| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: neuer Postbank-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.01.2013, 21:20
| #1 |
 |  neuer Postbank-Trojaner Moin, ganz kurz: neue Postbankmasche. Auf ein Email-Postfach wurde eine Mail, dargestellt als offizielles von der Postbank, geschickt, mit externem Link (als Button). Auf der Seite soll nur die Mailadresse des Postbank-Kunden eingegeben werden. (keine Bankdaten! Linkadresse habe ich nicht.) Ich vermute, dass a) ein Programm vorher den Firefox Browser ausspioniert hat (wegen Postbank + Mailadresse rausgefunden) und b) durch das unaufmerksame klicken auf den Link ein neuer Trojaner heruntergeladen wurde. Avira hab ich durchlaufen lassen (freeware, aktuellste Version), den Verlauf habe ich unten gepostet. (Ist das auch ein sog. Log?) Oder soll ich Malwarebytes auch durchlaufen lassen? Wollt ihr evtl auch einen Screenshot von der Mail? Ich habe berechtigte bedenken, ob der PC nicht noch weiter verseucht ist. (nicht meiner, sondern der vom Vater) Daher der Vollscan "mit Anleitung von Profis". Ich hoffe ich hab mit kurz genug gebunden. Vielen Dank schonmal für eure Hilfe! Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 8. Januar 2013 17:50
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : Uwe
Computername : UWE-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 12:02:45
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 12:02:45
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 12:02:51
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 17:45:17
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 17:45:17
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 11:45:16
avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 11:45:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 14:46:37
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 11:49:12
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 11:49:12
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 11:49:12
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 11:49:12
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 11:49:12
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 11:59:24
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 18:38:07
VBASE015.VDF : 7.11.56.24 2048 Bytes 07.01.2013 18:38:07
VBASE016.VDF : 7.11.56.25 2048 Bytes 07.01.2013 18:38:07
VBASE017.VDF : 7.11.56.26 2048 Bytes 07.01.2013 18:38:07
VBASE018.VDF : 7.11.56.27 2048 Bytes 07.01.2013 18:38:07
VBASE019.VDF : 7.11.56.28 2048 Bytes 07.01.2013 18:38:07
VBASE020.VDF : 7.11.56.29 2048 Bytes 07.01.2013 18:38:07
VBASE021.VDF : 7.11.56.30 2048 Bytes 07.01.2013 18:38:07
VBASE022.VDF : 7.11.56.31 2048 Bytes 07.01.2013 18:38:07
VBASE023.VDF : 7.11.56.32 2048 Bytes 07.01.2013 18:38:07
VBASE024.VDF : 7.11.56.33 2048 Bytes 07.01.2013 18:38:07
VBASE025.VDF : 7.11.56.34 2048 Bytes 07.01.2013 18:38:07
VBASE026.VDF : 7.11.56.35 2048 Bytes 07.01.2013 18:38:07
VBASE027.VDF : 7.11.56.36 2048 Bytes 07.01.2013 18:38:07
VBASE028.VDF : 7.11.56.37 2048 Bytes 07.01.2013 18:38:07
VBASE029.VDF : 7.11.56.38 2048 Bytes 07.01.2013 18:38:08
VBASE030.VDF : 7.11.56.39 2048 Bytes 07.01.2013 18:38:08
VBASE031.VDF : 7.11.56.68 111104 Bytes 08.01.2013 11:36:56
Engineversion : 8.2.10.224
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.78 467323 Bytes 20.12.2012 19:48:34
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 18:50:24
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 11.11.2012 14:44:09
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 19:48:34
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:41:48
AEHEUR.DLL : 8.1.4.168 5628280 Bytes 20.12.2012 19:48:34
AEHELP.DLL : 8.1.25.2 258423 Bytes 16.10.2012 11:58:10
AEGEN.DLL : 8.1.6.12 434549 Bytes 13.12.2012 18:50:24
AEEXP.DLL : 8.3.0.4 184692 Bytes 20.12.2012 19:48:34
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 18:50:24
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:41:45
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 12:02:45
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 17:45:17
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 12:02:43
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 12:02:44
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 12:02:51
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 12:02:21
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 12:02:21
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 8. Januar 2013 17:50
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Taskmgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess '[verify-U]-Service.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess '64barsvc.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'netzmanager.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'FacebookMessenger.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess '[verify-U]-Software.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMERunner.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ManyCam.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdSync.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess '64brmon.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess '64SrchMn.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1553' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
[0] Archivtyp: RSRC
--> C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[1].exe
[1] Archivtyp: Runtime Packed
--> Object
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[1].exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[2].exe
[1] Archivtyp: Runtime Packed
--> Object
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[2].exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Uwe\AppData\Local\Temp\YontooSetup-Silent.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
--> C:\Users\Uwe\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
[1] Archivtyp: Runtime Packed
--> C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\22e43b9c-46004ee3
[2] Archivtyp: ZIP
--> H_e2a/H_e2a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.EZ.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> H_e2a/H_e2c.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.310
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> H_e2a/H_e2b.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Karame.AJ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> H_e2a/H_e2d.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.FA.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\22e43b9c-46004ee3
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.FA.1
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\' <DATA>
Beginne mit der Desinfektion:
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\22e43b9c-46004ee3
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.FA.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57b3fd66.qua' verschoben!
C:\Users\Uwe\AppData\Local\Temp\YontooSetup-Silent.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f2fd29e.qua' verschoben!
Ende des Suchlaufs: Dienstag, 8. Januar 2013 18:59
Benötigte Zeit: 1:08:18 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
33108 Verzeichnisse wurden überprüft
518812 Dateien wurden geprüft
6 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
518806 Dateien ohne Befall
4408 Archive wurden durchsucht
6 Warnungen
2 Hinweise
|
|
08.01.2013, 21:24
| #2 |
| /// Malware-holic   | neuer Postbank-Trojaner Hi
__________________leite sie mir mal weiter, wie das geht, steht in meiner Sig.
__________________ |
|
08.01.2013, 21:38
| #3 | |
| | neuer Postbank-TrojanerZitat:
|
|
08.01.2013, 21:43
| #4 |
| /// Malware-holic | neuer Postbank-Trojaner Hi das mit der Postbank kann auch nen Zufall gewesen sein, leider funktioniert die Weiterleitung bei mir nicht mehr, aber der link führt auf jeden fall nicht zur postbank, wir gucken uns den PC mal an: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 22:40
| #5 |
| | neuer Postbank-Trojaner viel text... OTL.txt Code:
ATTFilter OTL logfile created on: 08.01.2013 22:17:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uwe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19393) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 68,83% Memory free 6,69 Gb Paging File | 5,69 Gb Available in Paging File | 85,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225,27 Gb Total Space | 72,08 Gb Free Space | 32,00% Space Free | Partition Type: NTFS Drive D: | 11,72 Gb Total Space | 11,61 Gb Free Space | 99,10% Space Free | Partition Type: NTFS Drive E: | 59,15 Gb Total Space | 59,06 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Computer Name: UWE-PC | User Name: Uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.08 22:09:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe PRC - [2012.12.11 13:02:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 13:02:45 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.12.11 13:02:45 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.12.11 13:02:44 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 13:02:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.19 01:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.10.16 19:17:19 | 000,042,536 | ---- | M] (MindSpark) -- C:\Programme\TelevisionFanatic\bar\1.bin\64SrchMn.exe PRC - [2012.10.16 19:17:19 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe PRC - [2012.10.16 19:17:19 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe PRC - [2012.10.10 08:39:42 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Programme\Ask.com\CallingIDSDK\CIDGlobalLight.exe PRC - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.28 06:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.07.20 13:01:51 | 014,134,784 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe PRC - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe PRC - [2006.12.28 00:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 12:14:00 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0fe45f0908e1c17f9aca39670d35e3a7\System.Core.ni.dll MOD - [2012.11.17 12:13:55 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll MOD - [2012.11.17 12:12:53 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6be544795f68114304a2efdd502a52f0\System.IdentityModel.ni.dll MOD - [2012.11.17 12:12:52 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\68c89abe0ec8381863d6bb18539504f9\System.Runtime.Serialization.ni.dll MOD - [2012.11.17 12:12:49 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2d737eebab3321e31bf20296d04a0e1a\System.ServiceModel.ni.dll MOD - [2012.11.17 12:12:49 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\949339bed597380b8fb6dd2dc97d8006\SMDiagnostics.ni.dll MOD - [2012.11.17 12:12:21 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll MOD - [2012.11.17 12:12:11 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1f0ff07c7fa3ef235a9e2b3b6a49db04\System.EnterpriseServices.ni.dll MOD - [2012.11.17 12:12:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\850a371af19c00078a8cfbee763fb449\System.Transactions.ni.dll MOD - [2012.11.17 12:12:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll MOD - [2012.11.17 12:10:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll MOD - [2012.11.17 12:10:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll MOD - [2012.11.17 12:10:12 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll MOD - [2012.11.17 12:10:02 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll MOD - [2012.11.17 12:09:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39cc0e726e5b80a46337fa969cde2b66\PresentationFramework.Aero.ni.dll MOD - [2012.11.17 12:09:54 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fb15c044e4e7d611a5cbe5a1aa6db455\PresentationFramework.ni.dll MOD - [2012.11.17 12:09:21 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09ab834223f9c860f08de8d58688b1a3\PresentationCore.ni.dll MOD - [2012.11.17 12:09:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0e3cff5f58a9a75de7fcac112c8bbca0\WindowsBase.ni.dll MOD - [2012.11.17 12:08:55 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll MOD - [2012.11.17 12:08:38 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.02.18 19:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2008.03.04 12:11:54 | 000,856,576 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]_Software.dll MOD - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe MOD - [2006.12.10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2006.12.10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ========== Services (SafeList) ========== SRV - [2012.12.11 19:33:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 13:02:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 13:02:45 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.12.11 13:02:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.05 16:31:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.16 19:17:19 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService) SRV - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.29 15:15:07 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Programme\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) [verify-U]) [verify-U]-Service [Auto | Running] -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe -- ([verify-U]) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.12.28 00:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.12.11 13:02:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.11 13:02:53 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.13 13:01:57 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.01.14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.11.07 15:21:18 | 000,016,128 | ---- | M] (Cybits AG) [verify-U]_System) [verify-U]_System [Kernel | System | Running] -- C:\Windows\System32\drivers\[verify-U]-driver.sys -- ([verify-U]_System) DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.04.06 01:06:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005.01.31 09:13:22 | 000,163,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV532AV.SYS -- (PID_0920) DRV - [2005.01.31 09:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.01.19 10:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80772 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80772&lng=de IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=61531&ptb=367EF4EA-7F80-412A-BBA6-960D8F1A72D4&psa=&ind=2012103113&st=sb&n=77ee41c9&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XPxdm049YYde&ptb=367EF4EA-7F80-412A-BBA6-960D8F1A72D4&si=61531 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {a5b9c0f5-5616-47cd-a95f-e43b488faccf} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_5_&babsrc=SP_ss&mntrId=9072714d000000000000001a92b6d9a2 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=61531&ptb=367EF4EA-7F80-412A-BBA6-960D8F1A72D4&psa=&ind=2012103113&st=sb&n=77ee41c9&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{BFA0E7E0-0635-451D-AA0A-724E14F03050}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f2bd560a-bc59-462f-9a6f-d4accff60346&apn_sauid=08F2E1EA-D940-4FBD-ABB8-75212DC73A87 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80772&lng=de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Uwe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Uwe\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.03 16:09:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin [2012.10.16 19:17:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 16:31:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 16:31:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 16:31:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 16:31:00 | 000,000,000 | ---D | M] [2012.12.05 16:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.05 16:30:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.05 16:30:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.05 16:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.12.05 16:30:58 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net [2012.12.05 16:31:08 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.06.21 11:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.10 15:39:17 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.30 06:41:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 11:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 11:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.09 17:47:30 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.21 11:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 11:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Programme\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Programme\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\Uwe\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Uwe\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Uwe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04DC836A-F433-4C99-AA57-A8E21682B1DD}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C028230E-41B1-47A0-9712-40A24CC8EADC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F54CEF-CEA3-405C-A5F1-60D16E20C55D}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5a2adb3f-63e1-11e1-aca2-001a92b6d9a2}\Shell - "" = AutoRun O33 - MountPoints2\{5a2adb3f-63e1-11e1-aca2-001a92b6d9a2}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5a2adb59-63e1-11e1-aca2-001e101f1ed9}\Shell - "" = AutoRun O33 - MountPoints2\{5a2adb59-63e1-11e1-aca2-001e101f1ed9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c1482837-e370-11e0-bb80-001a92b6d9a2}\Shell - "" = AutoRun O33 - MountPoints2\{c1482837-e370-11e0-bb80-001a92b6d9a2}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {190B5DA7-2E6E-AC32-D7CB-43733961967B} - Internet Explorer ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 22:09:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe [2013.01.08 21:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.01.08 21:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.01.08 17:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.06 23:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\10tons [2013.01.06 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azkend 2 - The World Beneath [2013.01.06 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Azkend 2 - The World Beneath [2012.12.18 19:47:17 | 000,000,000 | ---D | C] -- C:\Users\Uwe\DxReport [2012.12.10 17:13:46 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Apple Computer [2012.12.10 17:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.10 17:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.10 17:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.10 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.10 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.10 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Apple [2012.12.10 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.12.10 17:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.12.10 17:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.12.10 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple ========== Files - Modified Within 30 Days ========== [2013.01.08 22:09:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe [2013.01.08 22:02:34 | 000,000,680 | ---- | M] () -- C:\Users\Uwe\AppData\Local\d3d9caps.dat [2013.01.08 22:00:32 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 22:00:31 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 22:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.08 22:00:22 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.08 21:36:17 | 000,000,982 | ---- | M] () -- C:\Users\Uwe\Desktop\Achtung_-_Sicherheitsupdate.zip [2013.01.08 21:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.08 20:16:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000UA.job [2013.01.08 17:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000Core.job [2013.01.06 23:38:40 | 000,000,937 | ---- | M] () -- C:\Users\Uwe\Desktop\Azkend 2 - The World Beneath.lnk [2013.01.03 19:59:18 | 215,855,101 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.27 10:17:17 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.27 10:17:17 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.27 10:17:17 | 000,125,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.27 10:17:17 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.21 11:27:12 | 000,015,254 | ---- | M] () -- C:\Users\Uwe\Documents\kündiging tini.odt [2012.12.11 13:02:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.12.11 13:02:53 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013.01.08 21:36:17 | 000,000,982 | ---- | C] () -- C:\Users\Uwe\Desktop\Achtung_-_Sicherheitsupdate.zip [2013.01.06 23:37:16 | 000,000,937 | ---- | C] () -- C:\Users\Uwe\Desktop\Azkend 2 - The World Beneath.lnk [2012.12.21 11:24:37 | 000,015,254 | ---- | C] () -- C:\Users\Uwe\Documents\kündiging tini.odt [2012.12.14 06:28:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 06:28:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.10 17:11:33 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.12.01 15:18:35 | 000,000,001 | R--- | C] () -- C:\Users\Uwe\serverport [2012.06.10 15:39:24 | 000,000,250 | ---- | C] () -- \user.js [2011.09.22 10:09:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.09.22 10:09:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.09.22 05:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.09.20 11:51:54 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2011.08.29 15:48:59 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat [2011.08.29 15:48:48 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.08.16 22:46:14 | 000,000,552 | ---- | C] () -- C:\Users\Uwe\AppData\Local\d3d8caps.dat [2011.07.22 23:58:36 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.07.22 23:58:36 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.07.22 23:58:36 | 000,125,676 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.07.22 23:58:36 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.07.22 14:12:50 | 000,005,632 | ---- | C] () -- C:\Users\Uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.22 14:09:09 | 000,000,680 | ---- | C] () -- C:\Users\Uwe\AppData\Local\d3d9caps.dat [2006.11.02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat [2006.11.02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.22 14:09:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.10 17:13:51 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.07.22 14:07:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.20 12:21:12 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.08 21:31:28 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.06 23:37:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.07.22 14:07:01 | 000,000,000 | -HSD | M] -- C:\Programme [2013.01.08 22:19:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.22 14:09:08 | 000,000,000 | R--D | M] -- C:\Users [2013.01.03 19:59:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.01 19:05:08 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000Core.job [2011.12.01 19:05:10 | 000,000,920 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000UA.job [2012.04.24 19:48:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2011.08.25 06:56:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2011.08.25 06:56:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2011.08.25 06:56:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.08.25 06:54:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2011.08.25 06:54:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2011.08.25 06:54:48 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2011.08.28 21:42:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2011.08.28 21:42:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2011.08.25 06:54:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2011.08.25 05:45:56 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2011.08.25 05:45:56 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2013.01.08 22:35:40 | 002,621,440 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT [2013.01.08 22:35:40 | 000,262,144 | -H-- | M] () -- C:\Users\Uwe\ntuser.dat.LOG1 [2011.07.22 14:09:08 | 000,000,000 | -H-- | M] () -- C:\Users\Uwe\ntuser.dat.LOG2 [2013.01.08 21:42:56 | 000,065,536 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2013.01.08 21:42:56 | 000,524,288 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011.07.22 14:45:51 | 000,524,288 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.07.22 14:09:08 | 000,000,020 | -HS- | M] () -- C:\Users\Uwe\ntuser.ini [2012.12.02 15:09:38 | 000,000,001 | R--- | M] () -- C:\Users\Uwe\serverport [2004.10.26 08:17:22 | 000,016,518 | ---- | M] () -- C:\Users\Uwe\zylom.ico < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.01.2013 22:17:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uwe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 68,83% Memory free
6,69 Gb Paging File | 5,69 Gb Available in Paging File | 85,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,27 Gb Total Space | 72,08 Gb Free Space | 32,00% Space Free | Partition Type: NTFS
Drive D: | 11,72 Gb Total Space | 11,61 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
Drive E: | 59,15 Gb Total Space | 59,06 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Computer Name: UWE-PC | User Name: Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1085AC45-C2B4-47ED-92A7-CE9FC0FDAA5F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1BCF49A2-4C72-44AD-AA12-64BDBBC644B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{212812B0-05D5-49FE-AF4A-CCE8A4E395CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26BBD3A1-67F0-436D-96B1-9BAF76AABB71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44E023DA-98BB-4DC8-BFF1-656BCF430108}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD0FDA14-D063-43A2-BB31-0C7F6686E366}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E51004CA-0490-4440-B37F-4126F0FB97D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEBEE4BD-0C8C-43E7-967B-69651DF4371C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1E72037-7C39-4B36-90E7-F2AD152B461C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07960EDD-9DC7-4F8F-B316-727864D993DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D41AC9D-9284-42AD-8B71-EB4A6710DAF2}" = dir=in | app=c:\users\uwe\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{229D83DC-9239-4BE5-AD3F-A722FA3F0BF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41EE0972-51D8-4754-8533-E4A64BFDBB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FE793D3-2271-474D-951E-2FEA66D91D1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61734E40-D42F-42DD-AA80-0584B44B4621}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{793DDD4B-95E9-44BC-B55E-F727385F71D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{875EC0B8-F2F1-43C3-9580-400350E9F241}" = protocol=6 | dir=out | app=system |
"{8DABF636-1511-477C-BC6D-4EACF1E37A60}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{986DE082-8FDE-4301-9942-65EE908D1562}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E0A178D-DED5-4BA8-AE1B-9D4ABBA9BD8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD284B53-B64B-48CC-89A6-D0719FBA13B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D987F76C-50BF-49B7-B53A-7BF2A77822DB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ED8211BB-7494-47C6-B603-87E37AC7068D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F01D4C51-58C7-4011-872F-5F6E57A0A641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F57219F9-51AC-4BAD-BE33-66FFEBCF05B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6B1F188-9063-4037-9FAE-A5AFA831AF25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FF41FE39-792C-4F20-B902-32366311C0EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{281C52AE-03D5-4D88-AF42-081F42A08C93}C:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
"UDP Query User{3865A831-A7C7-44EA-8170-D3642E5B5CDF}C:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Azkend 2 - The World Beneath" = Azkend 2 - The World Beneath
"DivX Setup" = DivX-Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.29.824
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ManyCam" = ManyCam 2.6.65 (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"PhotoScape" = PhotoScape
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"VLC media player" = VLC media player 2.0.1
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.01.2013 10:45:56 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 175c Anfangszeit: 01cdea52146d0c4d Zeitpunkt der
Beendigung: 15
Error - 04.01.2013 10:47:41 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 116c Anfangszeit: 01cdea8a35b780e4 Zeitpunkt der
Beendigung: 15
Error - 04.01.2013 12:56:27 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: d9c Anfangszeit: 01cdea9abfea3e7c Zeitpunkt der
Beendigung: 16
Error - 04.01.2013 12:57:26 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: f60 Anfangszeit: 01cdea9c75c8370c Zeitpunkt der
Beendigung: 16
Error - 04.01.2013 13:32:31 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 2e8 Anfangszeit: 01cdea9d3092bb1b Zeitpunkt der
Beendigung: 12
Error - 04.01.2013 13:34:20 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1624 Anfangszeit: 01cdeaa17c263a12 Zeitpunkt der
Beendigung: 16
Error - 06.01.2013 03:37:21 | Computer Name = Uwe-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 06.01.2013 03:37:22 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm netzmanager.exe, Version 1.71.0.301 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 3ac Anfangszeit: 01cdebe01fc87c32 Zeitpunkt
der Beendigung: 0
Error - 06.01.2013 08:03:08 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 460 Anfangszeit: 01cdec05887c22b8 Zeitpunkt der
Beendigung: 47
Error - 06.01.2013 08:05:25 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 158c Anfangszeit: 01cdec05cc32350b Zeitpunkt der
Beendigung: 0
[ System Events ]
Error - 04.01.2013 01:59:07 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.01.2013 01:37:32 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.01.2013 11:39:57 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.01.2013 03:35:09 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.01.2013 07:56:13 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.01.2013 08:36:45 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.01.2013 01:32:47 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.01.2013 04:51:19 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.01.2013 12:49:11 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.01.2013 17:02:01 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
08.01.2013, 22:42
| #6 |
| | neuer Postbank-Trojaner .... Geändert von Yettex (08.01.2013 um 22:44 Uhr) Grund: sorry, doppelpost |
|
08.01.2013, 23:22
| #7 |
| /// Malware-holic | neuer Postbank-Trojaner Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 18:21
| #8 |
| | neuer Postbank-Trojaner kaspersky tdss log Code:
ATTFilter 18:19:26.0668 5652 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:19:27.0279 5652 ============================================================
18:19:27.0279 5652 Current date / time: 2013/01/09 18:19:27.0279
18:19:27.0279 5652 SystemInfo:
18:19:27.0279 5652
18:19:27.0279 5652 OS Version: 6.0.6002 ServicePack: 2.0
18:19:27.0279 5652 Product type: Workstation
18:19:27.0279 5652 ComputerName: UWE-PC
18:19:27.0279 5652 UserName: Uwe
18:19:27.0279 5652 Windows directory: C:\Windows
18:19:27.0279 5652 System windows directory: C:\Windows
18:19:27.0279 5652 Processor architecture: Intel x86
18:19:27.0279 5652 Number of processors: 2
18:19:27.0279 5652 Page size: 0x1000
18:19:27.0279 5652 Boot type: Normal boot
18:19:27.0279 5652 ============================================================
18:19:27.0857 5652 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:19:27.0857 5652 ============================================================
18:19:27.0857 5652 \Device\Harddisk0\DR0:
18:19:27.0857 5652 MBR partitions:
18:19:27.0857 5652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1770000
18:19:27.0857 5652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1C28A800
18:19:27.0857 5652 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DDE3000, BlocksNum 0x764B000
18:19:27.0857 5652 ============================================================
18:19:27.0889 5652 C: <-> \Device\Harddisk0\DR0\Partition2
18:19:27.0920 5652 D: <-> \Device\Harddisk0\DR0\Partition1
18:19:27.0967 5652 E: <-> \Device\Harddisk0\DR0\Partition3
18:19:27.0967 5652 ============================================================
18:19:27.0967 5652 Initialize success
18:19:27.0967 5652 ============================================================
18:19:58.0734 3080 ============================================================
18:19:58.0734 3080 Scan started
18:19:58.0734 3080 Mode: Manual; SigCheck; TDLFS;
18:19:58.0734 3080 ============================================================
18:19:59.0094 3080 ================ Scan system memory ========================
18:19:59.0094 3080 System memory - ok
18:19:59.0094 3080 ================ Scan services =============================
18:19:59.0234 3080 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:19:59.0328 3080 ACPI - ok
18:19:59.0422 3080 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:19:59.0453 3080 AdobeARMservice - ok
18:19:59.0516 3080 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:59.0543 3080 AdobeFlashPlayerUpdateSvc - ok
18:19:59.0590 3080 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:19:59.0637 3080 adp94xx - ok
18:19:59.0699 3080 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:19:59.0715 3080 adpahci - ok
18:19:59.0777 3080 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:19:59.0793 3080 adpu160m - ok
18:19:59.0809 3080 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:19:59.0824 3080 adpu320 - ok
18:19:59.0871 3080 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:19:59.0996 3080 AeLookupSvc - ok
18:20:00.0059 3080 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:20:00.0090 3080 AFD - ok
18:20:00.0137 3080 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:20:00.0152 3080 agp440 - ok
18:20:00.0199 3080 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:20:00.0215 3080 aic78xx - ok
18:20:00.0262 3080 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:20:00.0418 3080 ALG - ok
18:20:00.0449 3080 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:20:00.0465 3080 aliide - ok
18:20:00.0496 3080 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:20:00.0512 3080 amdagp - ok
18:20:00.0527 3080 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:20:00.0544 3080 amdide - ok
18:20:00.0591 3080 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:20:00.0763 3080 AmdK7 - ok
18:20:00.0794 3080 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:20:00.0856 3080 AmdK8 - ok
18:20:00.0935 3080 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:20:00.0950 3080 AntiVirSchedulerService - ok
18:20:01.0013 3080 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:20:01.0044 3080 AntiVirService - ok
18:20:01.0075 3080 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:20:01.0106 3080 AntiVirWebService - ok
18:20:01.0185 3080 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:20:01.0216 3080 Appinfo - ok
18:20:01.0294 3080 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:01.0310 3080 Apple Mobile Device - ok
18:20:01.0341 3080 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:20:01.0356 3080 arc - ok
18:20:01.0388 3080 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:20:01.0403 3080 arcsas - ok
18:20:01.0435 3080 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:01.0466 3080 AsyncMac - ok
18:20:01.0513 3080 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:20:01.0513 3080 atapi - ok
18:20:01.0592 3080 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:01.0639 3080 AudioEndpointBuilder - ok
18:20:01.0670 3080 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:20:01.0701 3080 Audiosrv - ok
18:20:01.0717 3080 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:20:01.0748 3080 avgntflt - ok
18:20:01.0779 3080 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:20:01.0795 3080 avipbb - ok
18:20:01.0842 3080 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:20:01.0857 3080 avkmgr - ok
18:20:01.0935 3080 [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
18:20:01.0982 3080 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:20:01.0982 3080 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:20:02.0029 3080 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:20:02.0076 3080 Beep - ok
18:20:02.0107 3080 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:20:02.0154 3080 BFE - ok
18:20:02.0217 3080 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:20:02.0248 3080 BITS - ok
18:20:02.0248 3080 blbdrive - ok
18:20:02.0342 3080 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:20:02.0373 3080 Bonjour Service - ok
18:20:02.0420 3080 [ 746A7B624B5047FACEBE35B51AA1FE36 ] Boonty Games C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
18:20:02.0420 3080 Boonty Games ( UnsignedFile.Multi.Generic ) - warning
18:20:02.0420 3080 Boonty Games - detected UnsignedFile.Multi.Generic (1)
18:20:02.0498 3080 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:20:02.0560 3080 bowser - ok
18:20:02.0608 3080 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:20:02.0655 3080 BrFiltLo - ok
18:20:02.0671 3080 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:20:02.0702 3080 BrFiltUp - ok
18:20:02.0749 3080 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:20:02.0780 3080 Browser - ok
18:20:02.0827 3080 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:20:02.0874 3080 Brserid - ok
18:20:02.0905 3080 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:20:02.0983 3080 BrSerWdm - ok
18:20:03.0015 3080 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:20:03.0077 3080 BrUsbMdm - ok
18:20:03.0108 3080 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:20:03.0155 3080 BrUsbSer - ok
18:20:03.0186 3080 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:20:03.0233 3080 BTHMODEM - ok
18:20:03.0280 3080 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:20:03.0296 3080 cdfs - ok
18:20:03.0343 3080 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:20:03.0374 3080 cdrom - ok
18:20:03.0421 3080 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:20:03.0452 3080 CertPropSvc - ok
18:20:03.0483 3080 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:20:03.0546 3080 circlass - ok
18:20:03.0625 3080 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:20:03.0641 3080 CLFS - ok
18:20:03.0734 3080 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:03.0750 3080 clr_optimization_v2.0.50727_32 - ok
18:20:03.0828 3080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:03.0828 3080 clr_optimization_v4.0.30319_32 - ok
18:20:03.0844 3080 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:20:03.0859 3080 cmdide - ok
18:20:03.0875 3080 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:20:03.0891 3080 Compbatt - ok
18:20:03.0906 3080 COMSysApp - ok
18:20:03.0922 3080 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:20:03.0937 3080 crcdisk - ok
18:20:03.0953 3080 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:20:04.0000 3080 Crusoe - ok
18:20:04.0047 3080 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:20:04.0109 3080 CryptSvc - ok
18:20:04.0141 3080 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:20:04.0203 3080 DcomLaunch - ok
18:20:04.0234 3080 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:20:04.0266 3080 DfsC - ok
18:20:04.0344 3080 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:20:04.0437 3080 DFSR - ok
18:20:04.0516 3080 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:20:04.0578 3080 Dhcp - ok
18:20:04.0642 3080 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:20:04.0673 3080 disk - ok
18:20:04.0735 3080 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:20:04.0767 3080 Dnscache - ok
18:20:04.0798 3080 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:20:04.0813 3080 dot3svc - ok
18:20:04.0845 3080 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:20:04.0892 3080 Dot4 - ok
18:20:04.0938 3080 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:20:04.0970 3080 Dot4Print - ok
18:20:05.0001 3080 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:20:05.0017 3080 dot4usb - ok
18:20:05.0079 3080 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:20:05.0142 3080 DPS - ok
18:20:05.0173 3080 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:20:05.0220 3080 drmkaud - ok
18:20:05.0267 3080 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:20:05.0376 3080 DXGKrnl - ok
18:20:05.0407 3080 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:20:05.0454 3080 E1G60 - ok
18:20:05.0501 3080 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:20:05.0517 3080 EapHost - ok
18:20:05.0579 3080 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:20:05.0595 3080 Ecache - ok
18:20:05.0674 3080 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:20:05.0689 3080 ehRecvr - ok
18:20:05.0736 3080 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:20:05.0783 3080 ehSched - ok
18:20:05.0799 3080 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:20:05.0814 3080 ehstart - ok
18:20:05.0861 3080 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:20:05.0893 3080 elxstor - ok
18:20:05.0939 3080 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:20:06.0018 3080 EMDMgmt - ok
18:20:06.0064 3080 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:20:06.0080 3080 EventSystem - ok
18:20:06.0143 3080 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
18:20:06.0158 3080 ewusbnet - ok
18:20:06.0205 3080 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:20:06.0236 3080 exfat - ok
18:20:06.0268 3080 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:20:06.0283 3080 fastfat - ok
18:20:06.0314 3080 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:20:06.0377 3080 fdc - ok
18:20:06.0393 3080 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:20:06.0424 3080 fdPHost - ok
18:20:06.0439 3080 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:20:06.0471 3080 FDResPub - ok
18:20:06.0518 3080 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:20:06.0533 3080 FileInfo - ok
18:20:06.0564 3080 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:20:06.0580 3080 Filetrace - ok
18:20:06.0643 3080 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:06.0706 3080 flpydisk - ok
18:20:06.0753 3080 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:20:06.0768 3080 FltMgr - ok
18:20:06.0847 3080 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:20:06.0878 3080 FontCache - ok
18:20:06.0940 3080 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:06.0940 3080 FontCache3.0.0.0 - ok
18:20:06.0987 3080 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:20:07.0018 3080 Fs_Rec - ok
18:20:07.0081 3080 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
18:20:07.0128 3080 FWLANUSB - ok
18:20:07.0159 3080 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:20:07.0175 3080 gagp30kx - ok
18:20:07.0206 3080 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:20:07.0222 3080 GEARAspiWDM - ok
18:20:07.0253 3080 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:20:07.0300 3080 gpsvc - ok
18:20:07.0347 3080 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:20:07.0425 3080 HdAudAddService - ok
18:20:07.0472 3080 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:07.0518 3080 HDAudBus - ok
18:20:07.0550 3080 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:20:07.0597 3080 HidBth - ok
18:20:07.0628 3080 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:20:07.0665 3080 HidIr - ok
18:20:07.0712 3080 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:20:07.0727 3080 hidserv - ok
18:20:07.0759 3080 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:20:07.0774 3080 HidUsb - ok
18:20:07.0806 3080 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:20:07.0837 3080 hkmsvc - ok
18:20:07.0852 3080 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:20:07.0868 3080 HpCISSs - ok
18:20:07.0962 3080 [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:20:07.0977 3080 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:20:07.0977 3080 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:20:07.0993 3080 [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:20:08.0009 3080 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:20:08.0009 3080 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:20:08.0024 3080 HTCAND32 - ok
18:20:08.0071 3080 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:20:08.0134 3080 HTTP - ok
18:20:08.0165 3080 [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:20:08.0196 3080 hwdatacard - ok
18:20:08.0227 3080 [ 089085538885367E281686762A973EB5 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
18:20:08.0259 3080 hwusbfake - ok
18:20:08.0290 3080 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:20:08.0306 3080 i2omp - ok
18:20:08.0337 3080 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:20:08.0368 3080 i8042prt - ok
18:20:08.0399 3080 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:20:08.0415 3080 iaStorV - ok
18:20:08.0477 3080 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:08.0571 3080 idsvc - ok
18:20:08.0618 3080 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:20:08.0634 3080 iirsp - ok
18:20:08.0665 3080 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:20:08.0744 3080 IKEEXT - ok
18:20:08.0760 3080 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:20:08.0775 3080 intelide - ok
18:20:08.0791 3080 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:20:08.0838 3080 intelppm - ok
18:20:08.0885 3080 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:20:08.0900 3080 IPBusEnum - ok
18:20:08.0932 3080 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:08.0978 3080 IpFilterDriver - ok
18:20:09.0010 3080 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:20:09.0041 3080 iphlpsvc - ok
18:20:09.0041 3080 IpInIp - ok
18:20:09.0072 3080 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:20:09.0150 3080 IPMIDRV - ok
18:20:09.0166 3080 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:20:09.0213 3080 IPNAT - ok
18:20:09.0260 3080 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:20:09.0291 3080 iPod Service - ok
18:20:09.0322 3080 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:20:09.0353 3080 IRENUM - ok
18:20:09.0369 3080 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:20:09.0400 3080 isapnp - ok
18:20:09.0447 3080 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:20:09.0463 3080 iScsiPrt - ok
18:20:09.0478 3080 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:20:09.0494 3080 iteatapi - ok
18:20:09.0510 3080 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:20:09.0525 3080 iteraid - ok
18:20:09.0541 3080 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:09.0557 3080 kbdclass - ok
18:20:09.0588 3080 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:20:09.0619 3080 kbdhid - ok
18:20:09.0635 3080 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:20:09.0650 3080 KeyIso - ok
18:20:09.0682 3080 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:20:09.0733 3080 KSecDD - ok
18:20:09.0796 3080 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:20:09.0827 3080 KtmRm - ok
18:20:09.0858 3080 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:20:09.0874 3080 LanmanServer - ok
18:20:09.0921 3080 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:09.0936 3080 LanmanWorkstation - ok
18:20:09.0968 3080 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:20:09.0999 3080 lltdio - ok
18:20:10.0030 3080 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:20:10.0061 3080 lltdsvc - ok
18:20:10.0077 3080 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:20:10.0124 3080 lmhosts - ok
18:20:10.0155 3080 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:20:10.0171 3080 LSI_FC - ok
18:20:10.0186 3080 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:20:10.0202 3080 LSI_SAS - ok
18:20:10.0233 3080 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:20:10.0249 3080 LSI_SCSI - ok
18:20:10.0280 3080 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:20:10.0311 3080 luafv - ok
18:20:10.0343 3080 [ A730FC8671A60666D6E877C544DD7CD4 ] LVUSBSta C:\Windows\system32\drivers\lvusbsta.sys
18:20:10.0374 3080 LVUSBSta - ok
18:20:10.0405 3080 [ C6D085C7045200143528136A43A65FDE ] ManyCam C:\Windows\system32\DRIVERS\ManyCam.sys
18:20:10.0452 3080 ManyCam - ok
18:20:10.0546 3080 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
18:20:10.0561 3080 McComponentHostService - ok
18:20:10.0577 3080 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:20:10.0608 3080 Mcx2Svc - ok
18:20:10.0624 3080 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:20:10.0640 3080 megasas - ok
18:20:10.0671 3080 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:20:10.0702 3080 MMCSS - ok
18:20:10.0720 3080 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:20:10.0770 3080 Modem - ok
18:20:10.0802 3080 [ EC839BA91E45CCE6EADAFC418FFF8206 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:20:10.0864 3080 monitor - ok
18:20:10.0880 3080 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:20:10.0911 3080 mouclass - ok
18:20:10.0911 3080 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:20:10.0958 3080 mouhid - ok
18:20:10.0974 3080 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:20:11.0005 3080 MountMgr - ok
18:20:11.0052 3080 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:20:11.0067 3080 MozillaMaintenance - ok
18:20:11.0114 3080 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:20:11.0130 3080 mpio - ok
18:20:11.0161 3080 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:20:11.0177 3080 mpsdrv - ok
18:20:11.0224 3080 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:20:11.0239 3080 MpsSvc - ok
18:20:11.0270 3080 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:20:11.0286 3080 Mraid35x - ok
18:20:11.0317 3080 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:20:11.0333 3080 MRxDAV - ok
18:20:11.0364 3080 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:11.0427 3080 mrxsmb - ok
18:20:11.0442 3080 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:11.0474 3080 mrxsmb10 - ok
18:20:11.0489 3080 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:11.0505 3080 mrxsmb20 - ok
18:20:11.0520 3080 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
18:20:11.0552 3080 msahci - ok
18:20:11.0567 3080 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:20:11.0583 3080 msdsm - ok
18:20:11.0599 3080 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:20:11.0630 3080 MSDTC - ok
18:20:11.0677 3080 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:20:11.0708 3080 Msfs - ok
18:20:11.0771 3080 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:20:11.0787 3080 msisadrv - ok
18:20:11.0818 3080 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:20:11.0850 3080 MSiSCSI - ok
18:20:11.0850 3080 msiserver - ok
18:20:11.0912 3080 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:20:11.0943 3080 MSKSSRV - ok
18:20:11.0975 3080 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:11.0990 3080 MSPCLOCK - ok
18:20:12.0021 3080 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:20:12.0053 3080 MSPQM - ok
18:20:12.0084 3080 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:20:12.0115 3080 MsRPC - ok
18:20:12.0146 3080 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:20:12.0162 3080 mssmbios - ok
18:20:12.0209 3080 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:20:12.0240 3080 MSTEE - ok
18:20:12.0271 3080 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:20:12.0303 3080 Mup - ok
18:20:12.0334 3080 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:20:12.0365 3080 napagent - ok
18:20:12.0412 3080 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:20:12.0428 3080 NativeWifiP - ok
18:20:12.0459 3080 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:20:12.0506 3080 NDIS - ok
18:20:12.0521 3080 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:12.0568 3080 NdisTapi - ok
18:20:12.0600 3080 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:12.0631 3080 Ndisuio - ok
18:20:12.0662 3080 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:12.0693 3080 NdisWan - ok
18:20:12.0725 3080 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:20:12.0756 3080 NDProxy - ok
18:20:12.0788 3080 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:20:12.0804 3080 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:20:12.0804 3080 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:20:12.0835 3080 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:20:12.0866 3080 NetBIOS - ok
18:20:12.0897 3080 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:20:12.0929 3080 netbt - ok
18:20:12.0944 3080 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:20:12.0960 3080 Netlogon - ok
18:20:12.0991 3080 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:20:13.0022 3080 Netman - ok
18:20:13.0054 3080 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:20:13.0085 3080 netprofm - ok
18:20:13.0116 3080 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:20:13.0132 3080 NetTcpPortSharing - ok
18:20:13.0241 3080 [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
18:20:13.0319 3080 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
18:20:13.0319 3080 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
18:20:13.0351 3080 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:20:13.0382 3080 nfrd960 - ok
18:20:13.0413 3080 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:20:13.0444 3080 NlaSvc - ok
18:20:13.0476 3080 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:20:13.0491 3080 Npfs - ok
18:20:13.0522 3080 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:20:13.0554 3080 nsi - ok
18:20:13.0569 3080 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:20:13.0601 3080 nsiproxy - ok
18:20:13.0647 3080 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:20:13.0741 3080 Ntfs - ok
18:20:13.0789 3080 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:20:13.0836 3080 ntrigdigi - ok
18:20:13.0867 3080 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:20:13.0898 3080 Null - ok
18:20:13.0914 3080 [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:20:13.0945 3080 nvraid - ok
18:20:13.0961 3080 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:20:13.0977 3080 nvstor - ok
18:20:14.0008 3080 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:20:14.0023 3080 nv_agp - ok
18:20:14.0023 3080 NwlnkFlt - ok
18:20:14.0039 3080 NwlnkFwd - ok
18:20:14.0070 3080 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:20:14.0086 3080 ohci1394 - ok
18:20:14.0133 3080 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:20:14.0195 3080 p2pimsvc - ok
18:20:14.0227 3080 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:20:14.0242 3080 p2psvc - ok
18:20:14.0273 3080 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:20:14.0320 3080 Parport - ok
18:20:14.0367 3080 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:20:14.0383 3080 partmgr - ok
18:20:14.0398 3080 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:20:14.0445 3080 Parvdm - ok
18:20:14.0477 3080 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:20:14.0492 3080 PcaSvc - ok
18:20:14.0523 3080 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:20:14.0539 3080 pccsmcfd - ok
18:20:14.0570 3080 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:20:14.0586 3080 pci - ok
18:20:14.0617 3080 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
18:20:14.0633 3080 pciide - ok
18:20:14.0664 3080 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:20:14.0695 3080 pcmcia - ok
18:20:14.0727 3080 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:20:14.0857 3080 PEAUTH - ok
18:20:14.0920 3080 [ A937C4E37C0C1003CE5FCA1E5E103FDC ] PID_0920 C:\Windows\system32\DRIVERS\LV532AV.SYS
18:20:14.0935 3080 PID_0920 - ok
18:20:14.0967 3080 [ 03E86718BB5AA2716C7349A854FF6203 ] PID_0928 C:\Windows\system32\DRIVERS\LV561AV.SYS
18:20:14.0998 3080 PID_0928 - ok
18:20:15.0045 3080 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:20:15.0107 3080 pla - ok
18:20:15.0154 3080 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:20:15.0170 3080 PlugPlay - ok
18:20:15.0201 3080 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:20:15.0217 3080 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:20:15.0217 3080 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:20:15.0232 3080 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:20:15.0264 3080 PNRPAutoReg - ok
18:20:15.0279 3080 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:20:15.0310 3080 PNRPsvc - ok
18:20:15.0342 3080 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:20:15.0373 3080 PolicyAgent - ok
18:20:15.0420 3080 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:20:15.0451 3080 PptpMiniport - ok
18:20:15.0467 3080 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:20:15.0514 3080 Processor - ok
18:20:15.0560 3080 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:20:15.0576 3080 ProfSvc - ok
18:20:15.0592 3080 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:20:15.0607 3080 ProtectedStorage - ok
18:20:15.0639 3080 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:20:15.0654 3080 PSched - ok
18:20:15.0701 3080 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:20:15.0764 3080 ql2300 - ok
18:20:15.0810 3080 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:20:15.0827 3080 ql40xx - ok
18:20:15.0874 3080 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:20:15.0905 3080 QWAVE - ok
18:20:15.0936 3080 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:20:15.0952 3080 QWAVEdrv - ok
18:20:16.0015 3080 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:20:16.0046 3080 RapiMgr - ok
18:20:16.0061 3080 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:20:16.0093 3080 RasAcd - ok
18:20:16.0124 3080 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:20:16.0155 3080 RasAuto - ok
18:20:16.0186 3080 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:16.0233 3080 Rasl2tp - ok
18:20:16.0265 3080 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:20:16.0280 3080 RasMan - ok
18:20:16.0311 3080 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:16.0327 3080 RasPppoe - ok
18:20:16.0358 3080 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:20:16.0390 3080 RasSstp - ok
18:20:16.0421 3080 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:20:16.0452 3080 rdbss - ok
18:20:16.0468 3080 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:16.0515 3080 RDPCDD - ok
18:20:16.0546 3080 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:20:16.0608 3080 rdpdr - ok
18:20:16.0624 3080 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:20:16.0686 3080 RDPENCDD - ok
18:20:16.0733 3080 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:20:16.0749 3080 RDPWD - ok
18:20:16.0780 3080 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:20:16.0811 3080 RemoteAccess - ok
18:20:16.0859 3080 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:20:16.0922 3080 RemoteRegistry - ok
18:20:16.0969 3080 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:20:17.0016 3080 RpcLocator - ok
18:20:17.0047 3080 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:20:17.0062 3080 RpcSs - ok
18:20:17.0109 3080 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:20:17.0141 3080 rspndr - ok
18:20:17.0187 3080 [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
18:20:17.0234 3080 RTL8023xp - ok
18:20:17.0250 3080 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:20:17.0266 3080 SamSs - ok
18:20:17.0281 3080 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:20:17.0297 3080 sbp2port - ok
18:20:17.0328 3080 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:20:17.0359 3080 SCardSvr - ok
18:20:17.0406 3080 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:20:17.0422 3080 Schedule - ok
18:20:17.0453 3080 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:20:17.0469 3080 SCPolicySvc - ok
18:20:17.0500 3080 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:20:17.0516 3080 SDRSVC - ok
18:20:17.0531 3080 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:20:17.0578 3080 secdrv - ok
18:20:17.0609 3080 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:20:17.0641 3080 seclogon - ok
18:20:17.0656 3080 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:20:17.0687 3080 SENS - ok
18:20:17.0719 3080 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:20:17.0750 3080 Serenum - ok
18:20:17.0766 3080 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:20:17.0812 3080 Serial - ok
18:20:17.0828 3080 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:20:17.0865 3080 sermouse - ok
18:20:17.0959 3080 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:20:18.0053 3080 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:20:18.0053 3080 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:20:18.0100 3080 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:20:18.0131 3080 SessionEnv - ok
18:20:18.0146 3080 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:20:18.0193 3080 sffdisk - ok
18:20:18.0209 3080 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:20:18.0256 3080 sffp_mmc - ok
18:20:18.0271 3080 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:20:18.0318 3080 sffp_sd - ok
18:20:18.0334 3080 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:20:18.0381 3080 sfloppy - ok
18:20:18.0412 3080 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:20:18.0443 3080 SharedAccess - ok
18:20:18.0475 3080 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:20:18.0490 3080 ShellHWDetection - ok
18:20:18.0521 3080 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:20:18.0537 3080 sisagp - ok
18:20:18.0568 3080 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:20:18.0584 3080 SiSRaid2 - ok
18:20:18.0600 3080 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:20:18.0631 3080 SiSRaid4 - ok
18:20:18.0678 3080 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:20:18.0756 3080 SkypeUpdate - ok
18:20:18.0850 3080 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:20:19.0038 3080 slsvc - ok
18:20:19.0054 3080 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:20:19.0069 3080 SLUINotify - ok
18:20:19.0101 3080 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:20:19.0132 3080 Smb - ok
18:20:19.0163 3080 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:20:19.0179 3080 SNMPTRAP - ok
18:20:19.0226 3080 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:20:19.0288 3080 spldr - ok
18:20:19.0319 3080 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:20:19.0335 3080 Spooler - ok
18:20:19.0382 3080 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:20:19.0429 3080 srv - ok
18:20:19.0476 3080 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:20:19.0538 3080 srv2 - ok
18:20:19.0569 3080 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:20:19.0601 3080 srvnet - ok
18:20:19.0663 3080 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:20:19.0694 3080 SSDPSRV - ok
18:20:19.0772 3080 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:20:19.0835 3080 ssmdrv - ok
18:20:19.0882 3080 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:20:19.0901 3080 SstpSvc - ok
18:20:19.0979 3080 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:20:20.0026 3080 stisvc - ok
18:20:20.0058 3080 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:20:20.0073 3080 swenum - ok
18:20:20.0120 3080 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:20:20.0151 3080 swprv - ok
18:20:20.0183 3080 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:20:20.0198 3080 Symc8xx - ok
18:20:20.0229 3080 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:20:20.0245 3080 Sym_hi - ok
18:20:20.0261 3080 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:20:20.0276 3080 Sym_u3 - ok
18:20:20.0323 3080 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:20:20.0370 3080 SysMain - ok
18:20:20.0417 3080 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:20:20.0433 3080 TabletInputService - ok
18:20:20.0464 3080 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:20:20.0495 3080 TapiSrv - ok
18:20:20.0511 3080 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:20:20.0542 3080 TBS - ok
18:20:20.0604 3080 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:20:20.0636 3080 Tcpip - ok
18:20:20.0667 3080 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:20:20.0698 3080 Tcpip6 - ok
18:20:20.0761 3080 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:20:20.0776 3080 tcpipreg - ok
18:20:20.0808 3080 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:20:20.0839 3080 TDPIPE - ok
18:20:20.0854 3080 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:20:20.0901 3080 TDTCP - ok
18:20:20.0934 3080 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:20:20.0980 3080 tdx - ok
18:20:21.0043 3080 [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
18:20:21.0059 3080 TelekomNM3 - ok
18:20:21.0090 3080 [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
18:20:21.0105 3080 TelevisionFanaticService - ok
18:20:21.0137 3080 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:20:21.0152 3080 TermDD - ok
18:20:21.0168 3080 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:20:21.0199 3080 TermService - ok
18:20:21.0215 3080 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:20:21.0230 3080 Themes - ok
18:20:21.0277 3080 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:20:21.0293 3080 THREADORDER - ok
18:20:21.0371 3080 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:20:21.0387 3080 TomTomHOMEService - ok
18:20:21.0418 3080 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:20:21.0434 3080 TrkWks - ok
18:20:21.0480 3080 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:20:21.0496 3080 TrustedInstaller - ok
18:20:21.0543 3080 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:21.0559 3080 tssecsrv - ok
18:20:21.0590 3080 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:20:21.0605 3080 tunmp - ok
18:20:21.0605 3080 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:20:21.0621 3080 tunnel - ok
18:20:21.0637 3080 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:20:21.0668 3080 uagp35 - ok
18:20:21.0715 3080 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:20:21.0730 3080 udfs - ok
18:20:21.0777 3080 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:20:21.0793 3080 UI0Detect - ok
18:20:21.0824 3080 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:20:21.0840 3080 uliagpkx - ok
18:20:21.0855 3080 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:20:21.0871 3080 uliahci - ok
18:20:21.0887 3080 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:20:21.0902 3080 UlSata - ok
18:20:21.0918 3080 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:20:21.0941 3080 ulsata2 - ok
18:20:21.0973 3080 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:20:22.0004 3080 umbus - ok
18:20:22.0082 3080 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:20:22.0113 3080 upnphost - ok
18:20:22.0129 3080 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:22.0160 3080 usbccgp - ok
18:20:22.0176 3080 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:20:22.0223 3080 usbcir - ok
18:20:22.0285 3080 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:20:22.0301 3080 usbehci - ok
18:20:22.0332 3080 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:20:22.0363 3080 usbhub - ok
18:20:22.0379 3080 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:20:22.0394 3080 usbohci - ok
18:20:22.0426 3080 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:20:22.0457 3080 usbprint - ok
18:20:22.0473 3080 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:20:22.0488 3080 usbscan - ok
18:20:22.0535 3080 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys
18:20:22.0551 3080 usbser - ok
18:20:22.0582 3080 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:20:22.0598 3080 USBSTOR - ok
18:20:22.0629 3080 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:20:22.0676 3080 usbuhci - ok
18:20:22.0691 3080 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:20:22.0723 3080 usb_rndisx - ok
18:20:22.0754 3080 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:20:22.0769 3080 UxSms - ok
18:20:22.0801 3080 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:20:22.0848 3080 vds - ok
18:20:22.0894 3080 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:22.0941 3080 vga - ok
18:20:22.0974 3080 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:20:22.0989 3080 VgaSave - ok
18:20:23.0020 3080 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:20:23.0036 3080 viaagp - ok
18:20:23.0067 3080 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:20:23.0114 3080 ViaC7 - ok
18:20:23.0130 3080 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:20:23.0145 3080 viaide - ok
18:20:23.0161 3080 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:20:23.0161 3080 volmgr - ok
18:20:23.0192 3080 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:20:23.0239 3080 volmgrx - ok
18:20:23.0270 3080 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:20:23.0286 3080 volsnap - ok
18:20:23.0317 3080 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:20:23.0317 3080 vsmraid - ok
18:20:23.0364 3080 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:20:23.0411 3080 VSS - ok
18:20:23.0458 3080 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:20:23.0489 3080 W32Time - ok
18:20:23.0505 3080 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:20:23.0536 3080 WacomPen - ok
18:20:23.0567 3080 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:20:23.0599 3080 Wanarp - ok
18:20:23.0599 3080 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:20:23.0614 3080 Wanarpv6 - ok
18:20:23.0661 3080 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:20:23.0692 3080 WcesComm - ok
18:20:23.0724 3080 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:20:23.0755 3080 wcncsvc - ok
18:20:23.0786 3080 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:20:23.0817 3080 WcsPlugInService - ok
18:20:23.0864 3080 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:20:23.0880 3080 Wd - ok
18:20:23.0927 3080 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:20:23.0977 3080 Wdf01000 - ok
18:20:24.0009 3080 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:20:24.0024 3080 WdiServiceHost - ok
18:20:24.0040 3080 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:20:24.0056 3080 WdiSystemHost - ok
18:20:24.0102 3080 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:20:24.0118 3080 WebClient - ok
18:20:24.0149 3080 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:20:24.0196 3080 Wecsvc - ok
18:20:24.0227 3080 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:20:24.0243 3080 wercplsupport - ok
18:20:24.0274 3080 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:20:24.0290 3080 WerSvc - ok
18:20:24.0337 3080 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:20:24.0352 3080 WinDefend - ok
18:20:24.0368 3080 WinHttpAutoProxySvc - ok
18:20:24.0415 3080 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:20:24.0431 3080 Winmgmt - ok
18:20:24.0493 3080 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:20:24.0540 3080 WinRM - ok
18:20:24.0602 3080 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
18:20:24.0634 3080 winusb - ok
18:20:24.0665 3080 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:20:24.0712 3080 Wlansvc - ok
18:20:24.0743 3080 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:20:24.0790 3080 WmiAcpi - ok
18:20:24.0821 3080 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:20:24.0837 3080 wmiApSrv - ok
18:20:24.0915 3080 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:20:24.0946 3080 WMPNetworkSvc - ok
18:20:24.0994 3080 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:20:25.0010 3080 WPCSvc - ok
18:20:25.0057 3080 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:20:25.0072 3080 WPDBusEnum - ok
18:20:25.0119 3080 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:20:25.0135 3080 WpdUsb - ok
18:20:25.0244 3080 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:25.0275 3080 WPFFontCache_v0400 - ok
18:20:25.0307 3080 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:20:25.0338 3080 ws2ifsl - ok
18:20:25.0369 3080 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:20:25.0400 3080 wscsvc - ok
18:20:25.0400 3080 WSearch - ok
18:20:25.0478 3080 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:20:25.0557 3080 wuauserv - ok
18:20:25.0603 3080 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:20:25.0635 3080 WudfPf - ok
18:20:25.0650 3080 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:25.0666 3080 WUDFRd - ok
18:20:25.0682 3080 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:20:25.0713 3080 wudfsvc - ok
18:20:25.0744 3080 [ 4CAA1637520365C50331B454469DF58C ] [verify-U] C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe
18:20:25.0760 3080 [verify-U] ( UnsignedFile.Multi.Generic ) - warning
18:20:25.0760 3080 [verify-U] - detected UnsignedFile.Multi.Generic (1)
18:20:25.0775 3080 [ A505FF145D2C056BE52BFA7670D09525 ] [verify-U]_System C:\Windows\system32\drivers\[verify-U]-driver.sys
18:20:25.0775 3080 [verify-U]_System ( UnsignedFile.Multi.Generic ) - warning
18:20:25.0775 3080 [verify-U]_System - detected UnsignedFile.Multi.Generic (1)
18:20:25.0791 3080 ================ Scan global ===============================
18:20:25.0822 3080 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:20:25.0853 3080 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:25.0885 3080 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:25.0932 3080 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:20:25.0932 3080 [Global] - ok
18:20:25.0932 3080 ================ Scan MBR ==================================
18:20:25.0932 3080 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:20:26.0401 3080 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:20:26.0401 3080 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:20:26.0401 3080 ================ Scan VBR ==================================
18:20:26.0401 3080 [ 536ADA82F3A816018E5341513AE10B5D ] \Device\Harddisk0\DR0\Partition1
18:20:26.0401 3080 \Device\Harddisk0\DR0\Partition1 - ok
18:20:26.0433 3080 [ 8EF9928CB4A9AAEB46D13909E845F0CD ] \Device\Harddisk0\DR0\Partition2
18:20:26.0433 3080 \Device\Harddisk0\DR0\Partition2 - ok
18:20:26.0464 3080 [ 202C805365DE960547F09DA4D3E61290 ] \Device\Harddisk0\DR0\Partition3
18:20:26.0479 3080 \Device\Harddisk0\DR0\Partition3 - ok
18:20:26.0479 3080 ============================================================
18:20:26.0479 3080 Scan finished
18:20:26.0479 3080 ============================================================
18:20:26.0479 1796 Detected object count: 11
18:20:26.0479 1796 Actual detected object count: 11
18:21:06.0613 1796 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0613 1796 Boonty Games ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796 Boonty Games ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0613 1796 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0613 1796 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0613 1796 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0613 1796 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0629 1796 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0629 1796 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0629 1796 [verify-U] ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796 [verify-U] ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0629 1796 [verify-U]_System ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796 [verify-U]_System ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:06.0629 1796 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:21:06.0629 1796 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
09.01.2013, 18:45
| #9 |
| /// Malware-holic | neuer Postbank-Trojaner hi tdss killer konfigurieren wie eben. erneut scannen, fund: TDSS File System Delete dann neustart, und TDSS Killer wie oben ausführen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 19:10
| #10 |
| | neuer Postbank-Trojaner sollen nach dem Neustart alle nebenbei laufenden Programme wieder geschlossen werden? |
|
09.01.2013, 19:29
| #11 |
| /// Malware-holic | neuer Postbank-Trojaner Ja, kannst du tun.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 19:44
| #12 |
| | neuer Postbank-Trojaner TDSS Log 2 Code:
ATTFilter 19:43:58.0665 5020 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:43:58.0978 5020 ============================================================
19:43:58.0978 5020 Current date / time: 2013/01/09 19:43:58.0978
19:43:58.0978 5020 SystemInfo:
19:43:58.0978 5020
19:43:58.0978 5020 OS Version: 6.0.6002 ServicePack: 2.0
19:43:58.0978 5020 Product type: Workstation
19:43:58.0978 5020 ComputerName: UWE-PC
19:43:58.0978 5020 UserName: Uwe
19:43:58.0978 5020 Windows directory: C:\Windows
19:43:58.0978 5020 System windows directory: C:\Windows
19:43:58.0978 5020 Processor architecture: Intel x86
19:43:58.0978 5020 Number of processors: 2
19:43:58.0978 5020 Page size: 0x1000
19:43:58.0978 5020 Boot type: Normal boot
19:43:58.0978 5020 ============================================================
19:44:03.0529 5020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:44:03.0545 5020 ============================================================
19:44:03.0545 5020 \Device\Harddisk0\DR0:
19:44:03.0545 5020 MBR partitions:
19:44:03.0545 5020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1770000
19:44:03.0545 5020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1C28A800
19:44:03.0545 5020 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DDE3000, BlocksNum 0x764B000
19:44:03.0545 5020 ============================================================
19:44:03.0608 5020 C: <-> \Device\Harddisk0\DR0\Partition2
19:44:03.0654 5020 D: <-> \Device\Harddisk0\DR0\Partition1
19:44:03.0764 5020 E: <-> \Device\Harddisk0\DR0\Partition3
19:44:03.0764 5020 ============================================================
19:44:03.0764 5020 Initialize success
19:44:03.0764 5020 ============================================================
19:44:14.0208 5356 ============================================================
19:44:14.0209 5356 Scan started
19:44:14.0209 5356 Mode: Manual; SigCheck; TDLFS;
19:44:14.0209 5356 ============================================================
19:44:17.0133 5356 ================ Scan system memory ========================
19:44:17.0133 5356 System memory - ok
19:44:17.0133 5356 ================ Scan services =============================
19:44:17.0555 5356 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:44:17.0664 5356 ACPI - ok
19:44:17.0742 5356 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:44:17.0758 5356 AdobeARMservice - ok
19:44:17.0852 5356 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:17.0883 5356 AdobeFlashPlayerUpdateSvc - ok
19:44:17.0945 5356 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:44:17.0977 5356 adp94xx - ok
19:44:17.0992 5356 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:44:18.0008 5356 adpahci - ok
19:44:18.0039 5356 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:44:18.0055 5356 adpu160m - ok
19:44:18.0070 5356 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:44:18.0086 5356 adpu320 - ok
19:44:18.0117 5356 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:44:29.0130 5356 AeLookupSvc - ok
19:44:29.0255 5356 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:44:29.0349 5356 AFD - ok
19:44:29.0380 5356 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:44:29.0396 5356 agp440 - ok
19:44:29.0427 5356 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:44:29.0442 5356 aic78xx - ok
19:44:29.0536 5356 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:44:29.0774 5356 ALG - ok
19:44:29.0790 5356 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
19:44:29.0806 5356 aliide - ok
19:44:29.0837 5356 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:44:29.0853 5356 amdagp - ok
19:44:29.0868 5356 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
19:44:29.0884 5356 amdide - ok
19:44:29.0899 5356 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:44:30.0243 5356 AmdK7 - ok
19:44:30.0290 5356 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:44:30.0368 5356 AmdK8 - ok
19:44:30.0431 5356 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:44:30.0446 5356 AntiVirSchedulerService - ok
19:44:30.0509 5356 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:44:30.0524 5356 AntiVirService - ok
19:44:30.0696 5356 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:44:30.0743 5356 AntiVirWebService - ok
19:44:30.0807 5356 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:44:30.0838 5356 Appinfo - ok
19:44:30.0916 5356 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:30.0947 5356 Apple Mobile Device - ok
19:44:31.0010 5356 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:44:31.0041 5356 arc - ok
19:44:31.0104 5356 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:44:31.0135 5356 arcsas - ok
19:44:31.0166 5356 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:31.0244 5356 AsyncMac - ok
19:44:31.0291 5356 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:44:31.0307 5356 atapi - ok
19:44:31.0416 5356 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:31.0588 5356 AudioEndpointBuilder - ok
19:44:31.0604 5356 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:44:31.0619 5356 Audiosrv - ok
19:44:31.0682 5356 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:44:31.0744 5356 avgntflt - ok
19:44:31.0776 5356 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:44:31.0808 5356 avipbb - ok
19:44:31.0823 5356 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:44:31.0839 5356 avkmgr - ok
19:44:31.0948 5356 [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
19:44:31.0995 5356 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
19:44:31.0995 5356 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
19:44:32.0026 5356 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:44:32.0105 5356 Beep - ok
19:44:32.0245 5356 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:44:32.0370 5356 BFE - ok
19:44:32.0417 5356 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
19:44:32.0480 5356 BITS - ok
19:44:32.0480 5356 blbdrive - ok
19:44:32.0605 5356 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:44:32.0636 5356 Bonjour Service - ok
19:44:32.0714 5356 [ 746A7B624B5047FACEBE35B51AA1FE36 ] Boonty Games C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
19:44:32.0776 5356 Boonty Games ( UnsignedFile.Multi.Generic ) - warning
19:44:32.0776 5356 Boonty Games - detected UnsignedFile.Multi.Generic (1)
19:44:32.0842 5356 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:44:32.0951 5356 bowser - ok
19:44:32.0983 5356 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:44:33.0092 5356 BrFiltLo - ok
19:44:33.0092 5356 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:44:33.0139 5356 BrFiltUp - ok
19:44:33.0186 5356 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:44:33.0279 5356 Browser - ok
19:44:33.0326 5356 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:44:33.0420 5356 Brserid - ok
19:44:33.0436 5356 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:44:33.0514 5356 BrSerWdm - ok
19:44:33.0545 5356 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:44:33.0701 5356 BrUsbMdm - ok
19:44:33.0733 5356 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:44:33.0826 5356 BrUsbSer - ok
19:44:33.0858 5356 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:44:33.0921 5356 BTHMODEM - ok
19:44:33.0968 5356 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:44:33.0999 5356 cdfs - ok
19:44:34.0030 5356 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:44:34.0077 5356 cdrom - ok
19:44:34.0140 5356 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:44:34.0187 5356 CertPropSvc - ok
19:44:34.0218 5356 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:44:34.0280 5356 circlass - ok
19:44:34.0374 5356 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:44:34.0405 5356 CLFS - ok
19:44:34.0515 5356 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:34.0577 5356 clr_optimization_v2.0.50727_32 - ok
19:44:34.0671 5356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:34.0718 5356 clr_optimization_v4.0.30319_32 - ok
19:44:34.0733 5356 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:44:34.0749 5356 cmdide - ok
19:44:34.0780 5356 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:44:34.0796 5356 Compbatt - ok
19:44:34.0796 5356 COMSysApp - ok
19:44:34.0812 5356 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:44:34.0827 5356 crcdisk - ok
19:44:34.0859 5356 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:44:35.0000 5356 Crusoe - ok
19:44:35.0047 5356 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:44:35.0109 5356 CryptSvc - ok
19:44:35.0141 5356 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:44:35.0188 5356 DcomLaunch - ok
19:44:35.0234 5356 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:44:35.0297 5356 DfsC - ok
19:44:35.0438 5356 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:44:35.0625 5356 DFSR - ok
19:44:35.0672 5356 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:44:35.0703 5356 Dhcp - ok
19:44:35.0750 5356 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:44:35.0797 5356 disk - ok
19:44:35.0844 5356 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:44:35.0892 5356 Dnscache - ok
19:44:35.0939 5356 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:44:35.0954 5356 dot3svc - ok
19:44:35.0985 5356 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:44:36.0048 5356 Dot4 - ok
19:44:36.0064 5356 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:44:36.0095 5356 Dot4Print - ok
19:44:36.0126 5356 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:44:36.0173 5356 dot4usb - ok
19:44:36.0220 5356 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:44:36.0282 5356 DPS - ok
19:44:36.0329 5356 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:44:36.0376 5356 drmkaud - ok
19:44:36.0517 5356 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:44:36.0579 5356 DXGKrnl - ok
19:44:36.0610 5356 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:44:36.0673 5356 E1G60 - ok
19:44:36.0720 5356 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:44:36.0767 5356 EapHost - ok
19:44:36.0829 5356 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:44:36.0845 5356 Ecache - ok
19:44:36.0940 5356 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:44:37.0002 5356 ehRecvr - ok
19:44:37.0033 5356 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:44:37.0080 5356 ehSched - ok
19:44:37.0111 5356 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:44:37.0127 5356 ehstart - ok
19:44:37.0174 5356 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:44:37.0190 5356 elxstor - ok
19:44:37.0268 5356 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:44:37.0346 5356 EMDMgmt - ok
19:44:37.0424 5356 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:44:37.0471 5356 EventSystem - ok
19:44:37.0518 5356 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
19:44:37.0565 5356 ewusbnet - ok
19:44:37.0611 5356 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:44:37.0643 5356 exfat - ok
19:44:37.0674 5356 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:44:37.0705 5356 fastfat - ok
19:44:37.0736 5356 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:44:37.0783 5356 fdc - ok
19:44:37.0830 5356 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:44:37.0925 5356 fdPHost - ok
19:44:37.0972 5356 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:44:38.0066 5356 FDResPub - ok
19:44:38.0159 5356 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:44:38.0253 5356 FileInfo - ok
19:44:38.0300 5356 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:44:38.0425 5356 Filetrace - ok
19:44:38.0472 5356 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:38.0519 5356 flpydisk - ok
19:44:38.0612 5356 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:44:38.0659 5356 FltMgr - ok
19:44:38.0816 5356 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:44:38.0926 5356 FontCache - ok
19:44:38.0973 5356 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:44:38.0988 5356 FontCache3.0.0.0 - ok
19:44:39.0035 5356 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:44:39.0176 5356 Fs_Rec - ok
19:44:39.0223 5356 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
19:44:39.0254 5356 FWLANUSB - ok
19:44:39.0285 5356 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:44:39.0301 5356 gagp30kx - ok
19:44:39.0348 5356 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:39.0348 5356 GEARAspiWDM - ok
19:44:39.0520 5356 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:44:39.0598 5356 gpsvc - ok
19:44:39.0645 5356 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:39.0691 5356 HdAudAddService - ok
19:44:39.0848 5356 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:39.0926 5356 HDAudBus - ok
19:44:39.0958 5356 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:44:40.0036 5356 HidBth - ok
19:44:40.0067 5356 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:44:40.0130 5356 HidIr - ok
19:44:40.0177 5356 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
19:44:40.0208 5356 hidserv - ok
19:44:40.0239 5356 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:44:40.0271 5356 HidUsb - ok
19:44:40.0302 5356 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:44:40.0349 5356 hkmsvc - ok
19:44:40.0380 5356 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:44:40.0396 5356 HpCISSs - ok
19:44:40.0536 5356 [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:44:40.0583 5356 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:44:40.0583 5356 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:44:40.0614 5356 [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:44:40.0630 5356 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:44:40.0630 5356 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:44:40.0661 5356 HTCAND32 - ok
19:44:40.0692 5356 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:44:40.0771 5356 HTTP - ok
19:44:40.0802 5356 [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:44:40.0833 5356 hwdatacard - ok
19:44:40.0880 5356 [ 089085538885367E281686762A973EB5 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
19:44:40.0911 5356 hwusbfake - ok
19:44:40.0945 5356 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:44:40.0980 5356 i2omp - ok
19:44:41.0026 5356 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:41.0058 5356 i8042prt - ok
19:44:41.0089 5356 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:44:41.0105 5356 iaStorV - ok
19:44:41.0167 5356 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:44:41.0261 5356 idsvc - ok
19:44:41.0308 5356 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:44:41.0323 5356 iirsp - ok
19:44:41.0370 5356 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:44:41.0433 5356 IKEEXT - ok
19:44:41.0464 5356 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
19:44:41.0480 5356 intelide - ok
19:44:41.0511 5356 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:44:41.0573 5356 intelppm - ok
19:44:41.0620 5356 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:44:41.0667 5356 IPBusEnum - ok
19:44:41.0698 5356 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:41.0745 5356 IpFilterDriver - ok
19:44:41.0776 5356 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:44:41.0823 5356 iphlpsvc - ok
19:44:41.0839 5356 IpInIp - ok
19:44:41.0855 5356 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:44:41.0933 5356 IPMIDRV - ok
19:44:41.0964 5356 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:44:42.0028 5356 IPNAT - ok
19:44:42.0091 5356 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:44:42.0107 5356 iPod Service56 SNMPTRAP - ok
19:44:56.0993 5356 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:44:57.0009 5356 spldr - ok
19:44:57.0056 5356 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:44:57.0103 5356 Spooler - ok
19:44:57.0165 5356 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:44:57.0228 5356 srv - ok
19:44:57.0307 5356 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:44:57.0385 5356 srv2 - ok
19:44:57.0416 5356 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:44:57.0479 5356 srvnet - ok
19:44:57.0510 5356 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:44:57.0541 5356 SSDPSRV - ok
19:44:57.0619 5356 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:44:57.0650 5356 ssmdrv - ok
19:44:57.0697 5356 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:44:57.0713 5356 SstpSvc - ok
19:44:57.0807 5356 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:44:57.0963 5356 stisvc - ok
19:44:57.0979 5356 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:44:57.0994 5356 swenum - ok
19:44:58.0104 5356 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:44:58.0182 5356 swprv - ok
19:44:58.0197 5356 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:44:58.0213 5356 Symc8xx - ok
19:44:58.0213 5356 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:44:58.0229 5356 Sym_hi - ok
19:44:58.0244 5356 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:44:58.0260 5356 Sym_u3 - ok
19:44:58.0403 5356 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:44:58.0497 5356 SysMain - ok
19:44:58.0513 5356 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:58.0575 5356 TabletInputService - ok
19:44:58.0607 5356 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:44:58.0622 5356 TapiSrv - ok
19:44:58.0669 5356 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:44:58.0778 5356 TBS - ok
19:44:58.0857 5356 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:44:58.0919 5356 Tcpip - ok
19:44:59.0169 5356 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:44:59.0263 5356 Tcpip6 - ok
19:44:59.0423 5356 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:44:59.0485 5356 tcpipreg - ok
19:44:59.0579 5356 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:45:00.0549 5356 TDPIPE - ok
19:45:00.0580 5356 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:45:00.0690 5356 TDTCP - ok
19:45:00.0736 5356 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:45:00.0815 5356 tdx - ok
19:45:00.0893 5356 [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
19:45:00.0908 5356 TelekomNM3 - ok
19:45:01.0049 5356 [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
19:45:01.0065 5356 TelevisionFanaticService - ok
19:45:01.0111 5356 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:45:01.0127 5356 TermDD - ok
19:45:01.0205 5356 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:45:01.0397 5356 TermService - ok
19:45:01.0443 5356 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:45:01.0459 5356 Themes - ok
19:45:01.0475 5356 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:45:01.0490 5356 THREADORDER - ok
19:45:01.0631 5356 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
19:45:01.0647 5356 TomTomHOMEService - ok
19:45:01.0678 5356 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:45:01.0725 5356 TrkWks - ok
19:45:01.0756 5356 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:45:01.0803 5356 TrustedInstaller - ok
19:45:01.0881 5356 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:01.0943 5356 tssecsrv - ok
19:45:01.0990 5356 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:45:02.0022 5356 tunmp - ok
19:45:02.0037 5356 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:45:02.0068 5356 tunnel - ok
19:45:02.0084 5356 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:45:02.0100 5356 uagp35 - ok
19:45:02.0131 5356 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:45:02.0162 5356 udfs - ok
19:45:02.0193 5356 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:45:02.0256 5356 UI0Detect - ok
19:45:02.0287 5356 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:45:02.0318 5356 uliagpkx - ok
19:45:02.0366 5356 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:45:02.0413 5356 uliahci - ok
19:45:02.0413 5356 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:45:02.0444 5356 UlSata - ok
19:45:02.0460 5356 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:45:02.0476 5356 ulsata2 - ok
19:45:02.0538 5356 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:45:02.0569 5356 umbus - ok
19:45:02.0632 5356 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:45:02.0679 5356 upnphost - ok
19:45:02.0710 5356 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:02.0757 5356 usbccgp - ok
19:45:02.0788 5356 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:45:02.0851 5356 usbcir - ok
19:45:02.0882 5356 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:45:02.0913 5356 usbehci - ok
19:45:02.0944 5356 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:45:02.0976 5356 usbhub - ok
19:45:03.0007 5356 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:45:03.0054 5356 usbohci - ok
19:45:03.0085 5356 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:45:03.0116 5356 usbprint - ok
19:45:03.0148 5356 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:45:03.0179 5356 usbscan - ok
19:45:03.0210 5356 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys
19:45:03.0226 5356 usbser - ok
19:45:03.0257 5356 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:03.0319 5356 USBSTOR - ok
19:45:03.0351 5356 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:45:03.0414 5356 usbuhci - ok
19:45:03.0461 5356 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:45:03.0492 5356 usb_rndisx - ok
19:45:03.0539 5356 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:45:03.0555 5356 UxSms - ok
19:45:03.0602 5356 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:45:03.0680 5356 vds - ok
19:45:03.0711 5356 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:03.0758 5356 vga - ok
19:45:03.0820 5356 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:45:03.0899 5356 VgaSave - ok
19:45:03.0930 5356 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:45:03.0945 5356 viaagp - ok
19:45:03.0977 5356 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:45:04.0024 5356 ViaC7 - ok
19:45:04.0055 5356 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
19:45:04.0070 5356 viaide - ok
19:45:04.0102 5356 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:45:04.0117 5356 volmgr - ok
19:45:04.0164 5356 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:45:04.0195 5356 volmgrx - ok
19:45:04.0242 5356 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:45:04.0274 5356 volsnap - ok
19:45:04.0289 5356 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:45:04.0320 5356 vsmraid - ok
19:45:04.0352 5356 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:45:04.0493 5356 VSS - ok
19:45:04.0540 5356 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:45:04.0603 5356 W32Time - ok
19:45:04.0618 5356 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:45:04.0696 5356 WacomPen - ok
19:45:04.0743 5356 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:45:04.0806 5356 Wanarp - ok
19:45:04.0806 5356 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:45:04.0837 5356 Wanarpv6 - ok
19:45:04.0931 5356 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
19:45:04.0962 5356 WcesComm - ok
19:45:05.0009 5356 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:45:05.0118 5356 wcncsvc - ok
19:45:05.0165 5356 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:45:05.0243 5356 WcsPlugInService - ok
19:45:05.0321 5356 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:45:05.0353 5356 Wd - ok
19:45:05.0432 5356 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:45:05.0494 5356 Wdf01000 - ok
19:45:05.0572 5356 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:45:05.0604 5356 WdiServiceHost - ok
19:45:05.0635 5356 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:45:05.0650 5356 WdiSystemHost - ok
19:45:05.0682 5356 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:45:05.0744 5356 WebClient - ok
19:45:05.0791 5356 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:45:05.0854 5356 Wecsvc - ok
19:45:05.0885 5356 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:45:05.0900 5356 wercplsupport - ok
19:45:05.0947 5356 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:45:05.0979 5356 WerSvc - ok
19:45:06.0088 5356 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:45:06.0135 5356 WinDefend - ok
19:45:06.0135 5356 WinHttpAutoProxySvc - ok
19:45:06.0213 5356 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:45:06.0244 5356 Winmgmt - ok
19:45:06.0338 5356 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:45:06.0433 5356 WinRM - ok
19:45:06.0542 5356 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
19:45:06.0573 5356 winusb - ok
19:45:06.0667 5356 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:45:06.0776 5356 Wlansvc - ok
19:45:06.0808 5356 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:45:06.0855 5356 WmiAcpi - ok
19:45:06.0917 5356 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:45:06.0948 5356 wmiApSrv - ok
19:45:07.0026 5356 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:45:07.0089 5356 WMPNetworkSvc - ok
19:45:07.0151 5356 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:45:07.0214 5356 WPCSvc - ok
19:45:07.0276 5356 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:45:07.0339 5356 WPDBusEnum - ok
19:45:07.0434 5356 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:45:07.0449 5356 WpdUsb - ok
19:45:07.0746 5356 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:45:07.0824 5356 WPFFontCache_v0400 - ok
19:45:07.0856 5356 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:45:07.0902 5356 ws2ifsl - ok
19:45:07.0949 5356 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
19:45:07.0981 5356 wscsvc - ok
19:45:07.0996 5356 WSearch - ok
19:45:08.0199 5356 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:45:08.0356 5356 wuauserv - ok
19:45:08.0418 5356 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:45:08.0591 5356 WudfPf - ok
19:45:08.0622 5356 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:08.0653 5356 WUDFRd - ok
19:45:08.0716 5356 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:45:08.0794 5356 wudfsvc - ok
19:45:08.0825 5356 [ 4CAA1637520365C50331B454469DF58C ] [verify-U] C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe
19:45:08.0857 5356 [verify-U] ( UnsignedFile.Multi.Generic ) - warning
19:45:08.0857 5356 [verify-U] - detected UnsignedFile.Multi.Generic (1)
19:45:08.0888 5356 [ A505FF145D2C056BE52BFA7670D09525 ] [verify-U]_System C:\Windows\system32\drivers\[verify-U]-driver.sys
19:45:08.0903 5356 [verify-U]_System ( UnsignedFile.Multi.Generic ) - warning
19:45:08.0903 5356 [verify-U]_System - detected UnsignedFile.Multi.Generic (1)
19:45:08.0919 5356 ================ Scan global ===============================
19:45:08.0950 5356 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:45:09.0028 5356 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:45:09.0060 5356 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:45:09.0169 5356 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:45:09.0169 5356 [Global] - ok
19:45:09.0169 5356 ================ Scan MBR ==================================
19:45:09.0216 5356 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:45:10.0827 5356 \Device\Harddisk0\DR0 - ok
19:45:10.0827 5356 ================ Scan VBR ==================================
19:45:10.0874 5356 [ 536ADA82F3A816018E5341513AE10B5D ] \Device\Harddisk0\DR0\Partition1
19:45:10.0874 5356 \Device\Harddisk0\DR0\Partition1 - ok
19:45:10.0890 5356 [ 8EF9928CB4A9AAEB46D13909E845F0CD ] \Device\Harddisk0\DR0\Partition2
19:45:10.0890 5356 \Device\Harddisk0\DR0\Partition2 - ok
19:45:10.0905 5356 [ 202C805365DE960547F09DA4D3E61290 ] \Device\Harddisk0\DR0\Partition3
19:45:10.0905 5356 \Device\Harddisk0\DR0\Partition3 - ok
19:45:10.0905 5356 ============================================================
19:45:10.0905 5356 Scan finished
19:45:10.0905 5356 ============================================================
19:45:10.0921 5348 Detected object count: 10
19:45:10.0921 5348 Actual detected object count: 10
19:45:23.0539 5348 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0539 5348 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 Boonty Games ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 Boonty Games ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 [verify-U] ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 [verify-U] ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:45:23.0555 5348 [verify-U]_System ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348 [verify-U]_System ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.01.2013, 19:55
| #13 |
| /// Malware-holic | neuer Postbank-Trojaner Hi wird dieses Syste für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem verwendet?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 19:57
| #14 |
| | neuer Postbank-Trojaner ja wird es. ist der hauptrechner meiner eltern. |
|
09.01.2013, 19:57
| #15 |
| /// Malware-holic | neuer Postbank-Trojaner Ok bank anrufen, Onlinebanking wegen zero access rootkit sperren lassen, notfall nummer: 116 116 da wir nicht garantieren können, dass wir das Stück sauber bekommen, das aber nötig ist fürs banking: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu neuer Postbank-Trojaner |
| adware, ausspioniert, browser, desktop, festplatte, firefox, home, infizierte, internet, log, malware, microsoft, modul, postbank, programm, prozesse, registry, services.exe, svchost.exe, trojaner, vista, warnung, windows, winlogon.exe, wlan, wmp |
Linear-Darstellung
