| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2013, 15:09
| #1 |
 |  Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hallo, lange Zeit lese ich sporadisch immer wieder in diesem Forum mit Begeisterung und ich denke, daß mir das auch so manche üble Erfahrung erspart hat. Danke dafür. Nun aber habe ich vermutlich ein Problem: Kürzlich bekam ich eine mail meines Sohnes mit einem eher krüptischen Text und einer google-Kurz-Adresse, die ich erst mal besser nicht gelkickt habe. Ich habe dann die Adresse gegoogelt und bin sehr schnell auf einen ähnlichen Fall aus dem März 2012 gestoßen, in dem solche Spam verschickt wurde, mit einem Link auf einen Server der freundlicherweise einen mit einem Exploit beschenkt. Das läßt über besagten Laptop nichts gutes ahnen, vermute ich. Nach längerem Überlegen habe ich mir gedacht, es ist nicht gut, dieses Notebook zu booten, wenn ich es dann mit einem Verschlüssenlungstrojaner zu tun habe, habe ich vermutlich danach noch mehr Ärger als jetzt. Derzeit lasse ich daher erst einmal Kaspersky Rescue Disk des Ultimate Boot Stick Ver. 0.8.5.0 drüberlaufen. Leider sind die Virendefinitionen nicht mehr ganz aktuell, aber die neueren Versionen sind schwer zu bekommen, da sie auf langsamen Servern oder gar Rapidshare liegen. Es zeichnen sich allerdings auch schon Funde ab. Ich hoffe, ich kann diese dann erst einmal löschen und würde in der Folge mit HijackThis ein log-file erzeugen und posten? Das einzige, was ich derzeit sicher über den Rechner weiß, daß er unter Win 7 läuft und anscheinend kein email-Klient verwendet wurde. Bitte um Hilfe pocoloco |
|
04.01.2013, 15:25
| #2 |
| /// Malware-holic   | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hi
__________________funde mit pfaden notieren, und posten, hjt kannst du gleich aus dem Gedächtniss streichen, das wird schon lange nicht mehr genutzt, da es zb nicht mehr weiterentwickelt wird
__________________ |
|
04.01.2013, 16:03
| #3 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hi,
__________________danke für die schnelle Hilfe, die Spammail ist ge7-zppt unterwegs. Allerdings ohne file-Extension, da hatte ich in Pegasusmail keine Wahl, in welchem Format ich die speichern kann, ich hoffe, ihr könnt damit was anfangen. Name: Spam-pocoloco.7z Die Funde kommen jetzt .....ich stecke sie erst einmal in Quarantäne? Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a HEUR: Trojan.Script.Generic Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a HEUR: Trojan.Script.Generic rs/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS HEUR:Exploit.Script.Generic Das scheint es gewesen zu sein. Geändert von pocoloco2003 (04.01.2013 um 16:13 Uhr) |
|
04.01.2013, 17:18
| #4 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hier noch den Gesamtbericht, bei der Abfrage, löschen oder ... hat Kasperski mir anscheinend nicht alles vorgelesen, hat leider etwas gedauert, da ich in dem Linux-Dateisystem erst noch besser werden muß. ... und als Anhang, da anscheinend auch noch zu lang *schluchtz* |
|
05.01.2013, 15:44
| #5 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hallo, und danke erst einmal soweit, ich habe mein bestes gegeben und Kaspersky die hoffentlich jetzt ausreichende Informationen abgetrotzt: die Liste der gefundenen Objekte (65!!!): Code:
ATTFilter Untersuchung von Objekten: wurde abgeschlossen vor 23 Stunden (Ereignis: 65, Objekte: 1252611, Zeit: 03:04:57)
04.01.13 13:06 Aufgabe wurde gestartet
04.01.13 13:14 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:14 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:15 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:15 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 13:16 Gefunden: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000
04.01.13 13:16 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000 Zurückgestellt
04.01.13 13:19 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:19 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:19 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:19 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 13:27 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:27 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:28 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:28 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 13:29 Gefunden: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000
04.01.13 13:29 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000 Zurückgestellt
04.01.13 13:31 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:31 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:32 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:32 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 13:38 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:38 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:39 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:39 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 13:40 Gefunden: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000
04.01.13 13:40 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000 Zurückgestellt
04.01.13 13:43 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:43 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:43 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:43 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 13:51 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:51 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:52 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:52 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 13:53 Gefunden: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000
04.01.13 13:53 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000 Zurückgestellt
04.01.13 13:56 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 13:56 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 13:56 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 13:56 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 14:22 Gefunden: HEUR:Trojan.Script.Generic Datei C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 14:22 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 14:23 Gefunden: HEUR:Trojan.Script.Generic Datei C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 14:23 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 14:24 Gefunden: HEUR:Exploit.Script.Generic Datei C:/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000
04.01.13 14:24 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic Datei C:/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000 Zurückgestellt
04.01.13 14:26 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 14:26 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 14:27 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 14:27 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 14:36 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 14:36 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 14:37 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 14:37 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 14:38 Gefunden: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000
04.01.13 14:38 Nicht desinfizierte Objekte: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000 Zurückgestellt
04.01.13 14:41 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 14:41 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a Zurückgestellt
04.01.13 14:41 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 14:41 Nicht desinfizierte Objekte: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a Zurückgestellt
04.01.13 15:19 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/ uzbatu.coma[1].a
04.01.13 16:07 Gefunden: HEUR:Trojan.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/ clente.coma[1].a
04.01.13 16:09 Gefunden: HEUR:Exploit.Script.Generic Datei /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/ data0000
04.01.13 16:11 Aufgabe wurde abgeschlossen
Untersuchung von Objekten: wurde abgeschlossen vor 15710 Tagen (Ereignis: 2, Objekte: 1252576, Zeit: 02:10:55)
05.01.13 14:44 Aufgabe wurde abgeschlossen
05.01.13 12:33 Aufgabe wurde gestartet
Code:
ATTFilter Untersuchung von Objekten: wurde abgeschlossen vor 23 Stunden (Ereignis: 65, Objekte: 1252611, Zeit: 03:04:57)
Ergebnis: Gefunden (Ereignisse: 33)
04.01.13 13:14 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:15 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 13:16 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000
04.01.13 13:19 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:19 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 13:27 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:28 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 13:29 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000
04.01.13 13:31 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:32 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 13:38 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:39 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 13:40 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000
04.01.13 13:43 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:43 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 13:51 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:52 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 13:53 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000
04.01.13 13:56 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 13:56 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 14:22 C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 14:23 C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 14:24 C:/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000
04.01.13 14:26 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 14:27 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 14:36 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 14:37 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 14:38 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000
04.01.13 14:41 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 14:41 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 15:19 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a
04.01.13 16:07 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a
04.01.13 16:09 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000
Ergebnis: Nicht desinfizierte Objekte (Ereignisse: 30)
04.01.13 14:41 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 14:41 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 14:38 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000 Zurückgestellt
04.01.13 14:37 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 14:36 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 14:27 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 14:26 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 14:24 C:/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000 Zurückgestellt
04.01.13 14:23 C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 14:22 C:/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:56 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:56 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:53 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000 Zurückgestellt
04.01.13 13:52 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:51 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:43 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:43 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:40 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000 Zurückgestellt
04.01.13 13:39 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:38 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:32 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:31 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:29 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000 Zurückgestellt
04.01.13 13:28 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:27 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:19 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:19 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
04.01.13 13:16 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Temp/plugtmp-3/plugin-LGYScoSS/data0000 Zurückgestellt
04.01.13 13:15 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/QLBLZ6G7/clente.coma[1].a Zurückgestellt
04.01.13 13:14 /mnt/MountedDevices/PD-AD3D98CF-00000004E8500000/Users/Basti/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/O43VBDC0/uzbatu.coma[1].a Zurückgestellt
Ergebnis: Aufgabe wurde gestartet (Ereignisse: 1)
04.01.13 13:06
Ergebnis: Aufgabe wurde abgeschlossen (Ereignisse: 1)
04.01.13 16:11
Untersuchung von Objekten: wurde abgeschlossen vor 37 Minuten (Ereignis: 2, Objekte: 1252576, Zeit: 02:10:55)
Ergebnis: Aufgabe wurde gestartet (Ereignisse: 1)
05.01.13 12:33
Ergebnis: Aufgabe wurde abgeschlossen (Ereignisse: 1)
05.01.13 14:44
Ich hoffe, es kann jemand hiermit was anfangen, ansonsten bitte eine kurze Info, was ich tun kann. thx pocoloco |
|
05.01.2013, 19:42
| #6 |
| /// Malware-holic | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hi, ok Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ --> Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? |
|
05.01.2013, 20:12
| #7 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Frage ist, ob ich das gefahrenlos tun kann, im Moment fliegen ja anscheinend reichlich Verschlüsselungstrojaner herum. Deswegen war ich erst einmal über Linux dran gegangen, um das Unheil nicht zu vergrößern, sonst gerne und sofort. Danke Pocoloco PS. oder war diese Frage überfüssig, sorry, vielleicht bin ich etwas zu besorgt. |
|
05.01.2013, 20:20
| #8 |
| /// Malware-holic | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hi scannen kannst du unter Windows, die seite, die du bekommen hast, sieht erst mal nicht gefährlich aus. dein Sohn sollte sich aber hier melden, den pc müssen wir auch untersuchen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 20:31
| #9 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Den Laptop habe ich hier, da lasse ich nachher noch OTL drüber laufen, stelle ich auch heute abend noch ein, ich muß nur gerade nach Hause. Erst mal vielen Dank und wenn Du später schon weg bist, einen schönen Abend. pocoloco |
|
05.01.2013, 20:33
| #10 |
| /// Malware-holic | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hi aber für das andere Gerät ein neues Thema bitte. Mal sehen ob ich noch da bin, muss erst mal futtern und dann mal schaun, is ja auch Wochenende :d
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 20:41
| #11 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? ... noch mal zur Sicherheit, besagte mail ist von dem Notebook meines Sohnes ausgegangen und um den geht es dabei auch. Ich habe die mail zwar bekommen, aber den link nicht geöffnet. Aber ich habe daraus, daß ich diese mail bekommen habe, geschlossen, daß der Laptop meines Sohnes doch mal etwas genauer untersucht werden sollte und dessen Kasperski-Log habe ich gepostet. Guten Appetit auch, pocoloco ...............ich hoffe, ich habe alles richtig gemacht: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2013 21:51:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 75,72% Memory free 7,86 Gb Paging File | 6,83 Gb Available in Paging File | 86,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 222,73 Gb Total Space | 159,42 Gb Free Space | 71,58% Space Free | Partition Type: NTFS Drive D: | 223,40 Gb Total Space | 223,27 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive F: | 983,72 Mb Total Space | 583,89 Mb Free Space | 59,36% Space Free | Partition Type: FAT Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,98% Space Free | Partition Type: FAT Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.05 21:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.03.03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.03.03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.19 13:39:53 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7e8f414bc6515c5c0ac668b66c54d0e9\IAStorUtil.ni.dll MOD - [2012.11.17 11:13:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 11:12:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll MOD - [2012.11.17 11:12:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll MOD - [2012.11.17 11:12:36 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll MOD - [2012.11.17 11:12:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll MOD - [2012.11.17 11:12:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll MOD - [2012.11.17 11:12:25 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll MOD - [2012.11.17 11:12:19 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll MOD - [2012.08.17 02:09:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.08.17 02:09:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV - [2012.12.21 16:17:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.13 22:45:52 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.04.23 09:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.02 07:11:36 | 001,593,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.22 11:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.01 02:52:04 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.09.02 04:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.09.02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.29 17:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.29 17:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.06.18 13:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.09 12:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.09.02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e727&r=27360812r305l0444z115r4622r26s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e727&r=27360812r305l0444z115r4622r26s IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e727&r=27360812r305l0444z115r4622r26s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e727&r=27360812r305l0444z115r4622r26s IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e727&r=27360812r305l0444z115r4622r26s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4912_7&babsrc=HP_ss&mntrId=8810e3ac00000000000078e400d4c485 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4912_7&babsrc=SP_ss&mntrId=8810e3ac00000000000078e400d4c485 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE498 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "tagesschau.de" FF - prefs.js..extensions.enabledAddons: addon%40foxtab.com:1.4.51 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.21 16:17:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.09.02 16:45:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.02 16:46:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.21 16:17:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.11 17:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2012.11.11 17:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.13 23:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\xjaupmbj.default\extensions [2012.12.09 14:11:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\xjaupmbj.default\extensions\addon@foxtab.com [2012.12.09 14:10:27 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\xjaupmbj.default\extensions\plugin@yontoo.com [2012.09.02 16:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Sunbird\Profiles\75r92opv.default\extensions [2012.12.09 14:10:38 | 000,002,432 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\xjaupmbj.default\searchplugins\babylon1.xml [2012.12.21 16:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.21 16:17:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.30 10:34:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.09 14:10:31 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.30 10:34:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.30 10:34:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.30 10:34:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.30 10:34:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.30 10:34:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: No name found = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pailhpppfllmijejfccffanaigjphjnb\1.4.51\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FoxTab) - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - C:\Users\Basti\AppData\LocalLow\FoxTab\IE\FoxTab.dll (The FoxTab Team) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft) O4 - Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CBBCE18-0DDD-41F0-A36C-F3272E307A94}: DhcpNameServer = 10.57.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E14959FF-2DB2-4C24-BAD9-8553FF9C6877}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4afb74c4-fa5f-11e1-b427-1c7508f06d1b}\Shell - "" = AutoRun O33 - MountPoints2\{4afb74c4-fa5f-11e1-b427-1c7508f06d1b}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4afb754f-fa5f-11e1-b427-1c7508f06d1b}\Shell - "" = AutoRun O33 - MountPoints2\{4afb754f-fa5f-11e1-b427-1c7508f06d1b}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f77ab70a-fa6c-11e1-b70c-1c7508f06d1b}\Shell - "" = AutoRun O33 - MountPoints2\{f77ab70a-fa6c-11e1-b70c-1c7508f06d1b}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 16:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.09 14:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.09 14:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2012.12.09 14:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012.12.09 14:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.12.09 14:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.12.09 14:10:21 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Babylon [2012.12.08 15:02:32 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\NFS Undercover [2012.12.08 15:01:12 | 000,000,000 | RH-D | C] -- C:\Users\Basti\AppData\Roaming\SecuROM ========== Files - Modified Within 30 Days ========== [2013.01.05 21:48:13 | 001,526,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.05 21:48:13 | 000,668,778 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.05 21:48:13 | 000,620,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.05 21:48:13 | 000,134,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.05 21:48:13 | 000,110,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.05 21:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.05 21:39:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 21:39:46 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 21:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.05 21:32:18 | 3166,150,656 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 18:33:16 | 000,370,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.12.09 14:10:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.11 17:20:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.11.03 15:57:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.11.03 15:57:16 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT [2012.09.02 11:57:32 | 000,001,024 | ---- | C] () -- C:\Windows\ppengine.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.09 14:10:21 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Babylon [2012.12.06 15:06:08 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Leadertech [2012.09.02 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org [2012.11.11 17:20:25 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Thunderbird [2012.09.09 10:21:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Vodafone [2012.10.17 18:34:01 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.23 19:14:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.08.16 16:44:09 | 000,000,000 | -H-D | M] -- C:\AcerSW [2012.08.16 16:23:06 | 000,000,000 | ---D | M] -- C:\book [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.08.23 19:14:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.05.06 15:24:36 | 000,000,000 | ---D | M] -- C:\Intel [2012.11.05 20:54:44 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.08.16 16:48:00 | 000,000,000 | -H-D | M] -- C:\OEM [2012.09.02 12:32:42 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.4 (de) Installation Files [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.05 20:55:58 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.21 18:34:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.12.14 13:52:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.08.23 19:14:29 | 000,000,000 | -HSD | M] -- C:\Programme [2012.08.23 19:14:30 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.05 21:52:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.08.23 19:14:39 | 000,000,000 | R--D | M] -- C:\Users [2013.01.06 06:31:21 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.12.09 14:10:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.05 22:02:37 | 001,572,864 | -HS- | M] () -- C:\Users\Basti\ntuser.dat [2013.01.05 22:02:37 | 000,262,144 | -HS- | M] () -- C:\Users\Basti\ntuser.dat.LOG1 [2012.08.23 19:14:42 | 000,000,000 | -HS- | M] () -- C:\Users\Basti\ntuser.dat.LOG2 [2012.08.23 19:22:13 | 000,065,536 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.08.23 19:22:13 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.08.23 19:22:13 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.01.05 21:34:13 | 000,065,536 | -HS- | M] () -- C:\Users\Basti\ntuser.dat{fcd3cabf-5776-11e2-83dc-1c7508f06d1b}.TM.blf [2013.01.05 21:34:13 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\ntuser.dat{fcd3cabf-5776-11e2-83dc-1c7508f06d1b}.TMContainer00000000000000000001.regtrans-ms [2013.01.05 21:34:13 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\ntuser.dat{fcd3cabf-5776-11e2-83dc-1c7508f06d1b}.TMContainer00000000000000000002.regtrans-ms [2012.08.23 19:14:42 | 000,000,020 | -HS- | M] () -- C:\Users\Basti\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.01.2013 21:51:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 75,72% Memory free
7,86 Gb Paging File | 6,83 Gb Available in Paging File | 86,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,73 Gb Total Space | 159,42 Gb Free Space | 71,58% Space Free | Partition Type: NTFS
Drive D: | 223,40 Gb Total Space | 223,27 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive F: | 983,72 Mb Total Space | 583,89 Mb Free Space | 59,36% Space Free | Partition Type: FAT
Drive G: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,98% Space Free | Partition Type: FAT
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCBC853-D921-4263-89DB-118C46D4FB81}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FAF6FBE-8CBE-4BB8-AC66-CEBE9FBB043C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13BEFA57-0E41-49B9-8F17-902E3076A7FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19431769-FC9D-47E4-9B88-E0A02CB6E3DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BC85A47-6AB6-4289-9CCC-B34EF3AAC76F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{256FF677-2EF2-407D-A06B-C6B586DA23A0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B10112A-0666-4049-9EFF-5424608248F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BEF30FD-AA56-41CF-8751-72B2D8C9F1AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{2DF07309-A960-49B6-B7B4-CB2E3CCFF9F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32C7189B-E9DE-41E3-B106-C1823C077C7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{656C00F4-A5AD-43A0-9909-C564FE1DCE69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{785D0A22-DC3A-41B4-AA8C-BCCB7C5651BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9791A842-B800-48FE-8C0A-8D679FD64C0F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BE889D8-52E7-45C2-BA21-A06F5D79E71B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B422978C-D3E1-4CAF-93AB-E4C5A1034CCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDD34E2D-D47A-4076-BBDB-56D228A01D67}" = rport=139 | protocol=6 | dir=out | app=system |
"{D08FE53C-C151-474B-9C4B-4C1076311149}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D8CE4E5C-9C49-4014-AB0A-D0D1CC463D07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE406736-463B-465D-81FF-C06A2F2D057A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF354FB3-56EC-4E12-8702-FEF3826C6FAB}" = lport=139 | protocol=6 | dir=in | app=system |
"{E15F0CEF-E029-4C37-B034-5DE76516A739}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E762CF22-F38C-48E7-A575-8811F6FFD9E5}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE087B36-64B1-4BCF-8066-CE148F3AD2DB}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036B0E68-CD85-43E9-99B0-5749DDD94CB2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{07AECE53-5BCB-4E03-87F0-8DBAD62DA926}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{08FE64F6-08B1-43A5-B77D-657CBDEDA8BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12CA04C0-A737-42B1-9CBE-482FEFD186E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{14C79F11-69C6-4FD8-A1D9-8AA593FF2968}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{15889A4E-7D0F-4B45-B56E-2306F3340418}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{226A55C8-20CB-4340-B910-973FC6C52BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{318D4F95-1EDB-4ECF-B03F-912B6C9C5FA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{492B629E-8CCC-4B3B-9672-B90DEF543469}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4E5078A1-35D2-4C04-87A6-C7552EC43BBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54171713-9D05-4F3D-9C28-77AB784DB6A4}" = protocol=6 | dir=out | app=system |
"{57572CBF-711E-4BF3-B143-7145A030EB12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57C235E9-49E6-4987-89C4-7C931B7D49D2}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6100569C-FC72-4246-B3E0-1F7266DEE334}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6840F3D4-5455-4026-8119-AFB36E19ACC1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7FF9B661-181B-4728-9791-19D84AB91417}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9868EF7D-9099-4385-803D-0F84B768E3FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CDFB5F9-4022-4744-BA6A-4C34D1C92E8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A96B8E26-404A-4FCA-A528-3FF18D9112AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADF54695-03C7-43D2-AF42-B5CC541691E8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCE7175E-E495-4D48-A9CA-BF647423BE23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4970374-4B09-4FB1-81D5-53CD78B93411}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D5B2E416-FFEB-46E0-97A5-7259DA491567}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D99A8874-E104-4469-92A0-E2A7BC63C10C}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DA2D97D4-331C-4F78-907C-2D289CEA2BC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DFA7F2D1-9E5D-4363-AB24-EC87E95C3225}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E02DAE8F-4176-4148-BBF6-5630C24FDAF9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E54B9333-F394-4074-970B-578B50364B5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines" = WildTangent Games App (eMachines Games)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent emachines Master Uninstall" = eMachines Games
"WildTangent wildgames Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078910" = Bejeweled 2 Deluxe
"WT078919" = Insaniquarium Deluxe
"WT078930" = Zuma Deluxe
"WT078958" = Blasterball 3
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079022" = FATE - The Traitor Soul
"WT079062" = Jewel Quest
"WT079066" = Jewel Quest Solitaire 3
"WT079106" = Penguins!
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079122" = Polar Pool
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079296" = Chicken Invaders 3 - Revenge of the Yolk
"WT079316" = Escape Rosecliff Island
"WT079329" = Mahjongg Artifacts
"WT079418" = Virtual Families
"WTA-54abdd8b-487f-499f-a582-eb76b0935f55" = Final Drive: Nitro
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2012 12:04:50 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 12.12.2012 12:22:42 | Computer Name = Basti-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 12.12.2012 14:05:48 | Computer Name = Basti-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.12.2012 14:06:38 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 13.12.2012 11:57:58 | Computer Name = Basti-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.12.2012 11:58:48 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 13.12.2012 18:31:57 | Computer Name = Basti-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Vodafone Mobile Connect Service" konnte
nicht neu gestartet werden.
Error - 14.12.2012 14:18:43 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nfs.exe, Version: 1.0.0.1, Zeitstempel:
0x4903d9d7 Name des fehlerhaften Moduls: nfs.exe, Version: 1.0.0.1, Zeitstempel:
0x4903d9d7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00357e89 ID des fehlerhaften Prozesses:
0xc1c Startzeit der fehlerhaften Anwendung: 0x01cdda253c941aa5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\EA Games\Need for Speed Undercover\nfs.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\EA Games\Need for Speed Undercover\nfs.exe
Berichtskennung:
b1278414-461a-11e2-8f98-1c7508f06d1b
Error - 18.12.2012 08:57:49 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: YontooIEClient.dll, Version:
1.10.1.0, Zeitstempel: 0x508737fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008ff4
ID
des fehlerhaften Prozesses: 0xca0 Startzeit der fehlerhaften Anwendung: 0x01cddd1a097852ac
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Yontoo\YontooIEClient.dll Berichtskennung:
863dae28-4912-11e2-9f70-1c7508f06d1b
Error - 22.12.2012 07:56:07 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nfs.exe, Version: 1.0.0.1, Zeitstempel:
0x4903d9d7 Name des fehlerhaften Moduls: nfs.exe, Version: 1.0.0.1, Zeitstempel:
0x4903d9d7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00357e89 ID des fehlerhaften Prozesses:
0xebc Startzeit der fehlerhaften Anwendung: 0x01cddfb260afb972 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\EA Games\Need for Speed Undercover\nfs.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\EA Games\Need for Speed Undercover\nfs.exe
Berichtskennung:
910e3f9a-4c2e-11e2-8ff3-1c7508f06d1b
[ System Events ]
Error - 03.12.2012 08:12:57 | Computer Name = Basti-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 11:07:14 | Computer Name = Basti-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 12:01:19 | Computer Name = Basti-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 13:28:27 | Computer Name = Basti-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 13:49:29 | Computer Name = Basti-PC | Source = bowser | ID = 8003
Description =
Error - 14.12.2012 08:53:08 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?12.?2012 um 13:51:46 unerwartet heruntergefahren.
Error - 19.12.2012 13:31:37 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?12.?2012 um 18:03:52 unerwartet heruntergefahren.
Error - 22.12.2012 09:21:56 | Computer Name = Basti-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 22.12.2012 09:21:57 | Computer Name = Basti-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 22.12.2012 09:21:58 | Computer Name = Basti-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
............ auch wenn ich wenig Peilung habe, ich schätze, was Ihr hier leistet Danke pocoloco |
|
06.01.2013, 18:27
| #12 |
| /// Malware-holic | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 19:21
| #13 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? hiermit geschehen: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll deleted successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Basti
->Flash cache emptied: 4113 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Basti
->Temp folder emptied: 187212366 bytes
->Temporary Internet Files folder emptied: 257042820 bytes
->FireFox cache emptied: 64736153 bytes
->Google Chrome cache emptied: 6403323 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178914765 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46405619 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 706,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01062013_185850
Files\Folders moved on Reboot...
C:\Users\Basti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Und, ich übertrage die Skripte/logfiles via USB-Stick auf einen anderen Rechner, muß ich mir da jetzt Sorgen machen in dieser Situation? Danke und wenn ich heute nix mehr zu beantworten bekomme, einen schönen Abend aus Deutschlands Norden pocoloco Geändert von pocoloco2003 (06.01.2013 um 19:26 Uhr) |
|
06.01.2013, 19:36
| #14 |
| /// Malware-holic | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? Hi kannst auch den PC ans Netz bringen. ich tippe auf ein schwaches Passwort, aber wir gucken mal noch download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 20:24
| #15 |
| | Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? hiermit geschehen: Code:
ATTFilter 20:15:40.0465 0976 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:15:40.0543 0976 ============================================================
20:15:40.0543 0976 Current date / time: 2013/01/06 20:15:40.0543
20:15:40.0543 0976 SystemInfo:
20:15:40.0543 0976
20:15:40.0543 0976 OS Version: 6.1.7600 ServicePack: 0.0
20:15:40.0543 0976 Product type: Workstation
20:15:40.0543 0976 ComputerName: BASTI-PC
20:15:40.0543 0976 UserName: Basti
20:15:40.0543 0976 Windows directory: C:\Windows
20:15:40.0543 0976 System windows directory: C:\Windows
20:15:40.0543 0976 Running under WOW64
20:15:40.0543 0976 Processor architecture: Intel x64
20:15:40.0543 0976 Number of processors: 2
20:15:40.0543 0976 Page size: 0x1000
20:15:40.0543 0976 Boot type: Normal boot
20:15:40.0543 0976 ============================================================
20:15:42.0805 0976 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:42.0805 0976 Drive \Device\Harddisk1\DR1 - Size: 0x1D0000000 (7.25 Gb), SectorSize: 0x200, Cylinders: 0x3B2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:15:42.0821 0976 ============================================================
20:15:42.0821 0976 \Device\Harddisk0\DR0:
20:15:42.0821 0976 MBR partitions:
20:15:42.0821 0976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000
20:15:42.0821 0976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x1BD78000
20:15:42.0821 0976 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E4BA800, BlocksNum 0x1BECB000
20:15:42.0821 0976 \Device\Harddisk1\DR1:
20:15:42.0821 0976 MBR partitions:
20:15:42.0821 0976 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xC58, BlocksNum 0xE7F3A8
20:15:42.0821 0976 ============================================================
20:15:42.0852 0976 C: <-> \Device\Harddisk0\DR0\Partition2
20:15:42.0883 0976 D: <-> \Device\Harddisk0\DR0\Partition3
20:15:42.0883 0976 ============================================================
20:15:42.0883 0976 Initialize success
20:15:42.0883 0976 ============================================================
20:16:13.0880 1728 ============================================================
20:16:13.0880 1728 Scan started
20:16:13.0880 1728 Mode: Manual; SigCheck; TDLFS;
20:16:13.0880 1728 ============================================================
20:16:14.0379 1728 ================ Scan system memory ========================
20:16:14.0379 1728 System memory - ok
20:16:14.0379 1728 ================ Scan services =============================
20:16:14.0567 1728 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:16:14.0972 1728 1394ohci - ok
20:16:15.0003 1728 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:16:15.0050 1728 ACPI - ok
20:16:15.0081 1728 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:16:15.0191 1728 AcpiPmi - ok
20:16:15.0331 1728 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:16:15.0347 1728 AdobeARMservice - ok
20:16:15.0471 1728 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:16:15.0487 1728 AdobeFlashPlayerUpdateSvc - ok
20:16:15.0549 1728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:16:15.0581 1728 adp94xx - ok
20:16:15.0643 1728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:16:15.0674 1728 adpahci - ok
20:16:15.0721 1728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:16:15.0737 1728 adpu320 - ok
20:16:15.0783 1728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:16:15.0939 1728 AeLookupSvc - ok
20:16:16.0017 1728 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:16:16.0111 1728 AFD - ok
20:16:16.0142 1728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:16:16.0173 1728 agp440 - ok
20:16:16.0220 1728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:16:16.0283 1728 ALG - ok
20:16:16.0298 1728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:16:16.0314 1728 aliide - ok
20:16:16.0345 1728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:16:16.0376 1728 amdide - ok
20:16:16.0376 1728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:16:16.0423 1728 AmdK8 - ok
20:16:16.0439 1728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:16:16.0470 1728 AmdPPM - ok
20:16:16.0517 1728 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:16:16.0548 1728 amdsata - ok
20:16:16.0595 1728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:16:16.0626 1728 amdsbs - ok
20:16:16.0657 1728 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:16:16.0657 1728 amdxata - ok
20:16:16.0688 1728 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:16:16.0735 1728 AppID - ok
20:16:16.0766 1728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:16:16.0844 1728 AppIDSvc - ok
20:16:16.0860 1728 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:16:16.0938 1728 Appinfo - ok
20:16:16.0985 1728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:16:17.0000 1728 arc - ok
20:16:17.0063 1728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:16:17.0078 1728 arcsas - ok
20:16:17.0094 1728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:16:17.0156 1728 AsyncMac - ok
20:16:17.0187 1728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:16:17.0203 1728 atapi - ok
20:16:17.0250 1728 [ 5074CCA8927D5ED5D102EC48BB771E3F ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:16:17.0343 1728 athr - ok
20:16:17.0406 1728 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:16:17.0515 1728 AudioEndpointBuilder - ok
20:16:17.0546 1728 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:16:17.0593 1728 AudioSrv - ok
20:16:17.0655 1728 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:16:17.0765 1728 AxInstSV - ok
20:16:17.0827 1728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:16:17.0874 1728 b06bdrv - ok
20:16:17.0905 1728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:16:17.0967 1728 b57nd60a - ok
20:16:18.0092 1728 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
20:16:18.0233 1728 BCM43XX - ok
20:16:18.0279 1728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:16:18.0311 1728 BDESVC - ok
20:16:18.0389 1728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:16:18.0467 1728 Beep - ok
20:16:18.0545 1728 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
20:16:18.0638 1728 BFE - ok
20:16:18.0701 1728 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
20:16:18.0810 1728 BITS - ok
20:16:18.0857 1728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:16:18.0888 1728 blbdrive - ok
20:16:18.0935 1728 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:16:18.0997 1728 bowser - ok
20:16:19.0013 1728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:16:19.0059 1728 BrFiltLo - ok
20:16:19.0075 1728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:16:19.0091 1728 BrFiltUp - ok
20:16:19.0153 1728 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
20:16:19.0215 1728 Browser - ok
20:16:19.0247 1728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:16:19.0293 1728 Brserid - ok
20:16:19.0293 1728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:16:19.0340 1728 BrSerWdm - ok
20:16:19.0356 1728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:16:19.0403 1728 BrUsbMdm - ok
20:16:19.0403 1728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:16:19.0465 1728 BrUsbSer - ok
20:16:19.0465 1728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:16:19.0496 1728 BTHMODEM - ok
20:16:19.0559 1728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:16:19.0637 1728 bthserv - ok
20:16:19.0668 1728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:16:19.0730 1728 cdfs - ok
20:16:19.0761 1728 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:16:19.0808 1728 cdrom - ok
20:16:19.0855 1728 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:16:19.0917 1728 CertPropSvc - ok
20:16:19.0949 1728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:16:19.0964 1728 circlass - ok
20:16:20.0027 1728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:16:20.0058 1728 CLFS - ok
20:16:20.0385 1728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:20.0401 1728 clr_optimization_v2.0.50727_32 - ok
20:16:20.0557 1728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:16:20.0588 1728 clr_optimization_v2.0.50727_64 - ok
20:16:20.0760 1728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:16:20.0838 1728 clr_optimization_v4.0.30319_32 - ok
20:16:20.0885 1728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:16:20.0900 1728 clr_optimization_v4.0.30319_64 - ok
20:16:20.0963 1728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:16:20.0994 1728 CmBatt - ok
20:16:21.0009 1728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:16:21.0025 1728 cmdide - ok
20:16:21.0072 1728 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
20:16:21.0134 1728 CNG - ok
20:16:21.0181 1728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:16:21.0197 1728 Compbatt - ok
20:16:21.0197 1728 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:16:21.0243 1728 CompositeBus - ok
20:16:21.0259 1728 COMSysApp - ok
20:16:21.0275 1728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:16:21.0290 1728 crcdisk - ok
20:16:21.0384 1728 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:16:21.0431 1728 CryptSvc - ok
20:16:21.0462 1728 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:16:21.0571 1728 DcomLaunch - ok
20:16:21.0649 1728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:16:21.0727 1728 defragsvc - ok
20:16:21.0758 1728 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:16:21.0805 1728 DfsC - ok
20:16:21.0852 1728 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:16:21.0992 1728 Dhcp - ok
20:16:22.0008 1728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:16:22.0086 1728 discache - ok
20:16:22.0148 1728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:16:22.0179 1728 Disk - ok
20:16:22.0226 1728 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:16:22.0257 1728 Dnscache - ok
20:16:22.0304 1728 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:16:22.0382 1728 dot3svc - ok
20:16:22.0398 1728 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:16:22.0476 1728 DPS - ok
20:16:22.0538 1728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:16:22.0554 1728 drmkaud - ok
20:16:22.0616 1728 [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:16:22.0647 1728 DsiWMIService - ok
20:16:22.0741 1728 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:16:22.0788 1728 DXGKrnl - ok
20:16:22.0850 1728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:16:22.0928 1728 EapHost - ok
20:16:23.0115 1728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:16:23.0287 1728 ebdrv - ok
20:16:23.0334 1728 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:16:23.0443 1728 EFS - ok
20:16:23.0942 1728 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:16:24.0020 1728 ehRecvr - ok
20:16:24.0036 1728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:16:24.0067 1728 ehSched - ok
20:16:24.0535 1728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:16:24.0597 1728 elxstor - ok
20:16:24.0707 1728 [ 09DDC2D4724A4FF844F738B60E63D872 ] ePowerSvc C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
20:16:24.0753 1728 ePowerSvc - ok
20:16:24.0769 1728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:16:24.0878 1728 ErrDev - ok
20:16:24.0972 1728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:16:25.0065 1728 EventSystem - ok
20:16:25.0112 1728 [ 251AF86E0A4DDF3A6B181ED5103B06B1 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
20:16:25.0128 1728 ewusbnet - ok
20:16:25.0159 1728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:16:25.0221 1728 exfat - ok
20:16:25.0253 1728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:16:25.0346 1728 fastfat - ok
20:16:25.0471 1728 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:16:25.0580 1728 Fax - ok
20:16:25.0611 1728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:16:25.0643 1728 fdc - ok
20:16:25.0689 1728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:16:25.0767 1728 fdPHost - ok
20:16:25.0799 1728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:16:25.0861 1728 FDResPub - ok
20:16:25.0908 1728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:16:25.0923 1728 FileInfo - ok
20:16:25.0939 1728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:16:26.0001 1728 Filetrace - ok
20:16:26.0001 1728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:16:26.0033 1728 flpydisk - ok
20:16:26.0064 1728 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:16:26.0079 1728 FltMgr - ok
20:16:26.0267 1728 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
20:16:26.0360 1728 FontCache - ok
20:16:26.0423 1728 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:16:26.0454 1728 FontCache3.0.0.0 - ok
20:16:26.0485 1728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:16:26.0516 1728 FsDepends - ok
20:16:26.0532 1728 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:16:26.0547 1728 Fs_Rec - ok
20:16:26.0594 1728 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:16:26.0641 1728 fvevol - ok
20:16:26.0657 1728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:16:26.0672 1728 gagp30kx - ok
20:16:26.0781 1728 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:16:26.0797 1728 GamesAppService - ok
20:16:26.0828 1728 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:16:26.0922 1728 gpsvc - ok
20:16:27.0015 1728 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
20:16:27.0047 1728 GREGService - ok
20:16:27.0062 1728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:16:27.0093 1728 hcw85cir - ok
20:16:27.0140 1728 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:16:27.0187 1728 HdAudAddService - ok
20:16:27.0218 1728 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:16:27.0249 1728 HDAudBus - ok
20:16:27.0265 1728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:16:27.0296 1728 HidBatt - ok
20:16:27.0296 1728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:16:27.0359 1728 HidBth - ok
20:16:27.0374 1728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:16:27.0421 1728 HidIr - ok
20:16:27.0452 1728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:16:27.0530 1728 hidserv - ok
20:16:27.0593 1728 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:16:27.0624 1728 HidUsb - ok
20:16:27.0671 1728 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:16:27.0764 1728 hkmsvc - ok
20:16:27.0780 1728 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:16:27.0827 1728 HomeGroupListener - ok
20:16:27.0858 1728 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:16:27.0889 1728 HomeGroupProvider - ok
20:16:27.0936 1728 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:16:27.0951 1728 HpSAMD - ok
20:16:28.0029 1728 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:16:28.0139 1728 HTTP - ok
20:16:28.0201 1728 [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:16:28.0232 1728 hwdatacard - ok
20:16:28.0263 1728 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:16:28.0279 1728 hwpolicy - ok
20:16:28.0326 1728 [ 9C13A2691AC410CC7469F298684DCA5D ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
20:16:28.0357 1728 hwusbfake - ok
20:16:28.0419 1728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:16:28.0451 1728 i8042prt - ok
20:16:28.0497 1728 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:16:28.0544 1728 iaStor - ok
20:16:28.0591 1728 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:16:28.0622 1728 IAStorDataMgrSvc - ok
20:16:28.0685 1728 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:16:28.0716 1728 iaStorV - ok
20:16:28.0856 1728 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:16:28.0919 1728 idsvc - ok
20:16:29.0449 1728 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:16:30.0089 1728 igfx - ok
20:16:30.0588 1728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:16:30.0603 1728 iirsp - ok
20:16:30.0728 1728 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:16:30.0837 1728 IKEEXT - ok
20:16:31.0087 1728 [ 1768CCC0CCDA73A5B3D7A17A3C52E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:16:31.0134 1728 IntcAzAudAddService - ok
20:16:31.0149 1728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:16:31.0181 1728 intelide - ok
20:16:31.0212 1728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:16:31.0243 1728 intelppm - ok
20:16:31.0274 1728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:16:31.0337 1728 IPBusEnum - ok
20:16:31.0337 1728 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:16:31.0399 1728 IpFilterDriver - ok
20:16:31.0493 1728 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:16:31.0617 1728 iphlpsvc - ok
20:16:31.0633 1728 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:16:31.0664 1728 IPMIDRV - ok
20:16:31.0695 1728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:16:31.0742 1728 IPNAT - ok
20:16:31.0773 1728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:16:31.0789 1728 IRENUM - ok
20:16:31.0805 1728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:16:31.0820 1728 isapnp - ok
20:16:31.0836 1728 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:16:31.0867 1728 iScsiPrt - ok
20:16:31.0898 1728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:16:31.0914 1728 kbdclass - ok
20:16:31.0914 1728 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:16:31.0961 1728 kbdhid - ok
20:16:31.0976 1728 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:16:31.0992 1728 KeyIso - ok
20:16:32.0023 1728 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:16:32.0039 1728 KSecDD - ok
20:16:32.0085 1728 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:16:32.0117 1728 KSecPkg - ok
20:16:32.0132 1728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:16:32.0226 1728 ksthunk - ok
20:16:32.0304 1728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:16:32.0460 1728 KtmRm - ok
20:16:32.0522 1728 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:16:32.0538 1728 L1C - ok
20:16:32.0585 1728 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:16:32.0631 1728 LanmanServer - ok
20:16:32.0678 1728 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:16:32.0725 1728 LanmanWorkstation - ok
20:16:32.0772 1728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:16:32.0850 1728 lltdio - ok
20:16:32.0897 1728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:16:33.0006 1728 lltdsvc - ok
20:16:33.0006 1728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:16:33.0053 1728 lmhosts - ok
20:16:33.0099 1728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:16:33.0115 1728 LSI_FC - ok
20:16:33.0131 1728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:16:33.0146 1728 LSI_SAS - ok
20:16:33.0162 1728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:16:33.0177 1728 LSI_SAS2 - ok
20:16:33.0193 1728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:16:33.0193 1728 LSI_SCSI - ok
20:16:33.0209 1728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:16:33.0271 1728 luafv - ok
20:16:33.0287 1728 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:16:33.0333 1728 Mcx2Svc - ok
20:16:33.0349 1728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:16:33.0365 1728 megasas - ok
20:16:33.0427 1728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:16:33.0458 1728 MegaSR - ok
20:16:33.0489 1728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:16:33.0552 1728 MMCSS - ok
20:16:33.0567 1728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:16:33.0614 1728 Modem - ok
20:16:33.0630 1728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:16:33.0661 1728 monitor - ok
20:16:33.0692 1728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:16:33.0708 1728 mouclass - ok
20:16:33.0723 1728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:16:33.0755 1728 mouhid - ok
20:16:33.0770 1728 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:16:33.0786 1728 mountmgr - ok
20:16:33.0864 1728 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:16:33.0879 1728 MozillaMaintenance - ok
20:16:33.0895 1728 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:16:33.0911 1728 mpio - ok
20:16:33.0942 1728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:16:34.0004 1728 mpsdrv - ok
20:16:34.0082 1728 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:16:34.0176 1728 MpsSvc - ok
20:16:34.0191 1728 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:16:34.0254 1728 MRxDAV - ok
20:16:34.0316 1728 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:16:34.0394 1728 mrxsmb - ok
20:16:34.0441 1728 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:16:34.0535 1728 mrxsmb10 - ok
20:16:34.0550 1728 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:16:34.0597 1728 mrxsmb20 - ok
20:16:34.0644 1728 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:16:34.0675 1728 msahci - ok
20:16:34.0691 1728 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:16:34.0706 1728 msdsm - ok
20:16:34.0769 1728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:16:34.0831 1728 MSDTC - ok
20:16:34.0847 1728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:16:34.0893 1728 Msfs - ok
20:16:34.0909 1728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:16:34.0956 1728 mshidkmdf - ok
20:16:34.0956 1728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:16:34.0971 1728 msisadrv - ok
20:16:35.0034 1728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:16:35.0081 1728 MSiSCSI - ok
20:16:35.0096 1728 msiserver - ok
20:16:35.0127 1728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:16:35.0174 1728 MSKSSRV - ok
20:16:35.0190 1728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:16:35.0252 1728 MSPCLOCK - ok
20:16:35.0252 1728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:16:35.0299 1728 MSPQM - ok
20:16:35.0330 1728 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:16:35.0346 1728 MsRPC - ok
20:16:35.0361 1728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:16:35.0377 1728 mssmbios - ok
20:16:35.0393 1728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:16:35.0439 1728 MSTEE - ok
20:16:35.0439 1728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:16:35.0471 1728 MTConfig - ok
20:16:35.0502 1728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:16:35.0502 1728 Mup - ok
20:16:35.0549 1728 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:16:35.0627 1728 napagent - ok
20:16:35.0689 1728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:16:35.0751 1728 NativeWifiP - ok
20:16:35.0892 1728 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:16:35.0970 1728 NDIS - ok
20:16:36.0017 1728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:16:36.0110 1728 NdisCap - ok
20:16:36.0126 1728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:16:36.0219 1728 NdisTapi - ok
20:16:36.0235 1728 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:16:36.0282 1728 Ndisuio - ok
20:16:36.0313 1728 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:16:36.0344 1728 NdisWan - ok
20:16:36.0360 1728 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:16:36.0438 1728 NDProxy - ok
20:16:36.0469 1728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:16:36.0516 1728 NetBIOS - ok
20:16:36.0516 1728 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:16:36.0563 1728 NetBT - ok
20:16:36.0594 1728 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:16:36.0594 1728 Netlogon - ok
20:16:36.0672 1728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:16:36.0797 1728 Netman - ok
20:16:36.0812 1728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:16:36.0875 1728 netprofm - ok
20:16:36.0968 1728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:16:36.0984 1728 NetTcpPortSharing - ok
20:16:37.0062 1728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:16:37.0093 1728 nfrd960 - ok
20:16:37.0155 1728 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:16:37.0249 1728 NlaSvc - ok
20:16:37.0296 1728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:16:37.0374 1728 Npfs - ok
20:16:37.0405 1728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:16:37.0483 1728 nsi - ok
20:16:37.0499 1728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:16:37.0561 1728 nsiproxy - ok
20:16:37.0779 1728 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:16:37.0889 1728 Ntfs - ok
20:16:38.0123 1728 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:16:38.0169 1728 NTIBackupSvc - ok
20:16:38.0201 1728 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
20:16:38.0216 1728 NTIDrvr - ok
20:16:38.0294 1728 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:16:38.0403 1728 NTISchedulerSvc - ok
20:16:38.0466 1728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:16:38.0544 1728 Null - ok
20:16:38.0591 1728 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:16:38.0622 1728 nvraid - ok
20:16:38.0653 1728 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:16:38.0669 1728 nvstor - ok
20:16:38.0684 1728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:16:38.0715 1728 nv_agp - ok
20:16:38.0747 1728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:16:38.0793 1728 ohci1394 - ok
20:16:38.0981 1728 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:16:39.0012 1728 ose - ok
20:16:40.0119 1728 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:16:40.0338 1728 osppsvc - ok
20:16:40.0478 1728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:16:40.0556 1728 p2pimsvc - ok
20:16:40.0587 1728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:16:40.0619 1728 p2psvc - ok
20:16:40.0665 1728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:16:40.0697 1728 Parport - ok
20:16:40.0712 1728 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:16:40.0728 1728 partmgr - ok
20:16:40.0743 1728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:16:40.0775 1728 PcaSvc - ok
20:16:40.0790 1728 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:16:40.0806 1728 pci - ok
20:16:40.0806 1728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:16:40.0821 1728 pciide - ok
20:16:40.0899 1728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:16:40.0931 1728 pcmcia - ok
20:16:40.0931 1728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:16:40.0946 1728 pcw - ok
20:16:40.0962 1728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:16:41.0024 1728 PEAUTH - ok
20:16:41.0367 1728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:16:41.0430 1728 PerfHost - ok
20:16:41.0617 1728 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:16:41.0757 1728 pla - ok
20:16:41.0820 1728 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:16:41.0867 1728 PlugPlay - ok
20:16:41.0898 1728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:16:41.0945 1728 PNRPAutoReg - ok
20:16:41.0976 1728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:16:41.0991 1728 PNRPsvc - ok
20:16:42.0085 1728 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:16:42.0210 1728 PolicyAgent - ok
20:16:42.0257 1728 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:16:42.0350 1728 Power - ok
20:16:42.0397 1728 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:16:42.0475 1728 PptpMiniport - ok
20:16:42.0522 1728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:16:42.0584 1728 Processor - ok
20:16:42.0647 1728 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
20:16:42.0709 1728 ProfSvc - ok
20:16:42.0725 1728 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:16:42.0756 1728 ProtectedStorage - ok
20:16:42.0787 1728 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:16:42.0865 1728 Psched - ok
20:16:42.0896 1728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:16:42.0974 1728 ql2300 - ok
20:16:42.0990 1728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:16:43.0005 1728 ql40xx - ok
20:16:43.0052 1728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:16:43.0083 1728 QWAVE - ok
20:16:43.0099 1728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:16:43.0130 1728 QWAVEdrv - ok
20:16:43.0130 1728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:16:43.0177 1728 RasAcd - ok
20:16:43.0208 1728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:16:43.0286 1728 RasAgileVpn - ok
20:16:43.0411 1728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:16:43.0489 1728 RasAuto - ok
20:16:43.0536 1728 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:16:43.0598 1728 Rasl2tp - ok
20:16:43.0629 1728 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:16:43.0676 1728 RasMan - ok
20:16:43.0707 1728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:16:43.0785 1728 RasPppoe - ok
20:16:43.0832 1728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:16:43.0895 1728 RasSstp - ok
20:16:43.0941 1728 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:16:44.0035 1728 rdbss - ok
20:16:44.0051 1728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:16:44.0066 1728 rdpbus - ok
20:16:44.0082 1728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:16:44.0144 1728 RDPCDD - ok
20:16:44.0160 1728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:16:44.0207 1728 RDPENCDD - ok
20:16:44.0222 1728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:16:44.0253 1728 RDPREFMP - ok
20:16:44.0285 1728 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:16:44.0331 1728 RDPWD - ok
20:16:44.0394 1728 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:16:44.0425 1728 rdyboost - ok
20:16:44.0456 1728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:16:44.0550 1728 RemoteAccess - ok
20:16:44.0597 1728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:16:44.0690 1728 RemoteRegistry - ok
20:16:44.0753 1728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:16:44.0846 1728 RpcEptMapper - ok
20:16:44.0877 1728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:16:44.0940 1728 RpcLocator - ok
20:16:45.0002 1728 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
20:16:45.0049 1728 RpcSs - ok
20:16:45.0111 1728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:16:45.0174 1728 rspndr - ok
20:16:45.0299 1728 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
20:16:45.0330 1728 RSUSBSTOR - ok
20:16:45.0345 1728 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:16:45.0377 1728 SamSs - ok
20:16:45.0423 1728 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:16:45.0439 1728 sbp2port - ok
20:16:45.0455 1728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:16:45.0501 1728 SCardSvr - ok
20:16:45.0501 1728 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:16:45.0533 1728 scfilter - ok
20:16:45.0595 1728 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:16:45.0657 1728 Schedule - ok
20:16:45.0689 1728 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:16:45.0751 1728 SCPolicySvc - ok
20:16:45.0782 1728 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:16:45.0813 1728 SDRSVC - ok
20:16:45.0860 1728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:16:45.0923 1728 secdrv - ok
20:16:45.0954 1728 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:16:46.0016 1728 seclogon - ok
20:16:46.0047 1728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:16:46.0094 1728 SENS - ok
20:16:46.0110 1728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:16:46.0157 1728 SensrSvc - ok
20:16:46.0188 1728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:16:46.0235 1728 Serenum - ok
20:16:46.0266 1728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:16:46.0281 1728 Serial - ok
20:16:46.0297 1728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:16:46.0328 1728 sermouse - ok
20:16:46.0375 1728 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:16:46.0437 1728 SessionEnv - ok
20:16:46.0453 1728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:16:46.0469 1728 sffdisk - ok
20:16:46.0500 1728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:16:46.0531 1728 sffp_mmc - ok
20:16:46.0547 1728 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:16:46.0562 1728 sffp_sd - ok
20:16:46.0578 1728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:16:46.0625 1728 sfloppy - ok
20:16:46.0640 1728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:16:46.0734 1728 SharedAccess - ok
20:16:46.0765 1728 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:16:46.0812 1728 ShellHWDetection - ok
20:16:46.0843 1728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:16:46.0874 1728 SiSRaid2 - ok
20:16:46.0905 1728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:16:46.0937 1728 SiSRaid4 - ok
20:16:46.0952 1728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:16:46.0999 1728 Smb - ok
20:16:47.0046 1728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:16:47.0077 1728 SNMPTRAP - ok
20:16:47.0124 1728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:16:47.0139 1728 spldr - ok
20:16:47.0171 1728 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
20:16:47.0233 1728 Spooler - ok
20:16:47.0327 1728 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:16:47.0483 1728 sppsvc - ok
20:16:47.0483 1728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:16:47.0545 1728 sppuinotify - ok
20:16:47.0576 1728 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:16:47.0592 1728 srv - ok
20:16:47.0623 1728 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:16:47.0670 1728 srv2 - ok
20:16:47.0701 1728 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:16:47.0732 1728 srvnet - ok
20:16:47.0779 1728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:16:47.0841 1728 SSDPSRV - ok
20:16:47.0873 1728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:16:47.0919 1728 SstpSvc - ok
20:16:47.0935 1728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:16:47.0951 1728 stexstor - ok
20:16:47.0997 1728 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:16:48.0060 1728 stisvc - ok
20:16:48.0075 1728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:16:48.0075 1728 swenum - ok
20:16:48.0107 1728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:16:48.0153 1728 swprv - ok
20:16:48.0216 1728 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:16:48.0231 1728 SynTP - ok
20:16:48.0278 1728 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:16:48.0387 1728 SysMain - ok
20:16:48.0403 1728 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:16:48.0419 1728 TabletInputService - ok
20:16:48.0434 1728 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:16:48.0497 1728 TapiSrv - ok
20:16:48.0528 1728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:16:48.0590 1728 TBS - ok
20:16:48.0731 1728 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:16:48.0809 1728 Tcpip - ok
20:16:48.0887 1728 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:16:48.0918 1728 TCPIP6 - ok
20:16:48.0996 1728 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:16:49.0058 1728 tcpipreg - ok
20:16:49.0074 1728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:16:49.0105 1728 TDPIPE - ok
20:16:49.0136 1728 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:16:49.0167 1728 TDTCP - ok
20:16:49.0183 1728 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:16:49.0230 1728 tdx - ok
20:16:49.0245 1728 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:16:49.0261 1728 TermDD - ok
20:16:49.0292 1728 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:16:49.0386 1728 TermService - ok
20:16:49.0417 1728 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:16:49.0479 1728 Themes - ok
20:16:49.0495 1728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:16:49.0557 1728 THREADORDER - ok
20:16:49.0589 1728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:16:49.0651 1728 TrkWks - ok
20:16:49.0745 1728 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:16:49.0823 1728 TrustedInstaller - ok
20:16:49.0854 1728 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:16:49.0916 1728 tssecsrv - ok
20:16:49.0963 1728 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:16:49.0994 1728 tunnel - ok
20:16:50.0010 1728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:16:50.0025 1728 uagp35 - ok
20:16:50.0041 1728 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
20:16:50.0072 1728 UBHelper - ok
20:16:50.0103 1728 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:16:50.0181 1728 udfs - ok
20:16:50.0213 1728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:16:50.0228 1728 UI0Detect - ok
20:16:50.0244 1728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:16:50.0244 1728 uliagpkx - ok
20:16:50.0275 1728 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:16:50.0306 1728 umbus - ok
20:16:50.0306 1728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:16:50.0322 1728 UmPass - ok
20:16:50.0415 1728 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
20:16:50.0478 1728 Updater Service - ok
20:16:50.0509 1728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:16:50.0571 1728 upnphost - ok
20:16:50.0587 1728 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:16:50.0618 1728 usbccgp - ok
20:16:50.0649 1728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:16:50.0696 1728 usbcir - ok
20:16:50.0727 1728 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:16:50.0743 1728 usbehci - ok
20:16:50.0805 1728 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:16:50.0837 1728 usbhub - ok
20:16:50.0868 1728 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:16:50.0899 1728 usbohci - ok
20:16:50.0946 1728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:16:50.0993 1728 usbprint - ok
20:16:51.0039 1728 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:16:51.0071 1728 usbscan - ok
20:16:51.0086 1728 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:16:51.0117 1728 USBSTOR - ok
20:16:51.0133 1728 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:16:51.0149 1728 usbuhci - ok
20:16:51.0211 1728 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:16:51.0305 1728 usbvideo - ok
20:16:51.0351 1728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:16:51.0414 1728 UxSms - ok
20:16:51.0429 1728 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:16:51.0445 1728 VaultSvc - ok
20:16:51.0492 1728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:16:51.0507 1728 vdrvroot - ok
20:16:51.0539 1728 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:16:51.0617 1728 vds - ok
20:16:51.0648 1728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:16:51.0679 1728 vga - ok
20:16:51.0679 1728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:16:51.0741 1728 VgaSave - ok
20:16:51.0757 1728 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:16:51.0773 1728 vhdmp - ok
20:16:51.0773 1728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:16:51.0788 1728 viaide - ok
20:16:51.0804 1728 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:16:51.0804 1728 volmgr - ok
20:16:51.0851 1728 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:16:51.0866 1728 volmgrx - ok
20:16:51.0913 1728 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:16:51.0929 1728 volsnap - ok
20:16:51.0975 1728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:16:51.0991 1728 vsmraid - ok
20:16:52.0038 1728 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:16:52.0116 1728 VSS - ok
20:16:52.0131 1728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:16:52.0163 1728 vwifibus - ok
20:16:52.0178 1728 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:16:52.0209 1728 vwififlt - ok
20:16:52.0241 1728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:16:52.0319 1728 W32Time - ok
20:16:52.0350 1728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:16:52.0381 1728 WacomPen - ok
20:16:52.0397 1728 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:16:52.0428 1728 WANARP - ok
20:16:52.0443 1728 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:16:52.0490 1728 Wanarpv6 - ok
20:16:52.0553 1728 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:16:52.0631 1728 wbengine - ok
20:16:52.0646 1728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:16:52.0677 1728 WbioSrvc - ok
20:16:52.0709 1728 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:16:52.0771 1728 wcncsvc - ok
20:16:52.0802 1728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:16:52.0818 1728 WcsPlugInService - ok
20:16:52.0849 1728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:16:52.0880 1728 Wd - ok
20:16:52.0911 1728 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:16:52.0974 1728 Wdf01000 - ok
20:16:52.0989 1728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:16:53.0021 1728 WdiServiceHost - ok
20:16:53.0036 1728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:16:53.0052 1728 WdiSystemHost - ok
20:16:53.0083 1728 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
20:16:53.0114 1728 WebClient - ok
20:16:53.0130 1728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:16:53.0208 1728 Wecsvc - ok
20:16:53.0239 1728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:16:53.0301 1728 wercplsupport - ok
20:16:53.0333 1728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:16:53.0379 1728 WerSvc - ok
20:16:53.0426 1728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:16:53.0489 1728 WfpLwf - ok
20:16:53.0489 1728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:16:53.0504 1728 WIMMount - ok
20:16:53.0535 1728 WinDefend - ok
20:16:53.0535 1728 WinHttpAutoProxySvc - ok
20:16:53.0598 1728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:16:53.0660 1728 Winmgmt - ok
20:16:53.0738 1728 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:16:53.0894 1728 WinRM - ok
20:16:53.0957 1728 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:16:54.0003 1728 WinUsb - ok
20:16:54.0206 1728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:16:54.0315 1728 Wlansvc - ok
20:16:54.0331 1728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:16:54.0378 1728 WmiAcpi - ok
20:16:54.0409 1728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:16:54.0456 1728 wmiApSrv - ok
20:16:54.0503 1728 WMPNetworkSvc - ok
20:16:54.0549 1728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:16:54.0565 1728 WPCSvc - ok
20:16:54.0581 1728 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:16:54.0612 1728 WPDBusEnum - ok
20:16:54.0643 1728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:16:54.0690 1728 ws2ifsl - ok
20:16:54.0721 1728 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
20:16:54.0737 1728 wscsvc - ok
20:16:54.0737 1728 WSearch - ok
20:16:54.0830 1728 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:16:54.0939 1728 wuauserv - ok
20:16:54.0971 1728 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:16:55.0002 1728 WudfPf - ok
20:16:55.0033 1728 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:16:55.0064 1728 WUDFRd - ok
20:16:55.0111 1728 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:16:55.0158 1728 wudfsvc - ok
20:16:55.0189 1728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:16:55.0251 1728 WwanSvc - ok
20:16:55.0329 1728 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
20:16:55.0376 1728 xnacc - ok
20:16:55.0423 1728 ================ Scan global ===============================
20:16:55.0454 1728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:16:55.0485 1728 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
20:16:55.0501 1728 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
20:16:55.0548 1728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:16:55.0579 1728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:16:55.0595 1728 [Global] - ok
20:16:55.0595 1728 ================ Scan MBR ==================================
20:16:55.0610 1728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:16:58.0044 1728 \Device\Harddisk0\DR0 - ok
20:16:58.0059 1728 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR1
20:16:58.0215 1728 \Device\Harddisk1\DR1 - ok
20:16:58.0215 1728 ================ Scan VBR ==================================
20:16:58.0231 1728 [ 29916F2E6642FD8735D1014928A9C3F8 ] \Device\Harddisk0\DR0\Partition1
20:16:58.0231 1728 \Device\Harddisk0\DR0\Partition1 - ok
20:16:58.0247 1728 [ 1C0D5D3A6EB755605BFED7F3063A9BFE ] \Device\Harddisk0\DR0\Partition2
20:16:58.0247 1728 \Device\Harddisk0\DR0\Partition2 - ok
20:16:58.0262 1728 [ 3970897A6C670C70B56C3722A35B5938 ] \Device\Harddisk0\DR0\Partition3
20:16:58.0262 1728 \Device\Harddisk0\DR0\Partition3 - ok
20:16:58.0278 1728 [ AE7987DFF0FF2403E49B8A2A3A067FD7 ] \Device\Harddisk1\DR1\Partition1
20:16:58.0278 1728 \Device\Harddisk1\DR1\Partition1 - ok
20:16:58.0278 1728 ============================================================
20:16:58.0278 1728 Scan finished
20:16:58.0278 1728 ============================================================
20:16:58.0293 1368 Detected object count: 0
20:16:58.0293 1368 Actual detected object count: 0
 |
|
| Themen zu Spamailversand von Laptop über HTML-Emailverkehr (hotmail) und Expolit/Virus als Ursache? |
| besser, booten, exploit, folge, forum, hijack, hijackthis, hotmail, kaspersky, laptop, link, log-file, löschen, mail, nicht mehr, nichts, notebook, problem, rechner, schnell, server, spam, spammailversand über html-emailverkehr und expolit?, stick, verschickt, win |
Linear-Darstellung
