| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Seit ca. 7 Tagen: web.de - mail delivery failed returning message to senderWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.12.2012, 20:17
| #1 |
| |  Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Hallo zusammen, ich bin anscheinend nicht der einzige, der das Problem hat, aber ich dachte, ich frage besser einmal nach, wie ihr die Lage hier einschätzt. Seit ca. einer Woche erhalte ich massig "Mail delivery status failed" Mails auf mein Web.de Konto. Die Mails laufen im Viertelstundentakt bei mir rund um die Uhr auf, aber nur über einen Zeitraum von ca. 8-10h pro Tag. Da ich schon so viele gelöscht habe, kann ich das nicht mehr genau nachvollziehen. Diese Mails laufen auch auf, wenn ich den Rechner nicht am laufen haben oder von irgendwo anderes auf mein eMail-Fach/Programm (Thunderbird) zugreife. Als Browser nutze ich Firefox. BS ist Win 7 64bit. Updates sind alle auf dem neusten Stand. Habe bisher folgende Aktionen unternommen: Adobe Air/Flash/Reader deinstalliert Java deinstalliert Defogger installiert und gemäß Anleitung ausgeführt OTL installiert und gemäß Anleitung ausgeführt Malwarebytes Anti-Malware ausgeführt ohne Resultat Passwort wird gleich geändert OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2012 19:39:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,34% Memory free 8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 393,27 Gb Free Space | 84,45% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 435,86 Gb Free Space | 73,11% Space Free | Partition Type: NTFS Computer Name: XXX| User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 19:29:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.03 19:12:52 | 001,354,736 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2012.11.27 06:33:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.27 06:33:30 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.27 06:33:30 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.11.16 10:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012.10.31 20:40:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2008.06.06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe PRC - [2008.06.06 11:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2008.06.04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe PRC - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ========== Modules (No Company Name) ========== MOD - [2012.12.03 19:37:52 | 000,835,072 | ---- | M] () -- D:\Steam\sdl.dll MOD - [2012.12.03 19:37:50 | 020,319,568 | ---- | M] () -- D:\Steam\bin\libcef.dll MOD - [2012.12.03 19:37:50 | 001,099,616 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll MOD - [2012.12.03 19:37:50 | 000,965,616 | ---- | M] () -- D:\Steam\bin\chromehtml.dll MOD - [2012.12.03 19:37:50 | 000,190,816 | ---- | M] () -- D:\Steam\bin\avformat-53.dll MOD - [2012.12.03 19:37:50 | 000,123,232 | ---- | M] () -- D:\Steam\bin\avutil-51.dll MOD - [2012.10.31 20:40:14 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2008.06.06 11:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll MOD - [2008.06.06 11:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll MOD - [2008.06.04 17:59:34 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\di2c.dll MOD - [2008.06.04 17:59:34 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\smsc.dll MOD - [2008.06.04 17:59:34 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\null.dll MOD - [2008.06.04 17:58:18 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\vista.dll MOD - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe MOD - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe MOD - [2007.02.09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.27 06:33:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.27 06:33:30 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.10.31 17:42:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 13:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.06.06 11:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2008.06.04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.03 19:24:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012.11.14 18:13:37 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.14 18:13:36 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.04.18 15:20:31 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.22 12:56:32 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.16 10:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.06.04 17:59:44 | 000,020,520 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002.07.17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D BF 3C 6C 1F DB CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={B8E462C8-8168-4168-A8CB-2723A39656EF}&mid=7604f11ec7ea47d0a984d16dca8209cb-c586dc351b53ca840fabcf0b7d455a798f90ec44&lang=de&ds=avgab0&pr=sa&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{EA299F2A-CA9B-465D-A847-82FF56D0DC91}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.03 19:24:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.03 19:15:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 17:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.10 21:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.01.22 12:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.03 19:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rvwflitq.default\extensions [2012.12.03 19:23:51 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rvwflitq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.12.03 19:23:54 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rvwflitq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.11.25 13:09:30 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rvwflitq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.31 20:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.04 17:34:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.31 20:40:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.10.30 07:03:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.09 19:39:25 | 000,003,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.10.30 07:03:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.30 07:03:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.30 07:03:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.30 07:03:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.30 07:03:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [4StoryPrePatch] d:\4Story_DE\PrePatch.exe File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E823D94-20B3-480A-8B49-ABF470669E56}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91E19F34-C164-4D9D-93F9-2142CE34F097}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02f0d90e-0ade-11e2-ae1c-00248c66e038}\Shell - "" = AutoRun O33 - MountPoints2\{02f0d90e-0ade-11e2-ae1c-00248c66e038}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{0e998102-0d71-11e1-9ae8-00248c66e038}\Shell - "" = AutoRun O33 - MountPoints2\{0e998102-0d71-11e1-9ae8-00248c66e038}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true O33 - MountPoints2\{8e23c50f-69c7-11e0-a0e2-00248c66e038}\Shell - "" = AutoRun O33 - MountPoints2\{8e23c50f-69c7-11e0-a0e2-00248c66e038}\Shell\AutoRun\command - "" = F:\AutorunShim.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.03 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.03 19:34:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.03 19:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.03 19:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.03 19:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.03 19:30:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.03 19:30:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2012.12.03 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2012.12.03 19:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.12.03 19:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012.12.03 19:24:30 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.12.03 19:24:30 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.03 19:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012.12.03 19:24:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp [2012.12.03 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.12.03 19:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012.12.03 19:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012.12.03 19:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.11.25 19:31:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Duke Nukem Forever [2012.11.17 10:46:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.17 10:46:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.17 10:40:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.17 10:40:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.17 10:40:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.17 10:40:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.17 10:40:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.17 10:40:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.17 10:40:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.17 10:40:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.17 10:40:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.17 10:40:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.17 10:40:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.17 10:40:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.17 10:40:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.17 10:40:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.17 10:40:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.17 10:39:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.17 10:39:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.17 10:39:32 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.17 10:39:32 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.17 10:23:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.17 10:23:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.17 10:23:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.17 10:23:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.17 10:23:52 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.17 10:23:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.17 10:23:51 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.17 10:23:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.17 10:23:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.17 10:23:40 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.17 10:23:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.11 18:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Remedy [2012.11.11 10:43:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\My Games [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.03 19:43:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.03 19:43:46 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.03 19:43:46 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.03 19:43:46 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.03 19:43:46 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.03 19:38:08 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.12.03 19:37:45 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.03 19:37:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.03 19:37:27 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012.12.03 19:36:24 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.03 19:34:26 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.03 19:29:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.03 19:29:10 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.03 19:24:29 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.12.03 19:24:29 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012.12.03 19:20:14 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 19:20:14 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 07:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.29 18:42:39 | 000,000,201 | ---- | M] () -- C:\Users\***\Desktop\Borderlands 2.url [2012.11.17 12:29:56 | 000,342,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 18:13:37 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.14 18:13:36 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.03 19:36:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.12.03 19:34:26 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.03 19:30:28 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.03 19:24:51 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.11.29 18:42:39 | 000,000,201 | ---- | C] () -- C:\Users\***\Desktop\Borderlands 2.url [2012.11.17 10:46:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 10:39:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.10.13 20:50:07 | 000,025,483 | ---- | C] () -- C:\Windows\scunin.dat [2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.06.13 19:12:19 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.06.13 19:12:19 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.05.19 10:57:19 | 000,015,428 | ---- | C] () -- C:\Users\***\RefEdit.exd [2012.04.23 05:26:00 | 000,084,253 | ---- | C] () -- C:\Users\***\bookmarks.html [2011.11.02 21:15:06 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.20 15:14:16 | 000,941,537 | ---- | C] () -- C:\Users\***\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf [2011.05.30 12:28:01 | 000,097,769 | ---- | C] () -- C:\Users\***\Gehaltsanalyse Berufserfahrene ***.pdf [2011.05.17 19:53:54 | 000,010,654 | ---- | C] () -- C:\Users\***\Adressbuch.ldif [2011.04.20 09:38:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.04.20 09:38:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.04.20 08:37:54 | 000,098,089 | ---- | C] () -- C:\Users\***\***, ***.V2010 [2011.04.20 08:31:45 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini [2011.03.08 20:15:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.01.25 21:13:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.25 21:13:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.01.22 12:50:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.01.22 12:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.22 12:25:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.22 12:07:59 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2011.01.22 11:12:53 | 010,383,196 | ---- | C] () -- C:\Users\***\fazer600.zip [2011.01.22 11:12:53 | 000,083,234 | ---- | C] () -- C:\Users\***\Wiederbesteller-Rabatt.pdf [2011.01.22 11:12:53 | 000,004,011 | ---- | C] () -- C:\Users\***\Buddies.xml [2011.01.22 10:55:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 19:39:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,34% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 393,27 Gb Free Space | 84,45% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 435,86 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6AA79C-C522-4BFA-A47C-96FEA0701FD9}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FC847C3-86B7-4C39-88C6-D6E239825642}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23955638-095F-4EAF-A8B6-45F9678F9514}" = rport=137 | protocol=17 | dir=out | app=system |
"{27145373-0C72-4777-8B15-E2A482888C85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3301DD80-DE2C-4E2C-AE1C-85D3DE160029}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39EC6AB9-D884-4075-9339-B412B16DE548}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5352180F-CF5B-41F8-B1A4-7E1A060EAD96}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D3E6DB7-7673-4828-922A-E9FF8CB3ECC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FC2E89D-DDA4-496C-8B0C-D36FE2D1D161}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E8761A6-4ED0-4903-8247-F54C9085556F}" = lport=445 | protocol=6 | dir=in | app=system |
"{76B30F77-3C4B-46B2-85C8-ABA577BFBCC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BC9F925-FA40-4D90-A3E9-91C685FF8B76}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C98EF57-BDC1-45DF-958A-88C575B0121C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89BB65D4-CEC7-4694-B0DF-5085CBEAEDBF}" = lport=139 | protocol=6 | dir=in | app=system |
"{96E46253-B371-46A7-91E5-2987B595FBA2}" = rport=138 | protocol=17 | dir=out | app=system |
"{98600902-670A-4CBB-B363-F6674C0E2E45}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9DF0689-1A81-463F-9223-BF9868C2E62E}" = lport=138 | protocol=17 | dir=in | app=system |
"{D8397402-8AFF-4766-896D-26694A453E7E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D9885D4C-4CF8-429A-85AB-E1F0A9356726}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAFD71C9-43E7-4E69-89EF-A53AC499E9DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2DA323D-DCD3-4275-B481-01C6E4CBE9D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{F59DBD69-8FA0-4D4C-BB4C-23F928A00F99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD534736-144F-462D-94D6-176DE453EDFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0058B39D-0EEE-497B-A89F-5BF261C7053F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{0189A506-7216-44DA-8446-0B1F2FF09CBA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{044C82D4-A84C-4D23-AC0F-055B323D7910}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{04C3286C-42F9-429A-8FEB-7B91B6E71AAF}" = protocol=6 | dir=in | app=d:\diablo iii beta\diablo iii.exe |
"{0756700C-E2B6-4E24-AFF5-66A78EB55E14}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{09EDC600-6B6E-48B1-BD58-D603A8A6F5A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0A0CF1BF-27F0-42A9-B522-81F714D0853C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{0E2F3B04-1FCE-43B3-9DC8-888418FA2B73}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{12809A07-E643-4121-AAE7-E59823181DCA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{12AE7D02-4465-4B92-97F1-A61895DDC99B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BE1D7A3-58CF-45BC-92D7-5435CEFC43BB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{1FB57D7A-C660-4EB0-BD55-923694054ACE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{273FC65E-9DF2-4F22-A50E-0B5AF63A430D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{2A8484CD-45A9-45FC-9426-3BF92C4FCF25}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{382E4AA6-18A0-4AD1-BD73-91D50277F704}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{3FE462B5-85F7-47F9-973C-254367B318C2}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{40D1F14E-58D7-48D7-925B-E901B786974C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{4D7386B7-1C2B-4384-A678-07AEF33C46E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50412F8B-12EE-431B-A1E5-32EB66A815F0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{511D6D4B-A35D-4DBA-8BDA-EFDFD35C4B25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53716B8D-81B7-4B6B-B292-3F49ED3293CD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe |
"{5D8F73E9-0B68-477D-AA43-8A45E86A1929}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6546FE63-7001-4927-8AE7-AA71087932B1}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{6EF77DF5-34E3-4984-B259-46442A63FA49}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7434865F-CB99-46AF-B408-8C63B148EC58}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{750CD709-F742-46F7-AFC7-1BE4FC386DC9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{75E09F0E-F931-4A1F-921E-F706D5BCF137}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{75F56C66-1D64-4FCB-949D-228E065F3CED}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{77AA1685-47DF-4735-B38B-149297463BF0}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{7819B4F3-ACCF-4EFA-8EC0-0A9A8C288D0B}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{7AEA9A39-CBA9-4756-B8E0-337A639E0317}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7C29440C-0E63-4E7B-B005-83515F4CCE75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7E1B9F39-21FE-480C-AE57-184D3A82A7D0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{7F4C9F4B-5359-415B-A6C5-BA191924F7A4}" = protocol=17 | dir=in | app=d:\diablo iii beta\diablo iii.exe |
"{843EF6CC-AB47-4278-9B49-0B6F90C0E8AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{873E552B-C4C2-4960-8375-066052A7AC12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8CD43F59-0BC3-4458-95F9-BBB32F9938B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91EA047B-1323-4CE7-ACF3-379D107510DA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{927004BE-9DA8-4C2B-8659-41EB2989DD56}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{982307BD-5E97-44BD-B779-66C6A9B1632F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{98316AE4-D8F7-4995-A99A-5DE53D5174E7}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{9DA244C2-5A48-401A-8687-BFCDFFACBC7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A47B32BB-9871-41AA-BC6E-8C44771895CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A9DAD80C-9604-4EA4-AFCD-853776D04480}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{AB7FD39D-5900-463D-AC91-52710661AAE0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{B30815BC-C88C-4581-A588-926C46A29A9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B401D7FB-C694-4559-A5A0-D24897A1D170}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B4133D4A-7D1D-4D90-8165-B3F7A1AB3682}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{B531541F-08EC-4C6C-B4D0-B355766917C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7CFB3E9-F5B7-430B-AC43-56CF56FCAB0B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{B93A6AF9-D33A-44B8-BB15-133C2720DE2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BB406A8A-9789-42BB-99E0-B812CE9A4BF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C20A8C2D-C45E-4BB8-BA8E-799DBC07157C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{C5C72AA6-2CAC-46EA-A91B-2DBE7DB2D315}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CAB829C0-BCDD-47F3-8F36-F0A29F1C80DD}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{CE2D8D9A-4C4A-4416-B3D9-4D9AC6E8EB69}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D621F2A1-313B-4631-95B4-7EDB6714B195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9A09403-80F4-4A5A-9DBB-DFC67B1F0B9A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{DAC3DF5E-F92B-454D-89A7-23BB34105CC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCA1D8F0-E03E-4BC0-ACE6-3E229577C758}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E2D17E14-0FFC-4937-992F-7E9535E52501}" = protocol=6 | dir=out | app=system |
"{EB1ED4AF-3B50-46A0-93C4-72D4E7E9129A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F33CDD48-CEFE-40BB-B9E4-50FC8805470A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F83421C3-956A-459C-9701-EED2588762B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F861827F-CB89-49DD-A75E-F6E46A97B905}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{FA4EE750-5EC5-4818-B189-3B6B5FEE0A52}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{FBC8C18A-FFEF-43A6-90DC-F1FE11853C87}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{FC1DD3D7-CC52-458C-A40F-69372CAAB1EA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe |
"{FE0132D9-A489-4FF5-A4AD-0E81B3522F69}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{FEF581F5-7044-4D9C-A730-A791B387A368}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FEFA7A39-150F-4C54-BE98-48FFB430C812}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{0DD65740-C8E0-4195-8E52-87BFD4C898E2}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{10203671-33CC-43C0-B794-D850F6D1AF7E}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{17ABC9ED-AA47-4C11-94C9-9E05951BD16A}D:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{1B2B2EFF-E302-4B0E-A1F3-63BAF51DAC55}D:\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=d:\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{20991CAB-775C-4B73-9A8A-E044AF3F6AB8}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{3DE812D4-34F8-43E4-805F-D7F4F51250F8}C:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe |
"TCP Query User{3F4C0E83-7799-4B1E-89EB-B5CA40A08A22}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{45336AEB-1043-4DED-911B-832801B7ABE7}C:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe |
"TCP Query User{52FB8FF3-6B6C-47A4-B1C4-71039248B7AF}D:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\starcraft\starcraft.exe |
"TCP Query User{6AE6E5E3-7A51-4F22-9158-4E29811F140C}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"TCP Query User{A70C1860-F161-4141-BB3D-3D57A646DFE8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{EB7D4F24-8423-4CB1-9C48-9570CBC9DA16}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{EE52BD31-4EB6-4B72-A0FE-58B821A420C5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0E04FB76-15B3-4080-B3E7-83310EA8B446}C:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe |
"UDP Query User{269D1DBD-D549-4A51-80F9-2CA49038E47C}D:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\starcraft\starcraft.exe |
"UDP Query User{340F422F-EAD7-442B-8134-38CB246990A4}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{3CD6D987-1735-42EF-9E34-DFDD4B045EA4}D:\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=d:\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{3F345E3A-91E7-4714-848E-F0CE75287A02}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"UDP Query User{52029185-1919-459F-A993-11382F48DF03}C:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe |
"UDP Query User{81F3E7E3-9E88-4986-9DB1-CDFF81DD1F75}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{8A6B4F49-59B8-4C21-9951-B4BD9C1BE317}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{99AE3FCF-8EE1-40C6-9DA1-DE7E5C5F0A8C}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{A76A2282-C18F-4087-A2FE-28C40585A6BF}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{B5CE19BE-9693-42AF-8281-EA1898BC9819}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{BD8ABC55-61C1-4472-89FB-B1D5F38C649B}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{E455EA82-BFAC-4F1C-909F-9E9132E42D50}D:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ABEF5E2-4F31-9543-EF17-AFC61AD96DB5}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7A47656D-0369-4C67-D98C-DA369EC504C2}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{DE1B48FB-0EA4-6E6F-5335-9095994CB7EB}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.20
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian
"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai
"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All
"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy
"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common
"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese
"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English
"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek
"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop
"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese
"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish
"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish
"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional
"{e05859e4-7455-4d01-a9dc-1da760a5d903}" = Ad-Aware Antivirus
"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian
"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"adawaretb" = Ad-Aware Security Add-on
"Avira AntiVir Desktop" = Avira Free Antivirus
"Civilization V" = Sid Meier's Civilization V
"Diablo III" = Diablo III
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Star Trek Online" = Star Trek Online
"Starcraft" = Starcraft
"Steam App 400" = Portal
"Steam App 49520" = Borderlands 2
"Steam App 50130" = Mafia II
"Steam App 50300" = Spec Ops: The Line
"Steam App 50620" = Darksiders
"Steam App 57900" = Duke Nukem Forever
"Steam App 8930" = Sid Meier's Civilization V
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2012 11:34:35 | Computer Name = *** | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 25.03.2012 11:36:05 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.03.2012 13:16:06 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 29.03.2012 16:01:56 | Computer Name = *** | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 29.03.2012 16:03:13 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.04.2012 12:49:15 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 05.04.2012 00:45:53 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.04.2012 07:51:44 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.04.2012 08:31:53 | Computer Name = *** | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 06.04.2012 08:33:22 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 02.12.2012 12:48:47 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 02.12.2012 12:48:47 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 03.12.2012 01:32:16 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 03.12.2012 01:32:16 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 03.12.2012 13:09:55 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 03.12.2012 13:09:55 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 03.12.2012 14:12:38 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 03.12.2012 14:12:38 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 03.12.2012 14:37:45 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 03.12.2012 14:37:45 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
< End of report >
Code:
ATTFilter This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
"x44195725797@pol.com":
domain has no mail exchangers
--- The header of the original message is following. ---
Received: from tjudezaci ([113.240.220.125]) by smtp.web.de (mrweb101) with
ESMTPA (Nemesis) id 0MAdx1-1TVPNq3Hb9-00BWEM for <x44195725797@pol.com>; Mon,
03 Dec 2012 17:05:30 +0100
Message-ID: <C564AA159D70A42BB9405BCAA73EB12D@tjudezaci>
From: "WOW"
To: <x44195725797@pol.com>
Subject: =?utf-8?B?4piFPDU3NTQ3ND7imIVXT1dnb2xkX18x?=
=?utf-8?B?M1VTRD0xMEsgUHJvbWlzZSA1TUk=?=
=?utf-8?B?TlMgZGVsaXZlcnkh?=
Date: Tue, 4 Dec 2012 00:05:23 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0291_015BE0F3.17BFBCC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Sender: XXX.XXX@web.de
X-Provags-ID: V02:K0:XN19+LEzJneBirPOmvw4glKt5Nme3zmUoJqvPRWeX8o
EE+eAHBxBn9ibdqWATLLX+O/ugHoyFt8BVR0JTvrBHDwVhMqLf
0kdWKspJOCQVL2mCLh0Z6Ivv72puUOqKBzspKx96+gTDCn7Jdw
SNpZEWGQTyNb4adK1iVJ/ulKNm1B+mqdxwTZODd6A7f6QUklW/
Tfl+8kRilLsTHY/vtgNlA==
Code:
ATTFilter This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
"gdx@yahoo.co.uk":
SMTP error from remote server after transfer of mail text:
host: mx-eu.mail.am0.yahoodns.net
delivery error: dd This user doesn't have a yahoo.co.uk account (gdx@yahoo.co.uk) [-5] - mta1084.mail.ukl.yahoo.com
--- The header of the original message is following. ---
Received: from qtjrfy ([113.240.220.125]) by smtp.web.de (mrweb101) with
ESMTPA (Nemesis) id 0MRU72-1Tlyxm2nua-00TLrV for <gdx@yahoo.co.uk>; Mon, 03
Dec 2012 07:21:00 +0100
Message-ID: <38A6AE75E8008EE192D8548CD0997F29@qtjrfy>
From: "WOW"
To: <gdx@yahoo.co.uk>
Subject: =?utf-8?B?4piFPDIyNDMwNz7imIVXT1dnb2xkX18x?=
=?utf-8?B?M1VTRD0xMEsgUHJvbWlzZSA1TUk=?=
=?utf-8?B?TlMgZGVsaXZlcnkh?=
Date: Mon, 3 Dec 2012 14:20:49 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0F0C_019453A6.1880AE60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Sender: XXX.XXX@web.de
X-Provags-ID: V02:K0:BXpkJtWW2j7prPd7SNY1yXoqh34OFIOZfWU19dk2Dc6
ZanTNASADQwo/cNsYqy39cTXYI9bJ9TvX9JXRnqWj7yjZ0L3wc
zFw+vD/IZH8Ym7k66GWf6cM3VHvUKg5Z0cTSMNReMKaHtmUIB5
4F837uKylXc91a741ztDjGKMWWtdvT6QtfZVlft0yKTP84VBmq
JmRXUU/C2wr50YOcQc3MA==
Code:
ATTFilter This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
"aznkooldude2009@yahoo.com":
delivery attempt aborted after too many errors
--- The header of the original message is following. ---
Received: from broc ([113.240.220.125]) by smtp.web.de (mrweb003) with ESMTPA
(Nemesis) id 0MRCoR-1TnVS93JkN-00UG92 for <aznkooldude2009@yahoo.com>; Thu,
29 Nov 2012 04:35:56 +0100
Message-ID: <ED5DE27692D43F87BA4C0173337BBA36@broc>
From: "WOW"
To: <aznkooldude2009@yahoo.com>
Subject: =?utf-8?B?4piFV09XR09MROKYhV9fMTAwMDBHPTEw?=
=?utf-8?B?VVNEIFRvZGF54piFOTYzODY=?=
Date: Thu, 29 Nov 2012 11:35:52 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_066B_0149780A.1AF25370"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Sender: XXX.XXX@web.de
X-Provags-ID: V02:K0:IcECKPYq/izCphQhzakEX/8+2NxLbZALm4CT6ye5GYd
P/2JcSv9KX2A7Mt/44h2jUtODfI7oaelv72NlyGPTHCZK4rbPW
oNS3ggPqEIRl4gbAoFLIhVKLAIL7dINPnhvewoKrc3HvhOZruE
BiPdb/URGzVhN2QUZN2PPsOG7S/LAZd5qaSpdowYdKpnwursDP
MRc/z7gu6RV+rOvZDdGSQ==
Ich hoffe, jemand kann mir hierbei helfen oder zumindest bestätigen, dass sich bei mir kein Wurm oder so im System befindet. MfG |
|
03.12.2012, 20:20
| #2 |
| /// Malware-holic   | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Hi
__________________passwörter erst am ende ändern. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
03.12.2012, 20:31
| #3 |
| | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Hi,
__________________OK, dann PW noch nicht reseten. Anbei das Logfile. 2 Medium Funde mit Skip bestätigt. Code:
ATTFilter 20:28:27.0677 1820 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:28:27.0983 1820 ============================================================
20:28:27.0984 1820 Current date / time: 2012/12/03 20:28:27.0983
20:28:27.0984 1820 SystemInfo:
20:28:27.0984 1820
20:28:27.0984 1820 OS Version: 6.1.7601 ServicePack: 1.0
20:28:27.0984 1820 Product type: Workstation
20:28:27.0984 1820 ComputerName: ***
20:28:27.0984 1820 UserName: ***
20:28:27.0984 1820 Windows directory: C:\Windows
20:28:27.0984 1820 System windows directory: C:\Windows
20:28:27.0984 1820 Running under WOW64
20:28:27.0984 1820 Processor architecture: Intel x64
20:28:27.0984 1820 Number of processors: 2
20:28:27.0984 1820 Page size: 0x1000
20:28:27.0984 1820 Boot type: Normal boot
20:28:27.0984 1820 ============================================================
20:28:28.0827 1820 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:28:28.0856 1820 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:28:28.0859 1820 ============================================================
20:28:28.0859 1820 \Device\Harddisk1\DR1:
20:28:28.0859 1820 MBR partitions:
20:28:28.0859 1820 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:28:28.0859 1820 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:28:28.0859 1820 \Device\Harddisk0\DR0:
20:28:28.0860 1820 MBR partitions:
20:28:28.0860 1820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
20:28:28.0860 1820 ============================================================
20:28:28.0883 1820 C: <-> \Device\Harddisk1\DR1\Partition2
20:28:28.0913 1820 D: <-> \Device\Harddisk0\DR0\Partition1
20:28:28.0913 1820 ============================================================
20:28:28.0913 1820 Initialize success
20:28:28.0913 1820 ============================================================
20:28:33.0121 3428 ============================================================
20:28:33.0121 3428 Scan started
20:28:33.0121 3428 Mode: Manual; SigCheck; TDLFS;
20:28:33.0121 3428 ============================================================
20:28:33.0748 3428 ================ Scan system memory ========================
20:28:33.0748 3428 System memory - ok
20:28:33.0749 3428 ================ Scan services =============================
20:28:33.0883 3428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:28:33.0926 3428 1394ohci - ok
20:28:33.0951 3428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:28:33.0963 3428 ACPI - ok
20:28:33.0987 3428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:28:33.0998 3428 AcpiPmi - ok
20:28:34.0100 3428 [ AAD408B6A66595432405C97F73D6FF00 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
20:28:34.0125 3428 Ad-Aware Service - ok
20:28:34.0161 3428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:28:34.0175 3428 adp94xx - ok
20:28:34.0194 3428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:28:34.0206 3428 adpahci - ok
20:28:34.0218 3428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:28:34.0228 3428 adpu320 - ok
20:28:34.0253 3428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:28:34.0279 3428 AeLookupSvc - ok
20:28:34.0317 3428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:28:34.0330 3428 AFD - ok
20:28:34.0360 3428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:28:34.0370 3428 agp440 - ok
20:28:34.0383 3428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:28:34.0394 3428 ALG - ok
20:28:34.0413 3428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:28:34.0423 3428 aliide - ok
20:28:34.0437 3428 [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:28:34.0450 3428 AMD External Events Utility - ok
20:28:34.0465 3428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:28:34.0473 3428 amdide - ok
20:28:34.0491 3428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:28:34.0501 3428 AmdK8 - ok
20:28:34.0657 3428 [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:28:34.0727 3428 amdkmdag - ok
20:28:34.0753 3428 [ 20B63276A1920B41E1C56720B395049B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:28:34.0762 3428 amdkmdap - ok
20:28:34.0772 3428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:28:34.0781 3428 AmdPPM - ok
20:28:34.0816 3428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:28:34.0825 3428 amdsata - ok
20:28:34.0838 3428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:28:34.0849 3428 amdsbs - ok
20:28:34.0861 3428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:28:34.0870 3428 amdxata - ok
20:28:34.0924 3428 [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:28:34.0934 3428 AntiVirSchedulerService - ok
20:28:34.0976 3428 [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:28:34.0987 3428 AntiVirService - ok
20:28:35.0023 3428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:28:35.0059 3428 AppID - ok
20:28:35.0069 3428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:28:35.0097 3428 AppIDSvc - ok
20:28:35.0118 3428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:28:35.0143 3428 Appinfo - ok
20:28:35.0180 3428 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:28:35.0190 3428 AppMgmt - ok
20:28:35.0206 3428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:28:35.0215 3428 arc - ok
20:28:35.0223 3428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:28:35.0233 3428 arcsas - ok
20:28:35.0313 3428 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
20:28:35.0322 3428 AsIO - ok
20:28:35.0351 3428 Aspi32 - ok
20:28:35.0363 3428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:28:35.0401 3428 AsyncMac - ok
20:28:35.0423 3428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:28:35.0432 3428 atapi - ok
20:28:35.0485 3428 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:28:35.0512 3428 athr - ok
20:28:35.0546 3428 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:28:35.0553 3428 AtiHDAudioService - ok
20:28:35.0711 3428 [ F6640D83AF0FD74C50E23E68548EA9A0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:28:35.0781 3428 atikmdag - ok
20:28:35.0821 3428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:28:35.0850 3428 AudioEndpointBuilder - ok
20:28:35.0871 3428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:28:35.0900 3428 AudioSrv - ok
20:28:35.0923 3428 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:28:35.0931 3428 avgntflt - ok
20:28:35.0948 3428 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:28:35.0956 3428 avipbb - ok
20:28:35.0986 3428 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:28:35.0994 3428 avkmgr - ok
20:28:36.0021 3428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:28:36.0034 3428 AxInstSV - ok
20:28:36.0058 3428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:28:36.0070 3428 b06bdrv - ok
20:28:36.0098 3428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:28:36.0109 3428 b57nd60a - ok
20:28:36.0125 3428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:28:36.0135 3428 BDESVC - ok
20:28:36.0153 3428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:28:36.0179 3428 Beep - ok
20:28:36.0226 3428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:28:36.0262 3428 BFE - ok
20:28:36.0293 3428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:28:36.0325 3428 BITS - ok
20:28:36.0333 3428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:28:36.0343 3428 blbdrive - ok
20:28:36.0367 3428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:28:36.0376 3428 bowser - ok
20:28:36.0385 3428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:28:36.0396 3428 BrFiltLo - ok
20:28:36.0407 3428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:28:36.0418 3428 BrFiltUp - ok
20:28:36.0440 3428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:28:36.0450 3428 Browser - ok
20:28:36.0462 3428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:28:36.0473 3428 Brserid - ok
20:28:36.0487 3428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:28:36.0498 3428 BrSerWdm - ok
20:28:36.0508 3428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:28:36.0518 3428 BrUsbMdm - ok
20:28:36.0529 3428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:28:36.0538 3428 BrUsbSer - ok
20:28:36.0550 3428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:28:36.0561 3428 BTHMODEM - ok
20:28:36.0572 3428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:28:36.0598 3428 bthserv - ok
20:28:36.0611 3428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:28:36.0638 3428 cdfs - ok
20:28:36.0672 3428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:28:36.0682 3428 cdrom - ok
20:28:36.0709 3428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:28:36.0734 3428 CertPropSvc - ok
20:28:36.0760 3428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:28:36.0772 3428 circlass - ok
20:28:36.0795 3428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:28:36.0807 3428 CLFS - ok
20:28:36.0854 3428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:36.0866 3428 clr_optimization_v2.0.50727_32 - ok
20:28:36.0908 3428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:28:36.0920 3428 clr_optimization_v2.0.50727_64 - ok
20:28:36.0955 3428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:36.0968 3428 clr_optimization_v4.0.30319_32 - ok
20:28:37.0021 3428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:28:37.0033 3428 clr_optimization_v4.0.30319_64 - ok
20:28:37.0048 3428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:28:37.0062 3428 CmBatt - ok
20:28:37.0088 3428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:28:37.0101 3428 cmdide - ok
20:28:37.0139 3428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:28:37.0166 3428 CNG - ok
20:28:37.0171 3428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:28:37.0181 3428 Compbatt - ok
20:28:37.0197 3428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:28:37.0208 3428 CompositeBus - ok
20:28:37.0220 3428 COMSysApp - ok
20:28:37.0224 3428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:28:37.0233 3428 crcdisk - ok
20:28:37.0255 3428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:28:37.0265 3428 CryptSvc - ok
20:28:37.0292 3428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:28:37.0305 3428 CSC - ok
20:28:37.0335 3428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:28:37.0349 3428 CscService - ok
20:28:37.0418 3428 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:28:37.0427 3428 DAUpdaterSvc - ok
20:28:37.0454 3428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:28:37.0491 3428 DcomLaunch - ok
20:28:37.0511 3428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:28:37.0539 3428 defragsvc - ok
20:28:37.0573 3428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:28:37.0598 3428 DfsC - ok
20:28:37.0656 3428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:28:37.0673 3428 Dhcp - ok
20:28:37.0690 3428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:28:37.0716 3428 discache - ok
20:28:37.0751 3428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:28:37.0761 3428 Disk - ok
20:28:37.0844 3428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:28:37.0855 3428 Dnscache - ok
20:28:37.0899 3428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:28:37.0927 3428 dot3svc - ok
20:28:37.0954 3428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:28:37.0981 3428 DPS - ok
20:28:38.0005 3428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:28:38.0017 3428 drmkaud - ok
20:28:38.0070 3428 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
20:28:38.0074 3428 DTSRVC ( UnsignedFile.Multi.Generic ) - warning
20:28:38.0074 3428 DTSRVC - detected UnsignedFile.Multi.Generic (1)
20:28:38.0113 3428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:28:38.0133 3428 DXGKrnl - ok
20:28:38.0144 3428 EagleX64 - ok
20:28:38.0162 3428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:28:38.0198 3428 EapHost - ok
20:28:38.0267 3428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:28:38.0303 3428 ebdrv - ok
20:28:38.0324 3428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:28:38.0334 3428 EFS - ok
20:28:38.0374 3428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:28:38.0390 3428 ehRecvr - ok
20:28:38.0412 3428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:28:38.0423 3428 ehSched - ok
20:28:38.0448 3428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:28:38.0462 3428 elxstor - ok
20:28:38.0495 3428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:28:38.0504 3428 ErrDev - ok
20:28:38.0536 3428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:28:38.0568 3428 EventSystem - ok
20:28:38.0580 3428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:28:38.0609 3428 exfat - ok
20:28:38.0623 3428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:28:38.0653 3428 fastfat - ok
20:28:38.0691 3428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:28:38.0705 3428 Fax - ok
20:28:38.0718 3428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:28:38.0727 3428 fdc - ok
20:28:38.0739 3428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:28:38.0766 3428 fdPHost - ok
20:28:38.0778 3428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:28:38.0805 3428 FDResPub - ok
20:28:38.0814 3428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:28:38.0823 3428 FileInfo - ok
20:28:38.0834 3428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:28:38.0860 3428 Filetrace - ok
20:28:38.0867 3428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:28:38.0877 3428 flpydisk - ok
20:28:38.0908 3428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:28:38.0919 3428 FltMgr - ok
20:28:38.0962 3428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:28:38.0980 3428 FontCache - ok
20:28:39.0019 3428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:28:39.0026 3428 FontCache3.0.0.0 - ok
20:28:39.0030 3428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:28:39.0040 3428 FsDepends - ok
20:28:39.0059 3428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:28:39.0069 3428 Fs_Rec - ok
20:28:39.0096 3428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:28:39.0109 3428 fvevol - ok
20:28:39.0125 3428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:28:39.0134 3428 gagp30kx - ok
20:28:39.0187 3428 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
20:28:39.0197 3428 gfibto - ok
20:28:39.0236 3428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:28:39.0280 3428 gpsvc - ok
20:28:39.0337 3428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:28:39.0349 3428 gupdate - ok
20:28:39.0362 3428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:28:39.0370 3428 gupdatem - ok
20:28:39.0377 3428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:28:39.0386 3428 hcw85cir - ok
20:28:39.0422 3428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:28:39.0436 3428 HdAudAddService - ok
20:28:39.0456 3428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:28:39.0467 3428 HDAudBus - ok
20:28:39.0471 3428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:28:39.0481 3428 HidBatt - ok
20:28:39.0491 3428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:28:39.0502 3428 HidBth - ok
20:28:39.0515 3428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:28:39.0527 3428 HidIr - ok
20:28:39.0543 3428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:28:39.0569 3428 hidserv - ok
20:28:39.0605 3428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:28:39.0619 3428 HidUsb - ok
20:28:39.0645 3428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:28:39.0674 3428 hkmsvc - ok
20:28:39.0708 3428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:28:39.0720 3428 HomeGroupListener - ok
20:28:39.0753 3428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:28:39.0764 3428 HomeGroupProvider - ok
20:28:39.0801 3428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:28:39.0811 3428 HpSAMD - ok
20:28:39.0855 3428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:28:39.0886 3428 HTTP - ok
20:28:39.0912 3428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:28:39.0921 3428 hwpolicy - ok
20:28:39.0947 3428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:28:39.0957 3428 i8042prt - ok
20:28:40.0004 3428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:28:40.0017 3428 iaStorV - ok
20:28:40.0050 3428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:28:40.0066 3428 idsvc - ok
20:28:40.0079 3428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:28:40.0090 3428 iirsp - ok
20:28:40.0132 3428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:28:40.0164 3428 IKEEXT - ok
20:28:40.0172 3428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:28:40.0181 3428 intelide - ok
20:28:40.0200 3428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:28:40.0210 3428 intelppm - ok
20:28:40.0216 3428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:28:40.0244 3428 IPBusEnum - ok
20:28:40.0267 3428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:28:40.0293 3428 IpFilterDriver - ok
20:28:40.0327 3428 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:28:40.0346 3428 iphlpsvc - ok
20:28:40.0362 3428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:28:40.0372 3428 IPMIDRV - ok
20:28:40.0384 3428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:28:40.0411 3428 IPNAT - ok
20:28:40.0424 3428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:28:40.0436 3428 IRENUM - ok
20:28:40.0467 3428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:28:40.0476 3428 isapnp - ok
20:28:40.0489 3428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:28:40.0500 3428 iScsiPrt - ok
20:28:40.0512 3428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:28:40.0521 3428 kbdclass - ok
20:28:40.0544 3428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:28:40.0554 3428 kbdhid - ok
20:28:40.0565 3428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:28:40.0575 3428 KeyIso - ok
20:28:40.0600 3428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:28:40.0609 3428 KSecDD - ok
20:28:40.0633 3428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:28:40.0643 3428 KSecPkg - ok
20:28:40.0667 3428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:28:40.0694 3428 ksthunk - ok
20:28:40.0717 3428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:28:40.0745 3428 KtmRm - ok
20:28:40.0779 3428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:28:40.0806 3428 LanmanServer - ok
20:28:40.0832 3428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:28:40.0859 3428 LanmanWorkstation - ok
20:28:40.0938 3428 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:28:40.0951 3428 LBTServ - ok
20:28:40.0975 3428 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:28:40.0984 3428 LHidFilt - ok
20:28:41.0008 3428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:28:41.0046 3428 lltdio - ok
20:28:41.0070 3428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:28:41.0099 3428 lltdsvc - ok
20:28:41.0102 3428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:28:41.0129 3428 lmhosts - ok
20:28:41.0146 3428 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:28:41.0153 3428 LMouFilt - ok
20:28:41.0167 3428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:28:41.0176 3428 LSI_FC - ok
20:28:41.0188 3428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:28:41.0197 3428 LSI_SAS - ok
20:28:41.0205 3428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:28:41.0214 3428 LSI_SAS2 - ok
20:28:41.0229 3428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:28:41.0238 3428 LSI_SCSI - ok
20:28:41.0259 3428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:28:41.0285 3428 luafv - ok
20:28:41.0302 3428 [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
20:28:41.0309 3428 LUsbFilt - ok
20:28:41.0333 3428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:28:41.0344 3428 Mcx2Svc - ok
20:28:41.0357 3428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:28:41.0366 3428 megasas - ok
20:28:41.0381 3428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:28:41.0393 3428 MegaSR - ok
20:28:41.0414 3428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:28:41.0441 3428 MMCSS - ok
20:28:41.0448 3428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:28:41.0474 3428 Modem - ok
20:28:41.0487 3428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:28:41.0498 3428 monitor - ok
20:28:41.0540 3428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:28:41.0548 3428 mouclass - ok
20:28:41.0554 3428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:28:41.0563 3428 mouhid - ok
20:28:41.0617 3428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:28:41.0630 3428 mountmgr - ok
20:28:41.0694 3428 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:28:41.0706 3428 MozillaMaintenance - ok
20:28:41.0730 3428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:28:41.0745 3428 mpio - ok
20:28:41.0759 3428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:28:41.0797 3428 mpsdrv - ok
20:28:41.0833 3428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:28:41.0864 3428 MpsSvc - ok
20:28:41.0892 3428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:28:41.0906 3428 MRxDAV - ok
20:28:41.0932 3428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:41.0942 3428 mrxsmb - ok
20:28:41.0970 3428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:41.0983 3428 mrxsmb10 - ok
20:28:41.0993 3428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:42.0007 3428 mrxsmb20 - ok
20:28:42.0021 3428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:28:42.0033 3428 msahci - ok
20:28:42.0046 3428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:28:42.0061 3428 msdsm - ok
20:28:42.0087 3428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:28:42.0103 3428 MSDTC - ok
20:28:42.0124 3428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:28:42.0160 3428 Msfs - ok
20:28:42.0170 3428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:28:42.0195 3428 mshidkmdf - ok
20:28:42.0218 3428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:28:42.0226 3428 msisadrv - ok
20:28:42.0252 3428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:28:42.0279 3428 MSiSCSI - ok
20:28:42.0282 3428 msiserver - ok
20:28:42.0299 3428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:28:42.0325 3428 MSKSSRV - ok
20:28:42.0343 3428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:28:42.0369 3428 MSPCLOCK - ok
20:28:42.0378 3428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:28:42.0404 3428 MSPQM - ok
20:28:42.0431 3428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:28:42.0443 3428 MsRPC - ok
20:28:42.0453 3428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:28:42.0462 3428 mssmbios - ok
20:28:42.0475 3428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:28:42.0501 3428 MSTEE - ok
20:28:42.0505 3428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:28:42.0515 3428 MTConfig - ok
20:28:42.0537 3428 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:28:42.0543 3428 MTsensor - ok
20:28:42.0567 3428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:28:42.0576 3428 Mup - ok
20:28:42.0609 3428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:28:42.0650 3428 napagent - ok
20:28:42.0677 3428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:28:42.0692 3428 NativeWifiP - ok
20:28:42.0739 3428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:28:42.0762 3428 NDIS - ok
20:28:42.0776 3428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:28:42.0802 3428 NdisCap - ok
20:28:42.0814 3428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:28:42.0840 3428 NdisTapi - ok
20:28:42.0868 3428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:28:42.0892 3428 Ndisuio - ok
20:28:42.0946 3428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:42.0983 3428 NdisWan - ok
20:28:43.0005 3428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:28:43.0030 3428 NDProxy - ok
20:28:43.0046 3428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:28:43.0072 3428 NetBIOS - ok
20:28:43.0099 3428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:28:43.0125 3428 NetBT - ok
20:28:43.0132 3428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:28:43.0142 3428 Netlogon - ok
20:28:43.0170 3428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:28:43.0201 3428 Netman - ok
20:28:43.0216 3428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:28:43.0248 3428 netprofm - ok
20:28:43.0267 3428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:28:43.0275 3428 NetTcpPortSharing - ok
20:28:43.0287 3428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:28:43.0296 3428 nfrd960 - ok
20:28:43.0319 3428 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:28:43.0332 3428 NlaSvc - ok
20:28:43.0338 3428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:28:43.0366 3428 Npfs - ok
20:28:43.0386 3428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:28:43.0414 3428 nsi - ok
20:28:43.0420 3428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:28:43.0448 3428 nsiproxy - ok
20:28:43.0498 3428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:28:43.0525 3428 Ntfs - ok
20:28:43.0537 3428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:28:43.0563 3428 Null - ok
20:28:43.0590 3428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:28:43.0600 3428 nvraid - ok
20:28:43.0627 3428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:28:43.0637 3428 nvstor - ok
20:28:43.0672 3428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:28:43.0682 3428 nv_agp - ok
20:28:43.0705 3428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:28:43.0715 3428 ohci1394 - ok
20:28:43.0778 3428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:28:43.0789 3428 ose - ok
20:28:43.0952 3428 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:28:44.0021 3428 osppsvc - ok
20:28:44.0039 3428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:28:44.0051 3428 p2pimsvc - ok
20:28:44.0066 3428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:28:44.0079 3428 p2psvc - ok
20:28:44.0098 3428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:28:44.0107 3428 Parport - ok
20:28:44.0124 3428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:28:44.0134 3428 partmgr - ok
20:28:44.0147 3428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:28:44.0162 3428 PcaSvc - ok
20:28:44.0170 3428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:28:44.0180 3428 pci - ok
20:28:44.0208 3428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:28:44.0217 3428 pciide - ok
20:28:44.0236 3428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:28:44.0247 3428 pcmcia - ok
20:28:44.0259 3428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:28:44.0268 3428 pcw - ok
20:28:44.0294 3428 [ FD1BB23371EE2E5E3076D7B0D8B33E91 ] PdiPorts C:\Windows\system32\DRIVERS\PdiPorts.sys
20:28:44.0300 3428 PdiPorts - ok
20:28:44.0325 3428 [ A1F1260AD7AEABA9D53724E66AA274BA ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
20:28:44.0328 3428 PdiService ( UnsignedFile.Multi.Generic ) - warning
20:28:44.0328 3428 PdiService - detected UnsignedFile.Multi.Generic (1)
20:28:44.0350 3428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:28:44.0381 3428 PEAUTH - ok
20:28:44.0422 3428 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:28:44.0442 3428 PeerDistSvc - ok
20:28:44.0509 3428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:28:44.0522 3428 PerfHost - ok
20:28:44.0573 3428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:28:44.0617 3428 pla - ok
20:28:44.0643 3428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:28:44.0656 3428 PlugPlay - ok
20:28:44.0666 3428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:28:44.0676 3428 PNRPAutoReg - ok
20:28:44.0689 3428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:28:44.0701 3428 PNRPsvc - ok
20:28:44.0726 3428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:28:44.0754 3428 PolicyAgent - ok
20:28:44.0777 3428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:28:44.0804 3428 Power - ok
20:28:44.0821 3428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:28:44.0846 3428 PptpMiniport - ok
20:28:44.0864 3428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:28:44.0873 3428 Processor - ok
20:28:44.0901 3428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:28:44.0912 3428 ProfSvc - ok
20:28:44.0923 3428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:28:44.0933 3428 ProtectedStorage - ok
20:28:44.0960 3428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:28:44.0985 3428 Psched - ok
20:28:45.0020 3428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:28:45.0045 3428 ql2300 - ok
20:28:45.0063 3428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:28:45.0073 3428 ql40xx - ok
20:28:45.0091 3428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:28:45.0106 3428 QWAVE - ok
20:28:45.0121 3428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:28:45.0135 3428 QWAVEdrv - ok
20:28:45.0141 3428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:28:45.0168 3428 RasAcd - ok
20:28:45.0186 3428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:28:45.0213 3428 RasAgileVpn - ok
20:28:45.0219 3428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:28:45.0248 3428 RasAuto - ok
20:28:45.0285 3428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:28:45.0312 3428 Rasl2tp - ok
20:28:45.0344 3428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:28:45.0373 3428 RasMan - ok
20:28:45.0387 3428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:28:45.0417 3428 RasPppoe - ok
20:28:45.0429 3428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:28:45.0456 3428 RasSstp - ok
20:28:45.0484 3428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:28:45.0512 3428 rdbss - ok
20:28:45.0526 3428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:28:45.0537 3428 rdpbus - ok
20:28:45.0547 3428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:28:45.0574 3428 RDPCDD - ok
20:28:45.0607 3428 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:28:45.0621 3428 RDPDR - ok
20:28:45.0643 3428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:28:45.0675 3428 RDPENCDD - ok
20:28:45.0685 3428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:28:45.0711 3428 RDPREFMP - ok
20:28:45.0743 3428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:28:45.0753 3428 RDPWD - ok
20:28:45.0773 3428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:28:45.0783 3428 rdyboost - ok
20:28:45.0799 3428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:28:45.0826 3428 RemoteAccess - ok
20:28:45.0844 3428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:28:45.0872 3428 RemoteRegistry - ok
20:28:45.0892 3428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:28:45.0919 3428 RpcEptMapper - ok
20:28:45.0937 3428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:28:45.0947 3428 RpcLocator - ok
20:28:45.0978 3428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:28:46.0008 3428 RpcSs - ok
20:28:46.0022 3428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:28:46.0049 3428 rspndr - ok
20:28:46.0064 3428 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:28:46.0075 3428 RTL8167 - ok
20:28:46.0094 3428 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:28:46.0103 3428 s3cap - ok
20:28:46.0115 3428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:28:46.0125 3428 SamSs - ok
20:28:46.0238 3428 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
20:28:46.0291 3428 SBAMSvc - ok
20:28:46.0331 3428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:28:46.0340 3428 sbp2port - ok
20:28:46.0365 3428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:28:46.0393 3428 SCardSvr - ok
20:28:46.0413 3428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:28:46.0438 3428 scfilter - ok
20:28:46.0480 3428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:28:46.0522 3428 Schedule - ok
20:28:46.0550 3428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:28:46.0575 3428 SCPolicySvc - ok
20:28:46.0602 3428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:28:46.0613 3428 SDRSVC - ok
20:28:46.0631 3428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:28:46.0657 3428 secdrv - ok
20:28:46.0674 3428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:28:46.0700 3428 seclogon - ok
20:28:46.0707 3428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:28:46.0734 3428 SENS - ok
20:28:46.0746 3428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:28:46.0757 3428 SensrSvc - ok
20:28:46.0781 3428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:28:46.0791 3428 Serenum - ok
20:28:46.0802 3428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:28:46.0811 3428 Serial - ok
20:28:46.0844 3428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:28:46.0853 3428 sermouse - ok
20:28:46.0875 3428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:28:46.0902 3428 SessionEnv - ok
20:28:46.0932 3428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:28:46.0941 3428 sffdisk - ok
20:28:46.0952 3428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:28:46.0961 3428 sffp_mmc - ok
20:28:46.0974 3428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:28:46.0985 3428 sffp_sd - ok
20:28:46.0993 3428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:28:47.0002 3428 sfloppy - ok
20:28:47.0027 3428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:28:47.0056 3428 SharedAccess - ok
20:28:47.0078 3428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:28:47.0107 3428 ShellHWDetection - ok
20:28:47.0119 3428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:28:47.0128 3428 SiSRaid2 - ok
20:28:47.0137 3428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:28:47.0147 3428 SiSRaid4 - ok
20:28:47.0285 3428 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:28:47.0336 3428 Skype C2C Service - ok
20:28:47.0395 3428 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:28:47.0406 3428 SkypeUpdate - ok
20:28:47.0423 3428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:28:47.0456 3428 Smb - ok
20:28:47.0484 3428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:28:47.0499 3428 SNMPTRAP - ok
20:28:47.0508 3428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:28:47.0520 3428 spldr - ok
20:28:47.0550 3428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:28:47.0564 3428 Spooler - ok
20:28:47.0650 3428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:28:47.0712 3428 sppsvc - ok
20:28:47.0723 3428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:28:47.0752 3428 sppuinotify - ok
20:28:47.0796 3428 [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd C:\Windows\System32\Drivers\sptd.sys
20:28:47.0812 3428 sptd - ok
20:28:47.0847 3428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:28:47.0859 3428 srv - ok
20:28:47.0880 3428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:28:47.0892 3428 srv2 - ok
20:28:47.0902 3428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:28:47.0912 3428 srvnet - ok
20:28:47.0933 3428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:28:47.0962 3428 SSDPSRV - ok
20:28:47.0980 3428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:28:48.0010 3428 SstpSvc - ok
20:28:48.0063 3428 Steam Client Service - ok
20:28:48.0122 3428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:28:48.0135 3428 stexstor - ok
20:28:48.0180 3428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:28:48.0206 3428 stisvc - ok
20:28:48.0232 3428 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:28:48.0246 3428 storflt - ok
20:28:48.0266 3428 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:28:48.0280 3428 StorSvc - ok
20:28:48.0289 3428 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:28:48.0303 3428 storvsc - ok
20:28:48.0333 3428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:28:48.0344 3428 swenum - ok
20:28:48.0364 3428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:28:48.0405 3428 swprv - ok
20:28:48.0452 3428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:28:48.0480 3428 SysMain - ok
20:28:48.0503 3428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:28:48.0518 3428 TabletInputService - ok
20:28:48.0543 3428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:28:48.0570 3428 TapiSrv - ok
20:28:48.0584 3428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:28:48.0610 3428 TBS - ok
20:28:48.0663 3428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:28:48.0702 3428 Tcpip - ok
20:28:48.0755 3428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:28:48.0786 3428 TCPIP6 - ok
20:28:48.0807 3428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:28:48.0817 3428 tcpipreg - ok
20:28:48.0826 3428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:28:48.0834 3428 TDPIPE - ok
20:28:48.0865 3428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:28:48.0874 3428 TDTCP - ok
20:28:48.0904 3428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:28:48.0930 3428 tdx - ok
20:28:48.0943 3428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:28:48.0952 3428 TermDD - ok
20:28:48.0983 3428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:28:49.0013 3428 TermService - ok
20:28:49.0025 3428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:28:49.0038 3428 Themes - ok
20:28:49.0056 3428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:28:49.0082 3428 THREADORDER - ok
20:28:49.0097 3428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:28:49.0124 3428 TrkWks - ok
20:28:49.0161 3428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:28:49.0187 3428 TrustedInstaller - ok
20:28:49.0209 3428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:28:49.0234 3428 tssecsrv - ok
20:28:49.0263 3428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:28:49.0272 3428 TsUsbFlt - ok
20:28:49.0316 3428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:28:49.0342 3428 tunnel - ok
20:28:49.0355 3428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:28:49.0365 3428 uagp35 - ok
20:28:49.0395 3428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:28:49.0424 3428 udfs - ok
20:28:49.0441 3428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:28:49.0453 3428 UI0Detect - ok
20:28:49.0464 3428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:28:49.0474 3428 uliagpkx - ok
20:28:49.0500 3428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:28:49.0510 3428 umbus - ok
20:28:49.0517 3428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:28:49.0526 3428 UmPass - ok
20:28:49.0551 3428 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:28:49.0562 3428 UmRdpService - ok
20:28:49.0580 3428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:28:49.0609 3428 upnphost - ok
20:28:49.0635 3428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:28:49.0645 3428 usbccgp - ok
20:28:49.0682 3428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:28:49.0697 3428 usbcir - ok
20:28:49.0720 3428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:28:49.0733 3428 usbehci - ok
20:28:49.0766 3428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:28:49.0782 3428 usbhub - ok
20:28:49.0793 3428 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:28:49.0806 3428 usbohci - ok
20:28:49.0822 3428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:28:49.0834 3428 usbprint - ok
20:28:49.0846 3428 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:28:49.0857 3428 usbscan - ok
20:28:49.0870 3428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:28:49.0879 3428 USBSTOR - ok
20:28:49.0906 3428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:28:49.0915 3428 usbuhci - ok
20:28:49.0925 3428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:28:49.0952 3428 UxSms - ok
20:28:49.0957 3428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:28:49.0967 3428 VaultSvc - ok
20:28:49.0974 3428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:28:49.0983 3428 vdrvroot - ok
20:28:50.0012 3428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:28:50.0042 3428 vds - ok
20:28:50.0051 3428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:28:50.0062 3428 vga - ok
20:28:50.0070 3428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:28:50.0096 3428 VgaSave - ok
20:28:50.0111 3428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:28:50.0121 3428 vhdmp - ok
20:28:50.0161 3428 [ 574B29F436C4C63D37020C6E570A7528 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:28:50.0179 3428 VIAHdAudAddService - ok
20:28:50.0206 3428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:28:50.0214 3428 viaide - ok
20:28:50.0244 3428 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:28:50.0255 3428 vmbus - ok
20:28:50.0281 3428 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:28:50.0290 3428 VMBusHID - ok
20:28:50.0316 3428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:28:50.0326 3428 volmgr - ok
20:28:50.0354 3428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:28:50.0366 3428 volmgrx - ok
20:28:50.0381 3428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:28:50.0392 3428 volsnap - ok
20:28:50.0405 3428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:28:50.0416 3428 vsmraid - ok
20:28:50.0468 3428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:28:50.0507 3428 VSS - ok
20:28:50.0520 3428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:28:50.0532 3428 vwifibus - ok
20:28:50.0550 3428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:28:50.0563 3428 vwififlt - ok
20:28:50.0585 3428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:28:50.0615 3428 W32Time - ok
20:28:50.0625 3428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:28:50.0635 3428 WacomPen - ok
20:28:50.0658 3428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:28:50.0684 3428 WANARP - ok
20:28:50.0688 3428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:28:50.0713 3428 Wanarpv6 - ok
20:28:50.0761 3428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:28:50.0784 3428 wbengine - ok
20:28:50.0795 3428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:28:50.0811 3428 WbioSrvc - ok
20:28:50.0839 3428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:28:50.0857 3428 wcncsvc - ok
20:28:50.0863 3428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:28:50.0874 3428 WcsPlugInService - ok
20:28:50.0883 3428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:28:50.0892 3428 Wd - ok
20:28:50.0932 3428 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:28:50.0950 3428 Wdf01000 - ok
20:28:50.0962 3428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:28:50.0976 3428 WdiServiceHost - ok
20:28:50.0980 3428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:28:50.0994 3428 WdiSystemHost - ok
20:28:51.0024 3428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:28:51.0039 3428 WebClient - ok
20:28:51.0053 3428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:28:51.0083 3428 Wecsvc - ok
20:28:51.0093 3428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:28:51.0122 3428 wercplsupport - ok
20:28:51.0145 3428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:28:51.0175 3428 WerSvc - ok
20:28:51.0183 3428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:28:51.0212 3428 WfpLwf - ok
20:28:51.0220 3428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:28:51.0229 3428 WIMMount - ok
20:28:51.0236 3428 WinDefend - ok
20:28:51.0241 3428 WinHttpAutoProxySvc - ok
20:28:51.0288 3428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:28:51.0317 3428 Winmgmt - ok
20:28:51.0377 3428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:28:51.0419 3428 WinRM - ok
20:28:51.0446 3428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:28:51.0457 3428 WinUsb - ok
20:28:51.0489 3428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:28:51.0509 3428 Wlansvc - ok
20:28:51.0553 3428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:28:51.0566 3428 WmiAcpi - ok
20:28:51.0595 3428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:28:51.0611 3428 wmiApSrv - ok
20:28:51.0616 3428 WMPNetworkSvc - ok
20:28:51.0623 3428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:28:51.0637 3428 WPCSvc - ok
20:28:51.0665 3428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:28:51.0682 3428 WPDBusEnum - ok
20:28:51.0692 3428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:28:51.0719 3428 ws2ifsl - ok
20:28:51.0732 3428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:28:51.0746 3428 wscsvc - ok
20:28:51.0749 3428 WSearch - ok
20:28:51.0816 3428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:28:51.0860 3428 wuauserv - ok
20:28:51.0892 3428 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:28:51.0901 3428 WudfPf - ok
20:28:51.0933 3428 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:51.0943 3428 WUDFRd - ok
20:28:51.0962 3428 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:28:51.0973 3428 wudfsvc - ok
20:28:51.0982 3428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:28:51.0997 3428 WwanSvc - ok
20:28:52.0003 3428 ================ Scan global ===============================
20:28:52.0018 3428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:28:52.0038 3428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:28:52.0046 3428 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:28:52.0065 3428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:28:52.0087 3428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:28:52.0089 3428 [Global] - ok
20:28:52.0090 3428 ================ Scan MBR ==================================
20:28:52.0103 3428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:28:52.0347 3428 \Device\Harddisk1\DR1 - ok
20:28:52.0365 3428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:28:52.0432 3428 \Device\Harddisk0\DR0 - ok
20:28:52.0435 3428 ================ Scan VBR ==================================
20:28:52.0438 3428 [ 9B8A76F2F30B6891CE78D2B1069941FE ] \Device\Harddisk1\DR1\Partition1
20:28:52.0440 3428 \Device\Harddisk1\DR1\Partition1 - ok
20:28:52.0460 3428 [ 2EFB015AD4C9871918E1B1ABA6752038 ] \Device\Harddisk1\DR1\Partition2
20:28:52.0462 3428 \Device\Harddisk1\DR1\Partition2 - ok
20:28:52.0491 3428 [ 7093F3991813465D229B0691D8368E36 ] \Device\Harddisk0\DR0\Partition1
20:28:52.0492 3428 \Device\Harddisk0\DR0\Partition1 - ok
20:28:52.0492 3428 ============================================================
20:28:52.0492 3428 Scan finished
20:28:52.0492 3428 ============================================================
20:28:52.0503 2496 Detected object count: 2
20:28:52.0503 2496 Actual detected object count: 2
20:29:34.0869 2496 DTSRVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:34.0869 2496 DTSRVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:34.0870 2496 PdiService ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:34.0870 2496 PdiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
04.12.2012, 13:53
| #4 | |
| /// Malware-holic | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 17:41
| #5 |
| | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Abend Code:
ATTFilter ComboFix 12-12-02.01 - *** 04.12.2012 17:32:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2477 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-04 bis 2012-12-04 ))))))))))))))))))))))))))))))
.
.
2012-12-04 16:36 . 2012-12-04 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 18:34 . 2012-12-03 18:34 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-12-03 18:34 . 2012-12-03 18:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-03 18:34 . 2012-12-03 18:34 -------- d-----w- c:\programdata\Malwarebytes
2012-12-03 18:34 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-03 18:30 . 2012-12-03 18:30 -------- d-----w- c:\users\***\AppData\Roaming\LavasoftStatistics
2012-12-03 18:30 . 2012-12-03 18:30 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-12-03 18:24 . 2012-12-03 18:38 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-12-03 18:24 . 2012-12-03 18:24 47496 ----a-w- c:\windows\system32\sbbd.exe
2012-12-03 18:24 . 2012-12-03 18:24 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-03 18:24 . 2012-12-03 18:24 -------- d-----w- c:\users\***\AppData\Local\adawarebp
2012-12-03 18:24 . 2012-12-03 18:24 -------- d-----w- c:\programdata\blekko toolbars
2012-12-03 18:23 . 2012-12-03 18:24 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-12-03 18:23 . 2012-12-03 18:23 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-12-03 18:23 . 2012-12-03 18:24 -------- d-----w- c:\program files (x86)\adawaretb
2012-12-03 18:23 . 2012-12-03 18:39 -------- d-----w- c:\users\***\AppData\Roaming\Ad-Aware Antivirus
2012-11-17 09:46 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-17 09:46 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 09:46 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 09:46 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 09:39 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 09:39 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 09:39 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 09:39 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 09:39 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 09:39 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 09:39 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-11 17:29 . 2012-11-11 17:29 -------- d-----w- c:\programdata\Remedy
2012-11-11 09:43 . 2012-11-11 09:43 -------- d-----w- c:\users\***\AppData\Local\My Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 09:39 . 2011-01-22 10:52 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 17:13 . 2012-11-03 11:53 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-14 17:13 . 2012-11-03 11:53 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-29 18:53 . 2012-10-29 18:53 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-27 21:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 19:57 . 2012-10-13 19:50 967 ----a-w- c:\windows\ScUnin.pif
2012-10-13 19:57 . 2012-10-13 19:50 69632 ----a-w- c:\windows\ScUnin.exe
2012-10-12 07:19 . 2012-11-03 11:08 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB308BB8-A8BB-4B4F-BD76-60CBE8CBF94A}\mpengine.dll
2012-09-24 22:16 . 2012-07-02 15:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-24 22:16 . 2011-01-25 20:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-24 08:58 . 2012-11-03 11:53 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-14 19:19 . 2012-10-09 18:13 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 18:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-12-03 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-01-22 2252800]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-27 384800]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-21 1236368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-18 868848]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-03 14456]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-27 85280]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-04 90112]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-01-22 1235968]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 15:16]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 15:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\
FF - ExtSQL: 2012-10-14 13:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-03 19:23; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-12-03 19:23; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-4StoryPrePatch - d:\4story_de\PrePatch.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-366956087-2911594179-3411153771-1000\Software\SecuROM\License information*]
"datasecu"=hex:44,f4,b3,80,e9,5f,d6,52,fe,0b,82,33,d5,81,ae,55,9b,cd,e2,34,f5,
d7,12,b7,1e,32,4b,94,d6,6b,ac,ed,8b,3f,6e,a9,ef,27,55,25,d6,86,4f,80,a3,31,\
"rkeysecu"=hex:e8,e5,e1,c0,9c,d2,46,57,c9,ac,c8,da,66,a9,9c,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-04 17:38:29
ComboFix-quarantined-files.txt 2012-12-04 16:38
.
Vor Suchlauf: 8 Verzeichnis(se), 422.213.017.600 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 421.883.322.368 Bytes frei
.
- - End Of File - - EF15E26674568580F68AE1844698D38F
|
|
04.12.2012, 19:36
| #6 |
| /// Malware-holic | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender hi lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender |
|
04.12.2012, 21:17
| #7 |
| | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Hi Anbei der Code. Anmerkung: Web.de hat meinen Account heute aus Sicherheitsgründen einmal gesperrt (Hinweis: Unbefugte haben kürzlich auf Ihr Postfach zugegriffen. Um Sie und Ihre Daten zu schützen, haben wir Ihr Postfach daher gesperrt.). Ich lasse es erst einmal gesperrt. Code:
ATTFilter Acer eDisplay Management Portrait Displays, Inc. 22.01.2011 1.20.011 notwendig Ad-Aware Antivirus Lavasoft 03.12.2012 37,5MB 10.4.43.4155 unnötig Ad-Aware Security Add-on Lavasoft 03.12.2012 2.2.0.17 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 22.01.2011 22,4MB 3.0.804.0 notwendig Avira Free Antivirus Avira 27.11.2012 124MB 13.0.0.2832 notwendig Borderlands 2K Games 22.01.2011 6,88GB 1.0.295 notwendig Borderlands 2 Gearbox Software 25.11.2012 notwendig CCleaner Piriform 25.11.2012 3.25 notwendig Darksiders Vigil Games 28.09.2011 notwendig DarksidersInstaller Ihr Firmenname 28.09.2011 143MB 1.00.1000 notwendig Diablo III Blizzard Entertainment 02.12.2012 1.0.6.13300 notwendig Dragon Age: Origins Electronic Arts, Inc. 28.03.2011 24,2GB 1.04 notwendig Duke Nukem Forever Gearbox Software 25.11.2012 notwendig FreePDF (Remove only) 01.05.2011 notwendig Google Chrome Google Inc. 04.12.2012 23.0.1271.95 unnötig Google Earth Plug-in Google 17.11.2011 40,8MB 6.1.0.5001 unnötig GPL Ghostscript Artifex Software Inc. 01.05.2011 9.02 notwendig Logitech SetPoint 6.20 Logitech 13.03.2011 39,0MB 6.20.64 notwendig Mafia II 2K Czech 01.09.2012 notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 03.12.2012 19,4MB 1.65.1.1000 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.09.2012 38,8MB 4.0.30320 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.09.2012 2,93MB 4.0.30320 unbekannt Microsoft Office Home and Student 2010 Microsoft Corporation 21.07.2012 14.0.6029.1000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.11.2012 2,38MB 8.0.59193 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 13.03.2011 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 21.07.2012 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 25.11.2012 1,41MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.01.2011 240KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.01.2011 596KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10.03.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 21.07.2012 12,2MB 10.0.40219 unbekannt Morrowind 26.12.2011 notwendig Mozilla Firefox 16.0.2 (x86 de) Mozilla 31.10.2012 43,6MB 16.0.2 notwendig Mozilla Maintenance Service Mozilla 31.10.2012 329KB 16.0.2 unbekannt Mozilla Thunderbird 16.0.2 (x86 de) Mozilla 31.10.2012 40,8MB 16.0.2 notwendig NVIDIA PhysX NVIDIA Corporation 28.10.2012 78,9MB 9.10.0513 notwendig PDFCreator Frank Heindörfer, Philip Chinery 19.07.2012 1.4.2 notwendig Portal Valve 17.09.2011 notwendig Realtek 8136 8168 8169 Ethernet Driver Realtek 22.01.2011 1.00.0005 notwendig RedMon - Redirection Port Monitor 01.05.2011 unbekannt Sid Meier's Civilization V 2K Games, Inc. 20.11.2012 notwendig Skype Click to Call Skype Technologies S.A. 04.11.2012 46,7MB 6.3.11079 unbekannt Skype™ 5.10 Skype Technologies S.A. 11.09.2012 19,3MB 5.10.116 notwendig Spec Ops: The Line YAGER 21.07.2012 notwendig Spellforce 2 Gold JoWooD Productions Software AG 07.08.2011 1.00.0000 notwendig Spybot - Search & Destroy Safer Networking Limited 13.03.2011 1.6.2 unnötig Star Trek Online Cryptic Studios 13.05.2012 unnötig Starcraft 13.10.2012 unnötig Steam Valve Corporation 17.09.2011 35,4MB 1.0.0.0 notwendig TES Construction Set 26.12.2011 unnötig Trillian 22.01.2011 notwendig VIA Plattform-Geräte-Manager VIA Technologies, Inc. 22.01.2011 2,61MB 1.34 notwendig VLC media player 1.1.10 VideoLAN 15.07.2011 1.1.10 notwendig Winamp Nullsoft, Inc 22.01.2011 5.601 notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 22.01.2011 75,0KB 1.0.0.1 unbekannt WinRAR 22.01.2011 notwendig Geändert von Jo.Ro (04.12.2012 um 21:52 Uhr) |
|
05.12.2012, 22:34
| #8 |
| /// Malware-holic | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Deinstaliere: Ad-Aware : alle Google : alle Spybot Star Trek Starcraft TES Öffne otl, bereinigen, PC startet neu, löscht Remover. Öffne CCleaner, analysieren, starten, PC neustarten. Wenn der pc läuft, wie gewohnt, absichern. Ändere dann alle Passwörter, und Passwort vergessen Abfragen. als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.74 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 07:10
| #9 | |
| | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Guten Morgen, danke für die ausführliche Anleitung. Ich werde erst einmal Avast AntiVir zu nutzen. Stehe aktuelle bei Zitat:
Wenn du die Beschreibung angepasst hast, werde ich ab dieser Stelle weiter machen |
|
06.12.2012, 17:15
| #10 |
| /// Malware-holic | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Hi schon mal Chrome angesehen, er bietet einige Sicherheitsfunktionen mehr, und sollte auch schneller sein. Anmerkung, bin ab Morgen, bis Mittwoch im Urlaub
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.12.2012, 06:55
| #11 |
| | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Moin, habe mir Chrome angesehen und gefällt mir ganz gut. Danke für den Tipp. Werde ihn auch beibehalten. Wie sollte ich Chrome und Avast konfigkurieren? |
|
13.12.2012, 19:10
| #12 |
| /// Malware-holic | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender hi, adblock für chrome: http://filepony.de/download-ghostery_chrome/ sicher surfen mit chrome: Sicher surfen mit Google Chrome | Verbraucher sicher online Avast: http://www.trojaner-board.de/127580-...tml#post964496
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 11:50
| #13 |
| | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Besten Dank. Ich glaube, jetzt kann ich wieder ruhig surfen ;-) Die Spamflut ist nach den ganzen Maßnahmen und Passwort Reset auch verschwunden. |
|
16.12.2012, 17:28
| #14 |
| /// Malware-holic | Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender Hi, wenn dir der Chrome zusagt, FF deinstalieren. ich möchte erst mal anhand einer checkliste prüfen ob du alles hast. - instalieren von optionalen und wichtigen updates. - konfigurieren von windows updates. - dep für alle prozesse aktivieren. - sehop aktivieren. - chrome instalieren. - sandboxie instalieren. - autorun deaktivieren. - panda vaccine instalieren. - secunia instalieren. - file hippo instalieren. beachte: secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch. - backup software instalieren, backup und rettungsdvd erstellen. hier ne kurze anleitung: Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT - wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen. - passwort manager instaliert.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender |
| ad-aware, antivir, antivirus, avira, battle.net, bho, browser, error, excel, failed, frage, helper, home, install.exe, logfile, mail delivery, nemesis, popup, problem, realtek, registry, returning message to sender, richtlinie, scan, security, senden, software, svchost.exe, updates, vdeck.exe, windows, wurm |
Linear-Darstellung
