:49.0142 3008 CLFS - ok
19:54:49.0204 3008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:49.0204 3008 clr_optimization_v2.0.50727_32 - ok
19:54:49.0360 3008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:49.0376 3008 clr_optimization_v4.0.30319_32 - ok
19:54:49.0391 3008 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:49.0391 3008 CmBatt - ok
19:54:49.0438 3008 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:54:49.0454 3008 cmdide - ok
19:54:49.0501 3008 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:54:49.0501 3008 CNG - ok
19:54:49.0532 3008 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:54:49.0532 3008 Compbatt - ok
19:54:49.0547 3008 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:54:49.0547 3008 CompositeBus - ok
19:54:49.0563 3008 COMSysApp - ok
19:54:49.0563 3008 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:49.0563 3008 crcdisk - ok
19:54:49.0625 3008 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:54:49.0625 3008 CryptSvc - ok
19:54:49.0688 3008 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:54:49.0688 3008 CSC - ok
19:54:49.0735 3008 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:54:49.0735 3008 CscService - ok
19:54:49.0766 3008 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:54:49.0766 3008 DcomLaunch - ok
19:54:49.0781 3008 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:54:49.0781 3008 defragsvc - ok
19:54:49.0844 3008 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:54:49.0859 3008 DfsC - ok
19:54:49.0906 3008 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:54:49.0906 3008 Dhcp - ok
19:54:49.0922 3008 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:54:49.0922 3008 discache - ok
19:54:49.0953 3008 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:54:49.0953 3008 Disk - ok
19:54:50.0015 3008 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:54:50.0015 3008 Dnscache - ok
19:54:50.0047 3008 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:54:50.0062 3008 dot3svc - ok
19:54:50.0140 3008 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:54:50.0140 3008 Dot4 - ok
19:54:50.0156 3008 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:54:50.0156 3008 Dot4Print - ok
19:54:50.0187 3008 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:54:50.0187 3008 dot4usb - ok
19:54:50.0234 3008 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:54:50.0234 3008 DPS - ok
19:54:50.0265 3008 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:54:50.0265 3008 drmkaud - ok
19:54:50.0312 3008 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:54:50.0327 3008 dtsoftbus01 - ok
19:54:50.0405 3008 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:54:50.0405 3008 DXGKrnl - ok
19:54:50.0437 3008 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:54:50.0452 3008 EapHost - ok
19:54:50.0577 3008 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:54:50.0639 3008 ebdrv - ok
19:54:50.0671 3008 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:54:50.0686 3008 EFS - ok
19:54:50.0858 3008 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:54:50.0858 3008 ehRecvr - ok
19:54:50.0889 3008 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:54:50.0889 3008 ehSched - ok
19:54:50.0936 3008 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:54:50.0951 3008 elxstor - ok
19:54:50.0983 3008 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:54:50.0998 3008 ErrDev - ok
19:54:51.0045 3008 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:54:51.0045 3008 EventSystem - ok
19:54:51.0061 3008 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:54:51.0061 3008 exfat - ok
19:54:51.0107 3008 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:54:51.0107 3008 fastfat - ok
19:54:51.0185 3008 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:54:51.0217 3008 Fax - ok
19:54:51.0248 3008 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:54:51.0248 3008 fdc - ok
19:54:51.0279 3008 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:54:51.0279 3008 fdPHost - ok
19:54:51.0295 3008 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:54:51.0295 3008 FDResPub - ok
19:54:51.0310 3008 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:54:51.0310 3008 FileInfo - ok
19:54:51.0326 3008 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:54:51.0326 3008 Filetrace - ok
19:54:51.0341 3008 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:51.0341 3008 flpydisk - ok
19:54:51.0357 3008 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:54:51.0373 3008 FltMgr - ok
19:54:51.0497 3008 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:54:51.0513 3008 FontCache - ok
19:54:51.0544 3008 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:54:51.0560 3008 FontCache3.0.0.0 - ok
19:54:51.0560 3008 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:54:51.0560 3008 FsDepends - ok
19:54:51.0622 3008 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:54:51.0622 3008 fssfltr - ok
19:54:51.0763 3008 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:54:51.0794 3008 fsssvc - ok
19:54:51.0903 3008 [ 10398B515653442A5B89FDF6A1D06180 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
19:54:51.0903 3008 FsUsbExDisk - ok
19:54:51.0997 3008 [ 2A0D3EE7D2D42A3A812D3E6795A2382B ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
19:54:51.0997 3008 FsUsbExService - ok
19:54:52.0043 3008 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:54:52.0043 3008 Fs_Rec - ok
19:54:52.0106 3008 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:54:52.0106 3008 fvevol - ok
19:54:52.0121 3008 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:52.0137 3008 gagp30kx - ok
19:54:52.0168 3008 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:52.0168 3008 GEARAspiWDM - ok
19:54:52.0215 3008 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:54:52.0215 3008 gpsvc - ok
19:54:52.0355 3008 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:54:52.0355 3008 gupdate - ok
19:54:52.0371 3008 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:54:52.0371 3008 gupdatem - ok
19:54:52.0402 3008 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:54:52.0402 3008 hcw85cir - ok
19:54:52.0465 3008 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:54:52.0465 3008 HdAudAddService - ok
19:54:52.0511 3008 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:54:52.0511 3008 HDAudBus - ok
19:54:52.0527 3008 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:52.0527 3008 HidBatt - ok
19:54:52.0558 3008 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:54:52.0574 3008 HidBth - ok
19:54:52.0589 3008 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:54:52.0589 3008 HidIr - ok
19:54:52.0605 3008 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:54:52.0605 3008 hidserv - ok
19:54:52.0652 3008 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:54:52.0652 3008 HidUsb - ok
19:54:52.0699 3008 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:54:52.0699 3008 hkmsvc - ok
19:54:52.0745 3008 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:54:52.0761 3008 HomeGroupListener - ok
19:54:52.0792 3008 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:54:52.0792 3008 HomeGroupProvider - ok
19:54:52.0964 3008 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:54:52.0979 3008 hpqcxs08 - ok
19:54:52.0995 3008 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:54:52.0995 3008 hpqddsvc - ok
19:54:53.0042 3008 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:54:53.0057 3008 HpSAMD - ok
19:54:53.0135 3008 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:54:53.0151 3008 HPSLPSVC - ok
19:54:53.0213 3008 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:54:53.0213 3008 HTTP - ok
19:54:53.0260 3008 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:54:53.0260 3008 hwpolicy - ok
19:54:53.0323 3008 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:54:53.0338 3008 i8042prt - ok
19:54:53.0385 3008 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:54:53.0401 3008 iaStorV - ok
19:54:53.0557 3008 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:54:53.0557 3008 idsvc - ok
19:54:53.0619 3008 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:54:53.0619 3008 iirsp - ok
19:54:53.0697 3008 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:54:53.0697 3008 IKEEXT - ok
19:54:53.0744 3008 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:54:53.0759 3008 intelide - ok
19:54:53.0775 3008 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:54:53.0791 3008 intelppm - ok
19:54:53.0806 3008 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:54:53.0806 3008 IPBusEnum - ok
19:54:53.0822 3008 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:53.0822 3008 IpFilterDriver - ok
19:54:53.0900 3008 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:54:53.0915 3008 iphlpsvc - ok
19:54:53.0947 3008 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:54:53.0962 3008 IPMIDRV - ok
19:54:54.0009 3008 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:54:54.0009 3008 IPNAT - ok
19:54:54.0212 3008 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:54:54.0227 3008 iPod Service - ok
19:54:54.0243 3008 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:54:54.0259 3008 IRENUM - ok
19:54:54.0290 3008 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:54:54.0305 3008 isapnp - ok
19:54:54.0321 3008 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:54:54.0321 3008 iScsiPrt - ok
19:54:54.0352 3008 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:54:54.0352 3008 kbdclass - ok
19:54:54.0383 3008 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:54:54.0383 3008 kbdhid - ok
19:54:54.0383 3008 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:54:54.0399 3008 KeyIso - ok
19:54:54.0446 3008 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:54:54.0461 3008 KSecDD - ok
19:54:54.0508 3008 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:54:54.0524 3008 KSecPkg - ok
19:54:54.0539 3008 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:54:54.0555 3008 KtmRm - ok
19:54:54.0617 3008 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:54:54.0617 3008 LanmanServer - ok
19:54:54.0617 3008 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:54:54.0633 3008 LanmanWorkstation - ok
19:54:54.0649 3008 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:54:54.0649 3008 lltdio - ok
19:54:54.0680 3008 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:54:54.0680 3008 lltdsvc - ok
19:54:54.0711 3008 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:54:54.0711 3008 lmhosts - ok
19:54:54.0742 3008 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:54.0742 3008 LSI_FC - ok
19:54:54.0758 3008 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:54.0773 3008 LSI_SAS - ok
19:54:54.0789 3008 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:54.0789 3008 LSI_SAS2 - ok
19:54:54.0820 3008 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:54.0820 3008 LSI_SCSI - ok
19:54:54.0836 3008 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:54:54.0851 3008 luafv - ok
19:54:54.0898 3008 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:54:54.0898 3008 Mcx2Svc - ok
19:54:54.0929 3008 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:54:54.0929 3008 megasas - ok
19:54:54.0961 3008 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:54:54.0961 3008 MegaSR - ok
19:54:54.0992 3008 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:54:54.0992 3008 MMCSS - ok
19:54:55.0007 3008 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:54:55.0007 3008 Modem - ok
19:54:55.0039 3008 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:54:55.0039 3008 monitor - ok
19:54:55.0101 3008 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:54:55.0101 3008 mouclass - ok
19:54:55.0132 3008 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:54:55.0132 3008 mouhid - ok
19:54:55.0179 3008 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:54:55.0179 3008 mountmgr - ok
19:54:55.0241 3008 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:54:55.0241 3008 MozillaMaintenance - ok
19:54:55.0273 3008 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:54:55.0273 3008 mpio - ok
19:54:55.0319 3008 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:54:55.0319 3008 mpsdrv - ok
19:54:55.0382 3008 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:54:55.0413 3008 MpsSvc - ok
19:54:55.0460 3008 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:54:55.0475 3008 MRxDAV - ok
19:54:55.0522 3008 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:55.0522 3008 mrxsmb - ok
19:54:55.0585 3008 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:55.0585 3008 mrxsmb10 - ok
19:54:55.0600 3008 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:55.0616 3008 mrxsmb20 - ok
19:54:55.0663 3008 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:54:55.0678 3008 msahci - ok
19:54:55.0787 3008 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:54:55.0787 3008 MSCamSvc - ok
19:54:55.0834 3008 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:54:55.0850 3008 msdsm - ok
19:54:55.0881 3008 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:54:55.0881 3008 MSDTC - ok
19:54:55.0912 3008 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:54:55.0912 3008 Msfs - ok
19:54:55.0928 3008 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:54:55.0943 3008 mshidkmdf - ok
19:54:55.0990 3008 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
19:54:55.0990 3008 MSHUSBVideo - ok
19:54:56.0021 3008 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:54:56.0021 3008 msisadrv - ok
19:54:56.0068 3008 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:54:56.0068 3008 MSiSCSI - ok
19:54:56.0068 3008 msiserver - ok
19:54:56.0115 3008 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:54:56.0115 3008 MSKSSRV - ok
19:54:56.0131 3008 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:56.0146 3008 MSPCLOCK - ok
19:54:56.0162 3008 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:54:56.0162 3008 MSPQM - ok
19:54:56.0177 3008 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:54:56.0177 3008 MsRPC - ok
19:54:56.0224 3008 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:54:56.0224 3008 mssmbios - ok
19:54:56.0255 3008 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:54:56.0255 3008 MSTEE - ok
19:54:56.0255 3008 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:54:56.0271 3008 MTConfig - ok
19:54:56.0287 3008 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:54:56.0287 3008 Mup - ok
19:54:56.0349 3008 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:54:56.0349 3008 napagent - ok
19:54:56.0396 3008 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:54:56.0396 3008 NativeWifiP - ok
19:54:56.0427 3008 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:54:56.0427 3008 NDIS - ok
19:54:56.0489 3008 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:56.0489 3008 NdisCap - ok
19:54:56.0521 3008 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:56.0521 3008 NdisTapi - ok
19:54:56.0567 3008 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:56.0567 3008 Ndisuio - ok
19:54:56.0614 3008 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:56.0630 3008 NdisWan - ok
19:54:56.0677 3008 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:54:56.0677 3008 NDProxy - ok
19:54:56.0755 3008 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:54:56.0770 3008 Net Driver HPZ12 - ok
19:54:56.0801 3008 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:54:56.0801 3008 NetBIOS - ok
19:54:56.0848 3008 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:54:56.0848 3008 NetBT - ok
19:54:56.0879 3008 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:54:56.0879 3008 Netlogon - ok
19:54:56.0942 3008 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:54:56.0957 3008 Netman - ok
19:54:56.0973 3008 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:54:56.0973 3008 netprofm - ok
19:54:57.0082 3008 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
19:54:57.0098 3008 netr28u - ok
19:54:57.0145 3008 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:54:57.0145 3008 NetTcpPortSharing - ok
19:54:57.0191 3008 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:54:57.0191 3008 nfrd960 - ok
19:54:57.0238 3008 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:54:57.0238 3008 NlaSvc - ok
19:54:57.0269 3008 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:54:57.0285 3008 Npfs - ok
19:54:57.0301 3008 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:54:57.0301 3008 nsi - ok
19:54:57.0316 3008 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:54:57.0316 3008 nsiproxy - ok
19:54:57.0410 3008 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:54:57.0441 3008 Ntfs - ok
19:54:57.0457 3008 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:54:57.0457 3008 Null - ok
19:54:57.0488 3008 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
19:54:57.0488 3008 NVENETFD - ok
19:54:57.0784 3008 [ 6EF47521DCE982602A25AFB41DD13D4F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:54:57.0831 3008 nvlddmkm - ok
19:54:57.0971 3008 [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
19:54:57.0971 3008 NVNET - ok
19:54:58.0018 3008 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:54:58.0034 3008 nvraid - ok
19:54:58.0065 3008 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:54:58.0065 3008 nvstor - ok
19:54:58.0127 3008 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:54:58.0127 3008 nv_agp - ok
19:54:58.0252 3008 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:54:58.0268 3008 odserv - ok
19:54:58.0346 3008 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:54:58.0361 3008 ohci1394 - ok
19:54:58.0408 3008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:58.0408 3008 ose - ok
19:54:58.0439 3008 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:54:58.0455 3008 p2pimsvc - ok
19:54:58.0471 3008 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:54:58.0471 3008 p2psvc - ok
19:54:58.0502 3008 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:54:58.0502 3008 Parport - ok
19:54:58.0564 3008 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:54:58.0564 3008 partmgr - ok
19:54:58.0580 3008 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:54:58.0580 3008 Parvdm - ok
19:54:58.0595 3008 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:54:58.0595 3008 PcaSvc - ok
19:54:58.0627 3008 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:54:58.0627 3008 pci - ok
19:54:58.0658 3008 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:54:58.0658 3008 pciide - ok
19:54:58.0720 3008 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:54:58.0720 3008 pcmcia - ok
19:54:58.0736 3008 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:54:58.0736 3008 pcw - ok
19:54:58.0751 3008 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:54:58.0751 3008 PEAUTH - ok
19:54:58.0939 3008 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:54:58.0970 3008 PeerDistSvc - ok
19:54:59.0048 3008 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:54:59.0063 3008 pla - ok
19:54:59.0110 3008 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:54:59.0126 3008 PlugPlay - ok
19:54:59.0173 3008 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:54:59.0204 3008 Pml Driver HPZ12 - ok
19:54:59.0235 3008 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:54:59.0251 3008 PNRPAutoReg - ok
19:54:59.0266 3008 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:54:59.0266 3008 PNRPsvc - ok
19:54:59.0329 3008 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:54:59.0329 3008 PolicyAgent - ok
19:54:59.0360 3008 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:54:59.0360 3008 Power - ok
19:54:59.0375 3008 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:54:59.0375 3008 PptpMiniport - ok
19:54:59.0407 3008 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:54:59.0407 3008 Processor - ok
19:54:59.0485 3008 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:54:59.0500 3008 ProfSvc - ok
19:54:59.0531 3008 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:54:59.0531 3008 ProtectedStorage - ok
19:54:59.0547 3008 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:54:59.0563 3008 Psched - ok
19:54:59.0656 3008 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:54:59.0703 3008 ql2300 - ok
19:54:59.0703 3008 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:54:59.0703 3008 ql40xx - ok
19:54:59.0781 3008 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:54:59.0781 3008 QWAVE - ok
19:54:59.0797 3008 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:54:59.0797 3008 QWAVEdrv - ok
19:54:59.0812 3008 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:54:59.0812 3008 RasAcd - ok
19:54:59.0828 3008 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:59.0828 3008 RasAgileVpn - ok
19:54:59.0828 3008 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:54:59.0843 3008 RasAuto - ok
19:54:59.0843 3008 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:59.0843 3008 Rasl2tp - ok
19:54:59.0890 3008 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:54:59.0906 3008 RasMan - ok
19:54:59.0921 3008 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:59.0921 3008 RasPppoe - ok
19:55:00.0015 3008 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:55:00.0031 3008 RasSstp - ok
19:55:00.0124 3008 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:55:00.0124 3008 rdbss - ok
19:55:00.0171 3008 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:00.0171 3008 rdpbus - ok
19:55:00.0218 3008 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:00.0218 3008 RDPCDD - ok
19:55:00.0280 3008 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:55:00.0280 3008 RDPDR - ok
19:55:00.0327 3008 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:55:00.0327 3008 RDPENCDD - ok
19:55:00.0343 3008 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:55:00.0343 3008 RDPREFMP - ok
19:55:00.0358 3008 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:55:00.0358 3008 RDPWD - ok
19:55:00.0436 3008 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:55:00.0436 3008 rdyboost - ok
19:55:00.0467 3008 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:55:00.0467 3008 RemoteAccess - ok
19:55:00.0499 3008 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:55:00.0499 3008 RemoteRegistry - ok
19:55:00.0514 3008 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:55:00.0514 3008 RpcEptMapper - ok
19:55:00.0530 3008 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:55:00.0530 3008 RpcLocator - ok
19:55:00.0545 3008 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:55:00.0561 3008 RpcSs - ok
19:55:00.0577 3008 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:55:00.0592 3008 rspndr - ok
19:55:00.0639 3008 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:55:00.0655 3008 s3cap - ok
19:55:00.0686 3008 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:55:00.0701 3008 SamSs - ok
19:55:00.0748 3008 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:55:00.0748 3008 sbp2port - ok
19:55:00.0764 3008 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:55:00.0764 3008 SCardSvr - ok
19:55:00.0779 3008 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:55:00.0779 3008 scfilter - ok
19:55:00.0873 3008 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:55:00.0889 3008 Schedule - ok
19:55:00.0889 3008 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:55:00.0889 3008 SCPolicySvc - ok
19:55:00.0935 3008 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:55:00.0935 3008 SDRSVC - ok
19:55:00.0982 3008 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:55:00.0982 3008 secdrv - ok
19:55:00.0998 3008 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:55:00.0998 3008 seclogon - ok
19:55:01.0013 3008 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:55:01.0013 3008 SENS - ok
19:55:01.0045 3008 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:55:01.0060 3008 SensrSvc - ok
19:55:01.0091 3008 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:55:01.0107 3008 Serenum - ok
19:55:01.0123 3008 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:55:01.0123 3008 Serial - ok
19:55:01.0201 3008 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:55:01.0216 3008 sermouse - ok
19:55:01.0263 3008 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:55:01.0263 3008 SessionEnv - ok
19:55:01.0294 3008 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:55:01.0310 3008 sffdisk - ok
19:55:01.0357 3008 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:55:01.0357 3008 sffp_mmc - ok
19:55:01.0388 3008 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:55:01.0388 3008 sffp_sd - ok
19:55:01.0419 3008 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:01.0419 3008 sfloppy - ok
19:55:01.0450 3008 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:55:01.0450 3008 SharedAccess - ok
19:55:01.0513 3008 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:01.0528 3008 ShellHWDetection - ok
19:55:01.0528 3008 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:55:01.0528 3008 sisagp - ok
19:55:01.0559 3008 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:01.0559 3008 SiSRaid2 - ok
19:55:01.0591 3008 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:01.0591 3008 SiSRaid4 - ok
19:55:01.0622 3008 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:55:01.0637 3008 Smb - ok
19:55:01.0669 3008 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:55:01.0669 3008 SNMPTRAP - ok
19:55:01.0669 3008 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:55:01.0669 3008 spldr - ok
19:55:01.0747 3008 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:55:01.0747 3008 Spooler - ok
19:55:01.0793 3008 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:55:01.0840 3008 sppsvc - ok
19:55:01.0887 3008 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:55:01.0887 3008 sppuinotify - ok
19:55:01.0965 3008 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:55:01.0981 3008 srv - ok
19:55:02.0090 3008 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:55:02.0090 3008 srv2 - ok
19:55:02.0137 3008 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:55:02.0152 3008 srvnet - ok
19:55:02.0183 3008 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
19:55:02.0183 3008 ssadbus - ok
19:55:02.0230 3008 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:55:02.0261 3008 ssadmdfl - ok
19:55:02.0277 3008 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
19:55:02.0277 3008 ssadmdm - ok
19:55:02.0293 3008 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:55:02.0293 3008 SSDPSRV - ok
19:55:02.0339 3008 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:55:02.0339 3008 ssmdrv - ok
19:55:02.0371 3008 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:55:02.0371 3008 SstpSvc - ok
19:55:02.0402 3008 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:55:02.0402 3008 stexstor - ok
19:55:02.0495 3008 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:55:02.0495 3008 StiSvc - ok
19:55:02.0542 3008 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:55:02.0542 3008 storflt - ok
19:55:02.0558 3008 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:55:02.0573 3008 StorSvc - ok
19:55:02.0589 3008 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:55:02.0589 3008 storvsc - ok
19:55:02.0620 3008 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:55:02.0620 3008 swenum - ok
19:55:02.0651 3008 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:55:02.0651 3008 swprv - ok
19:55:02.0714 3008 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:55:02.0729 3008 SysMain - ok
19:55:02.0761 3008 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:55:02.0761 3008 TabletInputService - ok
19:55:02.0792 3008 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:55:02.0807 3008 TapiSrv - ok
19:55:02.0839 3008 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:55:02.0839 3008 TBS - ok
19:55:02.0901 3008 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:55:02.0932 3008 Tcpip - ok
19:55:02.0963 3008 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:55:02.0979 3008 TCPIP6 - ok
19:55:03.0041 3008 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:55:03.0041 3008 tcpipreg - ok
19:55:03.0104 3008 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:55:03.0104 3008 TDPIPE - ok
19:55:03.0166 3008 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:55:03.0166 3008 TDTCP - ok
19:55:03.0213 3008 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:55:03.0229 3008 tdx - ok
19:55:03.0275 3008 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:55:03.0275 3008 TermDD - ok
19:55:03.0353 3008 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:55:03.0369 3008 TermService - ok
19:55:03.0385 3008 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:55:03.0385 3008 Themes - ok
19:55:03.0400 3008 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:55:03.0400 3008 THREADORDER - ok
19:55:03.0416 3008 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:55:03.0416 3008 TrkWks - ok
19:55:03.0478 3008 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:55:03.0478 3008 TrustedInstaller - ok
19:55:03.0541 3008 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:03.0541 3008 tssecsrv - ok
19:55:03.0603 3008 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:55:03.0619 3008 TsUsbFlt - ok
19:55:03.0681 3008 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:55:03.0681 3008 tunnel - ok
19:55:03.0697 3008 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:55:03.0697 3008 uagp35 - ok
19:55:03.0743 3008 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:55:03.0743 3008 udfs - ok
19:55:03.0790 3008 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:55:03.0790 3008 UI0Detect - ok
19:55:03.0837 3008 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:55:03.0837 3008 uliagpkx - ok
19:55:03.0853 3008 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:55:03.0868 3008 umbus - ok
19:55:03.0884 3008 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:55:03.0884 3008 UmPass - ok
19:55:03.0946 3008 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:55:03.0946 3008 UmRdpService - ok
19:55:03.0962 3008 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:55:03.0962 3008 upnphost - ok
19:55:04.0009 3008 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:55:04.0009 3008 USBAAPL - ok
19:55:04.0087 3008 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:55:04.0087 3008 usbaudio - ok
19:55:04.0133 3008 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:04.0149 3008 usbccgp - ok
19:55:04.0180 3008 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:55:04.0180 3008 usbcir - ok
19:55:04.0211 3008 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:55:04.0211 3008 usbehci - ok
19:55:04.0289 3008 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:55:04.0289 3008 usbhub - ok
19:55:04.0336 3008 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:55:04.0336 3008 usbohci - ok
19:55:04.0352 3008 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:55:04.0352 3008 usbprint - ok
19:55:04.0414 3008 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:55:04.0414 3008 usbscan - ok
19:55:04.0445 3008 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:04.0461 3008 USBSTOR - ok
19:55:04.0492 3008 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:55:04.0523 3008 usbuhci - ok
19:55:04.0570 3008 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:55:04.0570 3008 usbvideo - ok
19:55:04.0586 3008 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:55:04.0601 3008 UxSms - ok
19:55:04.0601 3008 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:55:04.0601 3008 VaultSvc - ok
19:55:04.0633 3008 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:55:04.0633 3008 vdrvroot - ok
19:55:04.0695 3008 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:55:04.0695 3008 vds - ok
19:55:04.0726 3008 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:04.0726 3008 vga - ok
19:55:04.0742 3008 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:55:04.0742 3008 VgaSave - ok
19:55:04.0804 3008 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:55:04.0804 3008 vhdmp - ok
19:55:04.0804 3008 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:55:04.0820 3008 viaagp - ok
19:55:04.0820 3008 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:55:04.0820 3008 ViaC7 - ok
19:55:04.0835 3008 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:55:04.0835 3008 viaide - ok
19:55:04.0898 3008 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:55:04.0913 3008 vmbus - ok
19:55:04.0960 3008 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:55:04.0960 3008 VMBusHID - ok
19:55:04.0976 3008 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:55:04.0976 3008 volmgr - ok
19:55:04.0991 3008 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:55:05.0007 3008 volmgrx - ok
19:55:05.0038 3008 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:55:05.0038 3008 volsnap - ok
19:55:05.0069 3008 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:05.0069 3008 vsmraid - ok
19:55:05.0116 3008 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:55:05.0132 3008 VSS - ok
19:55:05.0132 3008 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:05.0147 3008 vwifibus - ok
19:55:05.0163 3008 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:05.0163 3008 vwififlt - ok
19:55:05.0194 3008 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:55:05.0194 3008 vwifimp - ok
19:55:05.0210 3008 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:55:05.0210 3008 W32Time - ok
19:55:05.0225 3008 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:55:05.0225 3008 WacomPen - ok
19:55:05.0288 3008 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:55:05.0303 3008 WANARP - ok
19:55:05.0303 3008 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:55:05.0303 3008 Wanarpv6 - ok
19:55:05.0381 3008 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:55:05.0397 3008 wbengine - ok
19:55:05.0428 3008 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:55:05.0428 3008 WbioSrvc - ok
19:55:05.0459 3008 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:55:05.0475 3008 wcncsvc - ok
19:55:05.0506 3008 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:55:05.0506 3008 WcsPlugInService - ok
19:55:05.0522 3008 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:55:05.0522 3008 Wd - ok
19:55:05.0569 3008 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:55:05.0569 3008 Wdf01000 - ok
19:55:05.0600 3008 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:55:05.0600 3008 WdiServiceHost - ok
19:55:05.0600 3008 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:55:05.0600 3008 WdiSystemHost - ok
19:55:05.0647 3008 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:55:05.0662 3008 WebClient - ok
19:55:05.0678 3008 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:55:05.0693 3008 Wecsvc - ok
19:55:05.0709 3008 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:55:05.0709 3008 wercplsupport - ok
19:55:05.0725 3008 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:55:05.0740 3008 WerSvc - ok
19:55:05.0756 3008 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:05.0756 3008 WfpLwf - ok
19:55:05.0771 3008 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:55:05.0787 3008 WIMMount - ok
19:55:05.0834 3008 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:55:05.0849 3008 WinDefend - ok
19:55:05.0865 3008 WinHttpAutoProxySvc - ok
19:55:05.0896 3008 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:55:05.0912 3008 Winmgmt - ok
19:55:05.0959 3008 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:55:05.0990 3008 WinRM - ok
19:55:06.0005 3008 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:06.0005 3008 WinUsb - ok
19:55:06.0037 3008 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:55:06.0052 3008 Wlansvc - ok
19:55:06.0146 3008 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:55:06.0146 3008 wlcrasvc - ok
19:55:06.0239 3008 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:06.0255 3008 wlidsvc - ok
19:55:06.0317 3008 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:55:06.0317 3008 WmiAcpi - ok
19:55:06.0333 3008 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:55:06.0333 3008 wmiApSrv - ok
19:55:06.0411 3008 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:55:06.0442 3008 WMPNetworkSvc - ok
19:55:06.0458 3008 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:55:06.0458 3008 WPCSvc - ok
19:55:06.0505 3008 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:55:06.0505 3008 WPDBusEnum - ok
19:55:06.0551 3008 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:55:06.0567 3008 ws2ifsl - ok
19:55:06.0614 3008 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:55:06.0614 3008 wscsvc - ok
19:55:06.0614 3008 WSearch - ok
19:55:06.0707 3008 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:55:06.0754 3008 wuauserv - ok
19:55:06.0801 3008 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:55:06.0801 3008 WudfPf - ok
19:55:06.0832 3008 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:06.0832 3008 WUDFRd - ok
19:55:06.0863 3008 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:55:06.0863 3008 wudfsvc - ok
19:55:07.0004 3008 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:55:07.0051 3008 WwanSvc - ok
19:55:07.0207 3008 [ C26C68BCBAC1F33F890C226769759209 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:55:07.0207 3008 xusb21 - ok
19:55:07.0285 3008 ================ Scan global ===============================
19:55:07.0347 3008 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:55:07.0519 3008 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:55:07.0534 3008 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:55:07.0550 3008 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:55:07.0565 3008 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:55:07.0565 3008 [Global] - ok
19:55:07.0565 3008 ================ Scan MBR ==================================
19:55:07.0565 3008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:55:07.0753 3008 \Device\Harddisk0\DR0 - ok
19:55:07.0784 3008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:55:07.0799 3008 \Device\Harddisk1\DR1 - ok
19:55:07.0799 3008 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
19:55:09.0796 3008 \Device\Harddisk2\DR2 - ok
19:55:09.0796 3008 ================ Scan VBR ==================================
19:55:09.0812 3008 [ AC6DB37992BFF732F66C13A2735005F1 ] \Device\Harddisk0\DR0\Partition1
19:55:09.0812 3008 \Device\Harddisk0\DR0\Partition1 - ok
19:55:09.0827 3008 [ 122313AB139D425F31654A6170EF1AE9 ] \Device\Harddisk0\DR0\Partition2
19:55:09.0827 3008 \Device\Harddisk0\DR0\Partition2 - ok
19:55:09.0859 3008 [ 0477416169472D25E7C6D82862ED659F ] \Device\Harddisk1\DR1\Partition1
19:55:09.0859 3008 \Device\Harddisk1\DR1\Partition1 - ok
19:55:09.0874 3008 [ A7DB8E9A94E5FEFD342EFF14A5BCE671 ] \Device\Harddisk2\DR2\Partition1
19:55:09.0874 3008 \Device\Harddisk2\DR2\Partition1 - ok
19:55:09.0874 3008 ============================================================
19:55:09.0874 3008 Scan finished
19:55:09.0874 3008 ============================================================
19:55:09.0890 2604 Detected object count: 0
19:55:09.0890 2604 Actual detected object count: 0

Alt 07.09.2012, 12:50   #8
Larusso
/// Selecta Jahrusso
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 08.09.2012, 14:41   #9
Teamobil
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Hier die Textdatei:
Zitat:
C:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5a7071ea-5fa78218 Java/Exploit.CVE-2012-1723.E trojan
C:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2ef4f3ad-4ca62615 Java/Exploit.Agent.AH trojan
C:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\411abbb6-29e2ff40 Java/Exploit.CVE-2012-1723.Y trojan
C:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\328343fa-75248956 Java/Exploit.CVE-2011-3544.AU trojan
C:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\71a27946-66d0e318 multiple threats
C:\Dokumente und Einstellungen\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut(1).exe Win32/SoftonicDownloader application
C:\Dokumente und Einstellungen\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut.exe Win32/SoftonicDownloader application
C:\Users\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5a7071ea-5fa78218 Java/Exploit.CVE-2012-1723.E trojan
C:\Users\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2ef4f3ad-4ca62615 Java/Exploit.Agent.AH trojan
C:\Users\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\411abbb6-29e2ff40 Java/Exploit.CVE-2012-1723.Y trojan
C:\Users\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\328343fa-75248956 Java/Exploit.CVE-2011-3544.AU trojan
C:\Users\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\71a27946-66d0e318 multiple threats
C:\Users\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut(1).exe Win32/SoftonicDownloader application
C:\Users\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut.exe Win32/SoftonicDownloader application
C:\_OTL\MovedFiles\09062012_160637\D_Users\Mareike\AppData\Roaming\msconfig.dat a variant of Win32/Injector.VSP trojan
D:\Documents and Settings\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5a7071ea-5fa78218 Java/Exploit.CVE-2012-1723.E trojan
D:\Documents and Settings\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2ef4f3ad-4ca62615 Java/Exploit.Agent.AH trojan
D:\Documents and Settings\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\411abbb6-29e2ff40 Java/Exploit.CVE-2012-1723.Y trojan
D:\Documents and Settings\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\328343fa-75248956 Java/Exploit.CVE-2011-3544.AU trojan
D:\Documents and Settings\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\71a27946-66d0e318 multiple threats
D:\Documents and Settings\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut(1).exe Win32/SoftonicDownloader application
D:\Documents and Settings\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut.exe Win32/SoftonicDownloader application
D:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5a7071ea-5fa78218 Java/Exploit.CVE-2012-1723.E trojan
D:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2ef4f3ad-4ca62615 Java/Exploit.Agent.AH trojan
D:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\411abbb6-29e2ff40 Java/Exploit.CVE-2012-1723.Y trojan
D:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\328343fa-75248956 Java/Exploit.CVE-2011-3544.AU trojan
D:\Dokumente und Einstellungen\Mareike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\71a27946-66d0e318 multiple threats
D:\Dokumente und Einstellungen\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut(1).exe Win32/SoftonicDownloader application
D:\Dokumente und Einstellungen\Mareike\Downloads\SoftonicDownloader_fuer_mp3directcut.exe Win32/SoftonicDownloader application
D:\Users\Mareike\Downloads\SoftonicDownloader_fuer_photoscape.exe a variant of Win32/SoftonicDownloader.A application
Wenn ich das richtig interpretiert habe, hat er da was gefunden, was?

Alt 08.09.2012, 17:26   #10
Larusso
/// Selecta Jahrusso
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:commands
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 08.09.2012, 18:56   #11
Teamobil
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



09082012_191736.log:
Zitat:
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mareike
->Temp folder emptied: 139830 bytes
->Temporary Internet Files folder emptied: 2502834 bytes
->Java cache emptied: 16932579 bytes
->FireFox cache emptied: 106573927 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 6134 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63053 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 120,00 mb


OTL by OldTimer - Version 3.2.61.2 log created on 09082012_191736

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.09.2012 19:23:22 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Mareike\Desktop\Virus bla Timo
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,28% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 118,48 Gb Free Space | 25,44% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 186,75 Gb Free Space | 40,10% Space Free | Partition Type: NTFS
 
Computer Name: SANDER-PC | User Name: Mareike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.08 18:47:53 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mareike\Desktop\Virus bla Timo\OTL.exe
PRC - [2012.08.17 19:42:20 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012.08.08 19:25:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 17:33:38 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.05.08 18:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:47:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:47:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.10 11:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.05 22:23:48 | 000,222,568 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.12.13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.08 19:19:33 | 000,115,137 | ---- | M] () -- C:\Users\Mareike\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.08.17 19:42:20 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012.07.30 17:33:38 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.06.15 12:17:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.06.14 19:02:58 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.14 07:55:38 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.14 07:55:24 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.14 07:55:13 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.14 07:55:11 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.05.12 17:33:51 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.12 17:32:40 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 17:32:34 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.12 12:38:22 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 12:35:26 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.12 12:35:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.12 12:35:21 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.05.12 12:35:20 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.12 12:35:15 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.17 19:42:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.30 17:33:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 18:47:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:47:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.05 22:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.12.13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mareike\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.05.08 18:47:55 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:47:55 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.12 12:51:28 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.10.27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.10.27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.10.27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.02.23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.18 04:07:37 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BIOS.sys -- (BIOS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 95 FC 2D 1D F4 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.23 12:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.06 18:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 17:33:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 18:21:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.06 18:52:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 17:33:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 18:21:21 | 000,000,000 | ---D | M]
 
[2011.04.07 16:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\Extensions
[2012.05.02 18:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\Firefox\Profiles\7ddmqqh3.default\extensions
[2011.04.07 16:36:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mareike\AppData\Roaming\mozilla\Firefox\Profiles\7ddmqqh3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.27 21:14:18 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\firefox\profiles\7ddmqqh3.default\extensions\DivXWebPlayer@divx.com.xpi
[2011.05.20 16:46:00 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Mareike\AppData\Roaming\mozilla\firefox\profiles\7ddmqqh3.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2011.10.16 18:59:58 | 000,002,289 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\mozilla\firefox\profiles\7ddmqqh3.default\searchplugins\ecosia.xml
[2012.09.06 20:10:34 | 000,001,018 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\mozilla\firefox\profiles\7ddmqqh3.default\searchplugins\facebook.xml
[2011.12.10 12:21:42 | 000,002,057 | ---- | M] () -- C:\Users\Mareike\AppData\Roaming\mozilla\firefox\profiles\7ddmqqh3.default\searchplugins\youtube-videosuche.xml
[2012.06.09 09:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.23 12:21:10 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.07.30 17:33:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.07 12:56:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.07 12:56:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.07 12:56:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.07 12:56:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.07 12:56:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.07 12:56:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.06 16:35:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mareike\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mareike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72801328-2DC8-4A1A-939B-5C79CB458043}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BCB106B-FA57-4FB5-8EAC-C5215426295C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.08 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\Mareike\Desktop\sim
[2012.09.08 02:10:04 | 000,000,000 | ---D | C] -- C:\Users\Mareike\Desktop\Virus bla Timo
[2012.09.07 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.06 22:06:37 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.09.06 22:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.06 16:36:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.06 16:35:12 | 000,000,000 | ---D | C] -- C:\Users\Mareike\AppData\Local\temp
[2012.09.06 16:27:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.06 16:27:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.06 16:27:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.06 16:27:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.09.06 16:27:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.06 16:27:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.17 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\Mareike\AppData\Local\{61DD23AD-1E04-48B0-A23A-BAF69C3E0C90}
[2012.08.17 19:42:37 | 000,000,000 | ---D | C] -- C:\Users\Mareike\AppData\Local\{5A84A797-0912-4565-9400-3E11E190540E}
[2012.08.17 18:20:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.08.17 18:02:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.17 18:02:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 18:02:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 18:02:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.17 18:01:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 18:01:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.17 18:01:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 17:32:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.16 17:32:52 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 17:32:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.10 16:18:42 | 000,000,000 | ---D | C] -- C:\Users\Mareike\AppData\Local\{7A4BC1B7-2548-4A7E-AB77-D347F1E6D257}
[2012.08.10 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\Mareike\AppData\Local\{1E78D280-6E2D-454B-841D-CA3B12ED1DD7}
[2011.05.15 13:10:26 | 017,327,195 | ---- | C] (Mooii) -- C:\Users\Mareike\PhotoScapeSetup_V3.5.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.08 19:26:03 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 19:26:03 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 19:24:51 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.08 19:24:51 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.08 19:24:51 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.08 19:24:51 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.08 19:21:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.08 19:18:54 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.08 19:18:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.08 19:18:42 | 1610,113,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.08 18:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.06 16:35:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.08.17 19:42:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.17 19:42:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.17 18:25:32 | 000,302,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.06 16:27:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.06 16:27:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.06 16:27:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.06 16:27:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.06 16:27:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.18 19:52:03 | 002,735,680 | ---- | C] () -- C:\Users\Mareike\AS_GE_User_Guide_Ger_OLM_0530.pdf
[2012.06.16 17:31:58 | 000,000,076 | ---- | C] () -- C:\Windows\SIMTOWN.INI
[2012.06.06 18:51:44 | 000,001,309 | ---- | C] () -- C:\Users\Mareike\HP Solution Center.lnk
[2012.06.06 18:51:38 | 000,001,147 | ---- | C] () -- C:\Users\Mareike\Shop für HP Zubehör.lnk
[2012.06.06 18:47:58 | 000,226,499 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012.06.06 18:47:58 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.04.17 12:02:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.07 16:50:35 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.04.07 16:50:35 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.04.05 20:15:24 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.04.05 09:24:37 | 000,001,534 | ---- | C] () -- C:\Users\Mareike\.recently-used.xbel
[2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
         
--- --- ---

Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.09.2012 19:23:22 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Mareike\Desktop\Virus bla Timo
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,28% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 118,48 Gb Free Space | 25,44% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 186,75 Gb Free Space | 40,10% Space Free | Partition Type: NTFS
 
Computer Name: SANDER-PC | User Name: Mareike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B1CADF-1A24-44CF-A038-4D2798CCCD56}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{193FEACD-CC34-4ACD-84BA-7E8456FC02AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23029361-C309-441E-B6A4-249E01715B8F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3078FDAC-B103-4F3A-B3CB-EACBA0EF3492}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{33CA35A8-E57A-4D41-A455-03BD90445899}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36C98A94-1FFB-4872-94A5-F5C5A2FB7077}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{38865ADA-8535-4EFF-9D31-FF8B9B24A676}" = rport=137 | protocol=17 | dir=out | app=system | 
"{39277AC6-67C2-4CBF-99AC-03F914BFF034}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CD6BA87-E943-42B7-818F-D8C0531E5736}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{474BE29B-AB81-4CD3-B874-D98309F80CFA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6C6045E0-F06D-4F58-98D5-44248BBD8C61}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6D406CA5-8A72-4FCB-BD38-CA96F0BBCA92}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7923152D-576D-4723-AE79-C0E729E405B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{846DBB16-FE5B-476E-B6D2-41835D5AE559}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B2B30D9-214A-4AD6-B4E1-6ACAEC8BBE1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9E6A260D-61AB-4589-B3A1-976781F46E47}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A5FBB448-36E8-4A1C-BC02-EC83C21A8AA5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A8ABF504-9B8A-4C58-BC23-5AC110467BAF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{AC784BCA-A428-4701-8277-D6E5C2A438EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C0AB6363-C375-490B-AD6C-6B6E7EAD75D1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E01CDE25-5CA6-4325-B05D-CC782D55D302}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E2DB66D5-832E-49BD-B514-7D3BAA32357A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EC090BED-A634-42F9-BC58-72543D64C639}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0E0CFA7-B0C3-4959-9ABE-ADAD05856322}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F304A1F7-AD35-4C7C-AC1C-73D7F37FF7B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057BF616-CE9D-412E-A0D6-5BE1DE7A0DB6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{0A216C03-5F4F-4FFD-B7C2-86F22E333735}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0A2A95C8-8CA7-4CA3-B463-AA0117DB2B2E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{22626EB6-BF81-4738-B4F6-80A5971986E8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{23988733-C417-4439-B22E-FFFC8E1FE3AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{24E800A6-D1F4-44A6-B007-D943CB008955}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{282711D9-F148-47DB-9384-91AE968234F1}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{28F4628E-67FD-4EFA-AF6A-E7125E0F5275}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{2C44ED24-28CA-47E5-9B2F-6355901B2399}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{2E16A862-CE03-4702-B86C-663C53AAA2E2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{33C070B7-6F4E-4D61-B722-2E28CA38DCFA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{34C0AEFB-19CA-4851-9E5D-5340C490B4FE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{3C03FACC-B712-434C-9A33-AE5CA1942961}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{3FB9EDDC-4B95-4FB4-94DE-7EE91C86297E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{489C64F4-B690-4690-ABED-54D96A986DDB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{49489E60-CF16-48DE-BF99-E7C37C256567}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{536CC71B-D186-457E-BC73-E1E936B42EB1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{560F70D1-8FAA-4C28-910B-634135AA5279}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{568CCE5A-89FE-44EB-9285-D4F65602C3BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{585E61F3-D7C0-43FF-B655-C51133671B3E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{5C0D6BED-FF9A-4CE3-BE22-1E61CBE23F86}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{5DF8BD05-BE73-4BCE-9EF4-DC17BC283A9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5FAD750A-0DE0-4ECC-9DBC-CC51A97C1DD5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{62520807-478C-4A3C-956A-42DF2961E4FD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{62F1D0FA-1450-459A-8B99-AE58AB9462D7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{6B1F3063-A64F-44FB-8863-F3D4F0BA4229}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{6C3007D8-C62C-4CA1-B9D6-5C9CE0C6E0D4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{6CA2D571-63B4-4938-A8F1-1AA8C2CA53D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6E9E78F2-BFA8-4ED8-8C5C-BA3A7C837C6B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{7D0E6166-B1F7-456A-B993-864C2FC1BE99}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{80AFE24B-E163-4FC5-BD8B-A84CA0DBCBA5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{837CE2F0-BBFC-46C3-8495-1F53F55E14E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{8C378C52-2721-42B3-A804-B1F53EEA397F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8C95D04A-0D40-40E2-A77F-F46425DC2CE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{9309C370-B4C4-4B4A-BE75-2C7EDD7F5B39}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{94599815-A92A-4A85-B97E-C047FFF5BB01}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{967AFEBA-EB3A-41DD-ADAF-DED6EC0FFF1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{97972088-C120-4713-9E46-1CE1E0D4D090}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{9FC37B88-1E63-46F7-9AB8-CE8EDA02C0ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{A018F43B-8EE7-4A6B-BB82-3E660D1E44BD}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{A922BB41-DBDB-4F30-952E-459F5755D40D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{B3B1920C-CEF6-4ADE-BA48-26C3555D79D8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{B5345E49-0282-4DCA-B47A-F25C169ABFA7}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{B8B67589-D33F-409C-8C71-FC587BF1DF22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{BBCCD57E-1BF8-42C9-B84F-AB00858CAE6A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{BBEBA620-136A-4EB1-938E-3B6A51948D81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{CA7396E8-3B72-4762-8DC9-17BE79109056}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{CFF2C354-41BF-429A-BD4B-2B05EA93E0EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D7F88A25-848E-4CC4-A251-B3BB2B134BD9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{EDF96597-860B-4E9E-8287-58412586DFC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{FA21D695-AA6F-426D-AD06-C31BC196D89B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{FA4FA70A-1E3D-4B1B-AA41-D4F9DDED17A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FE8425A4-7B6B-4EB5-9D42-D97A8E6AAB35}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{FFFBB1FC-041E-49D1-A859-17F9BA5C556A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"TCP Query User{13D4610E-98A4-4CAB-A4D5-BEA5FDC36391}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{1A08E4CB-C772-4D0B-8C96-2F941D7A7040}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{748177A7-E89D-4030-9070-32E2DC68DC3B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{93E76886-CE2B-4346-BC99-64B3D48D5CD8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{C1DBC055-51BE-4BE6-8444-FDFF26962557}C:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\miranda im\miranda32.exe | 
"UDP Query User{26D6C0F3-570B-4D0A-B4D7-161FDB79CF01}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{69418B6F-1894-4BF6-9790-C683BC462115}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{72803732-ECEB-4277-B64B-F3B702FBCA6B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{A378894C-D2D7-46E9-91F0-05AB4005C541}C:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\miranda im\miranda32.exe | 
"UDP Query User{C3C7855F-DA76-4FC1-A13F-6A62D0E0D8D2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.5.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"Project64 1.7" = Project64 1.7
"Shop for HP Supplies" = Shop for HP Supplies
"STANDARD" = Microsoft Office Standard 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.08.2012 12:09:24 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0xa54  Startzeit der fehlerhaften Anwendung: 0x01cd86c9c63a6a70  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 108d9340-f2bd-11e1-b1fb-90e2828f8bb8
 
Error - 30.08.2012 12:15:27 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0x964  Startzeit der fehlerhaften Anwendung: 0x01cd86ca9e6c0700  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: e86fc7b0-f2bd-11e1-8174-b7f471de4fb4
 
Error - 30.08.2012 12:18:30 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0xe04  Startzeit der fehlerhaften Anwendung: 0x01cd86cb15b6ff90  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 56162750-f2be-11e1-8174-b7f471de4fb4
 
Error - 30.08.2012 12:19:02 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0x6dc  Startzeit der fehlerhaften Anwendung: 0x01cd86cb2991bb40  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 68f1e1c0-f2be-11e1-8174-b7f471de4fb4
 
Error - 30.08.2012 12:20:25 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0x9e8  Startzeit der fehlerhaften Anwendung: 0x01cd86cb5ab6e0b0  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 9a2be6f0-f2be-11e1-8174-b7f471de4fb4
 
Error - 30.08.2012 12:20:49 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0x798  Startzeit der fehlerhaften Anwendung: 0x01cd86cb68e91fe0  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: a86cfb00-f2be-11e1-8174-b7f471de4fb4
 
Error - 31.08.2012 04:17:36 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0xaac  Startzeit der fehlerhaften Anwendung: 0x01cd8751088d67b0  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 521028f0-f344-11e1-81a9-9af7840cbfba
 
Error - 31.08.2012 07:28:32 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0xb28  Startzeit der fehlerhaften Anwendung: 0x01cd876bb2474cc0  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: fe6b7c70-f35e-11e1-8097-ef69db1eb5bd
 
Error - 31.08.2012 13:15:48 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0xb20  Startzeit der fehlerhaften Anwendung: 0x01cd879c34703060  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 8179c6a0-f38f-11e1-9520-b5f964ad9ebd
 
Error - 31.08.2012 13:19:59 | Computer Name = Sander-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ac2  ID des fehlerhaften
 Prozesses: 0xad8  Startzeit der fehlerhaften Anwendung: 0x01cd879ccce1e280  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 1747ef40-f390-11e1-b4e7-df4037cf45b8
 
[ OSession Events ]
Error - 20.04.2012 08:21:40 | Computer Name = Sander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 31.08.2012 14:35:53 | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:35:53 | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:35:53 | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.09.2012 10:29:20 | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.09.2012 10:32:41 | Computer Name = Sander-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.09.2012 10:36:19 | Computer Name = Sander-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?09.?2012 um 16:34:55 unerwartet heruntergefahren.
 
Error - 06.09.2012 14:27:59 | Computer Name = Sander-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 06.09.2012 14:27:59 | Computer Name = Sander-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 06.09.2012 14:28:00 | Computer Name = Sander-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
Error - 06.09.2012 14:28:00 | Computer Name = Sander-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 
 
< End of report >
         
--- --- ---

Alt 09.09.2012, 14:55   #12
Larusso
/// Selecta Jahrusso
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.



Noch irgendwelche Probleme ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.09.2012, 16:57   #13
Teamobil
 
Weißer Bildschirm, Ukash Zahlungsaufforderung - Standard

Weißer Bildschirm, Ukash Zahlungsaufforderung



Alles klar, danke!
Ansonsten gibt es keine Probleme mehr, mit dem PC! Heißt es, dass er nun geheilt ist?

Antwort

Themen zu Weißer Bildschirm, Ukash Zahlungsaufforderung
abgesicherte, abgesicherten, abgesicherten modus, bildschirm, datei, desktop, forum, modus, probiert, reatogo-x-pe, richtig, starte, textdatei, ukash, ukash zahlungsaufforderung, virus, vorgehen, weißer, weißer bildschirm, zahlungsaufforderung, öfter




Ähnliche Themen: Weißer Bildschirm, Ukash Zahlungsaufforderung


  1. Windows 7 weißer Sperrbildschirm - davor Webcamfoto + Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 23.01.2015 (21)
  2. Grauer Bildschirm nach Zahlungsaufforderung!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (3)
  3. BKA-Trojaner mit weißem Bildschirm und Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (11)
  4. Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter
    Log-Analyse und Auswertung - 20.06.2013 (23)
  5. Weißer Bildschirm, Ukash Zahlungsaufforderung (leider auch bei mir)
    Log-Analyse und Auswertung - 20.05.2013 (13)
  6. Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (20)
  7. Wie entferne ich Bundesamt- Trojaner ( weißer Bildschirm mit Zahlungsaufforderung)
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (2)
  8. weißer Bildschirm nach Zahlungsaufforderung, nichts geht mehr!
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (5)
  9. ukash / Bundespolizei weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (11)
  10. "Weißer Bildschirm Trojaner", Nach dem Windowsstart nur weißer Bildschirm!
    Log-Analyse und Auswertung - 01.09.2012 (1)
  11. Weißer Bildschirm mit Zahlungsaufforderung..
    Log-Analyse und Auswertung - 26.04.2012 (3)
  12. Weißer Bildschirm (offline) + Zahlungsaufforderung (online) -> kein Boot möglich
    Log-Analyse und Auswertung - 29.03.2012 (28)
  13. Schwarzer Bildschirm mit €50 Zahlungsaufforderung
    Log-Analyse und Auswertung - 28.03.2012 (11)
  14. Schwarzer Bildschirm und Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (10)
  15. Weißer Bildschirm mit Ucash Zahlungsaufforderung 100 €
    Log-Analyse und Auswertung - 21.03.2012 (3)
  16. Windows Blockiert 50 Euro Zahlungsaufforderung Ukash
    Log-Analyse und Auswertung - 08.02.2012 (16)
  17. 50 Euro Trojaner_schwarzer Bildschirm und Zahlungsaufforderung
    Log-Analyse und Auswertung - 10.01.2012 (19)

Zum Thema Weißer Bildschirm, Ukash Zahlungsaufforderung - Hallo! Auf dem PC meiner Schwester hat sich ein Virus eingeschlichen, der, der hier nun auch schon öfter mit "weißer Bildschirm" und "Bundespolizeivirus" beschrieben wurde. Habe dann probiert, im abgesicherten - Weißer Bildschirm, Ukash Zahlungsaufforderung...
Archiv
Du betrachtest: Weißer Bildschirm, Ukash Zahlungsaufforderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.