| |
| |||||||
Log-Analyse und Auswertung: GVU "ihr computer wurde gesperrt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2012, 01:06
| #1 |
 |  GVU "ihr computer wurde gesperrt" Habe mir gestern beim surfen einen virus eingefangen. die masche ist wie immer bei den gvu zeug und man wird aufgefordert geld zum entsperren zu bezahlen. ich bekomme keine webcam bild angezeigt und finde im internet auf anhieb auch keinen screenshot der genau so aussieht wie meiner. im abgesicherten modus kann ich arbeiten ohne dass die meldung erscheint. ich versuche jetzt alle schritte zu befolgen und post hier die drei txts. OTL txt: Code:
ATTFilter OTL logfile created on: 22.12.2012 23:53:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,14% Memory free 3,74 Gb Paging File | 3,25 Gb Available in Paging File | 86,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 3,58 Gb Free Space | 9,16% Space Free | Partition Type: NTFS Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,04% Space Free | Partition Type: NTFS Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe PRC - [2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe PRC - [2012.12.17 22:50:20 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.10.04 16:00:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.18 21:29:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe ========== Modules (No Company Name) ========== MOD - [2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe MOD - [2012.12.17 22:50:19 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.07.18 21:29:12 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010.04.26 19:03:42 | 000,200,192 | ---- | M] () -- C:\PROGRA~1\7-PDF\7-PDFM~1\7p.dll MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Services (SafeList) ========== SRV - [2012.12.18 00:05:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.17 22:50:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.02 13:56:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.12 10:05:33 | 000,232,288 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2011.10.10 07:47:04 | 000,196,912 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2011.09.09 10:08:56 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2011.12.21 15:50:49 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.12.21 15:50:49 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.09.09 10:00:06 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.09.09 09:59:20 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2011.07.06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.12.23 14:48:23 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.01.09 23:48:02 | 000,027,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt -- (EverestDriver) DRV - [2009.11.12 02:05:20 | 000,465,408 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350) DRV - [2009.11.05 05:51:12 | 000,376,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.13 23:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.07 23:24:30 | 000,056,240 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP) DRV - [2005.06.20 09:12:00 | 000,215,040 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u) DRV - [2004.04.26 22:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mydrive.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE B2 5D A1 13 B6 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "spiegelonline.de" FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: autofillForms@blueimp.net:0.9.8.4 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 10:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 10:10:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.17 22:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:29:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 17:55:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:29:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.18 00:25:31 | 000,000,000 | ---D | M] [2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions [2011.05.18 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.17 22:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions [2012.11.13 22:48:46 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.03.26 09:12:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\engine@conduit.com [2010.01.02 20:19:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2q5qgp3s.default\extensions\moveplayer@movenetworks.com [2012.11.17 17:31:28 | 000,148,947 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\autofillForms@blueimp.net.xpi [2012.12.17 22:17:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.30 14:21:51 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011.12.19 19:26:33 | 000,000,933 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\11-suche.xml [2011.12.19 19:26:34 | 000,002,419 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\englische-ergebnisse.xml [2011.12.19 19:26:33 | 000,010,525 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\gmx-suche.xml [2011.12.19 19:26:34 | 000,002,457 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\lastminute.xml [2010.08.17 13:18:24 | 000,001,549 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\scroogle-ssl-search.xml [2011.12.19 19:26:33 | 000,005,508 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\webde-suche.xml [2010.05.04 18:27:51 | 000,002,057 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2q5qgp3s.default\searchplugins\youtube-videosuche.xml [2012.10.02 19:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.12.17 22:14:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.07.18 21:29:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.08 22:32:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 22:32:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 22:32:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 22:32:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 22:32:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 22:32:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.08 13:36:46 | 000,001,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261848450419 (MUCatalogWebControl Class) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2073B93A-1295-4A0C-B5D2-AF75A32FB6EE}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{445430A2-0344-48B1-8063-6CC744AB258A}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{525A024D-D79A-4E23-B717-B0331FF1101D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87BFBFD2-0D9F-4EC1-9735-2DA3B8ACDA44}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9278B28F-449C-44B6-9264-7BF6339F15BF}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E755811-115D-4DCF-A28D-50D81B4CC90A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBA62752-B2D6-47CE-B7D9-310A699621FA}: NameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.03 11:15:14 | 000,000,026 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7d1106ec-f439-11e1-b393-e6e963511037}\Shell - "" = AutoRun O33 - MountPoints2\{7d1106ec-f439-11e1-b393-e6e963511037}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ea9f3ea6-2bc1-11e1-b1f5-9519fd5a2044}\Shell - "" = AutoRun O33 - MountPoints2\{ea9f3ea6-2bc1-11e1-b1f5-9519fd5a2044}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.22 23:53:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012.12.21 23:01:12 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.20 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\endnote styles [2012.12.18 00:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.05.07 10:35:08 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Jonas\AppData\Roaming\SetupGFD.exe [2012.05.07 10:34:48 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Jonas\AppData\Roaming\Imgburn.exe [2012.05.07 10:34:41 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Jonas\AppData\Roaming\Avisynth.exe ========== Files - Modified Within 30 Days ========== [2012.12.22 23:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe [2012.12.22 23:52:39 | 000,000,020 | ---- | M] () -- C:\Users\Jonas\defogger_reenable [2012.12.22 23:51:37 | 000,050,477 | ---- | M] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012.12.22 22:56:04 | 000,659,732 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.22 22:56:04 | 000,623,078 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.22 22:56:04 | 000,133,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.22 22:56:04 | 000,109,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.22 22:50:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.22 22:50:12 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys [2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.22 22:47:36 | 000,014,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.22 22:46:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.22 22:45:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.21 20:53:21 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.21 20:53:21 | 000,001,056 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.21 20:53:16 | 000,212,480 | ---- | M] () -- C:\Users\Jonas\wgsdgsdgdsgsd.dll [2012.12.21 20:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.21 20:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.18 16:20:18 | 002,588,453 | ---- | M] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3 [2012.12.18 07:33:06 | 000,491,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.18 00:05:12 | 000,002,067 | ---- | M] () -- C:\Users\Jonas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012.12.17 22:15:07 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.15 18:20:19 | 000,001,236 | ---- | M] () -- C:\Users\Jonas\Desktop\internship.lnk [2012.12.15 17:58:51 | 000,000,640 | ---- | M] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.12.22 23:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Jonas\defogger_reenable [2012.12.22 23:51:36 | 000,050,477 | ---- | C] () -- C:\Users\Jonas\Desktop\Defogger.exe [2012.12.21 20:53:21 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.21 20:53:21 | 000,001,056 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.12.21 20:53:19 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.21 20:53:16 | 000,212,480 | ---- | C] () -- C:\Users\Jonas\wgsdgsdgdsgsd.dll [2012.12.18 16:20:14 | 002,588,453 | ---- | C] () -- C:\Users\Jonas\Desktop\The Lumineers - Ho Hey (Official Video).mp3 [2012.12.18 00:25:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.15 18:20:19 | 000,001,236 | ---- | C] () -- C:\Users\Jonas\Desktop\internship.lnk [2012.12.15 17:58:51 | 000,000,640 | ---- | C] () -- C:\Users\Jonas\Desktop\Bilder - Verknüpfung.lnk [2012.05.07 10:36:14 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe [2012.05.07 10:34:59 | 005,243,208 | ---- | C] ( ) -- C:\Users\Jonas\AppData\Roaming\AvsP.exe [2012.05.07 10:34:57 | 001,357,348 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\MatroskaSplitter.exe [2012.05.07 10:34:56 | 000,117,723 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\yuvcodecs-1.3.exe [2012.04.11 17:31:41 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll [2011.05.19 10:34:25 | 000,021,844 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft Excel 97-2003.ADR [2010.12.03 10:37:20 | 000,001,075 | ---- | C] () -- C:\Users\Jonas\windvi.cnf [2010.09.13 13:14:09 | 000,002,068 | ---- | C] () -- C:\Users\Jonas\.powerupdate.user.properties [2010.08.27 17:31:32 | 000,002,631 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SerialClonerPrefs [2010.07.31 15:26:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.02.25 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\7-PDFMaker [2010.01.13 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AlcaTech [2010.12.23 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\AquaSoft [2011.11.27 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Ashampoo Slideshow Studio Elements [2011.06.14 22:11:38 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\avidemux [2010.01.15 18:15:36 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ChessBase [2012.02.22 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\CmapTools [2010.01.20 22:18:03 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\dBpoweramp [2011.10.14 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Downloaded Installations [2012.10.18 21:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Dropbox [2012.03.14 13:33:05 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoft [2012.03.14 13:33:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.01 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\EndNote [2012.04.11 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\FreeAudioPack [2011.03.15 21:17:56 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GetRightToGo [2011.03.23 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\GraphPad Software [2012.10.02 19:23:30 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ICQ [2011.03.23 13:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Leadertech [2011.02.09 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Local [2011.06.15 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MAGIX [2012.12.16 16:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\MyPhoneExplorer [2012.07.22 22:16:08 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Nitro PDF [2011.02.18 12:55:47 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Opera [2010.08.27 14:17:22 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\SerialCloner [2011.05.18 13:15:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Thunderbird [2010.09.29 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Tonium [2009.12.25 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\TuneUp Software [2012.01.24 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\VSO [2010.12.24 11:09:42 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.12.2012 23:53:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonas\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 70,14% Memory free
3,74 Gb Paging File | 3,25 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 3,58 Gb Free Space | 9,16% Space Free | Partition Type: NTFS
Drive D: | 109,99 Gb Total Space | 17,65 Gb Free Space | 16,04% Space Free | Partition Type: NTFS
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C9B5D1-6E41-41EC-BD6D-60D5E874FB15}" = rport=138 | protocol=17 | dir=out | app=system |
"{24605008-600D-4C0E-B402-5CB9E8EA9B99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{289023B5-5E3C-4450-82AB-F0F6883A2DF8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{46878158-6868-412E-9883-77F7F9D127BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B1B2C89-F250-46A2-BB8C-76D9676A5748}" = lport=138 | protocol=17 | dir=in | app=system |
"{5408B885-D42E-448B-96D8-AD63F566C271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BDB6C3A-65B5-4CAD-8ADC-1C9F52CD7F75}" = lport=139 | protocol=6 | dir=in | app=system |
"{68D83906-47FC-4BF0-A21C-C52EB04A42DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{868252F7-6AE4-4DAE-9990-C1A2E16BAA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{89E5E605-D087-4EEF-9BCF-DBBCB3961AD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{906EF994-6B6F-4C28-A67C-B909D6A0B5B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{963EAE72-BDDB-4355-AEDB-5DE2BEE0E85A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98A6D47B-AD2C-488F-A5BF-B0962415FD41}" = rport=445 | protocol=6 | dir=out | app=system |
"{992C22BD-6EC4-4471-B882-0C4FDC6C29B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E66EB8A-9E55-4D70-B5D1-BBC67073C822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A07133DA-FF42-476A-A013-0BEA2AF1EECF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7CEFE26-BE85-42F6-985B-4BE9693672F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B5A3D81A-0C94-4372-900E-C99865E5C024}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C00E2282-0EF6-4451-9E3B-618D4E5B1C1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C163F148-C055-42D1-BA9A-4C227C03D896}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CBC77997-A192-4CCB-BB76-95025763FC58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6481D4-AA4F-4349-98D6-546B68768E81}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC80F653-715A-4E8D-BE3E-9CBA07827881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC4A6A4-383D-4F9D-A72B-BC7E0A078FE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88CDF9-E23F-4171-87AF-BB3AB1162D17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{140615D6-31B3-464D-8CD9-AF7AF543BB0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2143A449-9D25-4882-BC7F-D1B6C0E84547}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{22D0FFC0-A9D8-4D08-B0B9-ADD8B456E3F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{37EB659F-CF44-4315-B9FB-B430F5733DB6}" = protocol=6 | dir=out | app=system |
"{3CAE0B1D-A63B-4A0C-BD52-42A0666E423B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A411ABA-5AFA-4B33-9935-0D2C3B526F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AD65AD0-805E-4495-8E9D-9747C555AB08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE6AD95-6411-47D6-971B-790F5482C2F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BCEBE53-3B52-4AF6-862B-02078189B871}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{6A7F40C9-A15D-4B2C-BBE2-11C019FA6EA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{721AD6E3-3232-4CBD-A3CA-0A283B200EF1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7651EDA7-6F2C-4B36-820C-3C8553DF21F5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{791207DB-087D-4117-AF87-3835C03D5D66}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7B349BB7-1396-4D7F-AD94-D06D1BA808EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC9C40E-5D08-4A9D-8B26-7C709A775424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C073300-E818-42B5-973E-8A285991F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE52A2E-F4EF-491E-BA6C-D8E6C78FDBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF3FCBF3-AE75-47EA-9200-9CB8305C228E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC0D4800-CEAE-41D5-97C9-7B045EB00982}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDA1C6F6-50C9-4EFF-B0DA-9BE182C560CD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D86B0A22-4EDF-4710-BAC4-4DDF888EC6A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8ECE471-98D9-4104-8758-6C7A60167086}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCB9D527-406F-4DF5-93DC-AF7ADB9FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFA9F490-AFDD-4867-B8D0-17EBD840C2CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D0918F-A368-4AE1-AE05-08193424D4CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC9299BB-77FC-4C4C-9E73-72901AAFB808}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7916E78-24CD-4CA6-8945-96D8347CA92C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F964743A-1B2F-4D82-8548-0F7CB6ABE234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB419F9F-DAD6-4097-B3AD-5A6E23D97646}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{0E468104-B5E8-48FC-9AB8-67B887A5710A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{12A8883D-7AF3-44CB-8F1E-6BB324C4442F}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{1FDA32B4-10DC-4E4C-829B-2F59D995CF05}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{324C8D71-35B9-445A-86E6-D178611CF781}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3AB53E31-E1C7-4B58-A620-5C23152F70F1}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{50F74B36-7F8D-4334-A039-955B50CD507B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{8B0F688E-F7DD-49C1-A528-9CF8D3A79F3A}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{99C75F91-BF5C-4B4E-828A-93D9E470D53D}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{99D55528-F1A3-4BD6-98A3-6E6900DE1312}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A5C631A8-6A58-473F-B009-A4012010371D}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"TCP Query User{A916F8AD-62D8-44B1-AA12-6243BCF61714}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{AD6D6C5B-8339-44D7-A800-3A4A539F8EAC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B57C896E-0A15-4CA6-9EAA-A3DA0639E18E}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{DD025112-52A7-46B5-8DA4-A8CCCDBE6989}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0184D19D-A757-4516-B089-ABF6986AA517}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{13EC64BF-4903-4A9D-B091-79CEBF869A1B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3BC53E47-4F07-4AA3-9A54-48B7EB96D4BC}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{3E6C39EA-74CB-43D9-9FA2-95F4F3CA2387}C:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4B61D362-EADA-467F-9B05-ACEB2E7BCB8D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{6E8BCE1F-E925-477E-8762-FD945CAA1934}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{73DF5814-E9F6-4103-BFBA-5042F21AA2C3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8053D382-F606-4692-BF7E-BB3AC4A60F12}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{854645EE-4500-4E2A-954C-2D3A0A261DE6}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{9EDBADBC-56F7-4571-8D3B-AF8A8BB7CD58}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{A65F599C-9545-4324-A859-384B3BF381BF}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{C2D17091-3C5A-419A-B589-B78CBA022FB8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{C71AB11B-327A-4815-AF6C-1A2ED9BDBCFB}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{C90BCF2B-2364-44CF-90BB-8247329AB955}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC580549-5EFA-4F2C-90B9-C74DD7727C22}" = Leica Confocal Software (LCS Lite)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08A2A29-5606-4FFE-BA05-7495314B42CB}" = Nitro PDF Reader 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"IHMC CmapTools v4.12" = IHMC CmapTools v4.12
"iLivid" = iLivid
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.08.2011 04:11:53 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:11:54 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:11:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:12:55 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:12:57 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 04:14:40 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 05:24:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.08.2011 05:31:21 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.08.2011 11:00:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 5.0.0.4192,
Zeitstempel: 0x4e051153 Name des fehlerhaften Moduls: xul.dll, Version: 5.0.0.4192,
Zeitstempel: 0x4e050fc7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a631ab ID des fehlerhaften
Prozesses: 0xf50 Startzeit der fehlerhaften Anwendung: 0x01cc5a8a6c128337 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll Berichtskennung:
23b37e5e-c686-11e0-bb3e-00030d9779cd
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 21.12.2012 11:23:28 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
8524 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
6206 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5933
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5895
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5649 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 21.12.2012 11:23:29 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5584 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 22.12.2012 17:45:32 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ Media Center Events ]
Error - 13.09.2010 14:58:20 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:19 - Error connecting to the internet. 20:58:19 - Unable
to contact server..
Error - 13.09.2010 14:58:41 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:58:28 - Error connecting to the internet. 20:58:28 - Unable
to contact server..
Error - 14.09.2010 03:43:19 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 09:43:14 - Error connecting to the internet. 09:43:14 - Unable
to contact server..
Error - 18.09.2010 14:38:54 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:54 - Error connecting to the internet. 20:38:54 - Unable
to contact server..
Error - 18.09.2010 14:39:02 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:38:59 - Error connecting to the internet. 20:38:59 - Unable
to contact server..
Error - 26.09.2010 10:06:42 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 16:06:42 - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 27.09.2010 16:00:22 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:22 - Error connecting to the internet. 22:00:22 - Unable
to contact server..
Error - 27.09.2010 16:00:36 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 22:00:27 - Error connecting to the internet. 22:00:27 - Unable
to contact server..
Error - 04.10.2010 14:33:18 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:18 - Error connecting to the internet. 20:33:18 - Unable
to contact server..
Error - 04.10.2010 14:33:28 | Computer Name = Jonas-PC | Source = MCUpdate | ID = 0
Description = 20:33:23 - Error connecting to the internet. 20:33:23 - Unable
to contact server..
[ OSession Events ]
Error - 21.02.2010 08:41:08 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3107
seconds with 300 seconds of active time. This session ended with a crash.
Error - 13.09.2010 04:27:26 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2112
seconds with 360 seconds of active time. This session ended with a crash.
Error - 16.05.2011 10:43:22 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 24406
seconds with 840 seconds of active time. This session ended with a crash.
Error - 27.06.2011 11:49:36 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11605
seconds with 5640 seconds of active time. This session ended with a crash.
Error - 09.02.2012 07:44:37 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 79696 seconds with 7980 seconds of active time. This session ended with
a crash.
Error - 30.04.2012 16:38:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1848
seconds with 1260 seconds of active time. This session ended with a crash.
Error - 09.07.2012 13:13:07 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 37455 seconds with 720 seconds of active time. This session ended with a
crash.
Error - 09.07.2012 13:25:56 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 754 seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22.12.2012 18:51:45 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 18:54:36 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 18:54:36 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 18:54:36 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 18:56:39 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 18:56:39 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 18:56:39 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 19:01:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 19:01:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.12.2012 19:01:17 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-23 00:55:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1646GSX rev.LB113J
Running: 0v0mzy2k.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\kwloypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82483839 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 824A83F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000006f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????1.???????????????6??SA???????????.??????.1??????????????????????? ??????????????????volume.inf??????? ??????????????nP??6.1.7600.17122??? ???????????????????????/?/?/?/?/??? ?????????????????????,????????????????????USB\VID_1370&PID_2168\40001446F30000e7??????????????????????????USBSTOR?t???????????storage\volume??????????????????????????? ???????m??????????Generic volume??????????????????????????????????????????????????????????USB Mass Storage Device?-2??6???????#???????????USB??????????????&??? ????X??????????????????????????????0???4???????????:???e??? ??????????????????6.1.7600.17122???????????????r??????????storage\volume?.?.??????????????????????? ???????????????? ???:?????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? 0?????????????????????????????\\?\USB#VID_090C&PID_1000#10080160030532#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????? ???????U?????????????,????????N?V?Q?????????????????????????????????????????}??s??? ?????????????????????,???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????TD??03??v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\myphoneexplorer\myphoneexplorer.exe|Name=MyPhoneExplorer|Desc=MyPhoneExplorer|?sy???????????s??????6.1.7600.16778??????????????????????????????????????? ????????????????????????"???&?????????????????USB\VID_05FE&PID_1010&REV_0001?USB\VID_05FE&PID_1010????????????????????????????????????? ??????????????????? ???????o??????tn??????????????????????????????????????????? ??????????????????? ??????????????????6.1.7600.16385???????????????????h???????????????????????????????????????????????????????0??? ??????????????????????S ??? ???????m???????? ???????"?????n?'?t???????????????????????????????????????????????????????????2B??USB\VID_05FE&PID_1010&REV_0001&MI_00?USB\VID_05FE&PID_1010&MI_00????USB\Class_03&SubClass_01&Prot_01?USB\Class_03&SubClass_01?USB\Class_03????????N??????0???????????????????????????????????????4?????s11??????????????????????????usb.inf:Generic.Section.NTx86:Composite.Dev:6.1.7600.16788:usb\composit
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k?o???k?k?2???????????????????j?k?k???k?k????{8ECC055D-047F-11D1-A537-0000F8753ED1}?2f}?????? ??????????s?????? ??????????e??LegacyDriver????LegacyDriver?????????@????????????8??m????????h??????k??????????? ???????z?????|?z???????????k???????????3???????j?k????Microsoft????????????????????????????????????????k?k?2???????j??????s???root\umbus???????????n???o???????????????????????????k?k?2?????k?&???k??Volume?071??LegacyDriver?????????????g???n???s?t?e???k???????z???j???????????????????v???????k???????k?k?2????X??k??????????LegacyDriver?????k?k?k??????un???????j??????s???????????????t????????????????????????A???%???e??Microsoft???? ????????????????????????"???&??????????????B??{00000000-0000-0000-ffff-ffffffffffff}??????LegacyDriver????????????????????????*PNP09FF???????? ??????????s?????????j???3??s?????X??n??????????????????????????????????????????????????????t???? ???????k?????k?????j????????????*? ???????????? ???k??????????????? ???????j???????????z??????????\????????????A?U?[?e?k?k?j?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???q?????????????????????????????n???6???p?s????????????System32\drivers\hwpolicy.sys???????????Net??|??????????????????Jonas-PC????????????????t?????????????????????????????????????????P??p????????h???????(??p??????p????????u????P??p?????????e?????????????????????????????????P???????????????p????????????????????z??????-??????7C??system32\drivers\fltmgr.sys??????????????i??????A6??????????????t????????n???????????????4??????????? ???????p?????????????,???????????? ???????????? ???????o?????p?????p????????$???C????????c????@%SystemRoot%\System32\certprop.dll,-11???????Z??p????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs??????P??p?????????n????@%SystemRoot%\System32\certprop.dll,-12?????? ???p??????????????LocalSystem?????RpcSs???????????????????????????????????????t???????????????t??????? ????????????????p???????????e????,??p???????????????????????????????????????p???????????????????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????p???????????p????????,?F??? ???????????? F??p?????????????????
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\ALLES zu programmen\installationsdateien\Installationsprogramm für Adobe Reader\x00a09\Setup.exe 1
---- EOF - GMER 1.0.15 ----
|
|
23.12.2012, 02:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU "ihr computer wurde gesperrt" Hallo und
__________________ Code:
ATTFilter Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
 Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
23.12.2012, 10:28
| #3 |
| | GVU "ihr computer wurde gesperrt" ich konnte das von meiner universität bekommen.
__________________ |
|
23.12.2012, 18:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Schon irgendwelche Scans mit Malwarebytes oder anderen Tools gemacht? Logs mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.12.2012, 18:58
| #5 |
| | GVU "ihr computer wurde gesperrt" Nein, ich habe bevor ich auf das forum gestoßen bin in meiner not die kaspersky rescue disk heruntergeladen, aud cd grbannt und davon den pc gestartet. über nacht habe ich dann den suchlauf gemacht (von vorgestern auf gestern). der hat aber ewig gebraucht und nix gefunden und ich stehe deshalb also quasi immer noch bei null. als ich dann hier zum forum kam habe ich nix mehr gemacht. hatte das gestern vergessen zu posten. aber wie gesagt habe nix gelöscht bisher und keine funde. |
|
23.12.2012, 19:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt"Code:
ATTFilter O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Bitte nachsehen im Reiter Logdateien
__________________ --> GVU "ihr computer wurde gesperrt" |
|
23.12.2012, 20:06
| #7 |
| | GVU "ihr computer wurde gesperrt" sorry mir ist nicht ganz klar was ich mit dem code machen soll. ich habe es jetzt wie an anderer stelle beschrieben in OTL bei benutzerdef scans/fixes eingefügt und folgende fehlermeldung bzw log datei bekommen Code:
ATTFilter Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 12232012_200300
|
|
23.12.2012, 20:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Würdest du bitte mal meine Postings lesen? Ich hab nach weiteren Logs von Malwarebytes gefragt und dich gebeten bei Malwarebytes nachzusehen im Reiter Logdateien WO bitte liest du das von OTL heraus?! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 20:17
| #9 |
| | GVU "ihr computer wurde gesperrt" sorry ich dachte ich müsste etwas mit dem code machen den du gepostet hast. aber das war ja nur ein zitat. wusste nicht ob ich das programm einfach so starten kann und dachte man müsste das mit dem code trixen. egal ich war verwirrt. konnte das programm ganz normal starten und habe unter dem reiter nur eien ganz alte logdatei finden. das programm ist nicht mehr up to date. soll ich updaten und dann einen scan machen? |
|
23.12.2012, 20:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Schon wieder muss ich drauf hinweisen, bitte lies meine Beiträge genauer!  In Posting 4 wurde von mir erwähnst du solltest erstmal nur alles an vorhandenen Logs posten aber keine neuen Scans erstmal machen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 21:03
| #11 |
| | GVU "ihr computer wurde gesperrt" tut mir leid. habe nix unternommen. hier nun die datei. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7485
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
17.08.2011 17:01:55
mbam-log-2011-08-17 (17-01-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 425459
Laufzeit: 2 Stunde(n), 23 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
23.12.2012, 21:05
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 21:17
| #13 |
| | GVU "ihr computer wurde gesperrt" wenn ich aswMBR ausführe fragt mich das program nicht nach der aktuellen virendefintion von avast. ich habe direkt das schwarze fenster in dem ich den scan button den FixMBR button den Fix button (gegraut) und den save log und exit button sehen. soll ich den scan ohne aktualisierung trotzdem durchführen? |
|
23.12.2012, 21:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU "ihr computer wurde gesperrt" Ja dann bitte ohne Aktualisierung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 22:12
| #15 |
| | GVU "ihr computer wurde gesperrt" der aswMRB log Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-23 21:35:20
-----------------------------
21:35:20.619 OS Version: Windows 6.1.7600
21:35:20.619 Number of processors: 2 586 0xF0D
21:35:20.619 ComputerName: JONAS-PC UserName: Jonas
21:35:21.087 Initialize success
21:35:21.291 AVAST engine defs: 12122100
21:35:26.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:35:26.103 Disk 0 Vendor: TOSHIBA_MK1646GSX LB113J Size: 152627MB BusType: 3
21:35:26.119 Disk 0 MBR read successfully
21:35:26.119 Disk 0 MBR scan
21:35:26.650 Disk 0 Windows 7 default MBR code
21:35:26.666 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
21:35:27.244 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112627 MB offset 81915435
21:35:27.541 Disk 0 scanning sectors +312576705
21:35:28.134 Disk 0 scanning C:\Windows\system32\drivers
21:35:46.103 Service scanning
21:36:13.916 Modules scanning
21:36:20.494 Disk 0 trace - called modules:
21:36:20.509 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:36:20.572 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85155030]
21:36:20.572 3 CLASSPNP.SYS[881d259e] -> nt!IofCallDriver -> [0x843b2848]
21:36:20.587 5 ACPI.sys[87cad3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x843a7610]
21:36:20.931 AVAST engine scan C:\Windows
21:36:23.837 AVAST engine scan C:\Windows\system32
21:39:25.166 AVAST engine scan C:\Windows\system32\drivers
21:39:40.306 AVAST engine scan C:\Users\Jonas
22:00:16.009 AVAST engine scan C:\ProgramData
22:02:38.650 Scan finished successfully
22:03:51.900 Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\MBR.dat"
22:03:51.900 The log file has been saved successfully to "C:\Users\Jonas\Desktop\aswMBR.txt"
Code:
ATTFilter 22:06:18.0275 1388 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:06:18.0400 1388 ============================================================
22:06:18.0416 1388 Current date / time: 2012/12/23 22:06:18.0400
22:06:18.0416 1388 SystemInfo:
22:06:18.0416 1388
22:06:18.0416 1388 OS Version: 6.1.7600 ServicePack: 0.0
22:06:18.0416 1388 Product type: Workstation
22:06:18.0416 1388 ComputerName: JONAS-PC
22:06:18.0416 1388 UserName: Jonas
22:06:18.0416 1388 Windows directory: C:\Windows
22:06:18.0416 1388 System windows directory: C:\Windows
22:06:18.0416 1388 Processor architecture: Intel x86
22:06:18.0416 1388 Number of processors: 2
22:06:18.0416 1388 Page size: 0x1000
22:06:18.0416 1388 Boot type: Safe boot with network
22:06:18.0416 1388 ============================================================
22:06:19.0541 1388 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:06:19.0556 1388 ============================================================
22:06:19.0556 1388 \Device\Harddisk0\DR0:
22:06:19.0556 1388 MBR partitions:
22:06:19.0556 1388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
22:06:19.0556 1388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE2B, BlocksNum 0xDBF9C96
22:06:19.0556 1388 ============================================================
22:06:19.0587 1388 C: <-> \Device\Harddisk0\DR0\Partition1
22:06:19.0619 1388 D: <-> \Device\Harddisk0\DR0\Partition2
22:06:19.0619 1388 ============================================================
22:06:19.0619 1388 Initialize success
22:06:19.0619 1388 ============================================================
22:06:55.0337 0364 ============================================================
22:06:55.0337 0364 Scan started
22:06:55.0337 0364 Mode: Manual; SigCheck; TDLFS;
22:06:55.0337 0364 ============================================================
22:06:56.0087 0364 ================ Scan system memory ========================
22:06:56.0087 0364 System memory - ok
22:06:56.0087 0364 ================ Scan services =============================
22:06:56.0447 0364 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:06:56.0587 0364 1394ohci - ok
22:06:56.0619 0364 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:06:56.0650 0364 ACPI - ok
22:06:56.0712 0364 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:06:56.0775 0364 AcpiPmi - ok
22:06:56.0853 0364 [ 8C729FF9B5C47730EA54E841E2D8B617 ] acsock C:\Windows\system32\DRIVERS\acsock.sys
22:06:56.0884 0364 acsock - ok
22:06:57.0041 0364 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:06:57.0056 0364 AdobeARMservice - ok
22:06:57.0181 0364 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:06:57.0197 0364 AdobeFlashPlayerUpdateSvc - ok
22:06:57.0259 0364 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:06:57.0291 0364 adp94xx - ok
22:06:57.0322 0364 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:06:57.0337 0364 adpahci - ok
22:06:57.0400 0364 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:06:57.0416 0364 adpu320 - ok
22:06:57.0462 0364 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:06:57.0494 0364 AeLookupSvc - ok
22:06:57.0556 0364 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
22:06:57.0634 0364 AFD - ok
22:06:57.0666 0364 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:06:57.0681 0364 aic78xx - ok
22:06:57.0744 0364 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:06:57.0791 0364 ALG - ok
22:06:57.0853 0364 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:06:57.0869 0364 aliide - ok
22:06:57.0900 0364 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
22:06:57.0900 0364 amdagp - ok
22:06:57.0931 0364 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:06:57.0947 0364 amdide - ok
22:06:57.0994 0364 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:06:58.0025 0364 AmdK8 - ok
22:06:58.0072 0364 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:06:58.0103 0364 AmdPPM - ok
22:06:58.0166 0364 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:06:58.0166 0364 amdsata - ok
22:06:58.0197 0364 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:06:58.0212 0364 amdsbs - ok
22:06:58.0244 0364 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:06:58.0259 0364 amdxata - ok
22:06:58.0291 0364 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
22:06:58.0322 0364 AppID - ok
22:06:58.0384 0364 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:06:58.0447 0364 AppIDSvc - ok
22:06:58.0494 0364 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
22:06:58.0541 0364 Appinfo - ok
22:06:58.0587 0364 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:06:58.0619 0364 AppMgmt - ok
22:06:58.0697 0364 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:06:58.0712 0364 arc - ok
22:06:58.0759 0364 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:06:58.0775 0364 arcsas - ok
22:06:58.0853 0364 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:06:58.0853 0364 aswFsBlk - ok
22:06:58.0916 0364 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:06:58.0931 0364 aswMonFlt - ok
22:06:58.0947 0364 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:06:58.0947 0364 aswRdr - ok
22:06:59.0041 0364 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:06:59.0072 0364 aswSnx - ok
22:06:59.0119 0364 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:06:59.0134 0364 aswSP - ok
22:06:59.0197 0364 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:06:59.0212 0364 aswTdi - ok
22:06:59.0275 0364 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:06:59.0322 0364 AsyncMac - ok
22:06:59.0384 0364 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:06:59.0384 0364 atapi - ok
22:06:59.0462 0364 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:06:59.0541 0364 AudioEndpointBuilder - ok
22:06:59.0556 0364 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:06:59.0619 0364 Audiosrv - ok
22:06:59.0712 0364 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:06:59.0728 0364 avast! Antivirus - ok
22:06:59.0775 0364 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:06:59.0837 0364 AxInstSV - ok
22:06:59.0900 0364 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:06:59.0947 0364 b06bdrv - ok
22:06:59.0978 0364 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:07:00.0009 0364 b57nd60x - ok
22:07:00.0087 0364 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:07:00.0134 0364 BDESVC - ok
22:07:00.0181 0364 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:07:00.0228 0364 Beep - ok
22:07:00.0291 0364 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
22:07:00.0353 0364 BFE - ok
22:07:00.0416 0364 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
22:07:00.0478 0364 BITS - ok
22:07:00.0509 0364 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:07:00.0541 0364 blbdrive - ok
22:07:00.0603 0364 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:07:00.0619 0364 bowser - ok
22:07:00.0681 0364 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:07:00.0712 0364 BrFiltLo - ok
22:07:00.0759 0364 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:07:00.0806 0364 BrFiltUp - ok
22:07:00.0869 0364 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
22:07:00.0916 0364 Browser - ok
22:07:00.0962 0364 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:07:00.0994 0364 Brserid - ok
22:07:01.0041 0364 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:07:01.0056 0364 BrSerWdm - ok
22:07:01.0134 0364 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:07:01.0166 0364 BrUsbMdm - ok
22:07:01.0181 0364 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:07:01.0197 0364 BrUsbSer - ok
22:07:01.0228 0364 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:07:01.0244 0364 BTHMODEM - ok
22:07:01.0306 0364 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:07:01.0353 0364 bthserv - ok
22:07:01.0400 0364 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:07:01.0447 0364 cdfs - ok
22:07:01.0525 0364 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:07:01.0556 0364 cdrom - ok
22:07:01.0634 0364 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
22:07:01.0681 0364 CertPropSvc - ok
22:07:01.0759 0364 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:07:01.0791 0364 circlass - ok
22:07:01.0853 0364 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:07:01.0869 0364 CLFS - ok
22:07:01.0962 0364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:02.0025 0364 clr_optimization_v2.0.50727_32 - ok
22:07:02.0134 0364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:07:02.0181 0364 clr_optimization_v4.0.30319_32 - ok
22:07:02.0197 0364 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:07:02.0228 0364 CmBatt - ok
22:07:02.0275 0364 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:07:02.0291 0364 cmdide - ok
22:07:02.0353 0364 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
22:07:02.0384 0364 CNG - ok
22:07:02.0431 0364 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:07:02.0447 0364 Compbatt - ok
22:07:02.0494 0364 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:07:02.0509 0364 CompositeBus - ok
22:07:02.0541 0364 COMSysApp - ok
22:07:02.0572 0364 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:07:02.0587 0364 crcdisk - ok
22:07:02.0681 0364 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:07:02.0712 0364 CryptSvc - ok
22:07:02.0759 0364 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
22:07:02.0822 0364 CSC - ok
22:07:02.0916 0364 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
22:07:02.0962 0364 CscService - ok
22:07:03.0041 0364 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
22:07:03.0072 0364 CVirtA - ok
22:07:03.0197 0364 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
22:07:03.0259 0364 CVPND - ok
22:07:03.0306 0364 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
22:07:03.0353 0364 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:07:03.0353 0364 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:07:03.0416 0364 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
22:07:03.0462 0364 DcomLaunch - ok
22:07:03.0509 0364 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:07:03.0556 0364 defragsvc - ok
22:07:03.0619 0364 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:07:03.0681 0364 DfsC - ok
22:07:03.0775 0364 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:07:03.0853 0364 Dhcp - ok
22:07:03.0884 0364 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:07:03.0931 0364 discache - ok
22:07:03.0978 0364 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:07:03.0994 0364 Disk - ok
22:07:04.0041 0364 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
22:07:04.0056 0364 DNE - ok
22:07:04.0103 0364 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:07:04.0134 0364 Dnscache - ok
22:07:04.0166 0364 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
22:07:04.0228 0364 dot3svc - ok
22:07:04.0259 0364 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
22:07:04.0306 0364 DPS - ok
22:07:04.0337 0364 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:07:04.0353 0364 drmkaud - ok
22:07:04.0462 0364 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:07:04.0494 0364 DXGKrnl - ok
22:07:04.0541 0364 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:07:04.0587 0364 EapHost - ok
22:07:04.0775 0364 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:07:04.0884 0364 ebdrv - ok
22:07:04.0931 0364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
22:07:04.0978 0364 EFS - ok
22:07:05.0056 0364 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:07:05.0119 0364 ehRecvr - ok
22:07:05.0150 0364 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:07:05.0181 0364 ehSched - ok
22:07:05.0244 0364 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:07:05.0259 0364 elxstor - ok
22:07:05.0306 0364 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:07:05.0337 0364 ErrDev - ok
22:07:05.0416 0364 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:07:05.0462 0364 EventSystem - ok
22:07:05.0697 0364 [ CD2DFB60E21E7842E3E737824D035D45 ] EverestDriver C:\Users\Jonas\Documents\ICQ\320797059\ReceivedFiles\310343555 markus\Everest Ultimate Edition v.5.30.1996 beta (portable)\kerneld.wnt
22:07:05.0712 0364 EverestDriver - ok
22:07:05.0744 0364 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:07:05.0791 0364 exfat - ok
22:07:05.0837 0364 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:07:05.0869 0364 fastfat - ok
22:07:05.0962 0364 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
22:07:06.0009 0364 Fax - ok
22:07:06.0041 0364 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:07:06.0072 0364 fdc - ok
22:07:06.0134 0364 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:07:06.0181 0364 fdPHost - ok
22:07:06.0228 0364 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:07:06.0275 0364 FDResPub - ok
22:07:06.0322 0364 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:07:06.0322 0364 FileInfo - ok
22:07:06.0337 0364 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:07:06.0384 0364 Filetrace - ok
22:07:06.0416 0364 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:07:06.0447 0364 flpydisk - ok
22:07:06.0494 0364 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:07:06.0509 0364 FltMgr - ok
22:07:06.0603 0364 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
22:07:06.0666 0364 FontCache - ok
22:07:06.0712 0364 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:07:06.0728 0364 FontCache3.0.0.0 - ok
22:07:06.0775 0364 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:07:06.0791 0364 FsDepends - ok
22:07:06.0822 0364 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:07:06.0837 0364 Fs_Rec - ok
22:07:06.0900 0364 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:07:06.0916 0364 fvevol - ok
22:07:06.0962 0364 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:07:06.0978 0364 gagp30kx - ok
22:07:07.0041 0364 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
22:07:07.0056 0364 ggflt - ok
22:07:07.0103 0364 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
22:07:07.0103 0364 ggsemc - ok
22:07:07.0197 0364 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
22:07:07.0259 0364 gpsvc - ok
22:07:07.0384 0364 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:07:07.0400 0364 gupdate - ok
22:07:07.0462 0364 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:07:07.0478 0364 gupdatem - ok
22:07:07.0541 0364 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:07:07.0572 0364 hcw85cir - ok
22:07:07.0650 0364 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:07:07.0697 0364 HdAudAddService - ok
22:07:07.0728 0364 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:07:07.0759 0364 HDAudBus - ok
22:07:07.0806 0364 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:07:07.0837 0364 HidBatt - ok
22:07:07.0884 0364 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:07:07.0916 0364 HidBth - ok
22:07:07.0978 0364 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:07:07.0994 0364 HidIr - ok
22:07:08.0072 0364 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:07:08.0103 0364 hidserv - ok
22:07:08.0150 0364 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:07:08.0181 0364 HidUsb - ok
22:07:08.0228 0364 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:07:08.0275 0364 hkmsvc - ok
22:07:08.0306 0364 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:07:08.0322 0364 HomeGroupListener - ok
22:07:08.0369 0364 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:07:08.0400 0364 HomeGroupProvider - ok
22:07:08.0478 0364 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:07:08.0494 0364 HpSAMD - ok
22:07:08.0572 0364 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:07:08.0619 0364 HTTP - ok
22:07:08.0650 0364 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:07:08.0666 0364 hwpolicy - ok
22:07:08.0728 0364 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:07:08.0744 0364 i8042prt - ok
22:07:08.0837 0364 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:07:08.0853 0364 iaStorV - ok
22:07:08.0947 0364 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:07:08.0978 0364 idsvc - ok
22:07:09.0025 0364 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:07:09.0025 0364 iirsp - ok
22:07:09.0103 0364 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
22:07:09.0166 0364 IKEEXT - ok
22:07:09.0291 0364 [ 90A10B39896040B3154613C11C932AEB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:07:09.0353 0364 IntcAzAudAddService - ok
22:07:09.0369 0364 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:07:09.0384 0364 intelide - ok
22:07:09.0431 0364 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:07:09.0462 0364 intelppm - ok
22:07:09.0525 0364 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:07:09.0572 0364 IPBusEnum - ok
22:07:09.0619 0364 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:07:09.0666 0364 IpFilterDriver - ok
22:07:09.0744 0364 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:07:09.0806 0364 iphlpsvc - ok
22:07:09.0869 0364 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:07:09.0884 0364 IPMIDRV - ok
22:07:09.0931 0364 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:07:09.0978 0364 IPNAT - ok
22:07:10.0009 0364 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:07:10.0041 0364 IRENUM - ok
22:07:10.0056 0364 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:07:10.0072 0364 isapnp - ok
22:07:10.0119 0364 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:07:10.0150 0364 iScsiPrt - ok
22:07:10.0181 0364 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:07:10.0197 0364 kbdclass - ok
22:07:10.0244 0364 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:07:10.0275 0364 kbdhid - ok
22:07:10.0322 0364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
22:07:10.0337 0364 KeyIso - ok
22:07:10.0384 0364 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:07:10.0400 0364 KSecDD - ok
22:07:10.0447 0364 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:07:10.0462 0364 KSecPkg - ok
22:07:10.0509 0364 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:07:10.0572 0364 KtmRm - ok
22:07:10.0634 0364 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
22:07:10.0666 0364 LanmanServer - ok
22:07:10.0712 0364 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:07:10.0744 0364 LanmanWorkstation - ok
22:07:10.0822 0364 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:07:10.0853 0364 lltdio - ok
22:07:10.0900 0364 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:07:10.0931 0364 lltdsvc - ok
22:07:10.0962 0364 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:07:11.0025 0364 lmhosts - ok
22:07:11.0072 0364 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:07:11.0087 0364 LSI_FC - ok
22:07:11.0119 0364 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:07:11.0134 0364 LSI_SAS - ok
22:07:11.0166 0364 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:07:11.0166 0364 LSI_SAS2 - ok
22:07:11.0228 0364 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:07:11.0244 0364 LSI_SCSI - ok
22:07:11.0275 0364 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:07:11.0322 0364 luafv - ok
22:07:11.0431 0364 [ B18225739ED9CAA83BA2DF966E9F43E8 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
22:07:11.0447 0364 MBAMSwissArmy - ok
22:07:11.0509 0364 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:07:11.0541 0364 Mcx2Svc - ok
22:07:11.0603 0364 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:07:11.0603 0364 megasas - ok
22:07:11.0650 0364 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:07:11.0666 0364 MegaSR - ok
22:07:11.0744 0364 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:07:11.0759 0364 Microsoft Office Groove Audit Service - ok
22:07:11.0806 0364 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:07:11.0853 0364 MMCSS - ok
22:07:11.0947 0364 [ 5A78BB029FD8414381FF1315F1E46947 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
22:07:11.0962 0364 Mobile Broadband HL Service - ok
22:07:11.0994 0364 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:07:12.0041 0364 Modem - ok
22:07:12.0103 0364 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:07:12.0134 0364 monitor - ok
22:07:12.0212 0364 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:07:12.0228 0364 mouclass - ok
22:07:12.0259 0364 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:07:12.0291 0364 mouhid - ok
22:07:12.0322 0364 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:07:12.0322 0364 mountmgr - ok
22:07:12.0416 0364 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:07:12.0431 0364 MozillaMaintenance - ok
22:07:12.0462 0364 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:07:12.0478 0364 mpio - ok
22:07:12.0509 0364 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:07:12.0572 0364 mpsdrv - ok
22:07:12.0619 0364 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
22:07:12.0666 0364 MpsSvc - ok
22:07:12.0697 0364 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:07:12.0728 0364 MRxDAV - ok
22:07:12.0806 0364 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:07:12.0853 0364 mrxsmb - ok
22:07:12.0916 0364 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:07:12.0978 0364 mrxsmb10 - ok
22:07:13.0009 0364 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:07:13.0041 0364 mrxsmb20 - ok
22:07:13.0087 0364 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:07:13.0103 0364 msahci - ok
22:07:13.0150 0364 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:07:13.0166 0364 msdsm - ok
22:07:13.0197 0364 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:07:13.0228 0364 MSDTC - ok
22:07:13.0291 0364 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:07:13.0322 0364 Msfs - ok
22:07:13.0322 0364 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:07:13.0353 0364 mshidkmdf - ok
22:07:13.0416 0364 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:07:13.0431 0364 msisadrv - ok
22:07:13.0478 0364 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:07:13.0525 0364 MSiSCSI - ok
22:07:13.0556 0364 msiserver - ok
22:07:13.0587 0364 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:07:13.0634 0364 MSKSSRV - ok
22:07:13.0666 0364 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:07:13.0712 0364 MSPCLOCK - ok
22:07:13.0744 0364 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:07:13.0791 0364 MSPQM - ok
22:07:13.0837 0364 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:07:13.0853 0364 MsRPC - ok
22:07:13.0869 0364 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:07:13.0884 0364 mssmbios - ok
22:07:13.0931 0364 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:07:13.0962 0364 MSTEE - ok
22:07:13.0994 0364 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:07:14.0025 0364 MTConfig - ok
22:07:14.0087 0364 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:07:14.0103 0364 Mup - ok
22:07:14.0150 0364 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
22:07:14.0197 0364 napagent - ok
22:07:14.0244 0364 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:07:14.0291 0364 NativeWifiP - ok
22:07:14.0416 0364 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:07:14.0462 0364 NBService ( UnsignedFile.Multi.Generic ) - warning
22:07:14.0462 0364 NBService - detected UnsignedFile.Multi.Generic (1)
22:07:14.0509 0364 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:07:14.0541 0364 NDIS - ok
22:07:14.0587 0364 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:07:14.0634 0364 NdisCap - ok
22:07:14.0681 0364 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:07:14.0728 0364 NdisTapi - ok
22:07:14.0759 0364 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:07:14.0822 0364 Ndisuio - ok
22:07:14.0869 0364 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:07:14.0916 0364 NdisWan - ok
22:07:14.0931 0364 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:07:14.0962 0364 NDProxy - ok
22:07:15.0025 0364 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:07:15.0072 0364 NetBIOS - ok
22:07:15.0119 0364 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:07:15.0166 0364 NetBT - ok
22:07:15.0212 0364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
22:07:15.0212 0364 Netlogon - ok
22:07:15.0306 0364 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:07:15.0369 0364 Netman - ok
22:07:15.0400 0364 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:07:15.0462 0364 netprofm - ok
22:07:15.0494 0364 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:07:15.0509 0364 NetTcpPortSharing - ok
22:07:15.0572 0364 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:07:15.0587 0364 nfrd960 - ok
22:07:15.0712 0364 [ 03E1985447FB94AC6BAD392770617CEB ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
22:07:15.0728 0364 NitroReaderDriverReadSpool2 - ok
22:07:15.0775 0364 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
22:07:15.0837 0364 NlaSvc - ok
22:07:15.0853 0364 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:07:15.0884 0364 Npfs - ok
22:07:15.0947 0364 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:07:15.0962 0364 nsi - ok
22:07:16.0041 0364 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:07:16.0072 0364 nsiproxy - ok
22:07:16.0150 0364 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:07:16.0197 0364 Ntfs - ok
22:07:16.0228 0364 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:07:16.0275 0364 Null - ok
22:07:16.0337 0364 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:07:16.0353 0364 nvraid - ok
22:07:16.0400 0364 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:07:16.0416 0364 nvstor - ok
22:07:16.0447 0364 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:07:16.0462 0364 nv_agp - ok
22:07:16.0572 0364 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:07:16.0603 0364 odserv - ok
22:07:16.0666 0364 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:07:16.0681 0364 ohci1394 - ok
22:07:16.0775 0364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:07:16.0791 0364 ose - ok
22:07:16.0837 0364 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:07:16.0884 0364 p2pimsvc - ok
22:07:16.0916 0364 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:07:16.0947 0364 p2psvc - ok
22:07:16.0994 0364 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:07:17.0025 0364 Parport - ok
22:07:17.0087 0364 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:07:17.0103 0364 partmgr - ok
22:07:17.0150 0364 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:07:17.0181 0364 Parvdm - ok
22:07:17.0212 0364 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:07:17.0244 0364 PcaSvc - ok
22:07:17.0259 0364 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
22:07:17.0275 0364 pci - ok
22:07:17.0353 0364 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:07:17.0369 0364 pciide - ok
22:07:17.0431 0364 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:07:17.0447 0364 pcmcia - ok
22:07:17.0478 0364 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:07:17.0494 0364 pcw - ok
22:07:17.0572 0364 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:07:17.0634 0364 PEAUTH - ok
22:07:17.0697 0364 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:07:17.0744 0364 PeerDistSvc - ok
22:07:17.0884 0364 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
22:07:17.0978 0364 pla - ok
22:07:18.0056 0364 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:07:18.0087 0364 PlugPlay - ok
22:07:18.0119 0364 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:07:18.0150 0364 PNRPAutoReg - ok
22:07:18.0197 0364 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:07:18.0212 0364 PNRPsvc - ok
22:07:18.0259 0364 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:07:18.0322 0364 PolicyAgent - ok
22:07:18.0384 0364 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
22:07:18.0416 0364 Power - ok
22:07:18.0478 0364 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:07:18.0525 0364 PptpMiniport - ok
22:07:18.0541 0364 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:07:18.0572 0364 Processor - ok
22:07:18.0666 0364 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
22:07:18.0697 0364 ProfSvc - ok
22:07:18.0728 0364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:07:18.0744 0364 ProtectedStorage - ok
22:07:18.0759 0364 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:07:18.0791 0364 Psched - ok
22:07:18.0869 0364 [ B1AD87B4C97B6B59FCD075001E76865F ] QCDonner C:\Windows\system32\DRIVERS\LVCD.sys
22:07:18.0900 0364 QCDonner - ok
22:07:18.0962 0364 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:07:19.0025 0364 ql2300 - ok
22:07:19.0056 0364 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:07:19.0072 0364 ql40xx - ok
22:07:19.0119 0364 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:07:19.0150 0364 QWAVE - ok
22:07:19.0181 0364 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:07:19.0212 0364 QWAVEdrv - ok
22:07:19.0275 0364 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:07:19.0306 0364 RasAcd - ok
22:07:19.0369 0364 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:07:19.0400 0364 RasAgileVpn - ok
22:07:19.0447 0364 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:07:19.0478 0364 RasAuto - ok
22:07:19.0525 0364 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:07:19.0587 0364 Rasl2tp - ok
22:07:19.0666 0364 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
22:07:19.0728 0364 RasMan - ok
22:07:19.0791 0364 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:07:19.0837 0364 RasPppoe - ok
22:07:19.0853 0364 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:07:19.0916 0364 RasSstp - ok
22:07:19.0962 0364 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:07:19.0994 0364 rdbss - ok
22:07:20.0072 0364 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:07:20.0119 0364 rdpbus - ok
22:07:20.0228 0364 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:07:20.0259 0364 RDPCDD - ok
22:07:20.0322 0364 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:07:20.0353 0364 RDPDR - ok
22:07:20.0416 0364 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:07:20.0447 0364 RDPENCDD - ok
22:07:20.0509 0364 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:07:20.0541 0364 RDPREFMP - ok
22:07:20.0587 0364 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:07:20.0634 0364 RDPWD - ok
22:07:20.0681 0364 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:07:20.0697 0364 rdyboost - ok
22:07:20.0759 0364 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:07:20.0791 0364 RemoteAccess - ok
22:07:20.0822 0364 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:07:20.0884 0364 RemoteRegistry - ok
22:07:20.0947 0364 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:07:20.0994 0364 RpcEptMapper - ok
22:07:21.0056 0364 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:07:21.0072 0364 RpcLocator - ok
22:07:21.0103 0364 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
22:07:21.0134 0364 RpcSs - ok
22:07:21.0181 0364 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:07:21.0212 0364 rspndr - ok
22:07:21.0259 0364 [ 8E7D6DBBA555C5D5A02DECC79FE9C638 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
22:07:21.0322 0364 RTL8187B - ok
22:07:21.0353 0364 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:07:21.0384 0364 s3cap - ok
22:07:21.0416 0364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
22:07:21.0431 0364 SamSs - ok
22:07:21.0447 0364 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:07:21.0462 0364 sbp2port - ok
22:07:21.0525 0364 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:07:21.0572 0364 SCardSvr - ok
22:07:21.0619 0364 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:07:21.0650 0364 scfilter - ok
22:07:21.0728 0364 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
22:07:21.0775 0364 Schedule - ok
22:07:21.0806 0364 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:07:21.0837 0364 SCPolicySvc - ok
22:07:21.0884 0364 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:07:21.0900 0364 SDRSVC - ok
22:07:21.0962 0364 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:07:22.0009 0364 secdrv - ok
22:07:22.0072 0364 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:07:22.0119 0364 seclogon - ok
22:07:22.0150 0364 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:07:22.0197 0364 SENS - ok
22:07:22.0228 0364 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:07:22.0259 0364 SensrSvc - ok
22:07:22.0322 0364 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:07:22.0337 0364 Serenum - ok
22:07:22.0400 0364 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:07:22.0431 0364 Serial - ok
22:07:22.0494 0364 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:07:22.0525 0364 sermouse - ok
22:07:22.0587 0364 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
22:07:22.0634 0364 SessionEnv - ok
22:07:22.0666 0364 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:07:22.0697 0364 sffdisk - ok
22:07:22.0728 0364 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:07:22.0744 0364 sffp_mmc - ok
22:07:22.0775 0364 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:07:22.0806 0364 sffp_sd - ok
22:07:22.0837 0364 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:07:22.0869 0364 sfloppy - ok
22:07:22.0916 0364 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:07:22.0962 0364 SharedAccess - ok
22:07:23.0041 0364 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:07:23.0072 0364 ShellHWDetection - ok
22:07:23.0134 0364 [ 4EDC881C138E778FEB9BD24CBC6B33ED ] SIS163u C:\Windows\system32\DRIVERS\sis163u.sys
22:07:23.0150 0364 SIS163u - ok
22:07:23.0244 0364 [ EF83A32639B6E925B7E7F1945008484B ] SiS6350 C:\Windows\system32\DRIVERS\SISGRKMD.sys
22:07:23.0306 0364 SiS6350 - ok
22:07:23.0353 0364 [ FD1DABF8279ECFCD99EED01A7DF06114 ] SISAGP C:\Windows\system32\DRIVERS\SISAGPX.sys
22:07:23.0400 0364 SISAGP - ok
22:07:23.0431 0364 [ 6F0C643C7F49F2091B01D014EAE72E1A ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSGB6.sys
22:07:23.0462 0364 SiSGbeLH - ok
22:07:23.0509 0364 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:07:23.0509 0364 SiSRaid2 - ok
22:07:23.0572 0364 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:07:23.0587 0364 SiSRaid4 - ok
22:07:23.0697 0364 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:07:23.0712 0364 SkypeUpdate - ok
22:07:23.0759 0364 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:07:23.0806 0364 Smb - ok
22:07:23.0869 0364 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:07:23.0916 0364 SNMPTRAP - ok
22:07:23.0947 0364 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:07:23.0962 0364 spldr - ok
22:07:24.0056 0364 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
22:07:24.0087 0364 Spooler - ok
22:07:24.0228 0364 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
22:07:24.0353 0364 sppsvc - ok
22:07:24.0384 0364 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:07:24.0431 0364 sppuinotify - ok
22:07:24.0556 0364 [ C4BB8A12843D9CBB65F5FF617F389BBD ] sptd C:\Windows\System32\Drivers\sptd.sys
22:07:24.0587 0364 sptd - ok
22:07:24.0634 0364 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:07:24.0697 0364 srv - ok
22:07:24.0728 0364 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:07:24.0759 0364 srv2 - ok
22:07:24.0791 0364 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:07:24.0837 0364 srvnet - ok
22:07:24.0900 0364 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:07:24.0947 0364 SSDPSRV - ok
22:07:24.0978 0364 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:07:25.0025 0364 SstpSvc - ok
22:07:25.0072 0364 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:07:25.0103 0364 stexstor - ok
22:07:25.0197 0364 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
22:07:25.0244 0364 StiSvc - ok
22:07:25.0275 0364 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:07:25.0291 0364 storflt - ok
22:07:25.0353 0364 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
22:07:25.0369 0364 StorSvc - ok
22:07:25.0384 0364 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:07:25.0400 0364 storvsc - ok
22:07:25.0447 0364 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:07:25.0462 0364 swenum - ok
22:07:25.0494 0364 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:07:25.0541 0364 swprv - ok
22:07:25.0619 0364 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
22:07:25.0666 0364 SysMain - ok
22:07:25.0712 0364 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:07:25.0759 0364 TabletInputService - ok
22:07:25.0775 0364 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
22:07:25.0822 0364 TapiSrv - ok
22:07:25.0884 0364 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:07:25.0931 0364 TBS - ok
22:07:26.0025 0364 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:07:26.0087 0364 Tcpip - ok
22:07:26.0134 0364 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:07:26.0166 0364 TCPIP6 - ok
22:07:26.0228 0364 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:07:26.0275 0364 tcpipreg - ok
22:07:26.0306 0364 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:07:26.0337 0364 TDPIPE - ok
22:07:26.0400 0364 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:07:26.0431 0364 TDTCP - ok
22:07:26.0478 0364 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:07:26.0525 0364 tdx - ok
22:07:26.0572 0364 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:07:26.0587 0364 TermDD - ok
22:07:26.0681 0364 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
22:07:26.0744 0364 TermService - ok
22:07:26.0791 0364 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:07:26.0822 0364 Themes - ok
22:07:26.0853 0364 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:07:26.0884 0364 THREADORDER - ok
22:07:26.0947 0364 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:07:26.0994 0364 TrkWks - ok
22:07:27.0087 0364 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:07:27.0119 0364 TrustedInstaller - ok
22:07:27.0150 0364 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:07:27.0197 0364 tssecsrv - ok
22:07:27.0275 0364 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:07:27.0306 0364 tunnel - ok
22:07:27.0337 0364 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:07:27.0337 0364 uagp35 - ok
22:07:27.0400 0364 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:07:27.0462 0364 udfs - ok
22:07:27.0509 0364 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:07:27.0541 0364 UI0Detect - ok
22:07:27.0603 0364 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:07:27.0619 0364 uliagpkx - ok
22:07:27.0666 0364 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:07:27.0697 0364 umbus - ok
22:07:27.0759 0364 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:07:27.0806 0364 UmPass - ok
22:07:27.0853 0364 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:07:27.0869 0364 UmRdpService - ok
22:07:27.0916 0364 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:07:27.0962 0364 upnphost - ok
22:07:27.0994 0364 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:07:28.0025 0364 usbccgp - ok
22:07:28.0072 0364 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:07:28.0087 0364 usbcir - ok
22:07:28.0119 0364 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:07:28.0150 0364 usbehci - ok
22:07:28.0228 0364 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:07:28.0244 0364 usbhub - ok
22:07:28.0306 0364 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:07:28.0322 0364 usbohci - ok
22:07:28.0353 0364 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:07:28.0384 0364 usbprint - ok
22:07:28.0431 0364 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:07:28.0462 0364 usbscan - ok
22:07:28.0509 0364 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:07:28.0541 0364 USBSTOR - ok
22:07:28.0587 0364 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:07:28.0619 0364 usbuhci - ok
22:07:28.0681 0364 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
22:07:28.0712 0364 usb_rndisx - ok
22:07:28.0759 0364 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:07:28.0806 0364 UxSms - ok
22:07:28.0822 0364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
22:07:28.0837 0364 VaultSvc - ok
22:07:28.0869 0364 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:07:28.0884 0364 vdrvroot - ok
22:07:28.0962 0364 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
22:07:29.0009 0364 vds - ok
22:07:29.0041 0364 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:07:29.0072 0364 vga - ok
22:07:29.0103 0364 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:07:29.0150 0364 VgaSave - ok
22:07:29.0181 0364 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:07:29.0197 0364 vhdmp - ok
22:07:29.0228 0364 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
22:07:29.0244 0364 viaagp - ok
22:07:29.0275 0364 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:07:29.0322 0364 ViaC7 - ok
22:07:29.0353 0364 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:07:29.0369 0364 viaide - ok
22:07:29.0416 0364 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:07:29.0431 0364 vmbus - ok
22:07:29.0447 0364 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:07:29.0462 0364 VMBusHID - ok
22:07:29.0494 0364 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:07:29.0494 0364 volmgr - ok
22:07:29.0556 0364 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:07:29.0587 0364 volmgrx - ok
22:07:29.0650 0364 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:07:29.0666 0364 volsnap - ok
22:07:29.0791 0364 [ F937E203D6F18FAD36B68D92DF02775D ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:07:29.0822 0364 vpnagent - ok
22:07:29.0884 0364 [ 0D8DF4058901616A4E716AB67D472581 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
22:07:29.0884 0364 vpnva - ok
22:07:29.0962 0364 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:07:29.0978 0364 vsmraid - ok
22:07:30.0087 0364 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
22:07:30.0150 0364 VSS - ok
22:07:30.0166 0364 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:07:30.0212 0364 vwifibus - ok
22:07:30.0244 0364 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:07:30.0275 0364 vwififlt - ok
22:07:30.0306 0364 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:07:30.0337 0364 vwifimp - ok
22:07:30.0369 0364 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:07:30.0431 0364 W32Time - ok
22:07:30.0462 0364 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:07:30.0494 0364 WacomPen - ok
22:07:30.0509 0364 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:07:30.0541 0364 WANARP - ok
22:07:30.0572 0364 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:07:30.0603 0364 Wanarpv6 - ok
22:07:30.0697 0364 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:07:30.0744 0364 WatAdminSvc - ok
22:07:30.0822 0364 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
22:07:30.0869 0364 wbengine - ok
22:07:30.0900 0364 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:07:30.0947 0364 WbioSrvc - ok
22:07:31.0009 0364 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:07:31.0056 0364 wcncsvc - ok
22:07:31.0087 0364 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:07:31.0119 0364 WcsPlugInService - ok
22:07:31.0150 0364 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:07:31.0166 0364 Wd - ok
22:07:31.0228 0364 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:07:31.0259 0364 Wdf01000 - ok
22:07:31.0275 0364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:07:31.0322 0364 WdiServiceHost - ok
22:07:31.0322 0364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:07:31.0353 0364 WdiSystemHost - ok
22:07:31.0400 0364 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
22:07:31.0416 0364 WebClient - ok
22:07:31.0447 0364 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:07:31.0494 0364 Wecsvc - ok
22:07:31.0509 0364 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:07:31.0556 0364 wercplsupport - ok
22:07:31.0619 0364 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:07:31.0650 0364 WerSvc - ok
22:07:31.0728 0364 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:07:31.0775 0364 WfpLwf - ok
22:07:31.0806 0364 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:07:31.0822 0364 WIMMount - ok
22:07:31.0916 0364 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:07:31.0947 0364 WinDefend - ok
22:07:31.0962 0364 WinHttpAutoProxySvc - ok
22:07:32.0025 0364 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:07:32.0072 0364 Winmgmt - ok
22:07:32.0150 0364 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
22:07:32.0228 0364 WinRM - ok
22:07:32.0322 0364 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:07:32.0337 0364 WinUsb - ok
22:07:32.0431 0364 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:07:32.0478 0364 Wlansvc - ok
22:07:32.0666 0364 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:07:32.0712 0364 wlidsvc - ok
22:07:32.0775 0364 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:07:32.0791 0364 WmiAcpi - ok
22:07:32.0884 0364 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:07:32.0916 0364 wmiApSrv - ok
22:07:33.0041 0364 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:07:33.0103 0364 WMPNetworkSvc - ok
22:07:33.0181 0364 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:07:33.0197 0364 WPCSvc - ok
22:07:33.0275 0364 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:07:33.0291 0364 WPDBusEnum - ok
22:07:33.0337 0364 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:07:33.0384 0364 ws2ifsl - ok
22:07:33.0431 0364 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
22:07:33.0478 0364 wscsvc - ok
22:07:33.0509 0364 WSearch - ok
22:07:33.0619 0364 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:07:33.0681 0364 wuauserv - ok
22:07:33.0728 0364 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:07:33.0744 0364 WudfPf - ok
22:07:33.0775 0364 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:07:33.0791 0364 WUDFRd - ok
22:07:33.0853 0364 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:07:33.0869 0364 wudfsvc - ok
22:07:33.0900 0364 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:07:33.0947 0364 WwanSvc - ok
22:07:34.0056 0364 ================ Scan global ===============================
22:07:34.0119 0364 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
22:07:34.0166 0364 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
22:07:34.0197 0364 [ A9E43C040F405DB689FC29534EF0389B ] C:\Windows\system32\winsrv.dll
22:07:34.0244 0364 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:07:34.0291 0364 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:07:34.0291 0364 [Global] - ok
22:07:34.0291 0364 ================ Scan MBR ==================================
22:07:34.0306 0364 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:07:34.0619 0364 \Device\Harddisk0\DR0 - ok
22:07:34.0634 0364 ================ Scan VBR ==================================
22:07:34.0634 0364 [ C7951133FABAD644D4B81C554E75891E ] \Device\Harddisk0\DR0\Partition1
22:07:34.0634 0364 \Device\Harddisk0\DR0\Partition1 - ok
22:07:34.0666 0364 [ 072D1058C8813FE7528BB31E4C333E0A ] \Device\Harddisk0\DR0\Partition2
22:07:34.0666 0364 \Device\Harddisk0\DR0\Partition2 - ok
22:07:34.0697 0364 ============================================================
22:07:34.0697 0364 Scan finished
22:07:34.0697 0364 ============================================================
22:07:34.0712 0880 Detected object count: 2
22:07:34.0712 0880 Actual detected object count: 2
22:07:45.0306 0880 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:07:45.0306 0880 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:07:45.0306 0880 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
22:07:45.0306 0880 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu GVU "ihr computer wurde gesperrt" |
| antivirus, autorun, bho, computer, error, excel, failed, fehler, firefox, flash player, geld, helper, install.exe, internet, kaspersky, lanmanworkstation, launch, lightning, logfile, mozilla, office 2007, plug-in, realtek, registry, scan, security, software, svchost.exe, thomson, virus, windows, wma |
Linear-Darstellung
