| |
| |||||||
Log-Analyse und Auswertung: Passwörter wurden ausspioniertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2013, 12:43
| #1 |
 |  Passwörter wurden ausspioniert Hallo erst mal zusammen, war zum letzten Mal am 30.09.2010 hier bei euch im Bord, nun hat es das Notebook der Frau erwischt, aber zuerst mal die Fakten: Was ist sehr wahrscheinlich passiert: - E-Mail Anhang geöffnet  Was viel auf: - Pc hing zeitweise oder wurde langsam - T-Online sendete per Mail "das Konto wurde gehackt" und E-Mail Account gesperrt Was ich bisher gemacht habe: - Notebook sofort aus dem Netz genommen - Diverse Software z.B. nicht genutzte deinstalliert - System mit Antivir, Kaspersky, G-Data und Spybot überprüft und gereinigt - Auffällige Ports geprüft und gegoogelt (dafür war der Rechner kurz im Netz) - Java aktualisiert (dafür war der Rechner kurz im Netz) - Neue Zugangsdaten T-Online im Router hinterlegt - ALLE Passwörter für Onlineanwendungen und Lokale Anwendungen geändert (jetzt jede Anwendung ein anders Passwort) - Benutzerkonto eingerichtet (keine Admin Rechte) - HiJack- File erstellt So, ich brauche nun nochmal Hilfe von euch bei dieser HiJackFile, ist das soweit ok? Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:32, on 04.02.2013 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe F:\XXXX Virensuche\Programme\HiJackThis\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.bing.com/search?q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://xxx.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.bing.com/search?q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing) O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O15 - ESC Trusted Zone: h**p://*.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Acronis Nonstop Backup-Dienst (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- End of file - 9655 bytes |
|
04.02.2013, 13:59
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Passwörter wurden ausspioniert Hallo,
__________________ Lesestoff:Bitte keine Hijackthis-Logfiles posten!!! Zitat:
__________________ |
|
04.02.2013, 16:21
| #3 |
| | Passwörter wurden ausspioniert Hallo noch mal zusammen,
__________________war zum letzten Mal am 30.09.2010 hier bei euch im Bord, nun hat es das Notebook der Frau erwischt, aber zuerst mal die Fakten: Was ist sehr wahrscheinlich passiert: - E-Mail Anhang geöffnet Was viel auf: - Pc hing zeitweise oder wurde langsam - T-Online sendete per Mail "das Konto wurde gehackt" und E-Mail Account gesperrt Was ich bisher gemacht habe: - Notebook sofort aus dem Netz genommen - Diverse Software z.B. nicht genutzte deinstalliert - System mit Antivir, Kaspersky, G-Data und Spybot überprüft und gereinigt - Auffällige Ports geprüft und gegoogelt (dafür war der Rechner kurz im Netz) - Java aktualisiert (dafür war der Rechner kurz im Netz) - Neue Zugangsdaten T-Online im Router hinterlegt - ALLE Passwörter für Onlineanwendungen und Lokale Anwendungen geändert (jetzt jede Anwendung ein anders Passwort) - Benutzerkonto eingerichtet (keine Admin Rechte) was kann ich tun? |
|
04.02.2013, 16:24
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Warum postest du den Text nochmal? Hinweise hab ich dir eben gepostet. Nicht gelesen? Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.02.2013, 17:56
| #5 |
| | Passwörter wurden ausspioniert ...doch, schon ... was war denn falsch? habe es so verstanden, dass ich erst mal hier schreiben soll was das problem ist und nicht gleich irgendeine selbstdiagnose oder sogar eine file. deshalb habe ich der ordnung wegen nochmal von vorne begonnen. also, was soll ich denn nun genau hier machen? |
|
04.02.2013, 21:10
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Stand doch im geposteten Lesestoff, Hinweis, dass HijackThis unbrauchbar ist und was du stattdessen lesen und umsetzen solltest, nochmal das wiederholen was sowieso im ersten Posting steht ist da ein wenig sinnfrei, naja... Außerdem solltest du alle Logs von den Virenscannern nachreichen, hast du das auch nicht gelesen? Also bitte reiche sie im nächsten Posting nach. Zudem das hier bitte beachten und umsetzen: Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ --> Passwörter wurden ausspioniert |
|
12.02.2013, 13:07
| #7 |
| | Passwörter wurden ausspioniert Hallo cosinus, sollen wir hier weitermachen? Gruß dante |
|
12.02.2013, 14:28
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Ja dann fang doch mal langsam an. Ansonsten einfach mal posten was du jetzt willst, ich kann nicht in dein Kopf sehen 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2013, 09:34
| #9 |
| | Passwörter wurden ausspioniert ... bevor du mir in den Kopf schaust fange ich einfach mal langsam an  Ergebnis OTL: Code:
ATTFilter OTL logfile created on: 13.02.2013 09:14:36 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop\12.02.2013_23Uhr Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,37% Memory free 5,99 Gb Paging File | 4,64 Gb Available in Paging File | 77,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,24 Gb Total Space | 23,25 Gb Free Space | 19,50% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\12.02.2013_23Uhr\OTL.exe (OldTimer Tools) PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL File not found SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (GDScan) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (SGDrv) -- C:\Windows\System32\drivers\SGDrv.sys (Phoenix Technologies Ltd.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (RTL8192cu) -- C:\Windows\System32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sparkasse-donnersberg.d [Binary data over 200 bytes] IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 5F 40 57 B1 66 CD 01 [binary data] IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes,DefaultScope = {D9980A29-828C-40F1-BB67-33A377943064} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{6D5CDEFB-E9D5-43B6-AD82-AB49A83BA510}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=57B18066-1B7A-4F7F-8EBC-00009A96EF15&apn_sauid=AF125CFB-62D1-4F8C-AF52-4F337E37220A IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{D9980A29-828C-40F1-BB67-33A377943064}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz= IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/|hxxp://www.sparkasse-donnersberg.de/|hxxp://www.amazon.de/|hxxp://www.google.de/|hxxp://www.androidpit.de/|hxxp://www.youtube.com/|hxxp://www.otto.de/|hxxp://www.chefkoch.de/" FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=57B18066-1B7A-4F7F-8EBC-00009A96EF15&apn_ptnrs=U3&apn_sauid=AF125CFB-62D1-4F8C-AF52-4F337E37220A&apn_dtid=OSJ000YYDE&&q=" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.18 19:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.01.04 15:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\5wwtk2d4.default\extensions [2012.10.29 15:58:36 | 000,002,308 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\5wwtk2d4.default\searchplugins\askcom.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Browser Companion Helper = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kolgnaidildmdbfgdnoapjdianbpajne\1.0.5_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8237144-1CFB-47A0-9C7F-0F988FA1A754}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d27b381d-45f9-11e2-a2bd-0002721a8cb0}\Shell - "" = AutoRun O33 - MountPoints2\{d27b381d-45f9-11e2-a2bd-0002721a8cb0}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 09:15:36 | 000,000,000 | ---D | C] -- C:\b731505b1df3d393d1f735520c30ed00 [2013.02.13 09:00:41 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\12.02.2013_23Uhr [2013.02.09 20:52:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.02.09 20:38:03 | 000,015,600 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2013.02.09 20:35:47 | 000,030,416 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2013.02.09 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Secunia PSI [2013.02.09 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013.02.02 12:51:13 | 000,011,240 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.de.dll [2013.02.02 12:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013 [2013.02.02 12:35:44 | 000,051,616 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2013.02.02 12:32:55 | 000,050,080 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2013.02.02 12:32:11 | 000,093,600 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2013.02.02 12:31:57 | 000,042,016 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2013.02.02 12:31:41 | 000,054,256 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\G Data [2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data [2013.02.02 12:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.02.02 12:20:58 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.02.02 12:20:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.02 12:19:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.02 12:19:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.02 12:19:42 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.01.27 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{419F525A-09C7-471E-8544-D28A9446676E} [2013.01.26 21:15:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\HpUpdate [2013.01.26 21:15:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2013.01.26 20:40:04 | 000,000,000 | R--D | C] -- C:\Backup [2013.01.26 20:36:43 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2013.01.26 20:36:43 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013.01.26 20:36:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2013.01.26 20:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.01.26 20:03:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{333BE956-A077-4F27-A6FD-0A16C79D1BF6} [2013.01.26 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013.01.26 18:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.26 17:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.26 17:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.01.26 17:59:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2013.01.26 17:36:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{469B57C5-0D55-47D2-A6C6-20C478E322E9} [2013.01.25 12:31:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{BE7D14CE-59E9-438B-8D66-85DFBF2DA942} [2013.01.24 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{58A625A3-68DA-4BDD-B82E-E3F6385458FF} [2013.01.24 21:24:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Diagnostics [2013.01.24 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0E6DC8BD-DF5F-49B8-86D8-B626F4383D2A} [2013.01.24 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Virensuche [2013.01.24 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E22891F8-ACF9-4A98-AC48-F1570939BD8B} [2013.01.23 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4B80E70B-7FF9-448A-BD60-1045499006CC} [2013.01.22 08:50:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0775A2A8-620D-4D5D-8D87-6A27DEF2FBCB} [2013.01.21 13:12:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7F1A629B-1309-418A-93BF-552B804841AE} [2013.01.19 11:07:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{275B37AF-DDBA-4D0F-B6F7-F5A94DCFBC28} [2013.01.18 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{354B22C8-203F-4509-BDD8-964C00C1AE12} [2013.01.18 10:44:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DB236B57-7AE0-48C7-94BA-5F25569ECB4F} [2013.01.17 22:43:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7239AA8A-5AB0-432F-856A-1D47ED58623F} [2013.01.17 10:43:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{30E94A3C-73B2-4246-9176-6716628620A3} [2013.01.16 15:35:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{12BDB702-C24E-421F-8365-41937C862C49} [2013.01.15 12:35:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{EA92736F-F75E-4487-B381-819814249AAA} [2013.01.15 00:35:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F9ED22E5-3E48-45DC-B50F-EADA86EA3853} [2013.01.14 12:34:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9ABFDBD8-5571-4989-A472-9196E38F1B48} ========== Files - Modified Within 30 Days ========== [2013.02.13 09:17:58 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.13 09:17:58 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.13 09:17:58 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.13 09:17:58 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.13 09:06:53 | 000,978,154 | ---- | M] () -- C:\Windows\System32\sig.bin [2013.02.13 09:06:53 | 000,052,028 | ---- | M] () -- C:\Windows\System32\nmp.map [2013.02.13 09:06:22 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 09:06:22 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 08:59:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.13 08:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.13 08:59:04 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 23:48:36 | 000,001,203 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.02.10 15:50:18 | 000,000,680 | RHS- | M] () -- C:\Users\*****\ntuser.pol [2013.02.10 15:45:20 | 000,297,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.09 20:38:03 | 000,015,600 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2013.02.09 20:35:47 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2013.02.09 20:32:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.02 12:53:23 | 000,051,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2013.02.02 12:51:37 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2013.02.02 12:51:19 | 000,093,600 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2013.02.02 12:51:19 | 000,042,016 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2013.02.02 12:51:13 | 000,054,256 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2013.02.02 12:19:06 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.02 12:19:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.02 12:19:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.02 12:19:05 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.02 12:19:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.02 12:19:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.01.26 20:40:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2013.01.26 20:11:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.01.17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2013.02.12 23:48:36 | 000,001,203 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.02.10 15:48:30 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol [2013.02.09 20:31:55 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.02.04 09:07:59 | 000,978,154 | ---- | C] () -- C:\Windows\System32\sig.bin [2013.02.04 09:07:59 | 000,052,028 | ---- | C] () -- C:\Windows\System32\nmp.map [2013.02.02 12:21:03 | 000,002,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.26 20:40:07 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2013.01.01 15:25:54 | 000,235,153 | ---- | C] () -- C:\Windows\hpoins21.dat.temp [2013.01.01 15:25:54 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.05.27 13:29:09 | 000,008,192 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.17 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.05.17 18:09:11 | 000,000,412 | ---- | C] () -- C:\Users\*****\AppData\Roaming\All CPU Meter_Settings.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.02.2013 09:14:36 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop\12.02.2013_23Uhr
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,37% Memory free
5,99 Gb Paging File | 4,64 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,24 Gb Total Space | 23,25 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A84420F-B04C-4087-A047-27D00A8A9764}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11F0EA6F-9778-4460-B578-8FBFF8B7E234}" = lport=10243 | protocol=6 | dir=in | app=system |
"{137D6561-0BB8-4158-BA2A-48202B5F14BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B452893-888A-4E9C-9BA7-2D8D6C89433F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2B3BFC16-722B-4F67-AC6A-71A8F8FF205A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3BBEFB7D-363B-4BDA-9C3C-16E4AC4377EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52410FC5-69F3-4958-8AB5-58ED285A7130}" = rport=137 | protocol=17 | dir=out | app=system |
"{56A007D6-1B31-4FD2-8EE6-E1856981F27A}" = rport=138 | protocol=17 | dir=out | app=system |
"{600DC1FE-2FCF-4B12-BD7A-9D73B9EE06D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60320153-7FB4-43B6-BA0C-747C36C91CB6}" = rport=445 | protocol=6 | dir=out | app=system |
"{6B74E9B7-B0F5-4966-80B3-DDDFF2702C9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FA232FD-09A1-4441-8B36-7DBDE80AAF83}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7821DC69-AF78-434F-910C-3F147A7D408A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A56CB1D-DF8D-44F4-B808-A46C8450A4ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7E86921C-109F-4421-BC0B-5E78A488F807}" = lport=137 | protocol=17 | dir=in | app=system |
"{9CC84DC0-A7ED-4FAC-B19E-86BD003D5BAE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A22D4EE3-661F-4F95-A555-1CBB9B36DB73}" = lport=138 | protocol=17 | dir=in | app=system |
"{A56F50FF-1DC8-4093-BBB4-95D943FA5648}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE19FE74-F3C4-491C-8915-6C939306279E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B63981ED-7765-463E-9CD7-D868F2BDE1E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2E5FC89-2CD6-4F3E-988B-0A6AD927DF73}" = rport=139 | protocol=6 | dir=out | app=system |
"{D1D91DB5-41D9-444A-8B56-D4E386AAA6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E063D58E-A535-4657-AA2C-D876227DBFB9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E726C57E-2A7B-448D-95D3-A1B5046AF0C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE4BB067-0018-4F47-8F3C-ADB03920A0B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF2BADAB-3098-4FF6-BC86-B2AF867D3BBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE2EF37-1C59-4DDD-B09C-A21EE7235751}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{108FF9AB-6524-45DF-8E8C-A7F82DFC2461}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{142C24BB-FADF-4E49-9EDA-4EDB0E7E96BC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{1A0B6CEB-1ECB-43C3-B277-831C288BA366}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{2030B3E7-1920-44E0-810E-83EBC21602C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{26D809E2-DA29-457A-A3AC-1E120C83E470}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{29932379-7596-4EF6-AC50-80C70A4916AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36D9C0CF-FFEA-4E00-A7A0-AD59B0561585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A910840-2A13-46CB-B63A-1041B8C7BF7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{3AFC0E9A-9246-4413-BC19-33D30BA6F5B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3BED2BF4-DC6A-4572-BC5C-DA10A5E5C08C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{413FE9F2-F6C6-40C1-AA7A-C08E5965CF8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4210D9D6-7929-4285-8301-E43E81156DB6}" = dir=in | app=c:\users\*****\appdata\local\temp\7zs09d9\setup\hpznui01.exe |
"{4235E927-C2AA-46D5-914F-EFB132216FA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{49644D6A-1329-4046-A6D5-78B592538738}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{50903C2D-0D5F-45CA-AB1E-37F098713F05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{5316E9B3-67BE-42B0-8751-0634653FFF72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{537BFE40-B67A-4D25-A320-F2F8337D99DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{568A4EF4-C2BA-4BB3-BB78-E780738A59EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{5ACFB9A6-BEC4-4C69-8A93-C690D270F665}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5C6007A2-AD45-40D6-9D94-D8EA5895ED18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{604C6807-CA45-4ABF-9577-E64FA1E080D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{635CC938-D1BB-4682-B116-F24FF387B304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6C90B9E2-23C3-4C0B-9082-F77F82EBEE52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{700D8122-422B-4077-A77E-D167A0FF23CB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{715BB109-54FB-44A4-85C5-C6B083819F0F}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{717F60AD-2B64-45AB-BB60-3499DD53253C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7629CF9C-522B-46D0-96DF-59DB5F262987}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7BF2B8E6-945C-4323-8CB3-9493A19645EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{7D1B6132-E5C3-47C1-BA8B-64BD04ADF852}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{8659745D-90D5-433A-8EFE-0579BC58B3B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B03BABE-36C1-4304-A7C2-CA9BB9700B41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{946A9EED-BE68-4D4C-A684-BA8B7A3A7FA6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{94D83CFD-9156-4F4C-A58F-4E37DBF98197}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{956B1363-7367-44F9-A06B-9B816241F611}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{97F6D864-4F68-4A6D-8318-6036938DA508}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4ECFCAF-C924-4F87-9D15-985F5212BD78}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B8124FCC-11D3-46AF-BAAE-68F9BFB4A7AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BA773D34-4FE4-488E-B4F6-ED744B4E290C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{BD1A4A52-4A3F-4CD0-98CB-56E6B8E1C819}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{BF0416CC-F8C9-40C0-BD6D-4BD97E564BEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C044AF74-34CE-4A39-9492-44498A116EA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C261FAD8-AD18-47F1-8573-6C47700F7D36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5B23440-7CE9-4DB5-8B1A-D089453F9CD4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{C6E27D6F-938E-4566-BB58-BB5CBB9CB0A7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{CE0EC241-56B3-4094-9BBE-E8208B8D7AFB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D7870A47-3499-42B6-ABBD-EBB675E42448}" = protocol=6 | dir=out | app=system |
"{D9D563F8-5EBF-495D-8C53-DCDBF4E9F3C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E01CB880-89DA-4DFB-8EFD-1A46680854C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{EDD9C10D-32A3-408D-B4AC-544FE3789867}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"TCP Query User{068893AA-65A6-439F-8E90-28256D7F7B30}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{1A45C8D5-14F1-4A19-A416-7DE613177E76}C:\program files\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files\amazon\utilities\amazon music importer\amazon music importer.exe |
"TCP Query User{543A16C7-F6EB-4EB7-960D-48D23ED01E59}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{A955192C-C0D3-4BAB-A14B-6A84F8693F4F}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{BA3B5180-A581-4CC2-BC89-085B2D930E17}C:\program files\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files\amazon\utilities\amazon music importer\amazon music importer.exe |
"UDP Query User{F3797955-6237-49ED-8BAA-C9541D4FD70B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"AudibleManager" = AudibleManager
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"com.amazon.music.uploader" = Amazon Music Importer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MPE" = MyPhoneExplorer
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"NVIDIA Drivers" = NVIDIA Drivers
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.01.2013 07:09:23 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.01.2013 06:07:52 | Computer Name = *****-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 27.01.2013 06:08:22 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 27.01.2013 08:48:50 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.01.2013 10:57:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.01.2013 13:19:05 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DrvInst.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc04d Name des fehlerhaften Moduls: hpzids01.dll, Version: 13.0.338.0,
Zeitstempel: 0x4a1cc51a Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002641a ID des fehlerhaften
Prozesses: 0x874 Startzeit der fehlerhaften Anwendung: 0x01cdfcb23464e4d5 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\DrvInst.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\hpzids01.dll Berichtskennung: a69a6a1b-68a5-11e2-8f30-0013776f6455
Error - 09.02.2013 15:37:08 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2d1d9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1f3 ID des fehlerhaften
Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0x01ce06fbd5306a78 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
169dd464-72f0-11e2-b6dd-0013776f6455
Error - 09.02.2013 15:37:12 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften
Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0x01ce06fbd5306a78 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
1903f76b-72f0-11e2-b6dd-0013776f6455
Error - 09.02.2013 15:37:25 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2d1d9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1f3 ID des fehlerhaften
Prozesses: 0x1cb0 Startzeit der fehlerhaften Anwendung: 0x01ce06fcdd762649 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
211d45fa-72f0-11e2-b6dd-0013776f6455
Error - 09.02.2013 15:37:29 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften
Prozesses: 0x1cb0 Startzeit der fehlerhaften Anwendung: 0x01ce06fcdd762649 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
23516c1b-72f0-11e2-b6dd-0013776f6455
[ Media Center Events ]
Error - 19.06.2012 09:49:58 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:49:57 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 09:50:02 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:49:59 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 10:51:23 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:23 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 10:51:26 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:25 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 10:51:28 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:27 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 10:51:29 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:29 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 11:52:50 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:50 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 11:52:53 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:52 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 11:52:54 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:53 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 19.06.2012 11:52:56 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:55 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
[ Spybot - Search and Destroy Events ]
Error - 26.01.2013 13:21:06 | Computer Name = *****-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 02.02.2013 08:16:21 | Computer Name = *****-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 16.11.2012 17:08:10 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description =
Error - 16.11.2012 17:12:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 20.11.2012 12:26:27 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.11.2012 13:28:55 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 26.11.2012 15:49:33 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 03.12.2012 12:32:31 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
13.02.2013, 10:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 01:07
| #11 |
| | Passwörter wurden ausspioniert Ergebnis GMER: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-14 00:40:13
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Kingston_SSDNow_V_Series_128GB rev.B090522a 119,24GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwloipoc.sys
---- Kernel code sections - GMER 2.0 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 830519A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830714D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9F946C9D 28 Bytes [55, 4E, EE, D5, EA, C1, 27, ...]
.text peauth.sys 9F946CC1 28 Bytes [55, 4E, EE, D5, EA, C1, 27, ...]
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] kernel32.dll!CreateThread 7593DCC2 5 Bytes JMP 693375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!EnableWindow 75B98D02 5 Bytes JMP 69379EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!GetAsyncKeyState 75B9A256 5 Bytes JMP 6931DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CallNextHookEx 75B9ABE1 5 Bytes JMP 69397FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!UnhookWindowsHookEx 75B9ADF9 5 Bytes JMP 693BED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DefWindowProcA 75B9BB1C 7 Bytes JMP 6933980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateWindowExA 75B9BF40 5 Bytes JMP 69343643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SetWindowsHookExW 75B9E30C 5 Bytes JMP 693725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateWindowExW 75B9EC7C 5 Bytes JMP 693A03DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!GetKeyState 75BA2B4D 5 Bytes JMP 6931DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!IsDialogMessageW 75BA4104 5 Bytes JMP 694C99FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DefWindowProcW 75BA507D 7 Bytes JMP 69398054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogParamA 75BB1F42 5 Bytes JMP 694C9268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!IsDialogMessage 75BB2019 5 Bytes JMP 694C99D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxParamW 75BB3B9B 5 Bytes JMP 692D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogIndirectParamA 75BB721D 5 Bytes JMP 694C92D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogIndirectParamW 75BBEA10 5 Bytes JMP 694C9310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxIndirectParamW 75BC3B7F 5 Bytes JMP 694C8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!EndDialog 75BC3BA3 5 Bytes JMP 694C9CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogParamW 75BC5630 5 Bytes JMP 694C92A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SetKeyboardState 75BC695A 5 Bytes JMP 694CA2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SendInput 75BC7019 5 Bytes JMP 694CA269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SetCursorPos 75BDC1B0 5 Bytes JMP 694CA342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxParamA 75BDCF42 5 Bytes JMP 694C8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxIndirectParamA 75BDD274 5 Bytes JMP 694C8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxIndirectA 75BEE869 5 Bytes JMP 694C8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxIndirectW 75BEE963 5 Bytes JMP 694C8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxExA 75BEE9C9 5 Bytes JMP 694C8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxExW 75BEE9ED 5 Bytes JMP 694C8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!keybd_event 75BEEC3B 5 Bytes JMP 694CA226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] SHELL32.dll!RealDriveType + 173D 762EFE30 4 Bytes [CF, 01, 48, 6A] {IRET ; ADD [EAX+0x6a], ECX}
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] SHELL32.dll!RealDriveType + 1745 762EFE38 8 Bytes [E0, 61, 47, 6A, 79, F7, 47, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2396] ole32.dll!OleLoadFromStream 76FC6143 5 Bytes JMP 694C9704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!EnableWindow 75B98D02 5 Bytes JMP 69379EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxParamW 75BB3B9B 5 Bytes JMP 692D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxIndirectParamW 75BC3B7F 5 Bytes JMP 694C8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxParamA 75BDCF42 5 Bytes JMP 694C8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxIndirectParamA 75BDD274 5 Bytes JMP 694C8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxIndirectA 75BEE869 5 Bytes JMP 694C8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxIndirectW 75BEE963 5 Bytes JMP 694C8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxExA 75BEE9C9 5 Bytes JMP 694C8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxExW 75BEE9ED 5 Bytes JMP 694C8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] kernel32.dll!CreateThread 7593DCC2 5 Bytes JMP 693375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!EnableWindow 75B98D02 5 Bytes JMP 69379EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!GetAsyncKeyState 75B9A256 5 Bytes JMP 6931DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CallNextHookEx 75B9ABE1 5 Bytes JMP 69397FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!UnhookWindowsHookEx 75B9ADF9 5 Bytes JMP 693BED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DefWindowProcA 75B9BB1C 7 Bytes JMP 6933980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateWindowExA 75B9BF40 5 Bytes JMP 69343643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SetWindowsHookExW 75B9E30C 5 Bytes JMP 693725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateWindowExW 75B9EC7C 5 Bytes JMP 693A03DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!GetKeyState 75BA2B4D 5 Bytes JMP 6931DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!IsDialogMessageW 75BA4104 5 Bytes JMP 694C99FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DefWindowProcW 75BA507D 7 Bytes JMP 69398054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogParamA 75BB1F42 5 Bytes JMP 694C9268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!IsDialogMessage 75BB2019 5 Bytes JMP 694C99D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxParamW 75BB3B9B 5 Bytes JMP 692D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogIndirectParamA 75BB721D 5 Bytes JMP 694C92D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogIndirectParamW 75BBEA10 5 Bytes JMP 694C9310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxIndirectParamW 75BC3B7F 5 Bytes JMP 694C8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!EndDialog 75BC3BA3 5 Bytes JMP 694C9CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogParamW 75BC5630 5 Bytes JMP 694C92A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SetKeyboardState 75BC695A 5 Bytes JMP 694CA2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SendInput 75BC7019 5 Bytes JMP 694CA269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SetCursorPos 75BDC1B0 5 Bytes JMP 694CA342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxParamA 75BDCF42 5 Bytes JMP 694C8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxIndirectParamA 75BDD274 5 Bytes JMP 694C8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxIndirectA 75BEE869 5 Bytes JMP 694C8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxIndirectW 75BEE963 5 Bytes JMP 694C8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxExA 75BEE9C9 5 Bytes JMP 694C8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxExW 75BEE9ED 5 Bytes JMP 694C8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!keybd_event 75BEEC3B 5 Bytes JMP 694CA226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] SHELL32.dll!RealDriveType + 173D 762EFE30 4 Bytes [CF, 01, 48, 6A] {IRET ; ADD [EAX+0x6a], ECX}
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] SHELL32.dll!RealDriveType + 1745 762EFE38 8 Bytes [E0, 61, 47, 6A, 79, F7, 47, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6968] ole32.dll!OleLoadFromStream 76FC6143 5 Bytes JMP 694C9704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\crypt32.dll [KERNEL32.dll!GetProcAddress] [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@50566368a4e3 0xCE 0xFA 0xE4 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@5056638792b6 0xA6 0x3C 0x32 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@c884470438e5 0x5E 0xFA 0x53 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@b462934a06f4 0xAC 0xA9 0x6A 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@50566368a4e3 0xCE 0xFA 0xE4 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@5056638792b6 0xA6 0x3C 0x32 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@c884470438e5 0x5E 0xFA 0x53 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@b462934a06f4 0xAC 0xA9 0x6A 0xBC ...
---- EOF - GMER 2.0 ----
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3215572992, free: 2212777984
------------ Kernel report ------------
02/14/2013 00:53:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\GDBehave.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\MiniIcpt.sys
\??\C:\Windows\system32\drivers\HookCentre.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\GRD.sys
\SystemRoot\system32\drivers\gdwfpcd32.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\SGdrv.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
\??\C:\Windows\system32\drivers\PktIcpt.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff864d0030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff86041908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.02.13.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff864d0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff864d2f00, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff864d1c90, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff864d1020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff864cf078, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff864d0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86041908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffff9ed47688, 0xffffffff864d0030, 0xffffffff85e50600
Lower DeviceData: 0xffffffffb61261b0, 0xffffffff86041908, 0xffffffff85d52518
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DB96B4A7
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 250064896
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
|
|
14.02.2013, 09:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Du hast das falsche Log von MBAR gepostet
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 09:54
| #13 | |
| | Passwörter wurden ausspioniertZitat:
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.13.10
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-PC [administrator]
14.02.2013 01:01:08
mbar-log-2013-02-14 (01-01-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28049
Time elapsed: 6 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.02.2013, 10:15
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert 1. aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). 2. TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 10:45
| #15 |
| | Passwörter wurden ausspioniert Ergebnis aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 10:25:17
-----------------------------
10:25:17.812 OS Version: Windows 6.1.7601 Service Pack 1
10:25:17.812 Number of processors: 2 586 0x1706
10:25:17.812 ComputerName: *****-PC UserName: *****
10:25:30.230 Initialize success
10:29:07.236 AVAST engine defs: 13021304
10:29:16.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:29:16.096 Disk 0 Vendor: Kingston_SSDNow_V_Series_128GB B090522a Size: 122104MB BusType: 11
10:29:16.096 Disk 0 MBR read successfully
10:29:16.096 Disk 0 MBR scan
10:29:16.190 Disk 0 Windows 7 default MBR code
10:29:16.190 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122102 MB offset 2048
10:29:16.206 Disk 0 scanning sectors +250066944
10:29:16.237 Disk 0 scanning C:\Windows\system32\drivers
10:29:23.678 Service scanning
10:29:39.652 Modules scanning
10:29:41.821 Disk 0 trace - called modules:
10:29:41.821 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:29:41.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864d1a40]
10:29:41.836 3 CLASSPNP.SYS[8c41559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86039908]
10:29:42.663 AVAST engine scan C:\Windows
10:29:43.724 AVAST engine scan C:\Windows\system32
10:32:06.683 AVAST engine scan C:\Windows\system32\drivers
10:32:14.966 AVAST engine scan C:\Users\*****
10:40:16.528 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\14.02.2013_11Uhr\MBR.dat"
10:40:16.544 The log file has been saved successfully to "C:\Users\*****\Desktop\14.02.2013_11Uhr\aswMBR.txt"
Code:
ATTFilter 10:40:43.0931 4124 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:40:45.0585 4124 ============================================================
10:40:45.0585 4124 Current date / time: 2013/02/14 10:40:45.0585
10:40:45.0585 4124 SystemInfo:
10:40:45.0585 4124
10:40:45.0585 4124 OS Version: 6.1.7601 ServicePack: 1.0
10:40:45.0585 4124 Product type: Workstation
10:40:45.0585 4124 ComputerName: *****-PC
10:40:45.0585 4124 UserName: *****
10:40:45.0585 4124 Windows directory: C:\Windows
10:40:45.0585 4124 System windows directory: C:\Windows
10:40:45.0585 4124 Processor architecture: Intel x86
10:40:45.0585 4124 Number of processors: 2
10:40:45.0585 4124 Page size: 0x1000
10:40:45.0585 4124 Boot type: Normal boot
10:40:45.0585 4124 ============================================================
10:40:46.0801 4124 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:40:46.0801 4124 ============================================================
10:40:46.0801 4124 \Device\Harddisk0\DR0:
10:40:46.0801 4124 MBR partitions:
10:40:46.0801 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
10:40:46.0801 4124 ============================================================
10:40:46.0817 4124 C: <-> \Device\Harddisk0\DR0\Partition1
10:40:46.0817 4124 ============================================================
10:40:46.0817 4124 Initialize success
10:40:46.0817 4124 ============================================================
10:40:54.0196 5504 ============================================================
10:40:54.0196 5504 Scan started
10:40:54.0196 5504 Mode: Manual;
10:40:54.0196 5504 ============================================================
10:40:54.0835 5504 ================ Scan system memory ========================
10:40:54.0835 5504 System memory - ok
10:40:54.0835 5504 ================ Scan services =============================
10:40:54.0929 5504 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:40:54.0945 5504 1394ohci - ok
10:40:54.0945 5504 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:40:54.0960 5504 ACPI - ok
10:40:54.0960 5504 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:40:54.0960 5504 AcpiPmi - ok
10:40:54.0991 5504 [ 49C47EBF1C9EF2C5D4988450D79FD544 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
10:40:54.0991 5504 AcrSch2Svc - ok
10:40:55.0007 5504 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:40:55.0023 5504 adp94xx - ok
10:40:55.0023 5504 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:40:55.0069 5504 adpahci - ok
10:40:55.0069 5504 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:40:55.0069 5504 adpu320 - ok
10:40:55.0085 5504 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:40:55.0085 5504 AeLookupSvc - ok
10:40:55.0101 5504 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
10:40:55.0132 5504 afcdp - ok
10:40:55.0179 5504 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
10:40:55.0225 5504 afcdpsrv - ok
10:40:55.0241 5504 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
10:40:55.0241 5504 AFD - ok
10:40:55.0241 5504 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:40:55.0257 5504 agp440 - ok
10:40:55.0257 5504 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:40:55.0257 5504 aic78xx - ok
10:40:55.0272 5504 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:40:55.0272 5504 ALG - ok
10:40:55.0288 5504 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
10:40:55.0303 5504 aliide - ok
10:40:55.0319 5504 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:40:55.0319 5504 amdagp - ok
10:40:55.0335 5504 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
10:40:55.0335 5504 amdide - ok
10:40:55.0350 5504 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:40:55.0381 5504 AmdK8 - ok
10:40:55.0381 5504 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:40:55.0381 5504 AmdPPM - ok
10:40:55.0397 5504 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:40:55.0397 5504 amdsata - ok
10:40:55.0413 5504 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:40:55.0413 5504 amdsbs - ok
10:40:55.0444 5504 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:40:55.0459 5504 amdxata - ok
10:40:55.0459 5504 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
10:40:55.0475 5504 AppID - ok
10:40:55.0475 5504 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:40:55.0475 5504 AppIDSvc - ok
10:40:55.0491 5504 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
10:40:55.0491 5504 Appinfo - ok
10:40:55.0522 5504 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
10:40:55.0537 5504 AppMgmt - ok
10:40:55.0553 5504 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:40:55.0553 5504 arc - ok
10:40:55.0569 5504 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:40:55.0569 5504 arcsas - ok
10:40:55.0584 5504 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
10:40:55.0600 5504 aswKbd - ok
10:40:55.0600 5504 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:55.0615 5504 AsyncMac - ok
10:40:55.0631 5504 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
10:40:55.0631 5504 atapi - ok
10:40:55.0647 5504 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:40:55.0662 5504 AudioEndpointBuilder - ok
10:40:55.0662 5504 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:40:55.0678 5504 Audiosrv - ok
10:40:55.0709 5504 [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
10:40:55.0725 5504 AVKProxy - ok
10:40:55.0740 5504 [ 68F93849B4197243E8454E704B063F9B ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
10:40:55.0740 5504 AVKService - ok
10:40:55.0771 5504 [ 0D82622BF14D167EAA26DDF69F81B187 ] AVKWCtl C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
10:40:55.0803 5504 AVKWCtl - ok
10:40:55.0803 5504 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:40:55.0803 5504 AxInstSV - ok
10:40:55.0818 5504 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:40:55.0849 5504 b06bdrv - ok
10:40:55.0849 5504 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:40:55.0865 5504 b57nd60x - ok
10:40:55.0881 5504 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:40:55.0881 5504 BDESVC - ok
10:40:55.0896 5504 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:40:55.0896 5504 Beep - ok
10:40:55.0912 5504 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
10:40:55.0927 5504 BFE - ok
10:40:55.0943 5504 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
10:40:55.0943 5504 BITS - ok
10:40:55.0943 5504 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:55.0974 5504 blbdrive - ok
10:40:55.0974 5504 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:40:55.0974 5504 bowser - ok
10:40:56.0005 5504 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:40:56.0005 5504 BrFiltLo - ok
10:40:56.0021 5504 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:40:56.0021 5504 BrFiltUp - ok
10:40:56.0052 5504 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
10:40:56.0052 5504 Browser - ok
10:40:56.0068 5504 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:40:56.0083 5504 Brserid - ok
10:40:56.0099 5504 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:56.0099 5504 BrSerWdm - ok
10:40:56.0302 5504 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:56.0317 5504 BrUsbMdm - ok
10:40:56.0333 5504 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:56.0333 5504 BrUsbSer - ok
10:40:56.0349 5504 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:40:56.0349 5504 BthEnum - ok
10:40:56.0364 5504 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:40:56.0364 5504 BTHMODEM - ok
10:40:56.0380 5504 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:40:56.0380 5504 BthPan - ok
10:40:56.0395 5504 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:40:56.0395 5504 BTHPORT - ok
10:40:56.0411 5504 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:40:56.0411 5504 bthserv - ok
10:40:56.0427 5504 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:40:56.0442 5504 BTHUSB - ok
10:40:56.0458 5504 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:40:56.0458 5504 btwaudio - ok
10:40:56.0473 5504 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:40:56.0473 5504 btwavdt - ok
10:40:56.0489 5504 [ 7CAA4410C25026B9BEE85F6C7F86B19B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:40:56.0505 5504 btwdins - ok
10:40:56.0520 5504 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:40:56.0520 5504 btwl2cap - ok
10:40:56.0536 5504 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:40:56.0536 5504 btwrchid - ok
10:40:56.0551 5504 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:40:56.0551 5504 cdfs - ok
10:40:56.0567 5504 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:40:56.0567 5504 cdrom - ok
10:40:56.0583 5504 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
10:40:56.0583 5504 CertPropSvc - ok
10:40:56.0614 5504 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:40:56.0614 5504 circlass - ok
10:40:56.0645 5504 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:40:56.0645 5504 CLFS - ok
10:40:56.0661 5504 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:56.0661 5504 clr_optimization_v2.0.50727_32 - ok
10:40:56.0676 5504 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:56.0692 5504 clr_optimization_v4.0.30319_32 - ok
10:40:56.0692 5504 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:40:56.0692 5504 CmBatt - ok
10:40:56.0707 5504 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:40:56.0723 5504 cmdide - ok
10:40:56.0739 5504 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
10:40:56.0739 5504 CNG - ok
10:40:56.0754 5504 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:40:56.0754 5504 Compbatt - ok
10:40:56.0770 5504 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:40:56.0770 5504 CompositeBus - ok
10:40:56.0785 5504 COMSysApp - ok
10:40:56.0817 5504 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:40:56.0832 5504 crcdisk - ok
10:40:56.0863 5504 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:40:56.0863 5504 CryptSvc - ok
10:40:56.0879 5504 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
10:40:56.0895 5504 CSC - ok
10:40:56.0910 5504 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
10:40:56.0910 5504 CscService - ok
10:40:56.0926 5504 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:40:56.0941 5504 DcomLaunch - ok
10:40:56.0957 5504 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:40:56.0957 5504 defragsvc - ok
10:40:56.0973 5504 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:40:56.0973 5504 DfsC - ok
10:40:56.0988 5504 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:40:56.0988 5504 dg_ssudbus - ok
10:40:57.0004 5504 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:40:57.0019 5504 Dhcp - ok
10:40:57.0035 5504 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:40:57.0035 5504 discache - ok
10:40:57.0051 5504 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:40:57.0051 5504 Disk - ok
10:40:57.0066 5504 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:40:57.0082 5504 Dnscache - ok
10:40:57.0097 5504 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
10:40:57.0097 5504 dot3svc - ok
10:40:57.0113 5504 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:40:57.0129 5504 Dot4 - ok
10:40:57.0144 5504 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:40:57.0144 5504 Dot4Print - ok
10:40:57.0160 5504 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:40:57.0175 5504 dot4usb - ok
10:40:57.0175 5504 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
10:40:57.0175 5504 DPS - ok
10:40:57.0191 5504 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:40:57.0191 5504 drmkaud - ok
10:40:57.0222 5504 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:40:57.0238 5504 DXGKrnl - ok
10:40:57.0253 5504 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:40:57.0253 5504 EapHost - ok
10:40:57.0300 5504 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:40:57.0378 5504 ebdrv - ok
10:40:57.0378 5504 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
10:40:57.0378 5504 EFS - ok
10:40:57.0394 5504 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:40:57.0409 5504 ehRecvr - ok
10:40:57.0409 5504 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:40:57.0409 5504 ehSched - ok
10:40:57.0425 5504 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:40:57.0425 5504 elxstor - ok
10:40:57.0441 5504 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:40:57.0441 5504 ErrDev - ok
10:40:57.0456 5504 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:40:57.0456 5504 EventSystem - ok
10:40:57.0456 5504 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:40:57.0487 5504 exfat - ok
10:40:57.0487 5504 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:40:57.0503 5504 fastfat - ok
10:40:57.0503 5504 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
10:40:57.0519 5504 Fax - ok
10:40:57.0519 5504 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:40:57.0534 5504 fdc - ok
10:40:57.0550 5504 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:40:57.0550 5504 fdPHost - ok
10:40:57.0550 5504 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:40:57.0550 5504 FDResPub - ok
10:40:57.0565 5504 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:40:57.0581 5504 FileInfo - ok
10:40:57.0581 5504 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:40:57.0581 5504 Filetrace - ok
10:40:57.0581 5504 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:57.0581 5504 flpydisk - ok
10:40:57.0597 5504 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:40:57.0628 5504 FltMgr - ok
10:40:57.0643 5504 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
10:40:57.0659 5504 FontCache - ok
10:40:57.0675 5504 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:40:57.0675 5504 FontCache3.0.0.0 - ok
10:40:57.0675 5504 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:40:57.0690 5504 FsDepends - ok
10:40:57.0706 5504 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:40:57.0706 5504 Fs_Rec - ok
10:40:57.0721 5504 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:40:57.0721 5504 fvevol - ok
10:40:57.0721 5504 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:40:57.0737 5504 gagp30kx - ok
10:40:57.0737 5504 [ A68E0A837461A558905688968F0285BD ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
10:40:57.0737 5504 GDBehave - ok
10:40:57.0768 5504 [ 803A7B7A4CE932582AE39EF3247BF57D ] GDFwSvc C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
10:40:57.0799 5504 GDFwSvc - ok
10:40:57.0799 5504 [ 4CE604412EBC18BEA302FAB474CCF74C ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
10:40:57.0799 5504 GDMnIcpt - ok
10:40:57.0815 5504 [ EEAAE600C3025D7D693B3A159F103561 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
10:40:57.0815 5504 GDPkIcpt - ok
10:40:57.0831 5504 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
10:40:57.0831 5504 GDScan - ok
10:40:57.0846 5504 [ 3383007F653980C6E26D803B6F404B3C ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
10:40:57.0846 5504 gdwfpcd - ok
10:40:57.0862 5504 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
10:40:57.0862 5504 gpsvc - ok
10:40:57.0877 5504 [ 6D92D51B56A893D72786C9E260B36DA2 ] GRD C:\Windows\system32\drivers\GRD.sys
10:40:57.0877 5504 GRD - ok
10:40:57.0877 5504 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:57.0877 5504 gupdate - ok
10:40:57.0893 5504 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:57.0893 5504 gupdatem - ok
10:40:57.0893 5504 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:40:57.0893 5504 hcw85cir - ok
10:40:57.0909 5504 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:40:57.0909 5504 HdAudAddService - ok
10:40:57.0924 5504 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:40:57.0924 5504 HDAudBus - ok
10:40:57.0924 5504 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:40:57.0940 5504 HidBatt - ok
10:40:57.0955 5504 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:40:57.0955 5504 HidBth - ok
10:40:57.0955 5504 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:40:57.0955 5504 HidIr - ok
10:40:57.0971 5504 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
10:40:57.0971 5504 hidserv - ok
10:40:57.0971 5504 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:40:57.0971 5504 HidUsb - ok
10:40:57.0987 5504 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:40:57.0987 5504 hkmsvc - ok
10:40:57.0987 5504 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:40:58.0002 5504 HomeGroupListener - ok
10:40:58.0002 5504 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:40:58.0002 5504 HomeGroupProvider - ok
10:40:58.0018 5504 [ 584D01D20F1BC377313AF55671DE8147 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
10:40:58.0033 5504 HookCentre - ok
10:40:58.0049 5504 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:40:58.0049 5504 hpqcxs08 - ok
10:40:58.0065 5504 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:40:58.0080 5504 HpSAMD - ok
10:40:58.0080 5504 HPSLPSVC - ok
10:40:58.0080 5504 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:40:58.0111 5504 HTCAND32 - ok
10:40:58.0111 5504 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
10:40:58.0111 5504 htcnprot - ok
10:40:58.0127 5504 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:40:58.0127 5504 HTTP - ok
10:40:58.0143 5504 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:40:58.0143 5504 hwpolicy - ok
10:40:58.0143 5504 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:40:58.0143 5504 i8042prt - ok
10:40:58.0158 5504 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:40:58.0174 5504 iaStorV - ok
10:40:58.0189 5504 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:40:58.0205 5504 idsvc - ok
10:40:58.0205 5504 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:40:58.0205 5504 iirsp - ok
10:40:58.0221 5504 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
10:40:58.0236 5504 IKEEXT - ok
10:40:58.0236 5504 IntcAzAudAddService - ok
10:40:58.0236 5504 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
10:40:58.0252 5504 intelide - ok
10:40:58.0252 5504 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:40:58.0252 5504 intelppm - ok
10:40:58.0252 5504 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:40:58.0267 5504 IPBusEnum - ok
10:40:58.0267 5504 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:58.0267 5504 IpFilterDriver - ok
10:40:58.0283 5504 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:40:58.0283 5504 iphlpsvc - ok
10:40:58.0299 5504 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:40:58.0314 5504 IPMIDRV - ok
10:40:58.0314 5504 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:40:58.0330 5504 IPNAT - ok
10:40:58.0330 5504 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:40:58.0330 5504 IRENUM - ok
10:40:58.0330 5504 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:40:58.0345 5504 isapnp - ok
10:40:58.0345 5504 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:40:58.0345 5504 iScsiPrt - ok
10:40:58.0361 5504 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:40:58.0361 5504 kbdclass - ok
10:40:58.0361 5504 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:40:58.0361 5504 kbdhid - ok
10:40:58.0377 5504 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
10:40:58.0377 5504 KeyIso - ok
10:40:58.0377 5504 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:40:58.0377 5504 KSecDD - ok
10:40:58.0392 5504 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:40:58.0392 5504 KSecPkg - ok
10:40:58.0408 5504 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:40:58.0408 5504 KtmRm - ok
10:40:58.0423 5504 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
10:40:58.0423 5504 LanmanServer - ok
10:40:58.0423 5504 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:40:58.0439 5504 LanmanWorkstation - ok
10:40:58.0439 5504 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:40:58.0439 5504 lltdio - ok
10:40:58.0455 5504 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:40:58.0455 5504 lltdsvc - ok
10:40:58.0455 5504 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:40:58.0470 5504 lmhosts - ok
10:40:58.0470 5504 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:40:58.0486 5504 LSI_FC - ok
10:40:58.0501 5504 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:40:58.0501 5504 LSI_SAS - ok
10:40:58.0501 5504 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:40:58.0501 5504 LSI_SAS2 - ok
10:40:58.0517 5504 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:40:58.0517 5504 LSI_SCSI - ok
10:40:58.0517 5504 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:40:58.0517 5504 luafv - ok
10:40:58.0533 5504 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:40:58.0533 5504 Mcx2Svc - ok
10:40:58.0533 5504 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:40:58.0548 5504 megasas - ok
10:40:58.0548 5504 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:40:58.0564 5504 MegaSR - ok
10:40:58.0579 5504 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:40:58.0579 5504 MMCSS - ok
10:40:58.0579 5504 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:40:58.0579 5504 Modem - ok
10:40:58.0595 5504 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:40:58.0595 5504 monitor - ok
10:40:58.0595 5504 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:40:58.0595 5504 mouclass - ok
10:40:58.0611 5504 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:40:58.0626 5504 mouhid - ok
10:40:58.0626 5504 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:40:58.0642 5504 mountmgr - ok
10:40:58.0657 5504 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
10:40:58.0657 5504 mpio - ok
10:40:58.0657 5504 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:40:58.0673 5504 mpsdrv - ok
10:40:58.0673 5504 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:40:58.0689 5504 MpsSvc - ok
10:40:58.0689 5504 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:40:58.0720 5504 MRxDAV - ok
10:40:58.0720 5504 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:58.0720 5504 mrxsmb - ok
10:40:58.0735 5504 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:58.0735 5504 mrxsmb10 - ok
10:40:58.0751 5504 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:58.0751 5504 mrxsmb20 - ok
10:40:58.0751 5504 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
10:40:58.0751 5504 msahci - ok
10:40:58.0767 5504 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:40:58.0767 5504 msdsm - ok
10:40:58.0767 5504 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:40:58.0782 5504 MSDTC - ok
10:40:58.0782 5504 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:40:58.0782 5504 Msfs - ok
10:40:58.0798 5504 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:40:58.0798 5504 mshidkmdf - ok
10:40:58.0798 5504 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:40:58.0798 5504 msisadrv - ok
10:40:58.0813 5504 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:40:58.0813 5504 MSiSCSI - ok
10:40:58.0813 5504 msiserver - ok
10:40:58.0829 5504 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:40:58.0829 5504 MSKSSRV - ok
10:40:58.0829 5504 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:58.0829 5504 MSPCLOCK - ok
10:40:58.0829 5504 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:40:58.0845 5504 MSPQM - ok
10:40:58.0860 5504 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:40:58.0860 5504 MsRPC - ok
10:40:58.0860 5504 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:40:58.0876 5504 mssmbios - ok
10:40:58.0876 5504 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:40:58.0876 5504 MSTEE - ok
10:40:58.0876 5504 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:40:58.0891 5504 MTConfig - ok
10:40:58.0891 5504 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:40:58.0891 5504 Mup - ok
10:40:58.0907 5504 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
10:40:58.0907 5504 napagent - ok
10:40:58.0923 5504 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:40:58.0923 5504 NativeWifiP - ok
10:40:58.0938 5504 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:40:58.0954 5504 NDIS - ok
10:40:58.0954 5504 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:58.0969 5504 NdisCap - ok
10:40:58.0969 5504 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:58.0969 5504 NdisTapi - ok
10:40:58.0985 5504 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:58.0985 5504 Ndisuio - ok
10:40:58.0985 5504 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:59.0001 5504 NdisWan - ok
10:40:59.0001 5504 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:40:59.0016 5504 NDProxy - ok
10:40:59.0016 5504 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:40:59.0032 5504 Net Driver HPZ12 - ok
10:40:59.0032 5504 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:40:59.0032 5504 NetBIOS - ok
10:40:59.0047 5504 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:40:59.0047 5504 NetBT - ok
10:40:59.0047 5504 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
10:40:59.0047 5504 Netlogon - ok
10:40:59.0063 5504 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:40:59.0063 5504 Netman - ok
10:40:59.0079 5504 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:40:59.0079 5504 netprofm - ok
10:40:59.0094 5504 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:40:59.0094 5504 NetTcpPortSharing - ok
10:40:59.0219 5504 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
10:40:59.0359 5504 NETw5s32 - ok
10:40:59.0422 5504 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
10:40:59.0562 5504 netw5v32 - ok
10:40:59.0562 5504 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:40:59.0578 5504 nfrd960 - ok
10:40:59.0578 5504 [ 37260A293B6A89373AE76791E6CC5A12 ] nhcDriverDevice C:\Windows\system32\drivers\nhcDriver.sys
10:40:59.0593 5504 nhcDriverDevice - ok
10:40:59.0593 5504 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
10:40:59.0593 5504 NlaSvc - ok
10:40:59.0609 5504 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:40:59.0609 5504 Npfs - ok
10:40:59.0609 5504 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:40:59.0609 5504 nsi - ok
10:40:59.0625 5504 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:40:59.0640 5504 nsiproxy - ok
10:40:59.0656 5504 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:40:59.0718 5504 Ntfs - ok
10:40:59.0734 5504 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:40:59.0734 5504 Null - ok
10:40:59.0734 5504 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
10:40:59.0734 5504 NVHDA - ok
10:40:59.0905 5504 [ 519D5E6B7FA9542C42437B2DFDCFAFD1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:41:00.0061 5504 nvlddmkm - ok
10:41:00.0077 5504 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:41:00.0077 5504 nvraid - ok
10:41:00.0077 5504 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:41:00.0093 5504 nvstor - ok
10:41:00.0093 5504 [ D9295D59E8C69537B87D0DC638F61B76 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:41:00.0108 5504 nvsvc - ok
10:41:00.0108 5504 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:41:00.0124 5504 nv_agp - ok
10:41:00.0139 5504 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:41:00.0139 5504 ohci1394 - ok
10:41:00.0139 5504 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:41:00.0155 5504 p2pimsvc - ok
10:41:00.0155 5504 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:41:00.0171 5504 p2psvc - ok
10:41:00.0171 5504 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:41:00.0186 5504 Parport - ok
10:41:00.0202 5504 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:41:00.0217 5504 partmgr - ok
10:41:00.0217 5504 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:41:00.0217 5504 Parvdm - ok
10:41:00.0233 5504 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
10:41:00.0233 5504 PassThru Service - ok
10:41:00.0233 5504 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:41:00.0233 5504 PcaSvc - ok
10:41:00.0249 5504 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
10:41:00.0280 5504 pci - ok
10:41:00.0280 5504 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
10:41:00.0280 5504 pciide - ok
10:41:00.0295 5504 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:41:00.0295 5504 pcmcia - ok
10:41:00.0295 5504 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:41:00.0295 5504 pcw - ok
10:41:00.0311 5504 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:41:00.0327 5504 PEAUTH - ok
10:41:00.0342 5504 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:41:00.0358 5504 PeerDistSvc - ok
10:41:00.0405 5504 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
10:41:00.0467 5504 pla - ok
10:41:00.0467 5504 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:41:00.0483 5504 PlugPlay - ok
10:41:00.0483 5504 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:41:00.0483 5504 Pml Driver HPZ12 - ok
10:41:00.0498 5504 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:41:00.0498 5504 PNRPAutoReg - ok
10:41:00.0514 5504 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:41:00.0514 5504 PNRPsvc - ok
10:41:00.0514 5504 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
10:41:00.0514 5504 Point32 - ok
10:41:00.0529 5504 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:41:00.0529 5504 PolicyAgent - ok
10:41:00.0545 5504 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
10:41:00.0545 5504 Power - ok
10:41:00.0561 5504 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:41:00.0576 5504 PptpMiniport - ok
10:41:00.0576 5504 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:41:00.0576 5504 Processor - ok
10:41:00.0592 5504 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
10:41:00.0592 5504 ProfSvc - ok
10:41:00.0592 5504 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:41:00.0592 5504 ProtectedStorage - ok
10:41:00.0607 5504 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:41:00.0607 5504 Psched - ok
10:41:00.0623 5504 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
10:41:00.0623 5504 PSI - ok
10:41:00.0639 5504 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:41:00.0670 5504 ql2300 - ok
10:41:00.0670 5504 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:41:00.0685 5504 ql40xx - ok
10:41:00.0701 5504 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:41:00.0701 5504 QWAVE - ok
10:41:00.0717 5504 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:41:00.0717 5504 QWAVEdrv - ok
10:41:00.0717 5504 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:41:00.0717 5504 RasAcd - ok
10:41:00.0717 5504 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:41:00.0732 5504 RasAgileVpn - ok
10:41:00.0732 5504 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:41:00.0732 5504 RasAuto - ok
10:41:00.0748 5504 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:00.0748 5504 Rasl2tp - ok
10:41:00.0748 5504 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
10:41:00.0763 5504 RasMan - ok
10:41:00.0763 5504 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:00.0763 5504 RasPppoe - ok
10:41:00.0779 5504 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:41:00.0779 5504 RasSstp - ok
10:41:00.0795 5504 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:41:00.0795 5504 rdbss - ok
10:41:00.0795 5504 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:41:00.0810 5504 rdpbus - ok
10:41:00.0826 5504 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:00.0826 5504 RDPCDD - ok
10:41:00.0826 5504 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:41:00.0841 5504 RDPDR - ok
10:41:00.0841 5504 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:41:00.0841 5504 RDPENCDD - ok
10:41:00.0841 5504 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:41:00.0857 5504 RDPREFMP - ok
10:41:00.0857 5504 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:41:00.0857 5504 RdpVideoMiniport - ok
10:41:00.0873 5504 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:41:00.0873 5504 RDPWD - ok
10:41:00.0873 5504 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:41:00.0888 5504 rdyboost - ok
10:41:00.0888 5504 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:41:00.0888 5504 RemoteAccess - ok
10:41:00.0904 5504 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:41:00.0904 5504 RemoteRegistry - ok
10:41:00.0919 5504 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:41:00.0919 5504 RFCOMM - ok
10:41:00.0919 5504 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:41:00.0919 5504 RpcEptMapper - ok
10:41:00.0935 5504 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:41:00.0935 5504 RpcLocator - ok
10:41:00.0935 5504 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
10:41:00.0951 5504 RpcSs - ok
10:41:00.0951 5504 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:41:00.0966 5504 rspndr - ok
10:41:00.0982 5504 [ 2D4705361D73E83BD55FC7D9CACBF7BA ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
10:41:00.0997 5504 RTL8192cu - ok
10:41:00.0997 5504 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:41:00.0997 5504 s3cap - ok
10:41:01.0013 5504 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\Windows\system32\Drivers\SABI.sys
10:41:01.0013 5504 SABI - ok
10:41:01.0013 5504 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
10:41:01.0013 5504 SamSs - ok
10:41:01.0029 5504 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:41:01.0029 5504 sbp2port - ok
10:41:01.0029 5504 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:41:01.0044 5504 SCardSvr - ok
10:41:01.0044 5504 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:41:01.0060 5504 scfilter - ok
10:41:01.0075 5504 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
10:41:01.0091 5504 Schedule - ok
10:41:01.0091 5504 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:41:01.0091 5504 SCPolicySvc - ok
10:41:01.0107 5504 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:41:01.0107 5504 SDRSVC - ok
10:41:01.0138 5504 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
10:41:01.0153 5504 SDScannerService - ok
10:41:01.0169 5504 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:41:01.0200 5504 SDUpdateService - ok
10:41:01.0200 5504 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:41:01.0200 5504 SDWSCService - ok
10:41:01.0216 5504 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:41:01.0216 5504 secdrv - ok
10:41:01.0216 5504 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:41:01.0216 5504 seclogon - ok
10:41:01.0247 5504 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
10:41:01.0263 5504 Secunia PSI Agent - ok
10:41:01.0278 5504 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
10:41:01.0294 5504 Secunia Update Agent - ok
10:41:01.0294 5504 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
10:41:01.0309 5504 SENS - ok
10:41:01.0309 5504 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:41:01.0309 5504 SensrSvc - ok
10:41:01.0325 5504 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:41:01.0325 5504 Serenum - ok
10:41:01.0325 5504 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:41:01.0341 5504 Serial - ok
10:41:01.0341 5504 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:41:01.0341 5504 sermouse - ok
10:41:01.0356 5504 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
10:41:01.0356 5504 SessionEnv - ok
10:41:01.0372 5504 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:41:01.0372 5504 sffdisk - ok
10:41:01.0387 5504 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:41:01.0387 5504 sffp_mmc - ok
10:41:01.0387 5504 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:41:01.0387 5504 sffp_sd - ok
10:41:01.0403 5504 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:41:01.0403 5504 sfloppy - ok
10:41:01.0403 5504 [ 02C41EF0DA7C662C4301F86F2CAA1FCB ] SGDrv C:\Windows\system32\DRIVERS\SGdrv.sys
10:41:01.0403 5504 SGDrv - ok
10:41:01.0419 5504 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:41:01.0419 5504 SharedAccess - ok
10:41:01.0434 5504 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:41:01.0434 5504 ShellHWDetection - ok
10:41:01.0450 5504 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:41:01.0450 5504 sisagp - ok
10:41:01.0450 5504 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:41:01.0465 5504 SiSRaid2 - ok
10:41:01.0481 5504 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:41:01.0481 5504 SiSRaid4 - ok
10:41:01.0481 5504 [ C44DA62FBCAE62803EA95600FC263065 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:41:01.0497 5504 SkypeUpdate - ok
10:41:01.0497 5504 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:41:01.0497 5504 Smb - ok
10:41:01.0512 5504 [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:41:01.0512 5504 snapman - ok
10:41:01.0528 5504 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:41:01.0528 5504 SNMPTRAP - ok
10:41:01.0528 5504 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:41:01.0543 5504 spldr - ok
10:41:01.0543 5504 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
10:41:01.0559 5504 Spooler - ok
10:41:01.0606 5504 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
10:41:01.0653 5504 sppsvc - ok
10:41:01.0668 5504 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:41:01.0668 5504 sppuinotify - ok
10:41:01.0668 5504 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:41:01.0715 5504 srv - ok
10:41:01.0715 5504 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:41:01.0731 5504 srv2 - ok
10:41:01.0731 5504 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:41:01.0731 5504 srvnet - ok
10:41:01.0746 5504 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:41:01.0746 5504 SSDPSRV - ok
10:41:01.0762 5504 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:41:01.0762 5504 SstpSvc - ok
10:41:01.0762 5504 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:41:01.0777 5504 ssudmdm - ok
10:41:01.0777 5504 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:41:01.0777 5504 stexstor - ok
10:41:01.0777 5504 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:41:01.0793 5504 StillCam - ok
10:41:01.0793 5504 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
10:41:01.0809 5504 StiSvc - ok
10:41:01.0809 5504 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:41:01.0824 5504 storflt - ok
10:41:01.0840 5504 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
10:41:01.0840 5504 StorSvc - ok
10:41:01.0840 5504 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:41:01.0855 5504 storvsc - ok
10:41:01.0855 5504 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
10:41:01.0855 5504 swenum - ok
10:41:01.0871 5504 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:41:01.0871 5504 swprv - ok
10:41:01.0887 5504 [ 069E5728E565BD401347CB94732C4733 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:41:01.0887 5504 SynTP - ok
10:41:01.0902 5504 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
10:41:01.0933 5504 SysMain - ok
10:41:01.0933 5504 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:41:01.0933 5504 TabletInputService - ok
10:41:01.0949 5504 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
10:41:01.0949 5504 TapiSrv - ok
10:41:01.0965 5504 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:41:01.0965 5504 TBS - ok
10:41:01.0980 5504 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:41:02.0011 5504 Tcpip - ok
10:41:02.0027 5504 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:41:02.0043 5504 TCPIP6 - ok
10:41:02.0043 5504 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:41:02.0058 5504 tcpipreg - ok
10:41:02.0058 5504 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:41:02.0058 5504 TDPIPE - ok
10:41:02.0074 5504 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
10:41:02.0121 5504 tdrpman273 - ok
10:41:02.0121 5504 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:41:02.0136 5504 TDTCP - ok
10:41:02.0136 5504 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:41:02.0136 5504 tdx - ok
10:41:02.0199 5504 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
10:41:02.0277 5504 TeamViewer8 - ok
10:41:02.0292 5504 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:41:02.0308 5504 TermDD - ok
10:41:02.0323 5504 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
10:41:02.0323 5504 TermService - ok
10:41:02.0339 5504 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:41:02.0339 5504 Themes - ok
10:41:02.0339 5504 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:41:02.0339 5504 THREADORDER - ok
10:41:02.0355 5504 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:41:02.0370 5504 timounter - ok
10:41:02.0370 5504 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:41:02.0386 5504 TrkWks - ok
10:41:02.0386 5504 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:41:02.0386 5504 TrustedInstaller - ok
10:41:02.0401 5504 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:02.0401 5504 tssecsrv - ok
10:41:02.0401 5504 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:41:02.0417 5504 TsUsbFlt - ok
10:41:02.0448 5504 [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
10:41:02.0464 5504 TuneUp.UtilitiesSvc - ok
10:41:02.0464 5504 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
10:41:02.0479 5504 TuneUpUtilitiesDrv - ok
10:41:02.0479 5504 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:41:02.0479 5504 tunnel - ok
10:41:02.0495 5504 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:41:02.0495 5504 uagp35 - ok
10:41:02.0495 5504 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:41:02.0511 5504 udfs - ok
10:41:02.0511 5504 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:41:02.0511 5504 UI0Detect - ok
10:41:02.0526 5504 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:41:02.0542 5504 uliagpkx - ok
10:41:02.0542 5504 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
10:41:02.0557 5504 umbus - ok
10:41:02.0557 5504 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:41:02.0557 5504 UmPass - ok
10:41:02.0557 5504 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
10:41:02.0573 5504 UmRdpService - ok
10:41:02.0573 5504 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:41:02.0589 5504 upnphost - ok
10:41:02.0589 5504 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:02.0604 5504 usbccgp - ok
10:41:02.0620 5504 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:41:02.0635 5504 usbcir - ok
10:41:02.0635 5504 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:41:02.0635 5504 usbehci - ok
10:41:02.0651 5504 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:41:02.0651 5504 usbhub - ok
10:41:02.0667 5504 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:41:02.0667 5504 usbohci - ok
10:41:02.0667 5504 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:41:02.0667 5504 usbprint - ok
10:41:02.0682 5504 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:41:02.0682 5504 usbscan - ok
10:41:02.0682 5504 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:41:02.0698 5504 USBSTOR - ok
10:41:02.0713 5504 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:41:02.0713 5504 usbuhci - ok
10:41:02.0729 5504 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:41:02.0729 5504 usbvideo - ok
10:41:02.0729 5504 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:41:02.0745 5504 UxSms - ok
10:41:02.0745 5504 [ 6275822AC454A8A831D063841A4DBB5D ] UxTuneUp C:\Windows\System32\uxtuneup.dll
10:41:02.0745 5504 UxTuneUp - ok
10:41:02.0760 5504 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
10:41:02.0760 5504 VaultSvc - ok
10:41:02.0760 5504 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:41:02.0776 5504 vdrvroot - ok
10:41:02.0791 5504 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
10:41:02.0791 5504 vds - ok
10:41:02.0807 5504 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:02.0807 5504 vga - ok
10:41:02.0807 5504 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:41:02.0807 5504 VgaSave - ok
10:41:02.0823 5504 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:41:02.0823 5504 vhdmp - ok
10:41:02.0838 5504 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:41:02.0838 5504 viaagp - ok
10:41:02.0838 5504 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:41:02.0838 5504 ViaC7 - ok
10:41:02.0854 5504 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
10:41:02.0869 5504 viaide - ok
10:41:02.0869 5504 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:41:02.0869 5504 vmbus - ok
10:41:02.0885 5504 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:41:02.0885 5504 VMBusHID - ok
10:41:02.0885 5504 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:41:02.0885 5504 volmgr - ok
10:41:02.0901 5504 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:41:02.0901 5504 volmgrx - ok
10:41:02.0916 5504 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:41:02.0916 5504 volsnap - ok
10:41:02.0932 5504 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:41:02.0932 5504 vsmraid - ok
10:41:02.0947 5504 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
10:41:02.0979 5504 VSS - ok
10:41:02.0979 5504 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:41:02.0994 5504 vwifibus - ok
10:41:02.0994 5504 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:41:03.0025 5504 vwififlt - ok
10:41:03.0025 5504 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:41:03.0041 5504 vwifimp - ok
10:41:03.0041 5504 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:41:03.0057 5504 W32Time - ok
10:41:03.0057 5504 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:41:03.0057 5504 WacomPen - ok
10:41:03.0072 5504 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:41:03.0088 5504 WANARP - ok
10:41:03.0088 5504 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:41:03.0088 5504 Wanarpv6 - ok
10:41:03.0119 5504 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
10:41:03.0135 5504 wbengine - ok
10:41:03.0150 5504 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:41:03.0150 5504 WbioSrvc - ok
10:41:03.0166 5504 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:41:03.0166 5504 wcncsvc - ok
10:41:03.0166 5504 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:41:03.0181 5504 WcsPlugInService - ok
10:41:03.0181 5504 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:41:03.0181 5504 Wd - ok
10:41:03.0197 5504 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:41:03.0213 5504 Wdf01000 - ok
10:41:03.0213 5504 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:41:03.0213 5504 WdiServiceHost - ok
10:41:03.0213 5504 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:41:03.0228 5504 WdiSystemHost - ok
10:41:03.0228 5504 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
10:41:03.0244 5504 WebClient - ok
10:41:03.0244 5504 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:41:03.0259 5504 Wecsvc - ok
10:41:03.0275 5504 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:41:03.0275 5504 wercplsupport - ok
10:41:03.0275 5504 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:41:03.0275 5504 WerSvc - ok
10:41:03.0291 5504 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:41:03.0306 5504 WfpLwf - ok
10:41:03.0306 5504 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:41:03.0322 5504 WIMMount - ok
10:41:03.0337 5504 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:41:03.0353 5504 WinDefend - ok
10:41:03.0353 5504 WinHttpAutoProxySvc - ok
10:41:03.0369 5504 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:41:03.0369 5504 Winmgmt - ok
10:41:03.0400 5504 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
10:41:03.0415 5504 WinRM - ok
10:41:03.0415 5504 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:41:03.0431 5504 WinUsb - ok
10:41:03.0447 5504 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:41:03.0462 5504 Wlansvc - ok
10:41:03.0493 5504 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:41:03.0509 5504 wlidsvc - ok
10:41:03.0525 5504 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:41:03.0525 5504 WmiAcpi - ok
10:41:03.0540 5504 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:41:03.0540 5504 wmiApSrv - ok
10:41:03.0556 5504 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:41:03.0571 5504 WMPNetworkSvc - ok
10:41:03.0587 5504 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:41:03.0587 5504 WPCSvc - ok
10:41:03.0587 5504 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:41:03.0603 5504 WPDBusEnum - ok
10:41:03.0603 5504 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:41:03.0618 5504 ws2ifsl - ok
10:41:03.0618 5504 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
10:41:03.0618 5504 wscsvc - ok
10:41:03.0634 5504 WSearch - ok
10:41:03.0665 5504 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:41:03.0696 5504 wuauserv - ok
10:41:03.0696 5504 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:41:03.0712 5504 WudfPf - ok
10:41:03.0712 5504 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:41:03.0712 5504 WUDFRd - ok
10:41:03.0727 5504 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:41:03.0727 5504 wudfsvc - ok
10:41:03.0743 5504 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:41:03.0743 5504 WwanSvc - ok
10:41:03.0759 5504 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
10:41:03.0759 5504 yukonw7 - ok
10:41:03.0774 5504 ================ Scan global ===============================
10:41:03.0790 5504 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:41:03.0790 5504 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:41:03.0805 5504 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:41:03.0805 5504 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:41:03.0821 5504 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:41:03.0821 5504 [Global] - ok
10:41:03.0821 5504 ================ Scan MBR ==================================
10:41:03.0821 5504 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:41:04.0055 5504 \Device\Harddisk0\DR0 - ok
10:41:04.0055 5504 ================ Scan VBR ==================================
10:41:04.0055 5504 [ F4125CF4385A528A6AC745104F2449CB ] \Device\Harddisk0\DR0\Partition1
10:41:04.0055 5504 \Device\Harddisk0\DR0\Partition1 - ok
10:41:04.0055 5504 ============================================================
10:41:04.0055 5504 Scan finished
10:41:04.0055 5504 ============================================================
10:41:04.0071 4836 Detected object count: 0
10:41:04.0071 4836 Actual detected object count: 0
10:41:17.0065 4964 Deinitialize success
|
|
| Themen zu Passwörter wurden ausspioniert |
| acrobat update, adobe, antivir, antivirus, ausspioniert, bho, e-mail, e-mail anhang, explorer, firewall, flash player, g-data, google, hijackthis, internet, internet explorer, kaspersky, logfile, nvidia, object, plug-in, programme, rundll, security, smartbar, software, system, windows |
Linear-Darstellung
