|
Plagegeister aller Art und deren Bekämpfung: Polizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.02.2013, 17:57 | #1 |
| Polizei Trojaner Hallo! Ich habe mir den polizei trojaner eingefangen. Ich habe schon im netz gesucht und div. möglichkeiten probiert. Das einzige was geholfen hat war mit der Systemwiederherstellung, allerdings habe ich mir 20h später den wieder eingefangen! Wer kann mir helfen, kenne mich am PC nicht so gut aus? SG Deepnoise |
21.02.2013, 18:07 | #2 |
/// Malware-holic | Polizei Trojaner hi
__________________keine systemwiederherstellung bei malware! finger weg von illegalen angeboten wie Kinox.to, torrents, und filehostern wo jeder sein zeugs hochladen kann. Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ |
21.02.2013, 18:40 | #3 |
| Polizei Trojaner hi,
__________________habe die systemwiederherstellung bereits gestartet und bin wieder "clean". wie kann ich den nun eleminieren? |
21.02.2013, 19:10 | #4 |
/// Malware-holic | Polizei Trojaner hab ich nicht was zum thema systemwiederherstellung gesagt, entweder du machst das, was hier steht, denn wenn nicht ist das ziemlich sinnlos und ich kann meine Zeit auch besser nutzen... Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.02.2013, 19:56 | #5 |
| Polizei Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.02.2013 19:24:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hubert\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,74% Memory free 3,98 Gb Paging File | 3,01 Gb Available in Paging File | 75,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 99,76 Gb Free Space | 66,98% Space Free | Partition Type: NTFS Drive D: | 4,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HUBERT-PC | User Name: Hubert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.21 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hubert\Downloads\OTL.exe PRC - [2012.12.14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe PRC - [2012.12.14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2012.12.14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2012.07.16 12:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.16 12:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.16 12:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2012.01.23 05:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.01.05 13:51:00 | 000,110,592 | ---- | M] () -- C:\Program Files\IR\shutTask.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.06.26 09:26:42 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe ========== Modules (No Company Name) ========== MOD - [2012.07.24 18:38:26 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3c0633ebbeacf2d66ef3952b50568479\System.Runtime.Remoting.ni.dll MOD - [2012.07.23 21:40:07 | 000,115,137 | ---- | M] () -- C:\Users\Hubert\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.07.23 21:39:27 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\820a9c41552eda4086bb69d66ea61f69\Kies.Theme.ni.dll MOD - [2012.07.23 21:39:27 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\215b7253a4736b11be6c9029fdd9407e\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.07.23 21:39:23 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8fcdd711ed81a2e025ab7132f1ab3d68\Kies.Common.MediaDB.ni.dll MOD - [2012.07.23 21:39:22 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\e4573289d048d9c4609f5f3504ade24c\ASF_cSharpAPI.ni.dll MOD - [2012.07.23 21:39:22 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a32ec8357c3082df93334c3bb70739a5\Kies.Common.StoreManager.ni.dll MOD - [2012.07.23 21:39:21 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3a216b5bfd6604447a4778f970e76836\Kies.Common.AllShare.ni.dll MOD - [2012.07.23 21:39:20 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\48d673e85b6b63aeef616524cd7d1038\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.07.23 21:39:20 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c60ef891df9980725bf0850eb88d95f\AdminCmdAgent.ni.dll MOD - [2012.07.23 21:39:19 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b6a4a18223b463e5d114fb202f643242\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.07.23 21:39:19 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ef585eeb720f6cdb182ef7cf3a7efe1d\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.07.23 21:39:19 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\21576caebf91a28ddd5c7e29cc4e6b8f\Interop.DevFileServiceLib.ni.dll MOD - [2012.07.23 21:39:18 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb4e70fa16ad796a2e57e9764d99aa8a\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.07.23 21:39:16 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\17b0a1e495d5e656d32c6f242fea3d42\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.07.23 21:39:15 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\50ed235d395a159c1b4e66c1a0d6f586\Kies.Common.DeviceService.ni.dll MOD - [2012.07.23 21:39:15 | 000,894,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d3676587281d6def73e70e93cd393184\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.07.23 21:39:12 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\96d1e6d54ad7f1563756cfdc4193869f\Kies.Common.Multimedia.ni.dll MOD - [2012.07.23 21:39:11 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\3a9cd3cd122f88f3b05039548c957aad\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.07.23 21:39:11 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\523823b8e41a4f7de49c3f5600bf1ee5\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.07.23 21:39:11 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\0f88de98bcaa670a7f76224c95b043bd\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.07.23 21:39:10 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\e514f0432aa5a3e17ae4c9b8c200684c\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.07.23 21:39:05 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\db77af205e49681ad412a3b7e452bdb8\Kies.Common.MainUI.ni.dll MOD - [2012.07.23 21:39:03 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\00b28294f0e4b54beaaa9b0117c4d3f3\Kies.Common.DBManager.ni.dll MOD - [2012.07.23 21:39:02 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\8fff053cee17024f78d5009b91e9450e\CabLib.ni.dll MOD - [2012.07.23 21:39:01 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\adc6081b96ada807b858bd7dd6c44b08\System.Management.ni.dll MOD - [2012.07.23 21:39:00 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\662ad64a2947dca9b8af71b9af3d6e3c\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.07.23 21:38:59 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8cef6475318146515e69705b70e6dd18\Kies.UI.ni.dll MOD - [2012.07.23 21:38:59 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\22913c84963c80212a3aaf7b88f85477\Kies.Common.Util.ni.dll MOD - [2012.07.23 21:38:59 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\c77ef9c57125c95b5297267a9d50558a\Interop.DeviceSearchLib.ni.dll MOD - [2012.07.23 21:38:58 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\1e36299d69d10f4d61f3795b697b7903\Kies.Locale.ni.dll MOD - [2012.07.23 21:38:57 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d342cddb8b28a387f714a6b999d9b420\Kies.MVVM.ni.dll MOD - [2012.07.23 21:38:56 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7336853cb03daa5d3673e7004d746e11\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.07.23 21:38:55 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\db6e470b42d820f9c9b0dd412c002442\Kies.Interface.ni.dll MOD - [2012.07.23 21:38:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\af346c0fe31d9b3a7abac8cca476212f\System.ServiceProcess.ni.dll MOD - [2012.07.23 21:38:33 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\342641e4c406d6eab66ab58876212463\System.Runtime.Remoting.ni.dll MOD - [2012.07.23 21:38:27 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b8f8841931a97c3ab2b652f13cfeb295\System.Xaml.ni.dll MOD - [2012.07.23 21:38:27 | 001,690,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\4c82291b5e45e9896aca0342bec5bf34\Kies.ni.exe MOD - [2012.07.23 21:30:00 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\945868a5fd952dcfe3fa4904cbab936a\PresentationFramework.ni.dll MOD - [2012.07.23 21:29:51 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9db16bf8a565eaa6bbb182dcd147cfb6\PresentationFramework.Aero.ni.dll MOD - [2012.07.23 21:29:48 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1020c111f6b4ffeafa3055475e8df7de\System.Windows.Forms.ni.dll MOD - [2012.07.23 21:29:32 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2250dfa714756e8a58db82433c1ae275\System.Drawing.ni.dll MOD - [2012.07.23 21:29:30 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7306f4ac763fc6264804397bc22226e8\PresentationCore.ni.dll MOD - [2012.07.23 21:29:15 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\18ec39f6cef17c8576736b60e0be5131\System.Core.ni.dll MOD - [2012.07.23 21:29:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1e012c88174d0a358d6ee00bf04d840e\System.Configuration.ni.dll MOD - [2012.07.23 21:29:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\11a64ded5d210891688bdef1c54c26e4\System.Xml.ni.dll MOD - [2012.07.23 21:29:01 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\968981974b267a245b7b78393836df5a\WindowsBase.ni.dll MOD - [2012.07.23 21:28:56 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\34b8c9534065b074e4e5228f40310e13\System.ni.dll MOD - [2012.07.23 21:28:47 | 014,409,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\404a37992b5c2de07993795fb48dfc65\mscorlib.ni.dll MOD - [2012.07.16 12:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2010.01.05 13:51:00 | 000,110,592 | ---- | M] () -- C:\Program Files\IR\shutTask.exe MOD - [2010.01.05 13:48:46 | 000,028,672 | ---- | M] () -- C:\Program Files\IR\KeyBoard.dll MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2007.04.19 09:39:08 | 000,436,992 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\FPXLIB.DLL MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll MOD - [2007.04.19 09:29:42 | 000,273,216 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\magengin.dll MOD - [2007.04.19 09:29:38 | 000,187,136 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\kgl.dll ========== Services (SafeList) ========== SRV - [2013.02.09 12:36:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.06 18:37:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.07.08 07:56:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005.11.08 16:25:00 | 000,647,242 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fhgsjlna.sys -- (fhgsjlna) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2013.02.21 18:46:37 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{183E14C0-6B86-4355-87DA-07A9C56B603B}\MpKslf41e0007.sys -- (MpKslf41e0007) DRV - [2012.12.05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2011.11.06 13:02:53 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.12.21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.10.09 14:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.08.31 18:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.10.05 15:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2008.09.22 12:55:36 | 000,514,432 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Ca1528av.sys -- (Ca1528av) DRV - [2008.06.27 15:41:14 | 000,011,648 | ---- | M] (SunPlus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Bulk1528.sys -- (Bulk1528) DRV - [2008.06.02 06:48:58 | 000,221,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.06.08 12:40:28 | 000,076,288 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2at.sys -- (Ser2at) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 47 2E D4 3F 55 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6D559FA2-29C7-4643-ABEB-39F87A474F5A}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "www.vol.at/" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9 FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0 FF - prefs.js..extensions.enabledAddons: %7Bb106b661-3e1b-4015-af5c-195e909f35c6%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.06 09:33:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.21 18:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.21 18:24:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.06 09:33:47 | 000,000,000 | ---D | M] [2012.03.04 21:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Extensions [2012.03.04 21:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.02.21 18:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions [2013.02.21 18:24:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013.02.11 22:15:19 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2012.01.16 22:53:36 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.01.17 07:47:57 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\ffxtlbr@babylon.com [2012.12.11 14:09:38 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\4egm8rk5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.04.17 18:51:20 | 000,000,915 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\4egm8rk5.default\searchplugins\conduit.xml [2012.02.15 19:41:15 | 000,003,915 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\4egm8rk5.default\searchplugins\SweetIM Search.xml [2013.02.21 18:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.02.06 18:37:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.12 12:15:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.03.05 13:33:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.16 22:35:15 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.31 13:26:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.05 13:33:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.05 13:33:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.05 13:33:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.05 13:33:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [shutTask] C:\Program Files\IR\shutTask.exe () O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Download-Version\Trayserver_DE.exe (MAGIX AG) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hubert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{670B1780-EA46-459B-BE03-B22C120EC449}: NameServer = 194.48.139.254 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A949BA0A-2196-4937-8EBB-6148CD362B4D}: DhcpNameServer = 192.168.0.254 213.33.99.70 80.120.17.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7299537-AE19-40D6-B355-ABF324C78627}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 22:41:16 | 000,000,000 | ---D | C] -- C:\Users\Hubert\Hubi Feuerwerk [2013.02.12 20:48:30 | 000,000,000 | ---D | C] -- C:\Cobra [2013.02.10 10:47:13 | 000,000,000 | ---D | C] -- C:\Users\Hubert\Desktop\Allerlei [2013.02.10 10:34:57 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Roaming\ICAClient [2013.02.10 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix [2013.02.10 10:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix [2013.02.10 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\Citrix [2013.02.10 10:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2013.02.06 18:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.24 23:42:58 | 000,168,960 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys [2013.01.24 23:42:58 | 000,085,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2013.01.24 23:42:58 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2013.01.24 23:42:58 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2013.01.24 23:42:58 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2013.01.24 23:42:48 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2013.01.24 23:42:48 | 000,208,896 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2013.01.24 23:42:48 | 000,106,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2013.01.24 23:42:48 | 000,027,136 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2013.01.24 23:42:48 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.01.24 23:42:36 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2013.01.24 23:42:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{682BBE20-A9D0-4FC5-B965-BCFB5E5B4CF4} [2013.01.24 23:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\A1 Dashboard [2013.01.24 23:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1 [1 C:\Users\Hubert\Desktop\*.tmp files -> C:\Users\Hubert\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.21 19:20:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.21 18:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.21 18:33:25 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 18:33:25 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 18:29:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.21 18:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.21 18:25:19 | 1603,039,232 | -HS- | M] () -- C:\hiberfil.sys [2013.02.21 18:12:33 | 095,023,320 | ---- | M] () -- C:\ProgramData\5248351.pad [2013.02.20 15:41:55 | 095,023,320 | ---- | M] () -- C:\ProgramData\3939281.pad [2013.02.12 19:03:44 | 000,000,292 | ---- | M] () -- C:\Users\Hubert\Desktop\Cobra.csv [2013.02.12 17:17:01 | 095,023,320 | ---- | M] () -- C:\ProgramData\3998058.pad [2013.02.11 22:47:52 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.11 22:47:52 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.11 22:47:52 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.11 22:47:52 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.10 11:06:21 | 000,287,178 | ---- | M] () -- C:\Users\Hubert\Desktop\COBRA18R2CreatingandUploadingScripts.pdf [2013.01.24 23:44:04 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\A1 Dashboard.lnk [1 C:\Users\Hubert\Desktop\*.tmp files -> C:\Users\Hubert\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.21 15:09:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\5248351.pad [2013.02.20 13:14:31 | 095,023,320 | ---- | C] () -- C:\ProgramData\3939281.pad [2013.02.12 19:02:40 | 000,000,292 | ---- | C] () -- C:\Users\Hubert\Desktop\Cobra.csv [2013.02.12 17:16:05 | 095,023,320 | ---- | C] () -- C:\ProgramData\3998058.pad [2013.02.10 11:06:16 | 000,287,178 | ---- | C] () -- C:\Users\Hubert\Desktop\COBRA18R2CreatingandUploadingScripts.pdf [2013.02.10 10:35:14 | 000,001,524 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk [2013.01.24 23:42:30 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\A1 Dashboard.lnk [2012.07.24 05:54:02 | 000,004,608 | ---- | C] () -- C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.26 15:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.11.06 13:03:06 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2011.07.12 18:18:36 | 000,000,000 | ---- | C] () -- C:\Users\Hubert\AppData\Local\{2256EA86-E15A-4558-90C3-A909563513CB} [2011.07.11 10:16:46 | 000,014,115 | ---- | C] () -- C:\Windows\twspmm.ini [2011.06.19 09:37:41 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI [2011.06.05 09:38:00 | 000,000,000 | ---- | C] () -- C:\Users\Hubert\AppData\Local\{9640088A-663F-4F8A-A2B3-27F3EE562DAF} ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.12.08 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Amazon [2012.02.27 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\AnvSoft [2012.01.17 07:47:57 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Audacity [2012.01.16 22:35:13 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Babylon [2012.11.27 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\DVDVideoSoft [2012.11.27 16:53:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.04 00:21:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\EurekaLog [2013.02.21 18:24:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Foxit Software [2010.12.04 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\GetRightToGo [2013.02.10 10:34:58 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ICAClient [2012.07.25 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\MAGIX [2012.07.23 21:39:49 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Samsung [2012.03.04 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\TomTom ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.05.01 21:46:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.02.20 18:05:11 | 000,000,000 | ---D | M] -- C:\Cobra [2013.02.10 11:20:02 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.07.01 08:51:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.01.04 15:29:17 | 000,000,000 | ---D | M] -- C:\EasyMaster [2012.12.07 09:43:21 | 000,000,000 | ---D | M] -- C:\Explo [2012.01.21 10:23:14 | 000,000,000 | ---D | M] -- C:\MAGIX [2010.07.08 19:52:44 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.21 18:24:04 | 000,000,000 | ---D | M] -- C:\Program Files [2013.02.21 18:19:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.07.01 08:51:00 | 000,000,000 | -HSD | M] -- C:\Programme [2010.07.01 08:51:00 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.01.04 15:28:25 | 000,000,000 | ---D | M] -- C:\Stepper [2013.02.21 19:28:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.07.24 05:52:44 | 000,000,000 | ---D | M] -- C:\Temp [2011.01.31 21:18:44 | 000,000,000 | R--D | M] -- C:\Users [2013.02.21 18:25:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010.07.09 19:17:16 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.07.09 19:17:17 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.09.13 21:25:00 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.21 19:44:57 | 002,883,584 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat [2013.02.21 19:44:56 | 000,262,144 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat.LOG1 [2010.07.01 08:51:08 | 000,000,000 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat.LOG2 [2012.01.17 08:13:24 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{00fd6414-40d4-11e1-8ed6-002186cd9e87}.TM.blf [2012.01.17 08:13:23 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{00fd6414-40d4-11e1-8ed6-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2012.01.17 08:13:24 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{00fd6414-40d4-11e1-8ed6-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2011.06.10 12:40:34 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{0ec7a90a-9355-11e0-a4ff-002186cd9e87}.TM.blf [2011.06.10 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{0ec7a90a-9355-11e0-a4ff-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2011.06.10 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{0ec7a90a-9355-11e0-a4ff-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2012.02.15 22:18:32 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{20c3eacc-5806-11e1-8505-002186cd9e87}.TM.blf [2012.02.15 22:18:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{20c3eacc-5806-11e1-8505-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2012.02.15 22:18:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{20c3eacc-5806-11e1-8505-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2013.02.21 18:29:03 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{32c9c45c-7c4a-11e2-9aa7-8b2f95820e95}.TM.blf [2013.02.21 18:29:03 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{32c9c45c-7c4a-11e2-9aa7-8b2f95820e95}.TMContainer00000000000000000001.regtrans-ms [2013.02.21 18:29:03 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{32c9c45c-7c4a-11e2-9aa7-8b2f95820e95}.TMContainer00000000000000000002.regtrans-ms [2011.01.31 21:49:33 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{469b38b4-2d75-11e0-9fad-002186cd9e87}.TM.blf [2011.01.31 21:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{469b38b4-2d75-11e0-9fad-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2011.01.31 21:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{469b38b4-2d75-11e0-9fad-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2010.07.01 14:34:00 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.07.01 14:34:00 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.07.01 14:34:00 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.08.07 21:36:25 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{85566f51-c130-11e0-b8c9-002186cd9e87}.TM.blf [2011.08.07 21:36:25 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{85566f51-c130-11e0-b8c9-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2011.08.07 21:36:25 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{85566f51-c130-11e0-b8c9-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2012.01.12 23:02:55 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{9688b807-3d36-11e1-b753-002186cd9e87}.TM.blf [2012.01.12 23:02:55 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{9688b807-3d36-11e1-b753-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2012.01.12 23:02:55 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{9688b807-3d36-11e1-b753-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2011.01.31 19:59:31 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{97c4e683-2d61-11e0-aa75-002186cd9e87}.TM.blf [2011.01.31 19:59:31 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{97c4e683-2d61-11e0-aa75-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2011.01.31 19:59:31 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{97c4e683-2d61-11e0-aa75-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2011.09.05 21:28:51 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e89a93e0-d7f3-11e0-ac81-002186cd9e87}.TM.blf [2011.09.05 21:28:51 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e89a93e0-d7f3-11e0-ac81-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2011.09.05 21:28:51 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e89a93e0-d7f3-11e0-ac81-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2013.02.20 19:00:09 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e8c57afd-7b7e-11e2-a69d-e13732fb0795}.TM.blf [2013.02.20 19:00:08 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e8c57afd-7b7e-11e2-a69d-e13732fb0795}.TMContainer00000000000000000001.regtrans-ms [2013.02.20 19:00:08 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e8c57afd-7b7e-11e2-a69d-e13732fb0795}.TMContainer00000000000000000002.regtrans-ms [2011.07.27 21:45:07 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{ee5c391d-b881-11e0-b84f-002186cd9e87}.TM.blf [2011.07.27 21:45:07 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{ee5c391d-b881-11e0-b84f-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2011.07.27 21:45:07 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{ee5c391d-b881-11e0-b84f-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2012.03.08 23:04:42 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{f842589a-695a-11e1-a9b1-002186cd9e87}.TM.blf [2012.03.08 23:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{f842589a-695a-11e1-a9b1-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms [2012.03.08 23:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{f842589a-695a-11e1-a9b1-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms [2010.07.01 08:51:09 | 000,000,020 | -HS- | M] () -- C:\Users\Hubert\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.02.2013 19:24:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hubert\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,74% Memory free 3,98 Gb Paging File | 3,01 Gb Available in Paging File | 75,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 99,76 Gb Free Space | 66,98% Space Free | Partition Type: NTFS Drive D: | 4,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HUBERT-PC | User Name: Hubert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03D0FE71-992C-4FCC-915A-BF00A2C5742A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{15C9823D-DD77-4D6D-9433-746C3A60BF06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1917F0B8-0D14-430B-B24B-625EF119AB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{26EFCE51-E6DC-48C0-8AEB-6AAAA1D27A0E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{29909F03-9463-4348-B35D-B9FE383E3D41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3246CE36-8A76-45D4-AD9A-EAEE7AD0709E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{37CB36FF-89BC-490F-801A-715CEB017924}" = lport=138 | protocol=17 | dir=in | app=system | "{3BECBF95-E376-4299-B794-7E04EA896523}" = rport=139 | protocol=6 | dir=out | app=system | "{3C10E680-0DD4-425F-9CC6-672E66230C81}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{413D5B3F-DAA7-43D5-B75F-2B63BD04536B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{46738151-7514-45BE-BE08-4EBE84B1B03D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{474250F9-D6BF-4456-91AD-9FB527E93529}" = lport=139 | protocol=6 | dir=in | app=system | "{50A41919-F27B-42EB-BFC0-9B44C46B852A}" = lport=10243 | protocol=6 | dir=in | app=system | "{56DD21A0-DA07-4602-9FE0-02A2C5494B5E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{65F8226E-1270-40E4-965C-3A07E6BC390A}" = lport=2869 | protocol=6 | dir=in | app=system | "{695677B4-3BE7-44D2-BB8B-B2BD2C3FB7D6}" = rport=445 | protocol=6 | dir=out | app=system | "{75129D86-F8B7-42B5-A631-7F28563F3A87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{757C24FB-E9AC-454A-B37E-E6A537120C51}" = lport=137 | protocol=17 | dir=in | app=system | "{76BBD9F7-8EAB-40A3-9C3E-7D5EAAE0EDBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{82385117-9152-40C9-95AD-DD5324E8623A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{83A1CC0F-7B4A-416D-B308-145C291D6B3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{907795E8-6627-499C-8F95-3F0A33ADF634}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9A8F1349-8B0D-4910-90DE-1FBC3DBAAB30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A49616B4-2C12-4DFD-BF6F-58CFFF6BA239}" = rport=138 | protocol=17 | dir=out | app=system | "{B5349581-2910-40DC-96DA-46EED7C75E59}" = lport=445 | protocol=6 | dir=in | app=system | "{C1BFAB18-13F8-460B-9209-A9A5A0890CB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D099BEC4-9C5F-4014-9FDD-35E060C0C41B}" = rport=10243 | protocol=6 | dir=out | app=system | "{DA8E3D46-4CD3-41BD-A9C9-C967F2BD2F11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DF5F63DE-6B62-48FD-AB96-56E1B66C8494}" = rport=137 | protocol=17 | dir=out | app=system | "{E8873315-AAF0-4708-AC50-14C1B9FED496}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ED219A9C-2AAD-448E-B905-1867C057946E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BF5681-3806-4A03-BCDC-F392AF5E228B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{00CFC3EB-E580-4939-AD9C-755CB6C59E42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0E84E032-928C-4137-924D-4DEA9F901673}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{12E84F01-EB8B-405A-8745-79F66056153E}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | "{1BA0E9B2-32A9-41AD-99B8-D7FF7F9E868A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{23519E9C-4264-4B72-BDE6-BEAB3704360D}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | "{279D1E26-86A9-4B10-9401-A8F849D55FFB}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{27FEEBC1-8411-4282-82C2-AFAC67C4584C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{28298982-A5CC-47B2-833B-CBB45631DBF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{28BFFACA-2C5E-494A-AD09-55821BAD1392}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2BE98375-9BEF-44DA-9E6C-F91990A038C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2F2DFF1C-8260-421B-A5DE-42562E2F8669}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{334D3564-D877-451C-807E-DD67ABC4085D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{359FD3EE-262E-40E2-A9B3-5B40090526C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{3904CA55-C560-41A5-8EC6-0A6D0DF1456B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{590F96E0-EF71-45AD-9E09-22777FAA5361}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{661DBF7A-3083-4EF7-A1DF-70C5DF5895B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{6FFE1669-E1B4-443F-8BBA-6F5FE154FB66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{771F2FAC-8A4D-4682-A7CA-4842A1BBE7EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{77737010-A4C3-4C9B-A49C-D31FF65F75DB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{7F9C0B20-2CE1-40D4-80BD-6BFDB9F2F897}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{81075B8B-3AF5-4559-9BCE-2E91D1E204A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{85FBDAB9-DCFF-4E89-A0F9-E257C33B4948}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{9BE582FD-C82A-44B0-A059-9ACE9A2BE38E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{A452D7BA-669B-4817-AC79-C150872C7EE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB38E881-F0E8-414A-AAAE-F608B13D9CF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AFF43A1A-22AF-4497-BE5A-6FBA7A267965}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{B20DFB0F-B5C3-4C83-9030-B86B266639AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{B58B3E5A-8D9B-46BE-92D2-E2F7ACC9941E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C6251D8A-FE5E-4244-BBA8-EB89AB43F157}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C9D20864-DB36-4BCF-BA6B-21A00D666B30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CE710942-E567-47B8-AF0F-77CE2139F224}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{DAE5D694-9B36-408B-A77C-FD66BE4FD3BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{E0F92180-9797-45F6-B09D-A4951D20849D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E175A11B-7C44-4C43-98B3-79E12187E30E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E4BF7C78-BF57-45E8-B23E-45EBB9ADF18D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9EB81C5-F8B5-4879-9BE8-DBD1126FAC85}" = protocol=6 | dir=out | app=system | "{FD6DC366-8C85-4762-849E-1B119BE6ADC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{1DB8AC31-3567-4D11-A46E-230D6B810901}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{72633015-783B-4C58-BD75-CDDBCBE97D81}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{799D3008-D1AE-4232-85AD-D5262C3205C7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{9F1CA2D6-00A2-48C3-9A71-ACC4BCF9CD20}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0E8DC723-F1CD-424A-96CC-12428E7A1B4B}" = Citrix Receiver (HDX Flash-Umleitung) "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{23C08587-19F4-4BBC-9078-26CF8EB02256}" = PL-2303 Vista Driver Installer-ATEN "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3068513C-3AAC-410B-BAE7-C7837FFF8DEB}" = Citrix Receiver (USB) "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7468ACCE-6FA8-4794-90B9-C28BD9CC79DD}" = Citrix Receiver Updater "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}" = Online Plug-in "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D431014-9F90-4335-A58E-8A14B0BD77F1}" = Citrix Receiver Inside "{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAABD901-01A2-49B3-B650-2E13E7640441}" = MAGIX Music Maker Techno Edition 4 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B04D7083-F906-4369-9AA5-DFCC98A05CD9}" = MAGIX Video deluxe MX Download-Version "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B92051A3-3ABB-4A26-A615-2298BE7CBC28}" = Citrix Authentication Manager "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BFD631C4-FBB5-4AC5-B807-9137B265628C}" = MAGIX Speed burnR (MSI) "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D29DDA9B-FE05-48F1-A9D1-F6346A0A301A}" = Citrix Receiver (DV) "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min "{E3A60962-B768-4EA3-B0B6-DA671276B81A}" = Citrix Receiver(Aero) "{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6 "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = UC-232A USB-to-Serial "{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}" = Self-Service Plug-in "{F6BC20A5-3C48-4675-BDE6-E2E6FED30B9D}" = IRRecevie "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "A1 Dashboard" = A1 Dashboard "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Any Video Converter_is1" = Any Video Converter 3.3.4 "CitrixOnlinePluginPackWeb" = Citrix Receiver "CNXT_AUDIO_HDA" = Conexant HD Audio "DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar "EasyMaster" = EasyMaster v1.0.0.55 "FormatFactory" = FormatFactory 2.90 "Foxit Reader_is1" = Foxit Reader 5.1 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "MAGIX Speed burnR D" = MAGIX Speed burnR "MAGIX_MSI_mm17_techno_edition_4" = MAGIX Music Maker Techno Edition 4 "MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX Download-Version "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "mp3-2-wav" = mp3-2-wav converter 1.14 "Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0 "Shop for HP Supplies" = Shop for HP Supplies "ShowCreator" = ShowCreator v4.2.9 "ShowCreator 3.0" = ShowCreator 3.0 v3.5.2 "ShowCreator 4.0" = ShowCreator 4.0 v4.0.1 "Stepper" = Stepper v4.0.1 "TomTom HOME" = TomTom HOME 2.8.3.2499 "TVWiz" = Intel(R) TV Wizard "VLC media player" = VLC media player 1.1.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.12.2011 12:58:08 | Computer Name = Hubert-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1268 Startzeit: 01ccc3ef41fdea2f Endzeit: 31 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: c764d323-2fe2-11e1-ae5a-002186cd9e87 [ Media Center Events ] Error - 16.04.2012 16:41:38 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 22:41:38 - Fehler beim Herstellen der Internetverbindung. 22:41:38 - Serververbindung konnte nicht hergestellt werden.. Error - 16.04.2012 16:41:54 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 22:41:44 - Fehler beim Herstellen der Internetverbindung. 22:41:44 - Serververbindung konnte nicht hergestellt werden.. Error - 03.12.2012 18:54:34 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 23:54:34 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 03.12.2012 18:55:17 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 23:55:16 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 03.12.2012 18:55:17 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 23:55:17 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 03.12.2012 18:55:25 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 23:55:17 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 10.12.2012 17:47:49 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 22:47:49 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 10.12.2012 17:48:26 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 22:48:14 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 10.12.2012 17:48:53 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 22:48:41 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 10.12.2012 17:49:16 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0 Description = 22:49:10 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) [ System Events ] Error - 21.02.2013 13:15:10 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD CSC ctxusbm DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error - 21.02.2013 13:15:46 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 21.02.2013 13:15:53 | Computer Name = Hubert-PC | Source = DCOM | ID = 10005 Description = Error - 21.02.2013 13:17:10 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126 Error - 21.02.2013 13:17:10 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2003 Description = Fehler in %%860 beim Aktualisieren des Moduls. Neue Modulversion: 1.1.6802.0 Vorherige Modulversion: Modultyp: %%802 Benutzer: NT-AUTORITÄT\SYSTEM Fehlercode: 0x80070666 Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2001 Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion: 1.131.1006.0 Vorherige Signaturversion: Aktualisierungsquelle: %%817 Aktualisierungsstufe: %%854 Quellpfad: Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.6802.0 Vorherige Modulversion: Fehlercode: 0x80070666 Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2001 Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion: 1.131.1006.0 Vorherige Signaturversion: Aktualisierungsquelle: %%817 Aktualisierungsstufe: %%854 Quellpfad: Signaturtyp: %%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.6802.0 Vorherige Modulversion: Fehlercode: 0x80070666 Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2004 Description = Fehler in %%860 beim Laden von Signaturen. Es wird versucht, einen bekannten Signatursatz wiederherzustellen. Versuchte Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. Signaturversion: 0.0.0.0;0.0.0.0 Modulversion: 0.0.0.0 Error - 21.02.2013 13:25:55 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058 < End of report > |
21.02.2013, 19:59 | #6 |
/// Malware-holic | Polizei Trojaner Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe :files :Commands [emptytemp]
__________________ --> Polizei Trojaner |
21.02.2013, 20:15 | #7 |
| Polizei Trojaner All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CitrixReceiver deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33bd188e-fb20-11df-b52a-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33bd188e-fb20-11df-b52a-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3561440c-dec3-11df-a849-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3561440c-dec3-11df-a849-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35614435-dec3-11df-a849-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35614435-dec3-11df-a849-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffa94-2e37-11e0-887d-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffa94-2e37-11e0-887d-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffabb-2e37-11e0-887d-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffabb-2e37-11e0-887d-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e548575-88ab-11e1-93af-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e548575-88ab-11e1-93af-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0139800-f738-11df-95ff-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0139800-f738-11df-95ff-002186cd9e87}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df945751-08e2-11e2-a249-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df945751-08e2-11e2-a249-002186cd9e87}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6703d6d-3304-11e0-a186-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6703d6d-3304-11e0-a186-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a3600-e2af-11df-b851-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a3600-e2af-11df-b851-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a360d-e2af-11df-b851-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a360d-e2af-11df-b851-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107634-666f-11e2-a20d-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107634-666f-11e2-a20d-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff10763f-666f-11e2-a20d-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff10763f-666f-11e2-a20d-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107660-666f-11e2-a20d-002186cd9e87}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107660-666f-11e2-a20d-002186cd9e87}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\AutoRun.exe not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 56271 bytes ->Temporary Internet Files folder emptied: 32843 bytes ->FireFox cache emptied: 54109 bytes User: Hubert ->Temp folder emptied: 930274927 bytes ->Temporary Internet Files folder emptied: 11208596 bytes ->Java cache emptied: 1491832 bytes ->FireFox cache emptied: 174523413 bytes ->Flash cache emptied: 17954 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 416092690 bytes RecycleBin emptied: 3437954481 bytes Total Files Cleaned = 4.741,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02212013_200649 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
22.02.2013, 15:15 | #8 |
/// Malware-holic | Polizei Trojaner Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.02.2013, 16:23 | #9 |
| Polizei Trojaner 16:21:06.0371 0180 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 16:21:06.0601 0180 ============================================================ 16:21:06.0601 0180 Current date / time: 2013/02/22 16:21:06.0601 16:21:06.0601 0180 SystemInfo: 16:21:06.0601 0180 16:21:06.0601 0180 OS Version: 6.1.7600 ServicePack: 0.0 16:21:06.0601 0180 Product type: Workstation 16:21:06.0601 0180 ComputerName: HUBERT-PC 16:21:06.0601 0180 UserName: Hubert 16:21:06.0601 0180 Windows directory: C:\Windows 16:21:06.0601 0180 System windows directory: C:\Windows 16:21:06.0601 0180 Processor architecture: Intel x86 16:21:06.0601 0180 Number of processors: 2 16:21:06.0601 0180 Page size: 0x1000 16:21:06.0601 0180 Boot type: Normal boot 16:21:06.0601 0180 ============================================================ 16:21:08.0651 0180 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:21:08.0651 0180 ============================================================ 16:21:08.0651 0180 \Device\Harddisk0\DR0: 16:21:08.0651 0180 MBR partitions: 16:21:08.0651 0180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:21:08.0651 0180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800 16:21:08.0651 0180 ============================================================ 16:21:08.0661 0180 C: <-> \Device\Harddisk0\DR0\Partition2 16:21:08.0661 0180 ============================================================ 16:21:08.0661 0180 Initialize success 16:21:08.0661 0180 ============================================================ 16:21:27.0351 6032 ============================================================ 16:21:27.0351 6032 Scan started 16:21:27.0351 6032 Mode: Manual; 16:21:27.0351 6032 ============================================================ 16:21:27.0721 6032 ================ Scan system memory ======================== 16:21:27.0721 6032 System memory - ok 16:21:27.0721 6032 ================ Scan services ============================= 16:21:28.0121 6032 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 16:21:28.0121 6032 1394ohci - ok 16:21:28.0311 6032 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 16:21:28.0321 6032 ACDaemon - ok 16:21:28.0371 6032 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 16:21:28.0371 6032 ACPI - ok 16:21:28.0431 6032 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 16:21:28.0431 6032 AcpiPmi - ok 16:21:28.0521 6032 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:21:28.0531 6032 AdobeFlashPlayerUpdateSvc - ok 16:21:28.0601 6032 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 16:21:28.0611 6032 adp94xx - ok 16:21:28.0631 6032 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 16:21:28.0641 6032 adpahci - ok 16:21:28.0651 6032 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 16:21:28.0651 6032 adpu320 - ok 16:21:28.0691 6032 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:21:28.0701 6032 AeLookupSvc - ok 16:21:28.0791 6032 [ E3F08935158038D385AD382442F4BB2D ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys 16:21:28.0811 6032 AF15BDA - ok 16:21:28.0891 6032 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys 16:21:28.0891 6032 Afc - ok 16:21:28.0971 6032 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys 16:21:28.0971 6032 AFD - ok 16:21:29.0001 6032 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 16:21:29.0001 6032 agp440 - ok 16:21:29.0061 6032 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 16:21:29.0061 6032 aic78xx - ok 16:21:29.0121 6032 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 16:21:29.0131 6032 ALG - ok 16:21:29.0181 6032 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 16:21:29.0181 6032 aliide - ok 16:21:29.0191 6032 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys 16:21:29.0191 6032 amdagp - ok 16:21:29.0221 6032 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys 16:21:29.0221 6032 amdide - ok 16:21:29.0251 6032 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 16:21:29.0261 6032 AmdK8 - ok 16:21:29.0261 6032 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 16:21:29.0271 6032 AmdPPM - ok 16:21:29.0351 6032 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:21:29.0351 6032 amdsata - ok 16:21:29.0411 6032 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 16:21:29.0421 6032 amdsbs - ok 16:21:29.0441 6032 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:21:29.0441 6032 amdxata - ok 16:21:29.0491 6032 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys 16:21:29.0491 6032 androidusb - ok 16:21:29.0531 6032 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 16:21:29.0541 6032 AppID - ok 16:21:29.0601 6032 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:21:29.0601 6032 AppIDSvc - ok 16:21:29.0611 6032 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 16:21:29.0621 6032 Appinfo - ok 16:21:29.0721 6032 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 16:21:29.0721 6032 AppMgmt - ok 16:21:29.0731 6032 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 16:21:29.0731 6032 arc - ok 16:21:29.0761 6032 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 16:21:29.0761 6032 arcsas - ok 16:21:29.0801 6032 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:21:29.0801 6032 AsyncMac - ok 16:21:29.0811 6032 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys 16:21:29.0811 6032 atapi - ok 16:21:29.0971 6032 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys 16:21:30.0031 6032 athr - ok 16:21:30.0111 6032 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:21:30.0131 6032 AudioEndpointBuilder - ok 16:21:30.0141 6032 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:21:30.0151 6032 Audiosrv - ok 16:21:30.0191 6032 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:21:30.0191 6032 AxInstSV - ok 16:21:30.0261 6032 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 16:21:30.0271 6032 b06bdrv - ok 16:21:30.0321 6032 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 16:21:30.0331 6032 b57nd60x - ok 16:21:30.0451 6032 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE 16:21:30.0451 6032 BBSvc - ok 16:21:30.0481 6032 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 16:21:30.0481 6032 BDESVC - ok 16:21:30.0501 6032 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 16:21:30.0501 6032 Beep - ok 16:21:30.0551 6032 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 16:21:30.0571 6032 BFE - ok 16:21:30.0621 6032 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll 16:21:30.0641 6032 BITS - ok 16:21:30.0661 6032 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:21:30.0661 6032 blbdrive - ok 16:21:30.0691 6032 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:21:30.0691 6032 bowser - ok 16:21:30.0701 6032 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:21:30.0701 6032 BrFiltLo - ok 16:21:30.0711 6032 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:21:30.0711 6032 BrFiltUp - ok 16:21:30.0771 6032 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll 16:21:30.0771 6032 Browser - ok 16:21:30.0791 6032 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:21:30.0801 6032 Brserid - ok 16:21:30.0821 6032 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:21:30.0841 6032 BrSerWdm - ok 16:21:30.0851 6032 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:21:30.0851 6032 BrUsbMdm - ok 16:21:30.0861 6032 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:21:30.0861 6032 BrUsbSer - ok 16:21:30.0911 6032 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 16:21:30.0911 6032 BthEnum - ok 16:21:30.0921 6032 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 16:21:30.0931 6032 BTHMODEM - ok 16:21:30.0971 6032 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 16:21:30.0971 6032 BthPan - ok 16:21:31.0031 6032 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 16:21:31.0031 6032 BTHPORT - ok 16:21:31.0081 6032 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 16:21:31.0081 6032 bthserv - ok 16:21:31.0121 6032 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 16:21:31.0121 6032 BTHUSB - ok 16:21:31.0181 6032 [ ED1D7546E84A3EBD7F6E900DE73CF390 ] Bulk1528 C:\Windows\system32\Drivers\Bulk1528.sys 16:21:31.0191 6032 Bulk1528 - ok 16:21:31.0261 6032 [ FF20092469A416AD28D7F5E88D9C4E84 ] Ca1528av C:\Windows\system32\Drivers\Ca1528av.sys 16:21:31.0321 6032 Ca1528av - ok 16:21:31.0371 6032 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:21:31.0391 6032 cdfs - ok 16:21:31.0451 6032 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:21:31.0451 6032 cdrom - ok 16:21:31.0501 6032 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 16:21:31.0511 6032 CertPropSvc - ok 16:21:31.0531 6032 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 16:21:31.0531 6032 circlass - ok 16:21:31.0551 6032 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 16:21:31.0551 6032 CLFS - ok 16:21:31.0661 6032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:21:31.0671 6032 clr_optimization_v2.0.50727_32 - ok 16:21:31.0751 6032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:21:31.0751 6032 clr_optimization_v4.0.30319_32 - ok 16:21:31.0791 6032 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:21:31.0791 6032 CmBatt - ok 16:21:31.0811 6032 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 16:21:31.0811 6032 cmdide - ok 16:21:31.0861 6032 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys 16:21:31.0861 6032 CNG - ok 16:21:31.0921 6032 [ 58BC03301EC3052F866532946BF51AD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys 16:21:31.0921 6032 CnxtHdAudService - ok 16:21:31.0981 6032 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:21:31.0981 6032 Compbatt - ok 16:21:32.0021 6032 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 16:21:32.0021 6032 CompositeBus - ok 16:21:32.0051 6032 COMSysApp - ok 16:21:32.0091 6032 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 16:21:32.0091 6032 crcdisk - ok 16:21:32.0161 6032 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:21:32.0161 6032 CryptSvc - ok 16:21:32.0211 6032 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys 16:21:32.0211 6032 CSC - ok 16:21:32.0241 6032 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll 16:21:32.0261 6032 CscService - ok 16:21:32.0331 6032 [ ECDB9665937F737A7AB26390A6C68573 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 16:21:32.0371 6032 ctxusbm - ok 16:21:32.0451 6032 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 16:21:32.0461 6032 DcomLaunch - ok 16:21:32.0501 6032 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 16:21:32.0511 6032 defragsvc - ok 16:21:32.0561 6032 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:21:32.0571 6032 DfsC - ok 16:21:32.0601 6032 dgderdrv - ok 16:21:32.0661 6032 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 16:21:32.0661 6032 Dhcp - ok 16:21:32.0701 6032 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 16:21:32.0701 6032 discache - ok 16:21:32.0771 6032 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 16:21:32.0791 6032 Disk - ok 16:21:32.0811 6032 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:21:32.0821 6032 Dnscache - ok 16:21:32.0841 6032 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll 16:21:32.0841 6032 dot3svc - ok 16:21:32.0901 6032 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 16:21:32.0911 6032 Dot4 - ok 16:21:32.0951 6032 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 16:21:32.0951 6032 Dot4Print - ok 16:21:33.0001 6032 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 16:21:33.0001 6032 dot4usb - ok 16:21:33.0031 6032 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 16:21:33.0031 6032 DPS - ok 16:21:33.0071 6032 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:21:33.0071 6032 drmkaud - ok 16:21:33.0121 6032 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:21:33.0141 6032 DXGKrnl - ok 16:21:33.0161 6032 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 16:21:33.0161 6032 EapHost - ok 16:21:33.0301 6032 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 16:21:33.0391 6032 ebdrv - ok 16:21:33.0451 6032 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe 16:21:33.0461 6032 EFS - ok 16:21:33.0611 6032 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:21:33.0621 6032 ehRecvr - ok 16:21:33.0661 6032 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 16:21:33.0661 6032 ehSched - ok 16:21:33.0721 6032 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 16:21:33.0741 6032 elxstor - ok 16:21:33.0751 6032 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 16:21:33.0751 6032 ErrDev - ok 16:21:33.0821 6032 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 16:21:33.0851 6032 EventSystem - ok 16:21:33.0931 6032 [ 95BCB4321962028799EB2EA53319BB0C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 16:21:33.0941 6032 ewusbnet - ok 16:21:34.0001 6032 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 16:21:34.0001 6032 ew_hwusbdev - ok 16:21:34.0041 6032 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 16:21:34.0041 6032 exfat - ok 16:21:34.0141 6032 Fabs - ok 16:21:34.0171 6032 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:21:34.0171 6032 fastfat - ok 16:21:34.0271 6032 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 16:21:34.0291 6032 Fax - ok 16:21:34.0311 6032 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:21:34.0311 6032 fdc - ok 16:21:34.0341 6032 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 16:21:34.0341 6032 fdPHost - ok 16:21:34.0351 6032 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 16:21:34.0361 6032 FDResPub - ok 16:21:34.0391 6032 fhgsjlna - ok 16:21:34.0411 6032 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:21:34.0421 6032 FileInfo - ok 16:21:34.0431 6032 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:21:34.0431 6032 Filetrace - ok 16:21:34.0651 6032 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 16:21:34.0771 6032 FirebirdServerMAGIXInstance - ok 16:21:34.0791 6032 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:21:34.0791 6032 flpydisk - ok 16:21:34.0831 6032 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:21:34.0841 6032 FltMgr - ok 16:21:34.0891 6032 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll 16:21:34.0911 6032 FontCache - ok 16:21:34.0981 6032 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:21:34.0991 6032 FontCache3.0.0.0 - ok 16:21:35.0011 6032 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:21:35.0011 6032 FsDepends - ok 16:21:35.0051 6032 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:21:35.0061 6032 Fs_Rec - ok 16:21:35.0121 6032 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:21:35.0121 6032 fvevol - ok 16:21:35.0161 6032 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 16:21:35.0161 6032 gagp30kx - ok 16:21:35.0211 6032 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 16:21:35.0231 6032 gpsvc - ok 16:21:35.0351 6032 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 16:21:35.0361 6032 gupdate - ok 16:21:35.0381 6032 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 16:21:35.0381 6032 gupdatem - ok 16:21:35.0411 6032 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:21:35.0421 6032 hcw85cir - ok 16:21:35.0461 6032 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:21:35.0471 6032 HdAudAddService - ok 16:21:35.0521 6032 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:21:35.0531 6032 HDAudBus - ok 16:21:35.0541 6032 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 16:21:35.0541 6032 HidBatt - ok 16:21:35.0551 6032 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 16:21:35.0561 6032 HidBth - ok 16:21:35.0601 6032 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 16:21:35.0601 6032 HidIr - ok 16:21:35.0631 6032 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 16:21:35.0641 6032 hidserv - ok 16:21:35.0711 6032 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:21:35.0711 6032 HidUsb - ok 16:21:35.0741 6032 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:21:35.0741 6032 hkmsvc - ok 16:21:35.0761 6032 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:21:35.0761 6032 HomeGroupListener - ok 16:21:35.0791 6032 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:21:35.0801 6032 HomeGroupProvider - ok 16:21:35.0961 6032 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 16:21:35.0971 6032 hpqcxs08 - ok 16:21:36.0011 6032 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 16:21:36.0011 6032 hpqddsvc - ok 16:21:36.0061 6032 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 16:21:36.0061 6032 HpSAMD - ok 16:21:36.0151 6032 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 16:21:36.0161 6032 HPSLPSVC - ok 16:21:36.0211 6032 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:21:36.0221 6032 HTTP - ok 16:21:36.0291 6032 [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys 16:21:36.0291 6032 huawei_enumerator - ok 16:21:36.0391 6032 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 16:21:36.0391 6032 hwdatacard - ok 16:21:36.0421 6032 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:21:36.0421 6032 hwpolicy - ok 16:21:36.0461 6032 hwusbdev - ok 16:21:36.0501 6032 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:21:36.0501 6032 i8042prt - ok 16:21:36.0551 6032 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:21:36.0551 6032 iaStorV - ok 16:21:36.0621 6032 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:21:36.0641 6032 idsvc - ok 16:21:36.0821 6032 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 16:21:36.0931 6032 igfx - ok 16:21:36.0991 6032 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 16:21:36.0991 6032 iirsp - ok 16:21:37.0071 6032 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 16:21:37.0101 6032 IKEEXT - ok 16:21:37.0111 6032 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys 16:21:37.0111 6032 intelide - ok 16:21:37.0161 6032 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:21:37.0161 6032 intelppm - ok 16:21:37.0181 6032 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:21:37.0181 6032 IPBusEnum - ok 16:21:37.0201 6032 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:21:37.0201 6032 IpFilterDriver - ok 16:21:37.0231 6032 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:21:37.0251 6032 iphlpsvc - ok 16:21:37.0261 6032 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 16:21:37.0261 6032 IPMIDRV - ok 16:21:37.0281 6032 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:21:37.0281 6032 IPNAT - ok 16:21:37.0341 6032 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:21:37.0351 6032 IRENUM - ok 16:21:37.0381 6032 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 16:21:37.0381 6032 isapnp - ok 16:21:37.0411 6032 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 16:21:37.0421 6032 iScsiPrt - ok 16:21:37.0461 6032 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:21:37.0461 6032 kbdclass - ok 16:21:37.0511 6032 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:21:37.0511 6032 kbdhid - ok 16:21:37.0531 6032 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe 16:21:37.0541 6032 KeyIso - ok 16:21:37.0581 6032 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:21:37.0581 6032 KSecDD - ok 16:21:37.0601 6032 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:21:37.0601 6032 KSecPkg - ok 16:21:37.0651 6032 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 16:21:37.0661 6032 KtmRm - ok 16:21:37.0701 6032 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll 16:21:37.0711 6032 LanmanServer - ok 16:21:37.0741 6032 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:21:37.0741 6032 LanmanWorkstation - ok 16:21:37.0801 6032 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:21:37.0801 6032 lltdio - ok 16:21:37.0851 6032 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:21:37.0851 6032 lltdsvc - ok 16:21:37.0871 6032 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 16:21:37.0871 6032 lmhosts - ok 16:21:37.0921 6032 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 16:21:37.0931 6032 LSI_FC - ok 16:21:37.0951 6032 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 16:21:37.0951 6032 LSI_SAS - ok 16:21:37.0971 6032 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:21:37.0971 6032 LSI_SAS2 - ok 16:21:37.0981 6032 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:21:37.0981 6032 LSI_SCSI - ok 16:21:38.0001 6032 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 16:21:38.0011 6032 luafv - ok 16:21:38.0071 6032 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\Windows\system32\drivers\massfilter.sys 16:21:38.0071 6032 massfilter - ok 16:21:38.0121 6032 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:21:38.0121 6032 Mcx2Svc - ok 16:21:38.0141 6032 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 16:21:38.0141 6032 megasas - ok 16:21:38.0171 6032 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 16:21:38.0181 6032 MegaSR - ok 16:21:38.0211 6032 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 16:21:38.0211 6032 MMCSS - ok 16:21:38.0231 6032 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 16:21:38.0231 6032 Modem - ok 16:21:38.0281 6032 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:21:38.0281 6032 monitor - ok 16:21:38.0301 6032 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:21:38.0301 6032 mouclass - ok 16:21:38.0341 6032 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:21:38.0341 6032 mouhid - ok 16:21:38.0361 6032 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:21:38.0371 6032 mountmgr - ok 16:21:38.0451 6032 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:21:38.0461 6032 MozillaMaintenance - ok 16:21:38.0541 6032 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 16:21:38.0541 6032 MpFilter - ok 16:21:38.0571 6032 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys 16:21:38.0571 6032 mpio - ok 16:21:38.0711 6032 [ A69630D039C38018689190234F866D77 ] MpKslf5289976 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{183E14C0-6B86-4355-87DA-07A9C56B603B}\MpKslf5289976.sys 16:21:38.0711 6032 MpKslf5289976 - ok 16:21:38.0771 6032 [ 2C3489660D4A8D514C123C3F0D67DF46 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys 16:21:38.0771 6032 MpNWMon - ok 16:21:38.0791 6032 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:21:38.0791 6032 mpsdrv - ok 16:21:38.0871 6032 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 16:21:38.0881 6032 MpsSvc - ok 16:21:38.0921 6032 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:21:38.0921 6032 MRxDAV - ok 16:21:38.0991 6032 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:21:39.0001 6032 mrxsmb - ok 16:21:39.0041 6032 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:21:39.0051 6032 mrxsmb10 - ok 16:21:39.0071 6032 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:21:39.0071 6032 mrxsmb20 - ok 16:21:39.0101 6032 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 16:21:39.0101 6032 msahci - ok 16:21:39.0121 6032 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 16:21:39.0121 6032 msdsm - ok 16:21:39.0151 6032 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 16:21:39.0151 6032 MSDTC - ok 16:21:39.0201 6032 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:21:39.0201 6032 Msfs - ok 16:21:39.0221 6032 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:21:39.0221 6032 mshidkmdf - ok 16:21:39.0231 6032 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 16:21:39.0231 6032 msisadrv - ok 16:21:39.0291 6032 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:21:39.0301 6032 MSiSCSI - ok 16:21:39.0301 6032 msiserver - ok 16:21:39.0371 6032 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:21:39.0371 6032 MSKSSRV - ok 16:21:39.0511 6032 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 16:21:39.0511 6032 MsMpSvc - ok 16:21:39.0561 6032 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:21:39.0561 6032 MSPCLOCK - ok 16:21:39.0571 6032 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:21:39.0571 6032 MSPQM - ok 16:21:39.0591 6032 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:21:39.0591 6032 MsRPC - ok 16:21:39.0611 6032 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:21:39.0611 6032 mssmbios - ok 16:21:39.0631 6032 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:21:39.0631 6032 MSTEE - ok 16:21:39.0631 6032 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 16:21:39.0641 6032 MTConfig - ok 16:21:39.0651 6032 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 16:21:39.0651 6032 Mup - ok 16:21:39.0691 6032 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 16:21:39.0691 6032 napagent - ok 16:21:39.0741 6032 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:21:39.0751 6032 NativeWifiP - ok 16:21:39.0801 6032 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:21:39.0821 6032 NDIS - ok 16:21:39.0871 6032 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:21:39.0871 6032 NdisCap - ok 16:21:39.0911 6032 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:21:39.0921 6032 NdisTapi - ok 16:21:39.0961 6032 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:21:39.0961 6032 Ndisuio - ok 16:21:39.0971 6032 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:21:39.0981 6032 NdisWan - ok 16:21:39.0991 6032 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:21:39.0991 6032 NDProxy - ok 16:21:40.0081 6032 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 16:21:40.0091 6032 Net Driver HPZ12 - ok 16:21:40.0141 6032 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:21:40.0141 6032 NetBIOS - ok 16:21:40.0151 6032 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:21:40.0161 6032 NetBT - ok 16:21:40.0181 6032 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe 16:21:40.0181 6032 Netlogon - ok 16:21:40.0261 6032 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 16:21:40.0271 6032 Netman - ok 16:21:40.0301 6032 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 16:21:40.0301 6032 netprofm - ok 16:21:40.0331 6032 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:21:40.0341 6032 NetTcpPortSharing - ok 16:21:40.0391 6032 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 16:21:40.0391 6032 nfrd960 - ok 16:21:40.0441 6032 [ 7B01C6172CFD0B10116175E09200D4B4 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:21:40.0441 6032 NisDrv - ok 16:21:40.0491 6032 [ A5CB074F34BBD89948E34A630D459C0C ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 16:21:40.0491 6032 NisSrv - ok 16:21:40.0511 6032 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 16:21:40.0521 6032 NlaSvc - ok 16:21:40.0541 6032 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:21:40.0541 6032 Npfs - ok 16:21:40.0551 6032 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 16:21:40.0561 6032 nsi - ok 16:21:40.0571 6032 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:21:40.0571 6032 nsiproxy - ok 16:21:40.0651 6032 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:21:40.0681 6032 Ntfs - ok 16:21:40.0711 6032 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 16:21:40.0711 6032 Null - ok 16:21:40.0761 6032 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:21:40.0771 6032 nvraid - ok 16:21:40.0811 6032 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:21:40.0841 6032 nvstor - ok 16:21:40.0871 6032 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 16:21:40.0871 6032 nv_agp - ok 16:21:40.0981 6032 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:21:40.0991 6032 odserv - ok 16:21:41.0021 6032 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 16:21:41.0021 6032 ohci1394 - ok 16:21:41.0091 6032 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:21:41.0101 6032 ose - ok 16:21:41.0131 6032 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:21:41.0141 6032 p2pimsvc - ok 16:21:41.0171 6032 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 16:21:41.0181 6032 p2psvc - ok 16:21:41.0221 6032 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 16:21:41.0221 6032 Parport - ok 16:21:41.0261 6032 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:21:41.0281 6032 partmgr - ok 16:21:41.0301 6032 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 16:21:41.0311 6032 Parvdm - ok 16:21:41.0331 6032 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:21:41.0331 6032 PcaSvc - ok 16:21:41.0351 6032 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys 16:21:41.0361 6032 pci - ok 16:21:41.0381 6032 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys 16:21:41.0381 6032 pciide - ok 16:21:41.0411 6032 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:21:41.0411 6032 pcmcia - ok 16:21:41.0421 6032 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 16:21:41.0431 6032 pcw - ok 16:21:41.0481 6032 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:21:41.0511 6032 PEAUTH - ok 16:21:41.0761 6032 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 16:21:41.0781 6032 PeerDistSvc - ok 16:21:41.0971 6032 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 16:21:42.0021 6032 pla - ok 16:21:42.0101 6032 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:21:42.0111 6032 PlugPlay - ok 16:21:42.0181 6032 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 16:21:42.0201 6032 Pml Driver HPZ12 - ok 16:21:42.0211 6032 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:21:42.0221 6032 PNRPAutoReg - ok 16:21:42.0241 6032 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:21:42.0251 6032 PNRPsvc - ok 16:21:42.0311 6032 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:21:42.0321 6032 PolicyAgent - ok 16:21:42.0351 6032 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 16:21:42.0361 6032 Power - ok 16:21:42.0421 6032 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:21:42.0431 6032 PptpMiniport - ok 16:21:42.0461 6032 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 16:21:42.0471 6032 Processor - ok 16:21:42.0511 6032 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll 16:21:42.0521 6032 ProfSvc - ok 16:21:42.0551 6032 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:21:42.0551 6032 ProtectedStorage - ok 16:21:42.0591 6032 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:21:42.0591 6032 Psched - ok 16:21:42.0831 6032 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 16:21:42.0851 6032 ql2300 - ok 16:21:42.0881 6032 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 16:21:42.0881 6032 ql40xx - ok 16:21:42.0911 6032 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 16:21:42.0921 6032 QWAVE - ok 16:21:42.0941 6032 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:21:42.0941 6032 QWAVEdrv - ok 16:21:42.0951 6032 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:21:42.0951 6032 RasAcd - ok 16:21:43.0011 6032 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:21:43.0011 6032 RasAgileVpn - ok 16:21:43.0031 6032 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 16:21:43.0041 6032 RasAuto - ok 16:21:43.0081 6032 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:21:43.0081 6032 Rasl2tp - ok 16:21:43.0151 6032 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 16:21:43.0161 6032 RasMan - ok 16:21:43.0171 6032 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:21:43.0171 6032 RasPppoe - ok 16:21:43.0221 6032 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:21:43.0221 6032 RasSstp - ok 16:21:43.0261 6032 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:21:43.0271 6032 rdbss - ok 16:21:43.0291 6032 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:21:43.0291 6032 rdpbus - ok 16:21:43.0311 6032 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:21:43.0311 6032 RDPCDD - ok 16:21:43.0341 6032 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 16:21:43.0351 6032 RDPDR - ok 16:21:43.0391 6032 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:21:43.0401 6032 RDPENCDD - ok 16:21:43.0441 6032 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:21:43.0441 6032 RDPREFMP - ok 16:21:43.0501 6032 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:21:43.0521 6032 RDPWD - ok 16:21:43.0541 6032 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:21:43.0541 6032 rdyboost - ok 16:21:43.0581 6032 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 16:21:43.0591 6032 RemoteAccess - ok 16:21:43.0621 6032 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:21:43.0631 6032 RemoteRegistry - ok 16:21:43.0681 6032 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 16:21:43.0701 6032 RFCOMM - ok 16:21:43.0741 6032 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:21:43.0741 6032 RpcEptMapper - ok 16:21:43.0781 6032 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 16:21:43.0781 6032 RpcLocator - ok 16:21:43.0811 6032 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll 16:21:43.0811 6032 RpcSs - ok 16:21:43.0861 6032 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:21:43.0861 6032 rspndr - ok 16:21:43.0941 6032 [ 80B66A4181F782884A815E69D0AFA743 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 16:21:43.0941 6032 RTL8167 - ok 16:21:43.0981 6032 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys 16:21:43.0981 6032 s3cap - ok 16:21:44.0001 6032 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe 16:21:44.0011 6032 SamSs - ok 16:21:44.0051 6032 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 16:21:44.0051 6032 sbp2port - ok 16:21:44.0081 6032 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:21:44.0081 6032 SCardSvr - ok 16:21:44.0101 6032 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:21:44.0101 6032 scfilter - ok 16:21:44.0261 6032 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll 16:21:44.0281 6032 Schedule - ok 16:21:44.0301 6032 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 16:21:44.0301 6032 SCPolicySvc - ok 16:21:44.0361 6032 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 16:21:44.0361 6032 sdbus - ok 16:21:44.0381 6032 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:21:44.0391 6032 SDRSVC - ok 16:21:44.0491 6032 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE 16:21:44.0491 6032 SeaPort - ok 16:21:44.0541 6032 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:21:44.0541 6032 secdrv - ok 16:21:44.0561 6032 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 16:21:44.0571 6032 seclogon - ok 16:21:44.0611 6032 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 16:21:44.0641 6032 SENS - ok 16:21:44.0691 6032 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:21:44.0701 6032 SensrSvc - ok 16:21:44.0761 6032 [ 268DC6A0EA10A494B369E94525742589 ] Ser2at C:\Windows\system32\DRIVERS\ser2at.sys 16:21:44.0812 6032 Ser2at - ok 16:21:44.0832 6032 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:21:44.0842 6032 Serenum - ok 16:21:44.0862 6032 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:21:44.0862 6032 Serial - ok 16:21:44.0872 6032 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 16:21:44.0872 6032 sermouse - ok 16:21:44.0902 6032 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 16:21:44.0912 6032 SessionEnv - ok 16:21:44.0952 6032 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 16:21:44.0952 6032 sffdisk - ok 16:21:44.0972 6032 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 16:21:44.0972 6032 sffp_mmc - ok 16:21:44.0982 6032 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 16:21:44.0982 6032 sffp_sd - ok 16:21:44.0992 6032 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 16:21:44.0992 6032 sfloppy - ok 16:21:45.0052 6032 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:21:45.0052 6032 SharedAccess - ok 16:21:45.0082 6032 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:21:45.0092 6032 ShellHWDetection - ok 16:21:45.0102 6032 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys 16:21:45.0102 6032 sisagp - ok 16:21:45.0152 6032 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:21:45.0152 6032 SiSRaid2 - ok 16:21:45.0172 6032 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 16:21:45.0182 6032 SiSRaid4 - ok 16:21:45.0212 6032 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:21:45.0212 6032 Smb - ok 16:21:45.0282 6032 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:21:45.0292 6032 SNMPTRAP - ok 16:21:45.0322 6032 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 16:21:45.0322 6032 spldr - ok 16:21:45.0382 6032 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe 16:21:45.0392 6032 Spooler - ok 16:21:45.0492 6032 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 16:21:45.0572 6032 sppsvc - ok 16:21:45.0592 6032 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:21:45.0602 6032 sppuinotify - ok 16:21:45.0642 6032 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:21:45.0652 6032 srv - ok 16:21:45.0672 6032 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:21:45.0672 6032 srv2 - ok 16:21:45.0742 6032 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS 16:21:45.0742 6032 SrvHsfHDA - ok 16:21:45.0792 6032 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 16:21:45.0822 6032 SrvHsfV92 - ok 16:21:45.0882 6032 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 16:21:45.0902 6032 SrvHsfWinac - ok 16:21:45.0952 6032 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:21:45.0952 6032 srvnet - ok 16:21:46.0002 6032 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 16:21:46.0012 6032 ssadbus - ok 16:21:46.0042 6032 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 16:21:46.0042 6032 ssadmdfl - ok 16:21:46.0062 6032 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 16:21:46.0062 6032 ssadmdm - ok 16:21:46.0082 6032 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys 16:21:46.0082 6032 ssadserd - ok 16:21:46.0122 6032 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:21:46.0122 6032 SSDPSRV - ok 16:21:46.0152 6032 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:21:46.0152 6032 SstpSvc - ok 16:21:46.0182 6032 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 16:21:46.0182 6032 stexstor - ok 16:21:46.0212 6032 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 16:21:46.0242 6032 StiSvc - ok 16:21:46.0272 6032 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 16:21:46.0272 6032 storflt - ok 16:21:46.0312 6032 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 16:21:46.0312 6032 StorSvc - ok 16:21:46.0372 6032 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys 16:21:46.0372 6032 storvsc - ok 16:21:46.0392 6032 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:21:46.0392 6032 swenum - ok 16:21:46.0412 6032 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 16:21:46.0422 6032 swprv - ok 16:21:46.0462 6032 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 16:21:46.0492 6032 SysMain - ok 16:21:46.0512 6032 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:21:46.0522 6032 TabletInputService - ok 16:21:46.0542 6032 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 16:21:46.0552 6032 TapiSrv - ok 16:21:46.0572 6032 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 16:21:46.0572 6032 TBS - ok 16:21:46.0642 6032 [ 56C198AC82EFA622DD93E9E43575F79C ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:21:46.0682 6032 Tcpip - ok 16:21:46.0742 6032 [ 56C198AC82EFA622DD93E9E43575F79C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:21:46.0752 6032 TCPIP6 - ok 16:21:46.0802 6032 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:21:46.0802 6032 tcpipreg - ok 16:21:46.0842 6032 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:21:46.0842 6032 TDPIPE - ok 16:21:46.0872 6032 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:21:46.0872 6032 TDTCP - ok 16:21:46.0892 6032 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:21:46.0892 6032 tdx - ok 16:21:46.0902 6032 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:21:46.0912 6032 TermDD - ok 16:21:46.0942 6032 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 16:21:46.0962 6032 TermService - ok 16:21:46.0992 6032 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 16:21:46.0992 6032 Themes - ok 16:21:47.0012 6032 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 16:21:47.0012 6032 THREADORDER - ok 16:21:47.0122 6032 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 16:21:47.0122 6032 TomTomHOMEService - ok 16:21:47.0172 6032 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 16:21:47.0172 6032 TrkWks - ok 16:21:47.0222 6032 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:21:47.0232 6032 TrustedInstaller - ok 16:21:47.0252 6032 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:21:47.0262 6032 tssecsrv - ok 16:21:47.0322 6032 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:21:47.0322 6032 tunnel - ok 16:21:47.0342 6032 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 16:21:47.0342 6032 uagp35 - ok 16:21:47.0382 6032 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:21:47.0382 6032 udfs - ok 16:21:47.0422 6032 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:21:47.0422 6032 UI0Detect - ok 16:21:47.0462 6032 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 16:21:47.0462 6032 uliagpkx - ok 16:21:47.0482 6032 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:21:47.0492 6032 umbus - ok 16:21:47.0512 6032 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 16:21:47.0512 6032 UmPass - ok 16:21:47.0582 6032 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll 16:21:47.0592 6032 UmRdpService - ok 16:21:47.0632 6032 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 16:21:47.0642 6032 upnphost - ok 16:21:47.0762 6032 [ 2F791A77655E6F61A21482F200C3864D ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe 16:21:47.0922 6032 UPnPService - ok 16:21:47.0982 6032 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 16:21:47.0992 6032 usbaudio - ok 16:21:48.0002 6032 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:21:48.0012 6032 usbccgp - ok 16:21:48.0032 6032 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 16:21:48.0042 6032 usbcir - ok 16:21:48.0072 6032 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:21:48.0072 6032 usbehci - ok 16:21:48.0122 6032 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:21:48.0122 6032 usbhub - ok 16:21:48.0142 6032 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:21:48.0142 6032 usbohci - ok 16:21:48.0192 6032 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:21:48.0192 6032 usbprint - ok 16:21:48.0252 6032 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:21:48.0252 6032 usbscan - ok 16:21:48.0282 6032 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:21:48.0292 6032 USBSTOR - ok 16:21:48.0302 6032 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:21:48.0302 6032 usbuhci - ok 16:21:48.0342 6032 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 16:21:48.0352 6032 UxSms - ok 16:21:48.0362 6032 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe 16:21:48.0372 6032 VaultSvc - ok 16:21:48.0392 6032 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 16:21:48.0392 6032 vdrvroot - ok 16:21:48.0422 6032 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe 16:21:48.0452 6032 vds - ok 16:21:48.0492 6032 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:21:48.0492 6032 vga - ok 16:21:48.0512 6032 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:21:48.0522 6032 VgaSave - ok 16:21:48.0532 6032 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 16:21:48.0532 6032 vhdmp - ok 16:21:48.0562 6032 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys 16:21:48.0572 6032 viaagp - ok 16:21:48.0592 6032 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 16:21:48.0592 6032 ViaC7 - ok 16:21:48.0622 6032 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys 16:21:48.0622 6032 viaide - ok 16:21:48.0652 6032 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys 16:21:48.0652 6032 vmbus - ok 16:21:48.0682 6032 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys 16:21:48.0682 6032 VMBusHID - ok 16:21:48.0702 6032 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 16:21:48.0702 6032 volmgr - ok 16:21:48.0722 6032 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:21:48.0732 6032 volmgrx - ok 16:21:48.0762 6032 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 16:21:48.0762 6032 volsnap - ok 16:21:48.0802 6032 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 16:21:48.0802 6032 vsmraid - ok 16:21:48.0862 6032 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe 16:21:48.0892 6032 VSS - ok 16:21:48.0912 6032 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 16:21:48.0922 6032 vwifibus - ok 16:21:48.0962 6032 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 16:21:48.0962 6032 vwififlt - ok 16:21:49.0022 6032 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 16:21:49.0022 6032 vwifimp - ok 16:21:49.0062 6032 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 16:21:49.0072 6032 W32Time - ok 16:21:49.0092 6032 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 16:21:49.0102 6032 WacomPen - ok 16:21:49.0142 6032 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:21:49.0142 6032 WANARP - ok 16:21:49.0152 6032 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:21:49.0152 6032 Wanarpv6 - ok 16:21:49.0232 6032 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 16:21:49.0272 6032 WatAdminSvc - ok 16:21:49.0312 6032 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 16:21:49.0352 6032 wbengine - ok 16:21:49.0372 6032 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:21:49.0382 6032 WbioSrvc - ok 16:21:49.0422 6032 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:21:49.0432 6032 wcncsvc - ok 16:21:49.0452 6032 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:21:49.0452 6032 WcsPlugInService - ok 16:21:49.0482 6032 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 16:21:49.0482 6032 Wd - ok 16:21:49.0512 6032 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:21:49.0522 6032 Wdf01000 - ok 16:21:49.0552 6032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:21:49.0562 6032 WdiServiceHost - ok 16:21:49.0562 6032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:21:49.0572 6032 WdiSystemHost - ok 16:21:49.0622 6032 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll 16:21:49.0632 6032 WebClient - ok 16:21:49.0652 6032 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:21:49.0662 6032 Wecsvc - ok 16:21:49.0682 6032 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:21:49.0682 6032 wercplsupport - ok 16:21:49.0732 6032 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 16:21:49.0742 6032 WerSvc - ok 16:21:49.0752 6032 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:21:49.0752 6032 WfpLwf - ok 16:21:49.0772 6032 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:21:49.0782 6032 WIMMount - ok 16:21:49.0842 6032 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 16:21:49.0862 6032 WinDefend - ok 16:21:49.0872 6032 WinHttpAutoProxySvc - ok 16:21:49.0942 6032 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:21:49.0942 6032 Winmgmt - ok 16:21:50.0002 6032 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 16:21:50.0032 6032 WinRM - ok 16:21:50.0102 6032 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:21:50.0102 6032 WinUsb - ok 16:21:50.0152 6032 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:21:50.0182 6032 Wlansvc - ok 16:21:50.0262 6032 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 16:21:50.0262 6032 wlcrasvc - ok 16:21:50.0362 6032 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:21:50.0412 6032 wlidsvc - ok 16:21:50.0462 6032 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 16:21:50.0462 6032 WmiAcpi - ok 16:21:50.0502 6032 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:21:50.0502 6032 wmiApSrv - ok 16:21:50.0602 6032 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:21:50.0642 6032 WMPNetworkSvc - ok 16:21:50.0672 6032 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:21:50.0672 6032 WPCSvc - ok 16:21:50.0692 6032 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:21:50.0692 6032 WPDBusEnum - ok 16:21:50.0712 6032 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:21:50.0712 6032 ws2ifsl - ok 16:21:50.0752 6032 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll 16:21:50.0752 6032 wscsvc - ok 16:21:50.0762 6032 WSearch - ok 16:21:50.0852 6032 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 16:21:50.0912 6032 wuauserv - ok 16:21:50.0962 6032 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:21:50.0972 6032 WudfPf - ok 16:21:51.0012 6032 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:21:51.0022 6032 WUDFRd - ok 16:21:51.0062 6032 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:21:51.0072 6032 wudfsvc - ok 16:21:51.0102 6032 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 16:21:51.0112 6032 WwanSvc - ok 16:21:51.0202 6032 ================ Scan global =============================== 16:21:51.0242 6032 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 16:21:51.0282 6032 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll 16:21:51.0302 6032 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll 16:21:51.0342 6032 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 16:21:51.0382 6032 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 16:21:51.0392 6032 [Global] - ok 16:21:51.0392 6032 ================ Scan MBR ================================== 16:21:51.0402 6032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:21:51.0612 6032 \Device\Harddisk0\DR0 - ok 16:21:51.0612 6032 ================ Scan VBR ================================== 16:21:51.0622 6032 [ 38C5839B2F2285D6F50AF3BBCAEF64CF ] \Device\Harddisk0\DR0\Partition1 16:21:51.0622 6032 \Device\Harddisk0\DR0\Partition1 - ok 16:21:51.0642 6032 [ 4B84D80BD04D4D8BEEDF36EDE36709E5 ] \Device\Harddisk0\DR0\Partition2 16:21:51.0642 6032 \Device\Harddisk0\DR0\Partition2 - ok 16:21:51.0642 6032 ============================================================ 16:21:51.0642 6032 Scan finished 16:21:51.0642 6032 ============================================================ 16:21:51.0662 6056 Detected object count: 0 16:21:51.0662 6056 Actual detected object count: 0 |
22.02.2013, 16:26 | #10 |
/// Malware-holic | Polizei Trojaner bitte anleitung noch mal lesen, tdss killer konfigurieren wie auf dem Bild.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.02.2013, 17:09 | #11 |
| Polizei Trojaner Kann den Anhang nicht senden! |
22.02.2013, 17:12 | #12 |
/// Malware-holic | Polizei Trojaner gehts vllt noch ungenauer, warum nicht? evtl. packen wenn zu groß.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.02.2013, 17:16 | #13 |
| Polizei Trojaner pdf. im Anhang |
22.02.2013, 17:18 | #14 |
/// Malware-holic | Polizei Trojaner wieso pdf, das log wird als txt gespeichert, so hätte ichs gern
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.02.2013, 17:22 | #15 |
| Polizei Trojaner wie kann ich packen? |
Themen zu Polizei Trojaner |
einzige, ellung, geholfen, gesuch, gesucht, möglichkeiten, polizei, polizei trojaner, systemwiederherstellung, troja, trojane, trojaner |