| |
| |||||||
Log-Analyse und Auswertung: Malware? Spionage von Email PasswörternWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2013, 21:10
| #1 |
 |  Malware? Spionage von Email Passwörtern Hallo zusammen, Nach einer Neuinstallation wegen einem "Virenschutz"-Schadprogramm, hatte ich nun vor kurzem gemerkt, dass über mehrere Email-Adressen, die ich in Windows Mail angelegt habe, massenhaft Spam-Mails versendet wurden. Von meinem Email-Provider habe ich jetzt einen Brief bekommen, dass er die Massenmail bemerkt hat und den Ausgang erstmal gesperrt hat. Zitat: > Die Prüfung der über dieses E-Mail-Konto versendeten Spam-Mails hat > ergeben, dass diese von IP-Adressen fremder Provider eingeliefert worden > sind. Dies bedeutet, dass Ihre Passwörter mit an Sicherheit grenzender > Wahrscheinlichkeit kompromittiert sind. Nach Ändern der Passwörter ist im Moment Ruhe. Es geht hierbei um insgesamt 4 verschiedene Emailadressen, bei zwei verschiedenen Providern, somit liegt der Verdacht nahe, dass die Passwörter mit einem Schadprogramm ausgespäht wurden. Anbei sind die LOGs der Anleitung. Vielen Dank im voraus! OTL Code:
ATTFilter OTL logfile created on: 26.04.2013 21:33:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susanne\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 74,54% Memory free 7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,89 Gb Total Space | 228,08 Gb Free Space | 80,06% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32 Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32 Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.26 21:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe PRC - [2013.03.28 00:09:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 00:09:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.28 00:09:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011.03.14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.03.28 00:09:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 00:09:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.28 16:42:10 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:64bit: - [2013.03.28 16:42:10 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2013.03.28 16:42:10 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:64bit: - [2013.03.28 16:42:10 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2013.03.28 16:42:10 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:64bit: - [2013.03.28 16:42:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2013.03.28 00:10:03 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 00:10:03 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 00:10:03 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.20 10:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.06 10:16:34 | 000,048,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\celmkt_x64.sys -- (celmkt) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7} IE:64bit: - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7} IE - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7} IE - HKCU\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{181AF04A-74F0-4087-949B-19A0AB5FC4E2}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F872112-0BF1-4EE0-A9F0-46665E889F19}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6FDD47-75AB-4987-8034-237DAF5F86B5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989A43FD-BC5B-4A94-B219-E263F30CB4A4}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3069b75a-a35e-11e2-80ff-c80aa945a4b0}\Shell - "" = AutoRun O33 - MountPoints2\{3069b75a-a35e-11e2-80ff-c80aa945a4b0}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{5e77905b-a01a-11e2-9601-c80aa945a4b0}\Shell - "" = AutoRun O33 - MountPoints2\{5e77905b-a01a-11e2-9601-c80aa945a4b0}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{70e37bcc-97b4-11e2-acf2-001bdc0f6f87}\Shell - "" = AutoRun O33 - MountPoints2\{70e37bcc-97b4-11e2-acf2-001bdc0f6f87}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{70e37bdf-97b4-11e2-acf2-001bdc0f6f87}\Shell - "" = AutoRun O33 - MountPoints2\{70e37bdf-97b4-11e2-acf2-001bdc0f6f87}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.26 21:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe [2013.04.16 08:07:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Fotos Projektantrag [2013.04.09 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Stellenbeschreibungen [2013.04.06 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\hpqlog [2013.03.28 18:51:10 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\ElevatedDiagnostics [2013.03.28 18:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard [2013.03.28 16:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2013.03.28 16:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner [2013.03.28 16:42:29 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.03.28 16:42:29 | 000,421,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys [2013.03.28 16:42:29 | 000,222,464 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.03.28 16:42:29 | 000,212,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.03.28 16:42:29 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.03.28 16:42:29 | 000,098,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.03.28 16:42:29 | 000,086,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.03.28 16:42:29 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.03.28 16:42:29 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.03.28 16:42:29 | 000,028,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.03.28 16:42:29 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys [2013.03.28 16:42:29 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013.03.28 16:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner [2013.03.28 16:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService [2013.03.28 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\PsyPrax [2013.03.28 15:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PSYPRCFG [2013.03.28 15:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Psyprax32 [2013.03.28 15:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Psyprax32 [2013.03.28 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Psyprax32 [2013.03.28 14:47:31 | 000,000,000 | ---D | C] -- C:\adebisKITA [2013.03.28 14:47:05 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2013.03.28 14:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual FoxPro OLE DB Provider [2013.03.28 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.28 13:47:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.28 13:45:02 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.03.28 13:44:45 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.03.28 08:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2013.03.28 03:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.28 03:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.28 03:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.28 01:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.28 01:46:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbvirtcom182pnp-1 [2013.03.28 01:46:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbvirtcom182pnp[1] [2013.03.28 01:46:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbtreiber251pnp-2 [2013.03.28 01:46:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbtreiber251pnp[1] [2013.03.28 01:46:17 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Singe-we-Godi [2013.03.28 01:46:11 | 000,000,000 | --SD | C] -- C:\Users\Susanne\Documents\Meine Datenquellen [2013.03.28 01:46:11 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Documents\My Stationery [2013.03.28 01:46:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Praxis [2013.03.28 01:46:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Noten Kinder [2013.03.28 01:45:41 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\**Zensiert** [2013.03.28 01:45:40 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Deutsche Post AG [2013.03.28 01:45:37 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\CyberLink [2013.03.28 01:45:36 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Broschüre [2013.03.28 01:45:36 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Ausbildungs-Studienplatzanträge [2013.03.28 01:45:31 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\apemap [2013.03.28 01:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.03.28 01:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.03.28 01:39:17 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Erdgeschoß [2013.03.28 01:39:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.28 01:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.28 01:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.03.28 01:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.03.28 01:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2013.03.28 01:36:14 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Microsoft Help [2013.03.28 01:35:58 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.03.28 01:25:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.28 01:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.28 01:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.28 01:25:39 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Adobe [2013.03.28 01:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP640 series [2013.03.28 01:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities [2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.03.28 01:22:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING [2013.03.28 01:22:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.03.28 01:22:15 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.03.28 01:21:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.03.28 01:15:26 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\vlc [2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\WinRAR [2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.28 01:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.03.28 01:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.28 01:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.28 01:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.28 01:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.28 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Google [2013.03.28 01:11:29 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Skype [2013.03.28 01:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.28 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Deployment [2013.03.28 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Apps [2013.03.28 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\CyberLink [2013.03.28 00:28:08 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\CyberLink [2013.03.28 00:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online [2013.03.28 00:17:39 | 000,041,024 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\DslTestSp5a64.sys [2013.03.28 00:17:15 | 000,019,008 | ---- | C] (T-Systems Enterprise Services GmbH) -- C:\Windows\SysNative\drivers\dslmnlwf.sys [2013.03.28 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Avira [2013.03.28 00:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.28 00:10:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 00:10:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 00:10:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.28 00:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.28 00:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.27 23:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.27 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Macromedia [2013.03.27 23:47:37 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Adobe [2013.03.27 23:39:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\HpUpdate [2013.03.27 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\ATI [2013.03.27 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\ATI [2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Searches [2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.27 23:31:16 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Identities [2013.03.27 23:31:13 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Contacts [2013.03.27 23:31:10 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\VirtualStore [2013.03.27 23:30:42 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Hewlett-Packard [2013.03.27 23:28:41 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Hewlett-Packard [2013.03.27 23:27:15 | 000,000,000 | --SD | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Videos [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Saved Games [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Pictures [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Music [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Links [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Favorites [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Downloads [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Documents [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Desktop [2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Vorlagen [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Verlauf [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Temporary Internet Files [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Startmenü [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\SendTo [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Recent [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Netzwerkumgebung [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Lokale Einstellungen [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Videos [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Musik [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Eigene Dateien [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Bilder [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Druckumgebung [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Cookies [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Anwendungsdaten [2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Anwendungsdaten [2013.03.27 23:27:15 | 000,000,000 | -H-D | C] -- C:\Users\Susanne\AppData [2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Temp [2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Microsoft [2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Media Center Programs [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.27 23:23:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.04.26 21:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe [2013.04.26 21:31:53 | 000,000,000 | ---- | M] () -- C:\Users\Susanne\defogger_reenable [2013.04.26 21:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 20:22:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 20:22:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 20:16:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 20:15:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 20:14:43 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 11:41:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 11:41:34 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 11:41:34 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 11:41:34 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 11:41:34 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.19 12:00:52 | 002,846,090 | ---- | M] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv [2013.04.17 14:36:21 | 000,103,137 | ---- | M] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf [2013.04.17 11:56:59 | 008,141,664 | ---- | M] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip [2013.04.17 09:16:55 | 000,323,879 | ---- | M] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf [2013.04.11 03:20:57 | 000,389,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 19:39:51 | 000,279,832 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:56:03 | 000,162,031 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:32:26 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2013.03.28 18:49:58 | 000,255,624 | ---- | M] () -- C:\Windows\hpdj3600.his [2013.03.28 18:49:58 | 000,009,251 | ---- | M] () -- C:\Windows\hpdj3600.ini [2013.03.28 16:46:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2013.03.28 16:45:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2013.03.28 16:43:10 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.03.28 16:42:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.03.28 16:42:10 | 001,001,472 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.03.28 16:42:10 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys [2013.03.28 16:42:10 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.03.28 16:42:10 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.03.28 16:42:10 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.03.28 16:42:10 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.03.28 16:42:10 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.03.28 16:42:10 | 000,069,632 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.03.28 16:42:10 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.03.28 16:42:10 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.03.28 16:42:10 | 000,022,016 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys [2013.03.28 16:42:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013.03.28 16:10:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.28 16:10:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.28 00:10:03 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.28 00:10:03 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.28 00:10:03 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.27 23:34:40 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll [2013.03.27 23:25:34 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.27 23:25:34 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2013.04.26 21:31:53 | 000,000,000 | ---- | C] () -- C:\Users\Susanne\defogger_reenable [2013.04.19 12:00:52 | 002,846,090 | ---- | C] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv [2013.04.17 14:36:21 | 000,103,137 | ---- | C] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf [2013.04.17 09:16:54 | 000,323,879 | ---- | C] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf [2013.04.13 07:38:15 | 008,141,664 | ---- | C] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip [2013.04.10 19:39:51 | 000,279,832 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:56:03 | 000,162,031 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:32:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2013.03.28 18:45:22 | 000,255,624 | ---- | C] () -- C:\Windows\hpdj3600.his [2013.03.28 18:45:22 | 000,009,251 | ---- | C] () -- C:\Windows\hpdj3600.ini [2013.03.28 18:31:24 | 000,048,488 | ---- | C] () -- C:\Windows\SysNative\drivers\celmkt_x64.sys [2013.03.28 16:46:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf [2013.03.28 16:45:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf [2013.03.28 16:43:10 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.03.28 16:42:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.03.28 16:10:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.28 16:10:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.28 14:47:37 | 000,001,720 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adebisKITA.lnk [2013.03.28 13:45:49 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.03.28 13:44:31 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.03.28 13:44:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.03.28 13:44:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.03.28 13:44:12 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.03.28 04:14:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.28 03:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.28 03:02:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.28 01:47:07 | 000,010,631 | ---- | C] () -- C:\Users\Susanne\**Zensiert**.pfx [2013.03.28 01:46:19 | 006,204,630 | ---- | C] () -- C:\Users\Susanne\Documents\Weihnachtslieder.pdf [2013.03.28 01:46:19 | 000,783,638 | ---- | C] () -- C:\Users\Susanne\Documents\Weihnachtsbrief2010 e-mail.pdf [2013.03.28 01:46:18 | 003,720,192 | ---- | C] () -- C:\Users\Susanne\Documents\Tiere, Natur.pps [2013.03.28 01:46:17 | 000,186,613 | ---- | C] () -- C:\Users\Susanne\Documents\Ratgeber_Gruene_Elektronik_18_Zusammenfassung_deutsch.pdf [2013.03.28 01:46:17 | 000,182,610 | ---- | C] () -- C:\Users\Susanne\Documents\Rundbrief-1.pdf [2013.03.28 01:46:11 | 000,093,084 | ---- | C] () -- C:\Users\Susanne\Documents\**Zensiert**.pdf [2013.03.28 01:45:40 | 003,755,299 | ---- | C] () -- C:\Users\Susanne\Documents\Helden_auf_Bewährung.pdf [2013.03.28 01:45:40 | 000,635,056 | ---- | C] () -- C:\Users\Susanne\Documents\Gestörte Schaltkreise, Spektrum der Wissenschaft, Mai 2011.pdf [2013.03.28 01:45:40 | 000,383,394 | ---- | C] () -- C:\Users\Susanne\Documents\Geburtstagseinladung Susanne.pdf [2013.03.28 01:45:40 | 000,146,087 | ---- | C] () -- C:\Users\Susanne\Documents\Jahresbericht 2011 Internet.pdf [2013.03.28 01:45:40 | 000,113,040 | ---- | C] () -- C:\Users\Susanne\Documents\JHV2012.pdf [2013.03.28 01:45:37 | 000,045,584 | ---- | C] () -- C:\Users\Susanne\Documents\Delphine_Stresstest.pdf [2013.03.28 01:45:36 | 002,003,968 | ---- | C] () -- C:\Users\Susanne\Documents\Aufmunterung.pps [2013.03.28 01:45:31 | 000,177,956 | ---- | C] () -- C:\Users\Susanne\Documents\Adressen_und_ Geburtstage_2013-Stand_Januar.pdf [2013.03.28 01:45:31 | 000,024,625 | ---- | C] () -- C:\Users\Susanne\Documents\**Zensiert**.pdf [2013.03.28 01:39:19 | 000,001,436 | ---- | C] () -- C:\Users\Susanne\Desktop\Kobi.lnk [2013.03.28 01:39:19 | 000,001,362 | ---- | C] () -- C:\Users\Susanne\Desktop\Praxis.lnk [2013.03.28 01:39:17 | 000,001,233 | ---- | C] () -- C:\Users\Susanne\Desktop\Eigene Dokumente.lnk [2013.03.28 01:23:24 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\CNC173FD.TBL [2013.03.28 01:11:57 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.28 01:11:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.27 23:31:24 | 000,001,405 | ---- | C] () -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.27 23:28:36 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [2013.03.27 23:28:36 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk [2013.03.27 23:22:55 | 3112,587,264 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.28 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Susanne\AppData\Roaming\PsyPrax ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 21:34:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susanne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 74,54% Memory free
7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,89 Gb Total Space | 228,08 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32
Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32
Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E13646-031C-4D63-8E2C-519FBC33306B}" = rport=138 | protocol=17 | dir=out | app=system |
"{04252F46-FE52-4788-BEB8-14AB86D42AA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{101B128E-90A8-4903-8DC7-79EE187CF730}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{317D60CE-391D-4C00-8EB2-9B618EC89804}" = rport=139 | protocol=6 | dir=out | app=system |
"{31BE142A-4638-4761-AA49-78553D4FF2FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38B5FBEB-8B4E-41F8-AEBD-E9141835109D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A9EC5FA-F2A2-4F33-A6D9-CF8A0361B14F}" = lport=139 | protocol=6 | dir=in | app=system |
"{47C09A6D-DBD6-4774-933F-C5A0ABFC333B}" = lport=137 | protocol=17 | dir=in | app=system |
"{570AF88F-5B35-4017-B21B-14BD983B7621}" = rport=445 | protocol=6 | dir=out | app=system |
"{59861AAD-C033-4B8A-8661-52D0F1B790BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DB434BF-4D65-4D5D-BB8A-580E54B415B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6472F28A-42F9-4051-BAF3-2AD6C9A75BF2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76D496F1-1DE2-4299-B2C6-5CD9B2827AEA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F571AC9-29D4-4E1A-AC8A-3B6FA6ADDB55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A84D54A0-00D7-4513-8C5A-BB7956D1A0DD}" = lport=138 | protocol=17 | dir=in | app=system |
"{B928F0A8-4AED-44D0-ABBD-DA63028FA1A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD5BC235-8C84-40FD-AF6E-E485AFAC3D47}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD8DC53F-669F-4F51-AF2C-783544C0ED22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7299E4F-5FB5-4DD0-9A19-FA23A2261D2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE94DA1A-5CF8-4DB0-B2AA-856EE85472F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF252669-F899-42A3-8663-69AFC4C4897F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F33438B2-3EAA-4109-A12D-0AB86A9469C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5639180-A5A5-42A3-96A3-0F8F727250EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{FDD2F485-64DA-425D-9175-DD0D8394AA1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AADA7F3-2885-4ECA-BEC2-254985BB6FCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{368AAFC2-B438-46E4-B759-99D59F0339BA}" = protocol=6 | dir=out | app=system |
"{3FD9CC3B-87D4-4B85-BEE6-9BE2AEFB175E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56A29773-AA47-41B9-82C9-7C124702DFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{584601BA-9DFB-44B6-A568-E784B874FF63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A0AF75F-36B4-43B8-927E-DF981CB92A83}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5D30B85A-D69A-430B-9EDD-6218AABF75C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69F57D4E-89E7-4191-89E6-76701B961BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6BBE4CAF-3792-4555-AE85-F17029E61731}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C433974-967C-4044-B2D1-4842C60660FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70C50F4C-78BC-41A7-9173-64517195C2CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{713EF3A1-F0FA-411F-B44C-18DB0E58E62D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{77361F11-48B6-414D-823B-A63C6043F1D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F0E0F82-2C6C-4B89-A2FD-4DCA093B8817}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4E6C821-87CE-4CAE-B407-E418F06F4BF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8D4DA27-3FC2-4B9A-96AE-C86712984FB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAE39440-4513-4105-9EE3-6141F234335A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B4E0B5BC-0C52-496E-B1D9-DDF2AA37585C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6996356-E04B-4776-8499-1A18F0BF509D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C7AD2E47-7FB5-49AA-ACD2-B48CC0F02CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD7A6CDA-EDB8-496B-8166-8DB274889FD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1F42F7A-FA17-4481-8F38-8E14BBD6BD9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F58A85A4-75FA-4F36-AC9E-A9FC1F35C8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19E2CC1A-981D-49FD-B42A-143DC96D40C8}" = adebisKITA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A981A9BA-8670-4419-8B2F-F3E6C0514531}_is1" = Psyprax
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"hp print screen utility" = hp print screen utility
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mobile Partner" = Mobile Partner
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"VLC media player" = VLC media player 2.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.03.2013 14:12:19 | Computer Name = Susanne | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpdj.exe, Version: 2.236.4.0, Zeitstempel:
0x3f52e9d3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x6e4 Startzeit der fehlerhaften Anwendung: 0x01ce2bdfb7b85a13 Pfad der fehlerhaften
Anwendung: C:\Users\Susanne\AppData\Local\Temp\hpdj.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 0716bf9d-97d3-11e2-b3b0-c80aa945a4b0
Error - 30.03.2013 09:53:52 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.03.2013 11:50:47 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 05.04.2013 15:19:58 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 06.04.2013 07:04:52 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 07.04.2013 06:10:08 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.04.2013 11:31:59 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.04.2013 09:18:06 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.04.2013 08:30:21 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.04.2013 21:51:49 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
"DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1069
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Dhcp" konnte sich nicht als "NT Authority\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DHCP-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
"DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1069
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 28.03.2013 10:43:03 | Computer Name = Susanne | Source = Service Control Manager | ID = 7030
Description = Der Dienst "HWDeviceService64.exe" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 28.03.2013 12:49:49 | Computer Name = Susanne | Source = Service Control Manager | ID = 7030
Description = Der Dienst "hpdj" ist als interaktiver Dienst gekennzeichnet. Das
System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind.
Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 21:55:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Susanne\AppData\Local\Temp\axddypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fe1465 2 bytes [FE, 76]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fe14bb 2 bytes [FE, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f6f87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f6f87@000761d00829 0x0B 0xF8 0xC3 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f6f87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f6f87@000761d00829 0x0B 0xF8 0xC3 0x0C ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von jojoho (26.04.2013 um 21:54 Uhr) |
|
28.04.2013, 19:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware? Spionage von Email Passwörtern Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
28.04.2013, 23:21
| #3 |
| | Malware? Spionage von Email Passwörtern In der Tat Avira hat bei einem Suchlauf relativ direkt nach den Massenmails folgendes gefunden:
__________________(Eigentlich wollt ich den Log schon gestern gleich noch in meinen ersten Beitrag einbinden, aber das ging leider nichtmehr) Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 21. April 2013 22:10
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : *****
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 27.03.2013 22:09:42
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 27.03.2013 22:09:42
LUKE.DLL : 13.6.0.902 67808 Bytes 27.03.2013 22:09:51
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 27.03.2013 22:10:03
AVREG.DLL : 13.6.0.940 250592 Bytes 27.03.2013 22:10:03
avlode.dll : 13.6.2.940 434912 Bytes 27.03.2013 22:09:42
avlode.rdf : 13.0.0.46 15591 Bytes 28.03.2013 16:13:36
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:37:22
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 16:37:23
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 16:37:23
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 16:37:23
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 16:37:23
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 16:37:23
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 16:37:23
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 16:37:23
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 16:37:23
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 16:37:23
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 16:37:23
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 16:37:23
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 16:37:23
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 16:37:23
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 16:37:23
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 15:00:45
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 15:00:15
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 06:21:39
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 12:21:35
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 14:50:30
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 15:03:33
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 15:03:33
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 07:06:03
VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 05:48:09
VBASE024.VDF : 7.11.73.133 164864 Bytes 19.04.2013 16:02:47
VBASE025.VDF : 7.11.73.134 2048 Bytes 19.04.2013 16:02:47
VBASE026.VDF : 7.11.73.135 2048 Bytes 19.04.2013 16:02:47
VBASE027.VDF : 7.11.73.136 2048 Bytes 19.04.2013 16:02:47
VBASE028.VDF : 7.11.73.137 2048 Bytes 19.04.2013 16:02:47
VBASE029.VDF : 7.11.73.138 2048 Bytes 19.04.2013 16:02:47
VBASE030.VDF : 7.11.73.139 2048 Bytes 19.04.2013 16:02:47
VBASE031.VDF : 7.11.73.192 153088 Bytes 21.04.2013 17:26:28
Engineversion : 8.2.12.30
AEVDF.DLL : 8.1.2.10 102772 Bytes 27.03.2013 22:09:30
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 12.04.2013 14:50:33
AESCN.DLL : 8.1.10.4 131446 Bytes 27.03.2013 22:09:30
AESBX.DLL : 8.2.5.12 606578 Bytes 27.03.2013 22:09:30
AERDL.DLL : 8.2.0.88 643444 Bytes 27.03.2013 22:09:30
AEPACK.DLL : 8.3.2.6 827767 Bytes 28.03.2013 16:13:36
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 27.03.2013 22:09:29
AEHEUR.DLL : 8.1.4.302 5890425 Bytes 19.04.2013 10:02:49
AEHELP.DLL : 8.1.25.2 258423 Bytes 27.03.2013 22:09:28
AEGEN.DLL : 8.1.7.2 442741 Bytes 27.03.2013 22:09:27
AEEXP.DLL : 8.4.0.22 196982 Bytes 19.04.2013 10:02:50
AEEMU.DLL : 8.1.3.2 393587 Bytes 27.03.2013 22:09:27
AECORE.DLL : 8.1.31.2 201080 Bytes 27.03.2013 22:09:27
AEBB.DLL : 8.1.1.4 53619 Bytes 27.03.2013 22:09:27
AVWINLL.DLL : 13.6.0.480 26480 Bytes 27.03.2013 22:08:37
AVPREF.DLL : 13.6.0.480 51056 Bytes 27.03.2013 22:09:42
AVREP.DLL : 13.6.0.480 178544 Bytes 27.03.2013 22:10:03
AVARKT.DLL : 13.6.0.902 260832 Bytes 27.03.2013 22:09:37
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 27.03.2013 22:09:39
SQLITE3.DLL : 3.7.0.1 397704 Bytes 27.03.2013 22:09:57
AVSMTP.DLL : 13.6.0.480 62832 Bytes 27.03.2013 22:09:43
NETNT.DLL : 13.6.0.480 16240 Bytes 27.03.2013 22:09:53
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 27.03.2013 22:08:38
RCTEXT.DLL : 13.6.0.976 69344 Bytes 27.03.2013 22:08:38
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Sonntag, 21. April 2013 22:10
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AERTSr64.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HWDeviceService64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtVOsd64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1570' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
[0] Archivtyp: RSRC
--> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\2A3E4DFD-00002EB1.eml
[1] Archivtyp: MIME
--> Payment_Advice.zip
[2] Archivtyp: ZIP
--> Payment_Advice.exe
[FUND] Ist das Trojanische Pferd TR/PSW.Fareit.C.10
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\2A3E4DFD-00002EB1.eml
[FUND] Ist das Trojanische Pferd TR/PSW.Fareit.C.10
--> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\40B50C34-00002F0C.eml
[1] Archivtyp: MIME
--> Die Einzelheiten Ihres Einkaufs.zip
[2] Archivtyp: ZIP
--> Die Einzelheiten Ihres Einkaufs.pdf.exe
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Androm.EB.94
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\40B50C34-00002F0C.eml
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Androm.EB.94
--> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\74F21001-00002F6C.eml
[1] Archivtyp: MIME
--> object
[2] Archivtyp: MIME
--> object
[3] Archivtyp: MIME
--> Payment Advice_Ref[B44974619814].zip
[4] Archivtyp: ZIP
--> Payment Advice_Ref[B44{_hsbs ref}].exe
[FUND] Ist das Trojanische Pferd TR/PSW.Tepfer.EB.63
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\74F21001-00002F6C.eml
[FUND] Ist das Trojanische Pferd TR/PSW.Tepfer.EB.63
--> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\3F0C3F2B-00000A02.eml
[1] Archivtyp: MIME
--> FullDetails.html
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\3F0C3F2B-00000A02.eml
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
--> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\44D747F8-000009EF.eml
[1] Archivtyp: MIME
--> FullDetails.html
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\44D747F8-000009EF.eml
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
--> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Posteingang\63121F0A-0000094B.eml
[1] Archivtyp: MIME
--> Fraud report.zip
[2] Archivtyp: ZIP
--> Fraud report.exe
[FUND] Ist das Trojanische Pferd TR/Yakes.O
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Posteingang\63121F0A-0000094B.eml
[FUND] Ist das Trojanische Pferd TR/Yakes.O
Beginne mit der Suche in 'D:\' <RECOVERY>
Beginne mit der Suche in 'E:\' <HP_TOOLS>
Beginne mit der Desinfektion:
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Posteingang\63121F0A-0000094B.eml
[FUND] Ist das Trojanische Pferd TR/Yakes.O
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59a2695e.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\44D747F8-000009EF.eml
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '412846fa.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\3F0C3F2B-00000A02.eml
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '136b1c64.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\74F21001-00002F6C.eml
[FUND] Ist das Trojanische Pferd TR/PSW.Tepfer.EB.63
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '754253d0.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\40B50C34-00002F0C.eml
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Androm.EB.94
[HINWEIS] Der Fund wurde als verdächtig eingestuft.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '30ca7ee2.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\2A3E4DFD-00002EB1.eml
[FUND] Ist das Trojanische Pferd TR/PSW.Fareit.C.10
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fc04cf2.qua' verschoben!
Ende des Suchlaufs: Montag, 22. April 2013 07:03
Benötigte Zeit: 1:01:01 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
30580 Verzeichnisse wurden überprüft
634923 Dateien wurden geprüft
11 Viren bzw. unerwünschte Programme wurden gefunden
1 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
6 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
634911 Dateien ohne Befall
22874 Archive wurden durchsucht
6 Warnungen
6 Hinweise
749451 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
29.04.2013, 10:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware? Spionage von Email Passwörtern Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.05.2013, 17:39
| #5 |
| | Malware? Spionage von Email Passwörtern MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.03.22.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Susanne :: SUSANNE [administrator]
02.05.2013 16:04:44
mbar-log-2013-05-02 (16-04-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29197
Time elapsed: 9 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter of processors: 4 586 0x2502
16:16:16.106 ComputerName: SUSANNE UserName: Susanne
16:16:16.680 Initialze error C000010E - driver not loaded
16:16:16.721 write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
16:16:26.076 AVAST engine defs: 13050200
16:16:46.290 Scan error: Falscher Parameter.
16:17:57.222 The log file has been saved successfully to "C:\Users\Susanne\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-02 16:24:32
-----------------------------
16:24:32.628 OS Version: Windows x64 6.1.7601 Service Pack 1
16:24:32.628 Number of processors: 4 586 0x2502
16:24:32.628 ComputerName: SUSANNE UserName: Susanne
16:24:33.501 Initialize success
16:24:45.825 AVAST engine defs: 13050200
16:25:00.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:25:00.021 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
16:25:00.146 Disk 0 MBR read successfully
16:25:00.162 Disk 0 MBR scan
16:25:00.177 Disk 0 unknown MBR code
16:25:00.193 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:25:00.209 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291728 MB offset 409600
16:25:00.240 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13213 MB offset 597868544
16:25:00.271 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
16:25:00.318 Disk 0 scanning C:\Windows\system32\drivers
16:25:14.498 Service scanning
16:25:47.991 Modules scanning
16:25:48.007 Disk 0 trace - called modules:
16:25:48.537 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:25:48.553 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c13060]
16:25:48.553 3 CLASSPNP.SYS[fffff880010cf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004984050]
16:25:48.569 Scan finished successfully
16:26:58.472 Disk 0 MBR has been saved successfully to "C:\Users\Susanne\Desktop\MBR.dat"
16:26:58.472 The log file has been saved successfully to "C:\Users\Susanne\Desktop\aswMBR.txt"
Code:
ATTFilter 16:35:49.0766 4460 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:35:49.0933 4460 ============================================================
16:35:49.0933 4460 Current date / time: 2013/05/02 16:35:49.0933
16:35:49.0933 4460 SystemInfo:
16:35:49.0933 4460
16:35:49.0934 4460 OS Version: 6.1.7601 ServicePack: 1.0
16:35:49.0934 4460 Product type: Workstation
16:35:49.0934 4460 ComputerName: SUSANNE
16:35:49.0934 4460 UserName: Susanne
16:35:49.0934 4460 Windows directory: C:\Windows
16:35:49.0934 4460 System windows directory: C:\Windows
16:35:49.0934 4460 Running under WOW64
16:35:49.0934 4460 Processor architecture: Intel x64
16:35:49.0934 4460 Number of processors: 4
16:35:49.0934 4460 Page size: 0x1000
16:35:49.0934 4460 Boot type: Normal boot
16:35:49.0934 4460 ============================================================
16:35:51.0313 4460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:35:55.0799 4460 Drive \Device\Harddisk1\DR1 - Size: 0x1EB00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:35:55.0806 4460 ============================================================
16:35:55.0806 4460 \Device\Harddisk0\DR0:
16:35:55.0806 4460 MBR partitions:
16:35:55.0806 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:35:55.0806 4460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239C8000
16:35:55.0806 4460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23A2C000, BlocksNum 0x19CE800
16:35:55.0806 4460 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
16:35:55.0806 4460 \Device\Harddisk1\DR1:
16:35:55.0808 4460 MBR partitions:
16:35:55.0808 4460 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xE9, BlocksNum 0xF5717
16:35:55.0809 4460 ============================================================
16:35:55.0838 4460 C: <-> \Device\Harddisk0\DR0\Partition2
16:35:55.0882 4460 D: <-> \Device\Harddisk0\DR0\Partition3
16:35:55.0896 4460 E: <-> \Device\Harddisk0\DR0\Partition4
16:35:55.0896 4460 ============================================================
16:35:55.0896 4460 Initialize success
16:35:55.0896 4460 ============================================================
16:36:03.0697 2752 ============================================================
16:36:03.0697 2752 Scan started
16:36:03.0697 2752 Mode: Manual;
16:36:03.0697 2752 ============================================================
16:36:03.0932 2752 ================ Scan system memory ========================
16:36:03.0932 2752 System memory - ok
16:36:03.0933 2752 ================ Scan services =============================
16:36:04.0116 2752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:36:04.0120 2752 1394ohci - ok
16:36:04.0162 2752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:36:04.0166 2752 ACPI - ok
16:36:04.0185 2752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:36:04.0186 2752 AcpiPmi - ok
16:36:04.0274 2752 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:36:04.0275 2752 AdobeARMservice - ok
16:36:04.0323 2752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:36:04.0329 2752 adp94xx - ok
16:36:04.0349 2752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:36:04.0353 2752 adpahci - ok
16:36:04.0377 2752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:36:04.0379 2752 adpu320 - ok
16:36:04.0402 2752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:36:04.0404 2752 AeLookupSvc - ok
16:36:04.0475 2752 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:36:04.0476 2752 AERTFilters - ok
16:36:04.0543 2752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:36:04.0550 2752 AFD - ok
16:36:04.0609 2752 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
16:36:04.0622 2752 AgereSoftModem - ok
16:36:04.0655 2752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:36:04.0656 2752 agp440 - ok
16:36:04.0690 2752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:36:04.0692 2752 ALG - ok
16:36:04.0721 2752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:36:04.0722 2752 aliide - ok
16:36:04.0757 2752 [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:36:04.0759 2752 AMD External Events Utility - ok
16:36:04.0776 2752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:36:04.0776 2752 amdide - ok
16:36:04.0805 2752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:36:04.0806 2752 AmdK8 - ok
16:36:04.0828 2752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:36:04.0829 2752 AmdPPM - ok
16:36:04.0868 2752 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:36:04.0869 2752 amdsata - ok
16:36:04.0890 2752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:36:04.0893 2752 amdsbs - ok
16:36:04.0910 2752 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:36:04.0911 2752 amdxata - ok
16:36:04.0967 2752 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:36:04.0969 2752 AntiVirSchedulerService - ok
16:36:05.0000 2752 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:36:05.0001 2752 AntiVirService - ok
16:36:05.0038 2752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:36:05.0039 2752 AppID - ok
16:36:05.0065 2752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:36:05.0067 2752 AppIDSvc - ok
16:36:05.0100 2752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:36:05.0102 2752 Appinfo - ok
16:36:05.0147 2752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:36:05.0149 2752 arc - ok
16:36:05.0167 2752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:36:05.0168 2752 arcsas - ok
16:36:05.0190 2752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:36:05.0190 2752 AsyncMac - ok
16:36:05.0228 2752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:36:05.0228 2752 atapi - ok
16:36:05.0352 2752 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:36:05.0388 2752 athr - ok
16:36:05.0456 2752 [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:36:05.0457 2752 AtiHdmiService - ok
16:36:05.0600 2752 [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:36:05.0661 2752 atikmdag - ok
16:36:05.0727 2752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:36:05.0737 2752 AudioEndpointBuilder - ok
16:36:05.0754 2752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:36:05.0758 2752 AudioSrv - ok
16:36:05.0809 2752 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:36:05.0811 2752 avgntflt - ok
16:36:05.0840 2752 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:36:05.0841 2752 avipbb - ok
16:36:05.0877 2752 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:36:05.0877 2752 avkmgr - ok
16:36:05.0927 2752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:36:05.0930 2752 AxInstSV - ok
16:36:05.0973 2752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:36:05.0979 2752 b06bdrv - ok
16:36:06.0015 2752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:36:06.0018 2752 b57nd60a - ok
16:36:06.0084 2752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:36:06.0086 2752 BDESVC - ok
16:36:06.0120 2752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:36:06.0120 2752 Beep - ok
16:36:06.0177 2752 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:36:06.0185 2752 BFE - ok
16:36:06.0224 2752 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:36:06.0235 2752 BITS - ok
16:36:06.0255 2752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:36:06.0256 2752 blbdrive - ok
16:36:06.0292 2752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:36:06.0294 2752 bowser - ok
16:36:06.0328 2752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:36:06.0329 2752 BrFiltLo - ok
16:36:06.0339 2752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:36:06.0339 2752 BrFiltUp - ok
16:36:06.0366 2752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:36:06.0367 2752 Browser - ok
16:36:06.0389 2752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:36:06.0392 2752 Brserid - ok
16:36:06.0409 2752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:36:06.0410 2752 BrSerWdm - ok
16:36:06.0423 2752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:36:06.0423 2752 BrUsbMdm - ok
16:36:06.0431 2752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:36:06.0431 2752 BrUsbSer - ok
16:36:06.0464 2752 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:36:06.0464 2752 BthEnum - ok
16:36:06.0479 2752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:36:06.0480 2752 BTHMODEM - ok
16:36:06.0503 2752 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:36:06.0505 2752 BthPan - ok
16:36:06.0560 2752 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:36:06.0569 2752 BTHPORT - ok
16:36:06.0601 2752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:36:06.0603 2752 bthserv - ok
16:36:06.0627 2752 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:36:06.0628 2752 BTHUSB - ok
16:36:06.0654 2752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:36:06.0655 2752 cdfs - ok
16:36:06.0683 2752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:36:06.0684 2752 cdrom - ok
16:36:06.0725 2752 [ 51E8CB07EF17C3B4C806EDC8C45DEFDD ] celmkt C:\Windows\system32\Drivers\celmkt_x64.sys
16:36:06.0725 2752 celmkt - ok
16:36:06.0763 2752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:36:06.0765 2752 CertPropSvc - ok
16:36:06.0784 2752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:36:06.0785 2752 circlass - ok
16:36:06.0841 2752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:36:06.0845 2752 CLFS - ok
16:36:06.0901 2752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:36:06.0902 2752 clr_optimization_v2.0.50727_32 - ok
16:36:06.0955 2752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:36:06.0958 2752 clr_optimization_v2.0.50727_64 - ok
16:36:07.0076 2752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:36:07.0078 2752 clr_optimization_v4.0.30319_32 - ok
16:36:07.0125 2752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:36:07.0127 2752 clr_optimization_v4.0.30319_64 - ok
16:36:07.0145 2752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:36:07.0145 2752 CmBatt - ok
16:36:07.0174 2752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:36:07.0175 2752 cmdide - ok
16:36:07.0223 2752 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:36:07.0230 2752 CNG - ok
16:36:07.0321 2752 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:36:07.0325 2752 Com4QLBEx - ok
16:36:07.0362 2752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:36:07.0362 2752 Compbatt - ok
16:36:07.0405 2752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:36:07.0406 2752 CompositeBus - ok
16:36:07.0414 2752 COMSysApp - ok
16:36:07.0435 2752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:36:07.0436 2752 crcdisk - ok
16:36:07.0476 2752 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:36:07.0479 2752 CryptSvc - ok
16:36:07.0523 2752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:36:07.0533 2752 DcomLaunch - ok
16:36:07.0573 2752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:36:07.0577 2752 defragsvc - ok
16:36:07.0605 2752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:36:07.0606 2752 DfsC - ok
16:36:07.0638 2752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:36:07.0641 2752 Dhcp - ok
16:36:07.0664 2752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:36:07.0664 2752 discache - ok
16:36:07.0693 2752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:36:07.0694 2752 Disk - ok
16:36:07.0720 2752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:36:07.0721 2752 Dnscache - ok
16:36:07.0755 2752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:36:07.0760 2752 dot3svc - ok
16:36:07.0802 2752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:36:07.0804 2752 DPS - ok
16:36:07.0829 2752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:36:07.0830 2752 drmkaud - ok
16:36:07.0887 2752 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:36:07.0898 2752 DXGKrnl - ok
16:36:07.0928 2752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:36:07.0930 2752 EapHost - ok
16:36:08.0013 2752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:36:08.0045 2752 ebdrv - ok
16:36:08.0084 2752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:36:08.0085 2752 EFS - ok
16:36:08.0155 2752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:36:08.0167 2752 ehRecvr - ok
16:36:08.0189 2752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:36:08.0191 2752 ehSched - ok
16:36:08.0230 2752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:36:08.0235 2752 elxstor - ok
16:36:08.0252 2752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:36:08.0252 2752 ErrDev - ok
16:36:08.0288 2752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:36:08.0292 2752 EventSystem - ok
16:36:08.0335 2752 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:36:08.0336 2752 ew_hwusbdev - ok
16:36:08.0381 2752 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
16:36:08.0382 2752 ew_usbenumfilter - ok
16:36:08.0401 2752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:36:08.0403 2752 exfat - ok
16:36:08.0421 2752 ezSharedSvc - ok
16:36:08.0429 2752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:36:08.0431 2752 fastfat - ok
16:36:08.0473 2752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:36:08.0481 2752 Fax - ok
16:36:08.0506 2752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:36:08.0507 2752 fdc - ok
16:36:08.0539 2752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:36:08.0540 2752 fdPHost - ok
16:36:08.0555 2752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:36:08.0556 2752 FDResPub - ok
16:36:08.0573 2752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:36:08.0574 2752 FileInfo - ok
16:36:08.0587 2752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:36:08.0587 2752 Filetrace - ok
16:36:08.0593 2752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:36:08.0593 2752 flpydisk - ok
16:36:08.0655 2752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:36:08.0660 2752 FltMgr - ok
16:36:08.0718 2752 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:36:08.0732 2752 FontCache - ok
16:36:08.0787 2752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:36:08.0789 2752 FontCache3.0.0.0 - ok
16:36:08.0814 2752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:36:08.0815 2752 FsDepends - ok
16:36:08.0825 2752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:36:08.0826 2752 Fs_Rec - ok
16:36:08.0863 2752 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:36:08.0866 2752 fvevol - ok
16:36:08.0884 2752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:36:08.0885 2752 gagp30kx - ok
16:36:08.0927 2752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:36:08.0936 2752 gpsvc - ok
16:36:09.0002 2752 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:36:09.0003 2752 gupdate - ok
16:36:09.0010 2752 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:36:09.0012 2752 gupdatem - ok
16:36:09.0025 2752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:36:09.0026 2752 hcw85cir - ok
16:36:09.0073 2752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:36:09.0077 2752 HdAudAddService - ok
16:36:09.0100 2752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:36:09.0102 2752 HDAudBus - ok
16:36:09.0139 2752 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:36:09.0140 2752 HECIx64 - ok
16:36:09.0164 2752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:36:09.0165 2752 HidBatt - ok
16:36:09.0189 2752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:36:09.0191 2752 HidBth - ok
16:36:09.0216 2752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:36:09.0217 2752 HidIr - ok
16:36:09.0240 2752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:36:09.0242 2752 hidserv - ok
16:36:09.0261 2752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:36:09.0261 2752 HidUsb - ok
16:36:09.0307 2752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:36:09.0309 2752 hkmsvc - ok
16:36:09.0342 2752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:36:09.0346 2752 HomeGroupListener - ok
16:36:09.0381 2752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:36:09.0383 2752 HomeGroupProvider - ok
16:36:09.0434 2752 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:36:09.0435 2752 HP Health Check Service - ok
16:36:09.0466 2752 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:36:09.0466 2752 HpqKbFiltr - ok
16:36:09.0519 2752 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:36:09.0521 2752 hpqwmiex - ok
16:36:09.0576 2752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:36:09.0577 2752 HpSAMD - ok
16:36:09.0632 2752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:36:09.0644 2752 HTTP - ok
16:36:09.0689 2752 [ 4DBBFCE863FE1B64C770EB53A3BA5860 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
16:36:09.0690 2752 huawei_cdcacm - ok
16:36:09.0712 2752 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:36:09.0713 2752 huawei_enumerator - ok
16:36:09.0745 2752 [ DF65F49F3A108AB509D675312FC896B8 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
16:36:09.0746 2752 huawei_ext_ctrl - ok
16:36:09.0779 2752 [ 962032D69A8CA503F030F311CF4487B7 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
16:36:09.0781 2752 huawei_wwanecm - ok
16:36:09.0894 2752 [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
16:36:09.0899 2752 HWDeviceService64.exe - ok
16:36:09.0930 2752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:36:09.0931 2752 hwpolicy - ok
16:36:09.0978 2752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:36:09.0979 2752 i8042prt - ok
16:36:10.0037 2752 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:36:10.0040 2752 iaStor - ok
16:36:10.0071 2752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:36:10.0075 2752 iaStorV - ok
16:36:10.0133 2752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:36:10.0148 2752 idsvc - ok
16:36:10.0297 2752 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:36:10.0357 2752 igfx - ok
16:36:10.0383 2752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:36:10.0383 2752 iirsp - ok
16:36:10.0426 2752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:36:10.0435 2752 IKEEXT - ok
16:36:10.0516 2752 [ 181E4FF75674A7105ECD0A02C35EF43A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:36:10.0531 2752 IntcAzAudAddService - ok
16:36:10.0566 2752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:36:10.0567 2752 intelide - ok
16:36:10.0615 2752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:36:10.0616 2752 intelppm - ok
16:36:10.0648 2752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:36:10.0651 2752 IPBusEnum - ok
16:36:10.0679 2752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:36:10.0680 2752 IpFilterDriver - ok
16:36:10.0734 2752 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:36:10.0743 2752 iphlpsvc - ok
16:36:10.0778 2752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:36:10.0779 2752 IPMIDRV - ok
16:36:10.0798 2752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:36:10.0799 2752 IPNAT - ok
16:36:10.0810 2752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:36:10.0811 2752 IRENUM - ok
16:36:10.0833 2752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:36:10.0834 2752 isapnp - ok
16:36:10.0853 2752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:36:10.0856 2752 iScsiPrt - ok
16:36:10.0872 2752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:36:10.0873 2752 kbdclass - ok
16:36:10.0912 2752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:36:10.0912 2752 kbdhid - ok
16:36:10.0926 2752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:36:10.0927 2752 KeyIso - ok
16:36:10.0952 2752 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:36:10.0953 2752 KSecDD - ok
16:36:10.0989 2752 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:36:10.0991 2752 KSecPkg - ok
16:36:11.0020 2752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:36:11.0021 2752 ksthunk - ok
16:36:11.0048 2752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:36:11.0054 2752 KtmRm - ok
16:36:11.0103 2752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:36:11.0107 2752 LanmanServer - ok
16:36:11.0141 2752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:36:11.0144 2752 LanmanWorkstation - ok
16:36:11.0194 2752 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:36:11.0195 2752 LightScribeService - ok
16:36:11.0233 2752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:36:11.0234 2752 lltdio - ok
16:36:11.0249 2752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:36:11.0254 2752 lltdsvc - ok
16:36:11.0274 2752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:36:11.0276 2752 lmhosts - ok
16:36:11.0329 2752 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:36:11.0332 2752 LMS - ok
16:36:11.0357 2752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:36:11.0359 2752 LSI_FC - ok
16:36:11.0371 2752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:36:11.0373 2752 LSI_SAS - ok
16:36:11.0385 2752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:36:11.0386 2752 LSI_SAS2 - ok
16:36:11.0392 2752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:36:11.0393 2752 LSI_SCSI - ok
16:36:11.0399 2752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:36:11.0401 2752 luafv - ok
16:36:11.0433 2752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:36:11.0436 2752 Mcx2Svc - ok
16:36:11.0448 2752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:36:11.0448 2752 megasas - ok
16:36:11.0466 2752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:36:11.0468 2752 MegaSR - ok
16:36:11.0493 2752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:36:11.0494 2752 MMCSS - ok
16:36:11.0503 2752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:36:11.0504 2752 Modem - ok
16:36:11.0521 2752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:36:11.0521 2752 monitor - ok
16:36:11.0561 2752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:36:11.0562 2752 mouclass - ok
16:36:11.0589 2752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:36:11.0589 2752 mouhid - ok
16:36:11.0628 2752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:36:11.0630 2752 mountmgr - ok
16:36:11.0668 2752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:36:11.0670 2752 mpio - ok
16:36:11.0688 2752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:36:11.0689 2752 mpsdrv - ok
16:36:11.0739 2752 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:36:11.0748 2752 MpsSvc - ok
16:36:11.0777 2752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:36:11.0778 2752 MRxDAV - ok
16:36:11.0811 2752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:36:11.0812 2752 mrxsmb - ok
16:36:11.0827 2752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:36:11.0830 2752 mrxsmb10 - ok
16:36:11.0841 2752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:36:11.0842 2752 mrxsmb20 - ok
16:36:11.0879 2752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:36:11.0880 2752 msahci - ok
16:36:11.0894 2752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:36:11.0895 2752 msdsm - ok
16:36:11.0908 2752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:36:11.0911 2752 MSDTC - ok
16:36:11.0947 2752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:36:11.0948 2752 Msfs - ok
16:36:11.0959 2752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:36:11.0959 2752 mshidkmdf - ok
16:36:11.0972 2752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:36:11.0973 2752 msisadrv - ok
16:36:11.0997 2752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:36:12.0000 2752 MSiSCSI - ok
16:36:12.0005 2752 msiserver - ok
16:36:12.0028 2752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:36:12.0029 2752 MSKSSRV - ok
16:36:12.0045 2752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:36:12.0046 2752 MSPCLOCK - ok
16:36:12.0059 2752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:36:12.0059 2752 MSPQM - ok
16:36:12.0097 2752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:36:12.0101 2752 MsRPC - ok
16:36:12.0131 2752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:36:12.0132 2752 mssmbios - ok
16:36:12.0143 2752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:36:12.0143 2752 MSTEE - ok
16:36:12.0155 2752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:36:12.0155 2752 MTConfig - ok
16:36:12.0171 2752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:36:12.0172 2752 Mup - ok
16:36:12.0207 2752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:36:12.0213 2752 napagent - ok
16:36:12.0242 2752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:36:12.0245 2752 NativeWifiP - ok
16:36:12.0304 2752 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:36:12.0314 2752 NDIS - ok
16:36:12.0325 2752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:36:12.0326 2752 NdisCap - ok
16:36:12.0347 2752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:36:12.0348 2752 NdisTapi - ok
16:36:12.0386 2752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:36:12.0387 2752 Ndisuio - ok
16:36:12.0420 2752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:36:12.0422 2752 NdisWan - ok
16:36:12.0455 2752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:36:12.0456 2752 NDProxy - ok
16:36:12.0480 2752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:36:12.0480 2752 NetBIOS - ok
16:36:12.0518 2752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:36:12.0521 2752 NetBT - ok
16:36:12.0551 2752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:36:12.0553 2752 Netlogon - ok
16:36:12.0593 2752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:36:12.0598 2752 Netman - ok
16:36:12.0618 2752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:36:12.0624 2752 netprofm - ok
16:36:12.0649 2752 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:36:12.0651 2752 NetTcpPortSharing - ok
16:36:12.0773 2752 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
16:36:12.0828 2752 netw5v64 - ok
16:36:12.0848 2752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:36:12.0849 2752 nfrd960 - ok
16:36:12.0873 2752 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:36:12.0876 2752 NlaSvc - ok
16:36:12.0897 2752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:36:12.0897 2752 Npfs - ok
16:36:12.0918 2752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:36:12.0920 2752 nsi - ok
16:36:12.0932 2752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:36:12.0933 2752 nsiproxy - ok
16:36:13.0004 2752 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:36:13.0020 2752 Ntfs - ok
16:36:13.0035 2752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:36:13.0035 2752 Null - ok
16:36:13.0093 2752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:36:13.0095 2752 nvraid - ok
16:36:13.0126 2752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:36:13.0127 2752 nvstor - ok
16:36:13.0192 2752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:36:13.0194 2752 nv_agp - ok
16:36:13.0222 2752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:36:13.0223 2752 ohci1394 - ok
16:36:13.0310 2752 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:36:13.0313 2752 ose - ok
16:36:13.0531 2752 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:36:13.0575 2752 osppsvc - ok
16:36:13.0609 2752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:36:13.0627 2752 p2pimsvc - ok
16:36:13.0656 2752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:36:13.0660 2752 p2psvc - ok
16:36:13.0681 2752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:36:13.0682 2752 Parport - ok
16:36:13.0706 2752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:36:13.0707 2752 partmgr - ok
16:36:13.0718 2752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:36:13.0720 2752 PcaSvc - ok
16:36:13.0758 2752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:36:13.0759 2752 pci - ok
16:36:13.0773 2752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:36:13.0773 2752 pciide - ok
16:36:13.0793 2752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:36:13.0795 2752 pcmcia - ok
16:36:13.0810 2752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:36:13.0810 2752 pcw - ok
16:36:13.0835 2752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:36:13.0841 2752 PEAUTH - ok
16:36:13.0897 2752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:36:13.0898 2752 PerfHost - ok
16:36:13.0962 2752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:36:13.0976 2752 pla - ok
16:36:14.0011 2752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:36:14.0015 2752 PlugPlay - ok
16:36:14.0031 2752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:36:14.0032 2752 PNRPAutoReg - ok
16:36:14.0050 2752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:36:14.0053 2752 PNRPsvc - ok
16:36:14.0076 2752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:36:14.0082 2752 PolicyAgent - ok
16:36:14.0118 2752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:36:14.0121 2752 Power - ok
16:36:14.0159 2752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:36:14.0160 2752 PptpMiniport - ok
16:36:14.0186 2752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:36:14.0187 2752 Processor - ok
16:36:14.0212 2752 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:36:14.0215 2752 ProfSvc - ok
16:36:14.0229 2752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:36:14.0230 2752 ProtectedStorage - ok
16:36:14.0271 2752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:36:14.0272 2752 Psched - ok
16:36:14.0309 2752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:36:14.0324 2752 ql2300 - ok
16:36:14.0337 2752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:36:14.0338 2752 ql40xx - ok
16:36:14.0366 2752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:36:14.0370 2752 QWAVE - ok
16:36:14.0378 2752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:36:14.0379 2752 QWAVEdrv - ok
16:36:14.0399 2752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:36:14.0399 2752 RasAcd - ok
16:36:14.0428 2752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:36:14.0429 2752 RasAgileVpn - ok
16:36:14.0443 2752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:36:14.0445 2752 RasAuto - ok
16:36:14.0475 2752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:36:14.0476 2752 Rasl2tp - ok
16:36:14.0528 2752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:36:14.0536 2752 RasMan - ok
16:36:14.0565 2752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:36:14.0566 2752 RasPppoe - ok
16:36:14.0581 2752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:36:14.0582 2752 RasSstp - ok
16:36:14.0612 2752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:36:14.0616 2752 rdbss - ok
16:36:14.0652 2752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:36:14.0653 2752 rdpbus - ok
16:36:14.0672 2752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:36:14.0672 2752 RDPCDD - ok
16:36:14.0702 2752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:36:14.0703 2752 RDPENCDD - ok
16:36:14.0741 2752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:36:14.0742 2752 RDPREFMP - ok
16:36:14.0798 2752 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:36:14.0799 2752 RdpVideoMiniport - ok
16:36:14.0830 2752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:36:14.0832 2752 RDPWD - ok
16:36:14.0884 2752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:36:14.0887 2752 rdyboost - ok
16:36:14.0917 2752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:36:14.0920 2752 RemoteAccess - ok
16:36:14.0945 2752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:36:14.0949 2752 RemoteRegistry - ok
16:36:14.0980 2752 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:36:14.0982 2752 RFCOMM - ok
16:36:15.0055 2752 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:36:15.0059 2752 RichVideo - ok
16:36:15.0079 2752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:36:15.0082 2752 RpcEptMapper - ok
16:36:15.0093 2752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:36:15.0095 2752 RpcLocator - ok
16:36:15.0142 2752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:36:15.0151 2752 RpcSs - ok
16:36:15.0185 2752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:36:15.0186 2752 rspndr - ok
16:36:15.0230 2752 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:36:15.0234 2752 RSUSBSTOR - ok
16:36:15.0286 2752 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:36:15.0291 2752 RTL8167 - ok
16:36:15.0304 2752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:36:15.0305 2752 SamSs - ok
16:36:15.0335 2752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:36:15.0336 2752 sbp2port - ok
16:36:15.0366 2752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:36:15.0370 2752 SCardSvr - ok
16:36:15.0409 2752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:36:15.0410 2752 scfilter - ok
16:36:15.0444 2752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:36:15.0457 2752 Schedule - ok
16:36:15.0491 2752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:36:15.0492 2752 SCPolicySvc - ok
16:36:15.0527 2752 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
16:36:15.0529 2752 sdbus - ok
16:36:15.0565 2752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:36:15.0569 2752 SDRSVC - ok
16:36:15.0596 2752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:36:15.0597 2752 secdrv - ok
16:36:15.0628 2752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:36:15.0630 2752 seclogon - ok
16:36:15.0664 2752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:36:15.0666 2752 SENS - ok
16:36:15.0678 2752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:36:15.0680 2752 SensrSvc - ok
16:36:15.0698 2752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:36:15.0699 2752 Serenum - ok
16:36:15.0713 2752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:36:15.0715 2752 Serial - ok
16:36:15.0734 2752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:36:15.0735 2752 sermouse - ok
16:36:15.0782 2752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:36:15.0785 2752 SessionEnv - ok
16:36:15.0821 2752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:36:15.0822 2752 sffdisk - ok
16:36:15.0834 2752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:36:15.0834 2752 sffp_mmc - ok
16:36:15.0847 2752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:36:15.0847 2752 sffp_sd - ok
16:36:15.0870 2752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:36:15.0870 2752 sfloppy - ok
16:36:15.0894 2752 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:36:15.0899 2752 SharedAccess - ok
16:36:15.0919 2752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:36:15.0923 2752 ShellHWDetection - ok
16:36:15.0947 2752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:36:15.0948 2752 SiSRaid2 - ok
16:36:15.0960 2752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:36:15.0961 2752 SiSRaid4 - ok
16:36:15.0994 2752 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:36:15.0995 2752 SkypeUpdate - ok
16:36:16.0022 2752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:36:16.0023 2752 Smb - ok
16:36:16.0058 2752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:36:16.0060 2752 SNMPTRAP - ok
16:36:16.0069 2752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:36:16.0070 2752 spldr - ok
16:36:16.0106 2752 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:36:16.0112 2752 Spooler - ok
16:36:16.0219 2752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:36:16.0251 2752 sppsvc - ok
16:36:16.0271 2752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:36:16.0274 2752 sppuinotify - ok
16:36:16.0308 2752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:36:16.0315 2752 srv - ok
16:36:16.0354 2752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:36:16.0360 2752 srv2 - ok
16:36:16.0389 2752 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:36:16.0393 2752 SrvHsfHDA - ok
16:36:16.0429 2752 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:36:16.0446 2752 SrvHsfV92 - ok
16:36:16.0471 2752 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:36:16.0478 2752 SrvHsfWinac - ok
16:36:16.0509 2752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:36:16.0511 2752 srvnet - ok
16:36:16.0563 2752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:36:16.0567 2752 SSDPSRV - ok
16:36:16.0587 2752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:36:16.0591 2752 SstpSvc - ok
16:36:16.0634 2752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:36:16.0635 2752 stexstor - ok
16:36:16.0675 2752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:36:16.0687 2752 stisvc - ok
16:36:16.0723 2752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:36:16.0724 2752 swenum - ok
16:36:16.0746 2752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:36:16.0753 2752 swprv - ok
16:36:16.0822 2752 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:36:16.0828 2752 SynTP - ok
16:36:16.0914 2752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:36:16.0937 2752 SysMain - ok
16:36:16.0982 2752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:36:16.0984 2752 TabletInputService - ok
16:36:16.0997 2752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:36:17.0002 2752 TapiSrv - ok
16:36:17.0033 2752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:36:17.0036 2752 TBS - ok
16:36:17.0111 2752 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:36:17.0131 2752 Tcpip - ok
16:36:17.0163 2752 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:36:17.0173 2752 TCPIP6 - ok
16:36:17.0202 2752 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:36:17.0202 2752 tcpipreg - ok
16:36:17.0237 2752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:36:17.0238 2752 TDPIPE - ok
16:36:17.0257 2752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:36:17.0258 2752 TDTCP - ok
16:36:17.0300 2752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:36:17.0302 2752 tdx - ok
16:36:17.0315 2752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:36:17.0316 2752 TermDD - ok
16:36:17.0343 2752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:36:17.0352 2752 TermService - ok
16:36:17.0369 2752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:36:17.0371 2752 Themes - ok
16:36:17.0387 2752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:36:17.0388 2752 THREADORDER - ok
16:36:17.0401 2752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:36:17.0403 2752 TrkWks - ok
16:36:17.0466 2752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:36:17.0469 2752 TrustedInstaller - ok
16:36:17.0510 2752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:36:17.0511 2752 tssecsrv - ok
16:36:17.0546 2752 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:36:17.0547 2752 TsUsbFlt - ok
16:36:17.0606 2752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:36:17.0608 2752 tunnel - ok
16:36:17.0637 2752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:36:17.0638 2752 uagp35 - ok
16:36:17.0675 2752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:36:17.0680 2752 udfs - ok
16:36:17.0709 2752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:36:17.0712 2752 UI0Detect - ok
16:36:17.0746 2752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:36:17.0747 2752 uliagpkx - ok
16:36:17.0790 2752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:36:17.0792 2752 umbus - ok
16:36:17.0807 2752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:36:17.0808 2752 UmPass - ok
16:36:17.0897 2752 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:36:17.0916 2752 UNS - ok
16:36:17.0946 2752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:36:17.0951 2752 upnphost - ok
16:36:17.0989 2752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:36:17.0991 2752 usbccgp - ok
16:36:18.0014 2752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:36:18.0016 2752 usbcir - ok
16:36:18.0048 2752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:36:18.0049 2752 usbehci - ok
16:36:18.0079 2752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:36:18.0082 2752 usbhub - ok
16:36:18.0103 2752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:36:18.0103 2752 usbohci - ok
16:36:18.0142 2752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:36:18.0142 2752 usbprint - ok
16:36:18.0156 2752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:36:18.0157 2752 USBSTOR - ok
16:36:18.0175 2752 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:36:18.0176 2752 usbuhci - ok
16:36:18.0212 2752 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:36:18.0214 2752 usbvideo - ok
16:36:18.0242 2752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:36:18.0244 2752 UxSms - ok
16:36:18.0262 2752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:36:18.0264 2752 VaultSvc - ok
16:36:18.0307 2752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:36:18.0308 2752 vdrvroot - ok
16:36:18.0351 2752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:36:18.0363 2752 vds - ok
16:36:18.0384 2752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:36:18.0385 2752 vga - ok
16:36:18.0401 2752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:36:18.0402 2752 VgaSave - ok
16:36:18.0435 2752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:36:18.0438 2752 vhdmp - ok
16:36:18.0453 2752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:36:18.0453 2752 viaide - ok
16:36:18.0468 2752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:36:18.0469 2752 volmgr - ok
16:36:18.0504 2752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:36:18.0508 2752 volmgrx - ok
16:36:18.0524 2752 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:36:18.0528 2752 volsnap - ok
16:36:18.0561 2752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:36:18.0563 2752 vsmraid - ok
16:36:18.0637 2752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:36:18.0656 2752 VSS - ok
16:36:18.0682 2752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:36:18.0683 2752 vwifibus - ok
16:36:18.0704 2752 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:36:18.0705 2752 vwififlt - ok
16:36:18.0742 2752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:36:18.0747 2752 W32Time - ok
16:36:18.0766 2752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:36:18.0767 2752 WacomPen - ok
16:36:18.0808 2752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:36:18.0809 2752 WANARP - ok
16:36:18.0813 2752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:36:18.0815 2752 Wanarpv6 - ok
16:36:18.0880 2752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:36:18.0901 2752 wbengine - ok
16:36:18.0920 2752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:36:18.0924 2752 WbioSrvc - ok
16:36:18.0958 2752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:36:18.0963 2752 wcncsvc - ok
16:36:18.0982 2752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:36:18.0984 2752 WcsPlugInService - ok
16:36:19.0013 2752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:36:19.0014 2752 Wd - ok
16:36:19.0052 2752 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:36:19.0059 2752 Wdf01000 - ok
16:36:19.0073 2752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:36:19.0074 2752 WdiServiceHost - ok
16:36:19.0078 2752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:36:19.0080 2752 WdiSystemHost - ok
16:36:19.0115 2752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:36:19.0120 2752 WebClient - ok
16:36:19.0134 2752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:36:19.0138 2752 Wecsvc - ok
16:36:19.0146 2752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:36:19.0148 2752 wercplsupport - ok
16:36:19.0157 2752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:36:19.0158 2752 WerSvc - ok
16:36:19.0178 2752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:36:19.0179 2752 WfpLwf - ok
16:36:19.0189 2752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:36:19.0190 2752 WIMMount - ok
16:36:19.0204 2752 WinDefend - ok
16:36:19.0219 2752 WinHttpAutoProxySvc - ok
16:36:19.0263 2752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:36:19.0265 2752 Winmgmt - ok
16:36:19.0343 2752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:36:19.0371 2752 WinRM - ok
16:36:19.0410 2752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:36:19.0419 2752 Wlansvc - ok
16:36:19.0467 2752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:36:19.0467 2752 WmiAcpi - ok
16:36:19.0502 2752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:36:19.0505 2752 wmiApSrv - ok
16:36:19.0536 2752 WMPNetworkSvc - ok
16:36:19.0570 2752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:36:19.0572 2752 WPCSvc - ok
16:36:19.0622 2752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:36:19.0626 2752 WPDBusEnum - ok
16:36:19.0656 2752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:36:19.0657 2752 ws2ifsl - ok
16:36:19.0674 2752 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:36:19.0677 2752 wscsvc - ok
16:36:19.0683 2752 WSearch - ok
16:36:19.0764 2752 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:36:19.0798 2752 wuauserv - ok
16:36:19.0833 2752 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:36:19.0834 2752 WudfPf - ok
16:36:19.0865 2752 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:36:19.0868 2752 WUDFRd - ok
16:36:19.0904 2752 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:36:19.0907 2752 wudfsvc - ok
16:36:19.0936 2752 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:36:19.0941 2752 WwanSvc - ok
16:36:19.0976 2752 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
16:36:19.0981 2752 yukonw7 - ok
16:36:20.0010 2752 ================ Scan global ===============================
16:36:20.0031 2752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:36:20.0053 2752 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:36:20.0061 2752 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:36:20.0086 2752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:36:20.0120 2752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:36:20.0124 2752 [Global] - ok
16:36:20.0125 2752 ================ Scan MBR ==================================
16:36:20.0135 2752 [ 1D41AC707E36448FA8DDDA0F7B3C8BDA ] \Device\Harddisk0\DR0
16:36:20.0371 2752 \Device\Harddisk0\DR0 - ok
16:36:20.0384 2752 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
16:36:20.0402 2752 \Device\Harddisk1\DR1 - ok
16:36:20.0403 2752 ================ Scan VBR ==================================
16:36:20.0407 2752 [ BCC17C56A95682AB363AD365042C6826 ] \Device\Harddisk0\DR0\Partition1
16:36:20.0409 2752 \Device\Harddisk0\DR0\Partition1 - ok
16:36:20.0423 2752 [ 4C42F4D6309E407CDC99A300A7FF87C2 ] \Device\Harddisk0\DR0\Partition2
16:36:20.0425 2752 \Device\Harddisk0\DR0\Partition2 - ok
16:36:20.0458 2752 [ FE63E6BCFB76ED115556DCF8A9ACD5CE ] \Device\Harddisk0\DR0\Partition3
16:36:20.0460 2752 \Device\Harddisk0\DR0\Partition3 - ok
16:36:20.0476 2752 [ 345F3BD610E66A8C0B9D1C4DA3047238 ] \Device\Harddisk0\DR0\Partition4
16:36:20.0477 2752 \Device\Harddisk0\DR0\Partition4 - ok
16:36:20.0483 2752 [ 6735B22D70A4D0034187E9D4329BEB48 ] \Device\Harddisk1\DR1\Partition1
16:36:20.0486 2752 \Device\Harddisk1\DR1\Partition1 - ok
16:36:20.0487 2752 ============================================================
16:36:20.0487 2752 Scan finished
16:36:20.0487 2752 ============================================================
16:36:20.0496 4312 Detected object count: 0
16:36:20.0496 4312 Actual detected object count: 0
16:39:18.0440 0680 Deinitialize success
|
|
03.05.2013, 14:38
| #6 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware? Spionage von Email PasswörternZitat:
Zitat:
__________________ --> Malware? Spionage von Email Passwörtern |
|
04.05.2013, 15:01
| #7 |
| | Malware? Spionage von Email Passwörtern Hallo und Entschuldigung, dass die ersten Logs falsch waren, ich hoffe mal jetzt passt alles. Ich habe es jetzt nochmal probiert: asw.MBR.exe ist abgestürzt und lief dann mit der Einstellung AV Scan (none) mbar Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.03.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Susanne :: SUSANNE [administrator]
03.05.2013 18:27:29
mbar-log-2013-05-03 (18-27-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29270
Time elapsed: 7 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 17:54:07.0272 0548 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:54:07.0439 0548 ============================================================
17:54:07.0439 0548 Current date / time: 2013/05/03 17:54:07.0439
17:54:07.0439 0548 SystemInfo:
17:54:07.0439 0548
17:54:07.0439 0548 OS Version: 6.1.7601 ServicePack: 1.0
17:54:07.0439 0548 Product type: Workstation
17:54:07.0439 0548 ComputerName: SUSANNE
17:54:07.0439 0548 UserName: Susanne
17:54:07.0439 0548 Windows directory: C:\Windows
17:54:07.0439 0548 System windows directory: C:\Windows
17:54:07.0439 0548 Running under WOW64
17:54:07.0440 0548 Processor architecture: Intel x64
17:54:07.0440 0548 Number of processors: 4
17:54:07.0440 0548 Page size: 0x1000
17:54:07.0440 0548 Boot type: Normal boot
17:54:07.0440 0548 ============================================================
17:54:08.0836 0548 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:13.0307 0548 Drive \Device\Harddisk1\DR1 - Size: 0x1EB00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:54:13.0315 0548 ============================================================
17:54:13.0315 0548 \Device\Harddisk0\DR0:
17:54:13.0315 0548 MBR partitions:
17:54:13.0315 0548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:54:13.0315 0548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239C8000
17:54:13.0315 0548 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23A2C000, BlocksNum 0x19CE800
17:54:13.0315 0548 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
17:54:13.0315 0548 \Device\Harddisk1\DR1:
17:54:13.0317 0548 MBR partitions:
17:54:13.0317 0548 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xE9, BlocksNum 0xF5717
17:54:13.0317 0548 ============================================================
17:54:13.0344 0548 C: <-> \Device\Harddisk0\DR0\Partition2
17:54:13.0388 0548 D: <-> \Device\Harddisk0\DR0\Partition3
17:54:13.0403 0548 E: <-> \Device\Harddisk0\DR0\Partition4
17:54:13.0403 0548 ============================================================
17:54:13.0403 0548 Initialize success
17:54:13.0403 0548 ============================================================
17:55:25.0569 4004 ============================================================
17:55:25.0569 4004 Scan started
17:55:25.0569 4004 Mode: Manual; SigCheck; TDLFS;
17:55:25.0569 4004 ============================================================
17:55:25.0881 4004 ================ Scan system memory ========================
17:55:25.0881 4004 System memory - ok
17:55:25.0881 4004 ================ Scan services =============================
17:55:26.0099 4004 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:55:26.0255 4004 1394ohci - ok
17:55:26.0271 4004 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:55:26.0302 4004 ACPI - ok
17:55:26.0317 4004 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:55:26.0411 4004 AcpiPmi - ok
17:55:26.0520 4004 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:55:26.0536 4004 AdobeARMservice - ok
17:55:26.0598 4004 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:55:26.0645 4004 adp94xx - ok
17:55:26.0676 4004 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:55:26.0692 4004 adpahci - ok
17:55:26.0707 4004 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:55:26.0723 4004 adpu320 - ok
17:55:26.0754 4004 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:55:26.0879 4004 AeLookupSvc - ok
17:55:26.0926 4004 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:55:26.0957 4004 AERTFilters - ok
17:55:26.0988 4004 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:55:27.0066 4004 AFD - ok
17:55:27.0113 4004 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
17:55:27.0207 4004 AgereSoftModem - ok
17:55:27.0253 4004 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:55:27.0269 4004 agp440 - ok
17:55:27.0316 4004 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:55:27.0394 4004 ALG - ok
17:55:27.0409 4004 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:55:27.0441 4004 aliide - ok
17:55:27.0456 4004 [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:55:27.0534 4004 AMD External Events Utility - ok
17:55:27.0565 4004 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:55:27.0581 4004 amdide - ok
17:55:27.0628 4004 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:55:27.0675 4004 AmdK8 - ok
17:55:27.0690 4004 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:55:27.0737 4004 AmdPPM - ok
17:55:27.0753 4004 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:55:27.0768 4004 amdsata - ok
17:55:27.0784 4004 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:55:27.0800 4004 amdsbs - ok
17:55:27.0815 4004 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:55:27.0831 4004 amdxata - ok
17:55:27.0878 4004 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:55:27.0893 4004 AntiVirSchedulerService - ok
17:55:27.0924 4004 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:55:27.0956 4004 AntiVirService - ok
17:55:28.0002 4004 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:55:28.0143 4004 AppID - ok
17:55:28.0174 4004 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:55:28.0268 4004 AppIDSvc - ok
17:55:28.0314 4004 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:55:28.0392 4004 Appinfo - ok
17:55:28.0439 4004 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:55:28.0470 4004 arc - ok
17:55:28.0486 4004 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:55:28.0502 4004 arcsas - ok
17:55:28.0533 4004 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:55:28.0580 4004 AsyncMac - ok
17:55:28.0611 4004 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:55:28.0626 4004 atapi - ok
17:55:28.0720 4004 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:55:28.0829 4004 athr - ok
17:55:28.0892 4004 [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:55:28.0923 4004 AtiHdmiService - ok
17:55:29.0063 4004 [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:55:29.0188 4004 atikmdag - ok
17:55:29.0235 4004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:55:29.0328 4004 AudioEndpointBuilder - ok
17:55:29.0328 4004 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:55:29.0375 4004 AudioSrv - ok
17:55:29.0422 4004 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:55:29.0453 4004 avgntflt - ok
17:55:29.0484 4004 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:55:29.0500 4004 avipbb - ok
17:55:29.0531 4004 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:55:29.0547 4004 avkmgr - ok
17:55:29.0594 4004 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:55:29.0687 4004 AxInstSV - ok
17:55:29.0734 4004 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:55:29.0796 4004 b06bdrv - ok
17:55:29.0828 4004 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:55:29.0874 4004 b57nd60a - ok
17:55:29.0921 4004 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:55:29.0952 4004 BDESVC - ok
17:55:29.0968 4004 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:55:30.0046 4004 Beep - ok
17:55:30.0093 4004 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:55:30.0155 4004 BFE - ok
17:55:30.0186 4004 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:55:30.0264 4004 BITS - ok
17:55:30.0296 4004 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:55:30.0311 4004 blbdrive - ok
17:55:30.0342 4004 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:55:30.0374 4004 bowser - ok
17:55:30.0405 4004 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:55:30.0498 4004 BrFiltLo - ok
17:55:30.0514 4004 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:55:30.0545 4004 BrFiltUp - ok
17:55:30.0576 4004 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:55:30.0639 4004 Browser - ok
17:55:30.0654 4004 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:55:30.0701 4004 Brserid - ok
17:55:30.0717 4004 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:55:30.0764 4004 BrSerWdm - ok
17:55:30.0810 4004 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:55:30.0857 4004 BrUsbMdm - ok
17:55:30.0873 4004 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:55:30.0904 4004 BrUsbSer - ok
17:55:30.0951 4004 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:55:31.0013 4004 BthEnum - ok
17:55:31.0029 4004 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:55:31.0060 4004 BTHMODEM - ok
17:55:31.0091 4004 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:55:31.0138 4004 BthPan - ok
17:55:31.0185 4004 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:55:31.0232 4004 BTHPORT - ok
17:55:31.0263 4004 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:55:31.0341 4004 bthserv - ok
17:55:31.0372 4004 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:55:31.0403 4004 BTHUSB - ok
17:55:31.0434 4004 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:55:31.0497 4004 cdfs - ok
17:55:31.0528 4004 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:55:31.0559 4004 cdrom - ok
17:55:31.0606 4004 [ 51E8CB07EF17C3B4C806EDC8C45DEFDD ] celmkt C:\Windows\system32\Drivers\celmkt_x64.sys
17:55:31.0622 4004 celmkt - ok
17:55:31.0668 4004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:55:31.0731 4004 CertPropSvc - ok
17:55:31.0762 4004 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:55:31.0793 4004 circlass - ok
17:55:31.0824 4004 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:55:31.0856 4004 CLFS - ok
17:55:31.0918 4004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:55:31.0934 4004 clr_optimization_v2.0.50727_32 - ok
17:55:31.0980 4004 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:55:31.0996 4004 clr_optimization_v2.0.50727_64 - ok
17:55:32.0074 4004 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:55:32.0090 4004 clr_optimization_v4.0.30319_32 - ok
17:55:32.0136 4004 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:55:32.0152 4004 clr_optimization_v4.0.30319_64 - ok
17:55:32.0168 4004 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:55:32.0214 4004 CmBatt - ok
17:55:32.0246 4004 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:55:32.0261 4004 cmdide - ok
17:55:32.0308 4004 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
17:55:32.0355 4004 CNG - ok
17:55:32.0448 4004 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:55:32.0480 4004 Com4QLBEx - ok
17:55:32.0511 4004 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:55:32.0511 4004 Compbatt - ok
17:55:32.0558 4004 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:55:32.0604 4004 CompositeBus - ok
17:55:32.0620 4004 COMSysApp - ok
17:55:32.0636 4004 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:55:32.0667 4004 crcdisk - ok
17:55:32.0698 4004 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:55:32.0745 4004 CryptSvc - ok
17:55:32.0792 4004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:55:32.0870 4004 DcomLaunch - ok
17:55:32.0901 4004 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:55:32.0963 4004 defragsvc - ok
17:55:32.0994 4004 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:55:33.0057 4004 DfsC - ok
17:55:33.0088 4004 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:55:33.0119 4004 Dhcp - ok
17:55:33.0166 4004 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:55:33.0244 4004 discache - ok
17:55:33.0260 4004 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:55:33.0275 4004 Disk - ok
17:55:33.0306 4004 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:55:33.0353 4004 Dnscache - ok
17:55:33.0400 4004 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:55:33.0478 4004 dot3svc - ok
17:55:33.0494 4004 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:55:33.0572 4004 DPS - ok
17:55:33.0603 4004 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:55:33.0650 4004 drmkaud - ok
17:55:33.0712 4004 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:55:33.0759 4004 DXGKrnl - ok
17:55:33.0774 4004 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:55:33.0837 4004 EapHost - ok
17:55:33.0915 4004 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:55:33.0977 4004 ebdrv - ok
17:55:34.0008 4004 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:55:34.0071 4004 EFS - ok
17:55:34.0149 4004 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:55:34.0227 4004 ehRecvr - ok
17:55:34.0258 4004 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:55:34.0305 4004 ehSched - ok
17:55:34.0352 4004 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:55:34.0398 4004 elxstor - ok
17:55:34.0414 4004 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:55:34.0430 4004 ErrDev - ok
17:55:34.0476 4004 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:55:34.0523 4004 EventSystem - ok
17:55:34.0570 4004 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
17:55:34.0617 4004 ew_hwusbdev - ok
17:55:34.0679 4004 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
17:55:34.0710 4004 ew_usbenumfilter - ok
17:55:34.0757 4004 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:55:34.0835 4004 exfat - ok
17:55:34.0851 4004 ezSharedSvc - ok
17:55:34.0866 4004 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:55:34.0929 4004 fastfat - ok
17:55:34.0976 4004 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:55:35.0069 4004 Fax - ok
17:55:35.0100 4004 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:55:35.0132 4004 fdc - ok
17:55:35.0178 4004 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:55:35.0241 4004 fdPHost - ok
17:55:35.0256 4004 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:55:35.0303 4004 FDResPub - ok
17:55:35.0334 4004 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:55:35.0350 4004 FileInfo - ok
17:55:35.0350 4004 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:55:35.0412 4004 Filetrace - ok
17:55:35.0428 4004 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:55:35.0428 4004 flpydisk - ok
17:55:35.0475 4004 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:55:35.0506 4004 FltMgr - ok
17:55:35.0553 4004 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
17:55:35.0615 4004 FontCache - ok
17:55:35.0662 4004 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:55:35.0678 4004 FontCache3.0.0.0 - ok
17:55:35.0709 4004 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:55:35.0724 4004 FsDepends - ok
17:55:35.0756 4004 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:55:35.0756 4004 Fs_Rec - ok
17:55:35.0802 4004 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:55:35.0834 4004 fvevol - ok
17:55:35.0849 4004 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:55:35.0865 4004 gagp30kx - ok
17:55:35.0912 4004 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:55:35.0974 4004 gpsvc - ok
17:55:36.0036 4004 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:36.0052 4004 gupdate - ok
17:55:36.0068 4004 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:36.0068 4004 gupdatem - ok
17:55:36.0099 4004 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:55:36.0146 4004 hcw85cir - ok
17:55:36.0192 4004 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:55:36.0239 4004 HdAudAddService - ok
17:55:36.0270 4004 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:55:36.0302 4004 HDAudBus - ok
17:55:36.0333 4004 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:55:36.0348 4004 HECIx64 - ok
17:55:36.0364 4004 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:55:36.0395 4004 HidBatt - ok
17:55:36.0426 4004 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:55:36.0458 4004 HidBth - ok
17:55:36.0504 4004 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:55:36.0536 4004 HidIr - ok
17:55:36.0567 4004 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:55:36.0660 4004 hidserv - ok
17:55:36.0707 4004 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:55:36.0723 4004 HidUsb - ok
17:55:36.0770 4004 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:55:36.0863 4004 hkmsvc - ok
17:55:36.0894 4004 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:55:36.0926 4004 HomeGroupListener - ok
17:55:36.0957 4004 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:55:36.0988 4004 HomeGroupProvider - ok
17:55:37.0035 4004 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:55:37.0050 4004 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
17:55:37.0050 4004 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
17:55:37.0097 4004 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:55:37.0128 4004 HpqKbFiltr - ok
17:55:37.0175 4004 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:55:37.0191 4004 hpqwmiex - ok
17:55:37.0238 4004 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:55:37.0269 4004 HpSAMD - ok
17:55:37.0316 4004 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:55:37.0378 4004 HTTP - ok
17:55:37.0425 4004 [ 4DBBFCE863FE1B64C770EB53A3BA5860 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
17:55:37.0487 4004 huawei_cdcacm - ok
17:55:37.0503 4004 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
17:55:37.0550 4004 huawei_enumerator - ok
17:55:37.0581 4004 [ DF65F49F3A108AB509D675312FC896B8 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
17:55:37.0628 4004 huawei_ext_ctrl - ok
17:55:37.0659 4004 [ 962032D69A8CA503F030F311CF4487B7 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
17:55:37.0674 4004 huawei_wwanecm - ok
17:55:37.0768 4004 [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
17:55:37.0799 4004 HWDeviceService64.exe - ok
17:55:37.0846 4004 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:55:37.0862 4004 hwpolicy - ok
17:55:37.0893 4004 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:55:37.0908 4004 i8042prt - ok
17:55:37.0940 4004 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:55:37.0955 4004 iaStor - ok
17:55:37.0971 4004 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:55:38.0002 4004 iaStorV - ok
17:55:38.0049 4004 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:55:38.0096 4004 idsvc - ok
17:55:38.0236 4004 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:55:38.0361 4004 igfx - ok
17:55:38.0392 4004 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:55:38.0408 4004 iirsp - ok
17:55:38.0454 4004 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:55:38.0517 4004 IKEEXT - ok
17:55:38.0595 4004 [ 181E4FF75674A7105ECD0A02C35EF43A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:55:38.0673 4004 IntcAzAudAddService - ok
17:55:38.0688 4004 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:55:38.0704 4004 intelide - ok
17:55:38.0735 4004 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:55:38.0766 4004 intelppm - ok
17:55:38.0813 4004 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:55:38.0876 4004 IPBusEnum - ok
17:55:38.0907 4004 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:55:38.0969 4004 IpFilterDriver - ok
17:55:39.0016 4004 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:55:39.0063 4004 iphlpsvc - ok
17:55:39.0094 4004 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:55:39.0125 4004 IPMIDRV - ok
17:55:39.0156 4004 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:55:39.0234 4004 IPNAT - ok
17:55:39.0250 4004 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:55:39.0328 4004 IRENUM - ok
17:55:39.0344 4004 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:55:39.0359 4004 isapnp - ok
17:55:39.0375 4004 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:55:39.0390 4004 iScsiPrt - ok
17:55:39.0422 4004 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:55:39.0437 4004 kbdclass - ok
17:55:39.0468 4004 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:55:39.0484 4004 kbdhid - ok
17:55:39.0515 4004 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:55:39.0531 4004 KeyIso - ok
17:55:39.0546 4004 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:55:39.0562 4004 KSecDD - ok
17:55:39.0593 4004 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:55:39.0609 4004 KSecPkg - ok
17:55:39.0640 4004 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:55:39.0687 4004 ksthunk - ok
17:55:39.0718 4004 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:55:39.0780 4004 KtmRm - ok
17:55:39.0843 4004 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:55:39.0890 4004 LanmanServer - ok
17:55:39.0936 4004 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:55:39.0983 4004 LanmanWorkstation - ok
17:55:40.0030 4004 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:55:40.0046 4004 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:55:40.0046 4004 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:55:40.0077 4004 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:55:40.0139 4004 lltdio - ok
17:55:40.0170 4004 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:55:40.0248 4004 lltdsvc - ok
17:55:40.0280 4004 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:55:40.0311 4004 lmhosts - ok
17:55:40.0373 4004 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:55:40.0389 4004 LMS - ok
17:55:40.0420 4004 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:55:40.0436 4004 LSI_FC - ok
17:55:40.0436 4004 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:55:40.0451 4004 LSI_SAS - ok
17:55:40.0451 4004 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:55:40.0467 4004 LSI_SAS2 - ok
17:55:40.0482 4004 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:55:40.0498 4004 LSI_SCSI - ok
17:55:40.0498 4004 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:55:40.0560 4004 luafv - ok
17:55:40.0592 4004 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:55:40.0654 4004 Mcx2Svc - ok
17:55:40.0685 4004 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:55:40.0701 4004 megasas - ok
17:55:40.0716 4004 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:55:40.0732 4004 MegaSR - ok
17:55:40.0763 4004 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:55:40.0841 4004 MMCSS - ok
17:55:40.0857 4004 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:55:40.0904 4004 Modem - ok
17:55:40.0935 4004 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:55:40.0966 4004 monitor - ok
17:55:41.0013 4004 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:55:41.0028 4004 mouclass - ok
17:55:41.0044 4004 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:55:41.0075 4004 mouhid - ok
17:55:41.0122 4004 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:55:41.0138 4004 mountmgr - ok
17:55:41.0153 4004 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:55:41.0169 4004 mpio - ok
17:55:41.0184 4004 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:55:41.0247 4004 mpsdrv - ok
17:55:41.0294 4004 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:55:41.0356 4004 MpsSvc - ok
17:55:41.0387 4004 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:55:41.0418 4004 MRxDAV - ok
17:55:41.0450 4004 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:55:41.0496 4004 mrxsmb - ok
17:55:41.0512 4004 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:55:41.0543 4004 mrxsmb10 - ok
17:55:41.0559 4004 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:55:41.0574 4004 mrxsmb20 - ok
17:55:41.0606 4004 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:55:41.0621 4004 msahci - ok
17:55:41.0637 4004 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:55:41.0652 4004 msdsm - ok
17:55:41.0668 4004 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:55:41.0684 4004 MSDTC - ok
17:55:41.0715 4004 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:55:41.0762 4004 Msfs - ok
17:55:41.0762 4004 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:55:41.0808 4004 mshidkmdf - ok
17:55:41.0808 4004 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:55:41.0824 4004 msisadrv - ok
17:55:41.0855 4004 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:55:41.0918 4004 MSiSCSI - ok
17:55:41.0918 4004 msiserver - ok
17:55:41.0949 4004 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:55:41.0996 4004 MSKSSRV - ok
17:55:42.0027 4004 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:55:42.0058 4004 MSPCLOCK - ok
17:55:42.0074 4004 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:55:42.0152 4004 MSPQM - ok
17:55:42.0183 4004 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:55:42.0230 4004 MsRPC - ok
17:55:42.0261 4004 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:55:42.0276 4004 mssmbios - ok
17:55:42.0292 4004 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:55:42.0354 4004 MSTEE - ok
17:55:42.0370 4004 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:55:42.0386 4004 MTConfig - ok
17:55:42.0401 4004 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:55:42.0417 4004 Mup - ok
17:55:42.0432 4004 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:55:42.0510 4004 napagent - ok
17:55:42.0542 4004 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:55:42.0573 4004 NativeWifiP - ok
17:55:42.0635 4004 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:55:42.0682 4004 NDIS - ok
17:55:42.0713 4004 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:55:42.0744 4004 NdisCap - ok
17:55:42.0760 4004 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:55:42.0807 4004 NdisTapi - ok
17:55:42.0854 4004 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:55:42.0932 4004 Ndisuio - ok
17:55:42.0963 4004 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:55:43.0025 4004 NdisWan - ok
17:55:43.0041 4004 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:55:43.0119 4004 NDProxy - ok
17:55:43.0150 4004 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:55:43.0212 4004 NetBIOS - ok
17:55:43.0244 4004 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:55:43.0306 4004 NetBT - ok
17:55:43.0337 4004 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:55:43.0353 4004 Netlogon - ok
17:55:43.0384 4004 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:55:43.0446 4004 Netman - ok
17:55:43.0462 4004 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:55:43.0524 4004 netprofm - ok
17:55:43.0556 4004 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:43.0571 4004 NetTcpPortSharing - ok
17:55:43.0712 4004 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:55:43.0836 4004 netw5v64 - ok
17:55:43.0852 4004 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:55:43.0868 4004 nfrd960 - ok
17:55:43.0899 4004 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:55:43.0930 4004 NlaSvc - ok
17:55:43.0946 4004 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:55:43.0992 4004 Npfs - ok
17:55:44.0024 4004 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:55:44.0102 4004 nsi - ok
17:55:44.0117 4004 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:55:44.0180 4004 nsiproxy - ok
17:55:44.0226 4004 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:55:44.0273 4004 Ntfs - ok
17:55:44.0289 4004 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:55:44.0351 4004 Null - ok
17:55:44.0398 4004 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:55:44.0414 4004 nvraid - ok
17:55:44.0429 4004 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:55:44.0445 4004 nvstor - ok
17:55:44.0492 4004 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:55:44.0507 4004 nv_agp - ok
17:55:44.0523 4004 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:55:44.0538 4004 ohci1394 - ok
17:55:44.0585 4004 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:55:44.0601 4004 ose - ok
17:55:44.0772 4004 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:55:44.0882 4004 osppsvc - ok
17:55:44.0928 4004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:55:44.0960 4004 p2pimsvc - ok
17:55:44.0975 4004 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:55:45.0006 4004 p2psvc - ok
17:55:45.0022 4004 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:55:45.0038 4004 Parport - ok
17:55:45.0069 4004 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:55:45.0084 4004 partmgr - ok
17:55:45.0084 4004 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:55:45.0131 4004 PcaSvc - ok
17:55:45.0162 4004 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:55:45.0178 4004 pci - ok
17:55:45.0178 4004 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:55:45.0194 4004 pciide - ok
17:55:45.0209 4004 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:55:45.0240 4004 pcmcia - ok
17:55:45.0256 4004 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:55:45.0256 4004 pcw - ok
17:55:45.0287 4004 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:55:45.0350 4004 PEAUTH - ok
17:55:45.0443 4004 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:55:45.0474 4004 PerfHost - ok
17:55:45.0537 4004 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:55:45.0615 4004 pla - ok
17:55:45.0662 4004 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:55:45.0693 4004 PlugPlay - ok
17:55:45.0708 4004 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:55:45.0740 4004 PNRPAutoReg - ok
17:55:45.0755 4004 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:55:45.0771 4004 PNRPsvc - ok
17:55:45.0802 4004 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:55:45.0864 4004 PolicyAgent - ok
17:55:45.0896 4004 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:55:45.0958 4004 Power - ok
17:55:46.0005 4004 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:55:46.0083 4004 PptpMiniport - ok
17:55:46.0098 4004 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:55:46.0130 4004 Processor - ok
17:55:46.0145 4004 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:55:46.0192 4004 ProfSvc - ok
17:55:46.0208 4004 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:55:46.0223 4004 ProtectedStorage - ok
17:55:46.0254 4004 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:55:46.0317 4004 Psched - ok
17:55:46.0379 4004 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:55:46.0442 4004 ql2300 - ok
17:55:46.0473 4004 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:55:46.0488 4004 ql40xx - ok
17:55:46.0520 4004 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:55:46.0582 4004 QWAVE - ok
17:55:46.0598 4004 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:55:46.0629 4004 QWAVEdrv - ok
17:55:46.0644 4004 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:55:46.0707 4004 RasAcd - ok
17:55:46.0738 4004 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:55:46.0769 4004 RasAgileVpn - ok
17:55:46.0785 4004 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:55:46.0847 4004 RasAuto - ok
17:55:46.0894 4004 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:55:46.0941 4004 Rasl2tp - ok
17:55:47.0003 4004 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:55:47.0081 4004 RasMan - ok
17:55:47.0112 4004 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:55:47.0175 4004 RasPppoe - ok
17:55:47.0190 4004 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:55:47.0253 4004 RasSstp - ok
17:55:47.0268 4004 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:55:47.0315 4004 rdbss - ok
17:55:47.0331 4004 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:55:47.0378 4004 rdpbus - ok
17:55:47.0393 4004 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:55:47.0440 4004 RDPCDD - ok
17:55:47.0456 4004 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:55:47.0502 4004 RDPENCDD - ok
17:55:47.0518 4004 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:55:47.0565 4004 RDPREFMP - ok
17:55:47.0612 4004 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:55:47.0643 4004 RdpVideoMiniport - ok
17:55:47.0674 4004 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:55:47.0705 4004 RDPWD - ok
17:55:47.0752 4004 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:55:47.0783 4004 rdyboost - ok
17:55:47.0799 4004 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:55:47.0892 4004 RemoteAccess - ok
17:55:47.0939 4004 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:55:47.0986 4004 RemoteRegistry - ok
17:55:48.0017 4004 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:55:48.0048 4004 RFCOMM - ok
17:55:48.0126 4004 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:55:48.0142 4004 RichVideo - ok
17:55:48.0158 4004 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:55:48.0220 4004 RpcEptMapper - ok
17:55:48.0236 4004 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:55:48.0267 4004 RpcLocator - ok
17:55:48.0298 4004 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:55:48.0376 4004 RpcSs - ok
17:55:48.0392 4004 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:55:48.0454 4004 rspndr - ok
17:55:48.0501 4004 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:55:48.0532 4004 RSUSBSTOR - ok
17:55:48.0594 4004 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:55:48.0626 4004 RTL8167 - ok
17:55:48.0641 4004 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:55:48.0657 4004 SamSs - ok
17:55:48.0688 4004 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:55:48.0719 4004 sbp2port - ok
17:55:48.0735 4004 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:55:48.0797 4004 SCardSvr - ok
17:55:48.0828 4004 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:55:48.0875 4004 scfilter - ok
17:55:48.0906 4004 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:55:48.0984 4004 Schedule - ok
17:55:49.0016 4004 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:55:49.0078 4004 SCPolicySvc - ok
17:55:49.0109 4004 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:55:49.0156 4004 sdbus - ok
17:55:49.0187 4004 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:55:49.0234 4004 SDRSVC - ok
17:55:49.0250 4004 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:55:49.0343 4004 secdrv - ok
17:55:49.0359 4004 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:55:49.0390 4004 seclogon - ok
17:55:49.0421 4004 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:55:49.0499 4004 SENS - ok
17:55:49.0530 4004 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:55:49.0546 4004 SensrSvc - ok
17:55:49.0546 4004 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:55:49.0562 4004 Serenum - ok
17:55:49.0593 4004 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:55:49.0608 4004 Serial - ok
17:55:49.0624 4004 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:55:49.0655 4004 sermouse - ok
17:55:49.0686 4004 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:55:49.0718 4004 SessionEnv - ok
17:55:49.0749 4004 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:55:49.0780 4004 sffdisk - ok
17:55:49.0796 4004 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:55:49.0827 4004 sffp_mmc - ok
17:55:49.0842 4004 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:55:49.0889 4004 sffp_sd - ok
17:55:49.0905 4004 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:55:49.0920 4004 sfloppy - ok
17:55:49.0952 4004 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:55:50.0014 4004 SharedAccess - ok
17:55:50.0045 4004 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:55:50.0092 4004 ShellHWDetection - ok
17:55:50.0123 4004 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:55:50.0139 4004 SiSRaid2 - ok
17:55:50.0139 4004 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:55:50.0154 4004 SiSRaid4 - ok
17:55:50.0186 4004 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:55:50.0217 4004 SkypeUpdate - ok
17:55:50.0232 4004 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:55:50.0295 4004 Smb - ok
17:55:50.0326 4004 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:55:50.0357 4004 SNMPTRAP - ok
17:55:50.0373 4004 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:55:50.0373 4004 spldr - ok
17:55:50.0404 4004 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:55:50.0466 4004 Spooler - ok
17:55:50.0560 4004 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:55:50.0669 4004 sppsvc - ok
17:55:50.0700 4004 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:55:50.0747 4004 sppuinotify - ok
17:55:50.0794 4004 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:55:50.0810 4004 srv - ok
17:55:50.0841 4004 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:55:50.0872 4004 srv2 - ok
17:55:50.0903 4004 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:55:50.0950 4004 SrvHsfHDA - ok
17:55:50.0981 4004 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:55:51.0044 4004 SrvHsfV92 - ok
17:55:51.0059 4004 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:55:51.0090 4004 SrvHsfWinac - ok
17:55:51.0122 4004 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:55:51.0137 4004 srvnet - ok
17:55:51.0184 4004 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:55:51.0231 4004 SSDPSRV - ok
17:55:51.0246 4004 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:55:51.0293 4004 SstpSvc - ok
17:55:51.0324 4004 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:55:51.0324 4004 stexstor - ok
17:55:51.0371 4004 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:55:51.0434 4004 stisvc - ok
17:55:51.0449 4004 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:55:51.0465 4004 swenum - ok
17:55:51.0496 4004 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:55:51.0558 4004 swprv - ok
17:55:51.0621 4004 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:55:51.0652 4004 SynTP - ok
17:55:51.0714 4004 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:55:51.0792 4004 SysMain - ok
17:55:51.0824 4004 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:55:51.0839 4004 TabletInputService - ok
17:55:51.0855 4004 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:55:51.0917 4004 TapiSrv - ok
17:55:51.0948 4004 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:55:52.0026 4004 TBS - ok
17:55:52.0104 4004 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:55:52.0167 4004 Tcpip - ok
17:55:52.0198 4004 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:55:52.0245 4004 TCPIP6 - ok
17:55:52.0276 4004 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:55:52.0307 4004 tcpipreg - ok
17:55:52.0338 4004 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:55:52.0370 4004 TDPIPE - ok
17:55:52.0401 4004 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:55:52.0432 4004 TDTCP - ok
17:55:52.0463 4004 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:55:52.0494 4004 tdx - ok
17:55:52.0526 4004 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:55:52.0541 4004 TermDD - ok
17:55:52.0604 4004 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:55:52.0697 4004 TermService - ok
17:55:52.0713 4004 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:55:52.0744 4004 Themes - ok
17:55:52.0775 4004 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:55:52.0806 4004 THREADORDER - ok
17:55:52.0838 4004 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:55:52.0884 4004 TrkWks - ok
17:55:52.0947 4004 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:55:53.0025 4004 TrustedInstaller - ok
17:55:53.0056 4004 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:55:53.0103 4004 tssecsrv - ok
17:55:53.0134 4004 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:55:53.0181 4004 TsUsbFlt - ok
17:55:53.0228 4004 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:55:53.0290 4004 tunnel - ok
17:55:53.0321 4004 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:55:53.0337 4004 uagp35 - ok
17:55:53.0368 4004 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:55:53.0415 4004 udfs - ok
17:55:53.0446 4004 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:55:53.0477 4004 UI0Detect - ok
17:55:53.0508 4004 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:55:53.0524 4004 uliagpkx - ok
17:55:53.0571 4004 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:55:53.0602 4004 umbus - ok
17:55:53.0618 4004 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:55:53.0649 4004 UmPass - ok
17:55:53.0742 4004 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:55:53.0805 4004 UNS - ok
17:55:53.0820 4004 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:55:53.0883 4004 upnphost - ok
17:55:53.0898 4004 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:55:53.0961 4004 usbccgp - ok
17:55:53.0976 4004 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:55:54.0023 4004 usbcir - ok
17:55:54.0039 4004 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:55:54.0086 4004 usbehci - ok
17:55:54.0101 4004 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:55:54.0132 4004 usbhub - ok
17:55:54.0164 4004 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:55:54.0179 4004 usbohci - ok
17:55:54.0210 4004 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:55:54.0242 4004 usbprint - ok
17:55:54.0257 4004 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:55:54.0304 4004 USBSTOR - ok
17:55:54.0320 4004 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:55:54.0335 4004 usbuhci - ok
17:55:54.0398 4004 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:55:54.0429 4004 usbvideo - ok
17:55:54.0460 4004 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:55:54.0507 4004 UxSms - ok
17:55:54.0507 4004 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:55:54.0522 4004 VaultSvc - ok
17:55:54.0554 4004 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:55:54.0554 4004 vdrvroot - ok
17:55:54.0600 4004 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:55:54.0647 4004 vds - ok
17:55:54.0678 4004 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:55:54.0694 4004 vga - ok
17:55:54.0694 4004 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:55:54.0756 4004 VgaSave - ok
17:55:54.0788 4004 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:55:54.0819 4004 vhdmp - ok
17:55:54.0850 4004 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:55:54.0866 4004 viaide - ok
17:55:54.0881 4004 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:55:54.0881 4004 volmgr - ok
17:55:54.0928 4004 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:55:54.0944 4004 volmgrx - ok
17:55:54.0959 4004 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:55:54.0975 4004 volsnap - ok
17:55:55.0006 4004 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:55:55.0022 4004 vsmraid - ok
17:55:55.0068 4004 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:55:55.0178 4004 VSS - ok
17:55:55.0209 4004 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:55:55.0224 4004 vwifibus - ok
17:55:55.0240 4004 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:55:55.0271 4004 vwififlt - ok
17:55:55.0302 4004 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:55:55.0349 4004 W32Time - ok
17:55:55.0365 4004 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:55:55.0396 4004 WacomPen - ok
17:55:55.0443 4004 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:55:55.0521 4004 WANARP - ok
17:55:55.0536 4004 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:55:55.0568 4004 Wanarpv6 - ok
17:55:55.0614 4004 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:55:55.0677 4004 wbengine - ok
17:55:55.0708 4004 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:55:55.0739 4004 WbioSrvc - ok
17:55:55.0770 4004 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:55:55.0802 4004 wcncsvc - ok
17:55:55.0817 4004 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:55:55.0833 4004 WcsPlugInService - ok
17:55:55.0864 4004 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:55:55.0864 4004 Wd - ok
17:55:55.0911 4004 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:55:55.0958 4004 Wdf01000 - ok
17:55:55.0958 4004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:55:56.0051 4004 WdiServiceHost - ok
17:55:56.0051 4004 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:55:56.0082 4004 WdiSystemHost - ok
17:55:56.0129 4004 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:55:56.0160 4004 WebClient - ok
17:55:56.0192 4004 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:55:56.0254 4004 Wecsvc - ok
17:55:56.0285 4004 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:55:56.0332 4004 wercplsupport - ok
17:55:56.0348 4004 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:55:56.0394 4004 WerSvc - ok
17:55:56.0426 4004 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:55:56.0457 4004 WfpLwf - ok
17:55:56.0488 4004 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:55:56.0519 4004 WIMMount - ok
17:55:56.0535 4004 WinDefend - ok
17:55:56.0550 4004 WinHttpAutoProxySvc - ok
17:55:56.0597 4004 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:55:56.0660 4004 Winmgmt - ok
17:55:56.0722 4004 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:55:56.0800 4004 WinRM - ok
17:55:56.0847 4004 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:55:56.0894 4004 Wlansvc - ok
17:55:56.0925 4004 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:55:56.0956 4004 WmiAcpi - ok
17:55:56.0987 4004 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:55:57.0018 4004 wmiApSrv - ok
17:55:57.0050 4004 WMPNetworkSvc - ok
17:55:57.0065 4004 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:55:57.0096 4004 WPCSvc - ok
17:55:57.0143 4004 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:55:57.0174 4004 WPDBusEnum - ok
17:55:57.0206 4004 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:55:57.0268 4004 ws2ifsl - ok
17:55:57.0284 4004 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:55:57.0315 4004 wscsvc - ok
17:55:57.0330 4004 WSearch - ok
17:55:57.0393 4004 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:55:57.0471 4004 wuauserv - ok
17:55:57.0502 4004 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:55:57.0549 4004 WudfPf - ok
17:55:57.0564 4004 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:55:57.0596 4004 WUDFRd - ok
17:55:57.0627 4004 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:55:57.0658 4004 wudfsvc - ok
17:55:57.0674 4004 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:55:57.0720 4004 WwanSvc - ok
17:55:57.0752 4004 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:55:57.0767 4004 yukonw7 - ok
17:55:57.0798 4004 ================ Scan global ===============================
17:55:57.0814 4004 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:55:57.0845 4004 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:55:57.0861 4004 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:55:57.0892 4004 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:55:57.0908 4004 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:55:57.0908 4004 [Global] - ok
17:55:57.0908 4004 ================ Scan MBR ==================================
17:55:57.0923 4004 [ 1D41AC707E36448FA8DDDA0F7B3C8BDA ] \Device\Harddisk0\DR0
17:55:58.0220 4004 \Device\Harddisk0\DR0 - ok
17:56:04.0054 4004 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
17:56:04.0475 4004 \Device\Harddisk1\DR1 - ok
17:56:04.0475 4004 ================ Scan VBR ==================================
17:56:04.0475 4004 [ BCC17C56A95682AB363AD365042C6826 ] \Device\Harddisk0\DR0\Partition1
17:56:04.0475 4004 \Device\Harddisk0\DR0\Partition1 - ok
17:56:04.0491 4004 [ 4C42F4D6309E407CDC99A300A7FF87C2 ] \Device\Harddisk0\DR0\Partition2
17:56:04.0506 4004 \Device\Harddisk0\DR0\Partition2 - ok
17:56:04.0522 4004 [ FE63E6BCFB76ED115556DCF8A9ACD5CE ] \Device\Harddisk0\DR0\Partition3
17:56:04.0522 4004 \Device\Harddisk0\DR0\Partition3 - ok
17:56:04.0538 4004 [ 345F3BD610E66A8C0B9D1C4DA3047238 ] \Device\Harddisk0\DR0\Partition4
17:56:04.0538 4004 \Device\Harddisk0\DR0\Partition4 - ok
17:56:04.0553 4004 [ 6735B22D70A4D0034187E9D4329BEB48 ] \Device\Harddisk1\DR1\Partition1
17:56:04.0553 4004 \Device\Harddisk1\DR1\Partition1 - ok
17:56:04.0553 4004 ============================================================
17:56:04.0553 4004 Scan finished
17:56:04.0553 4004 ============================================================
17:56:04.0569 3336 Detected object count: 2
17:56:04.0569 3336 Actual detected object count: 2
18:06:21.0347 3336 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:21.0347 3336 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:06:21.0347 3336 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:21.0347 3336 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:07:02.0937 2784 Deinitialize success
|
|
04.05.2013, 15:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware? Spionage von Email Passwörtern Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2013, 16:41
| #9 |
| | Malware? Spionage von Email Passwörtern Hat geklappt. Hier der Log: Code:
ATTFilter ComboFix 13-05-04.01 - Susanne 04.05.2013 17:25:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3958.2913 [GMT 2:00]
ausgeführt von:: c:\users\Susanne\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-04 bis 2013-05-04 ))))))))))))))))))))))))))))))
.
.
2013-05-04 15:31 . 2013-05-04 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-04 09:12 . 2013-05-04 09:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-04 09:12 . 2013-05-04 09:12 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-04 09:11 . 2013-05-04 09:11 -------- d-----w- c:\windows\system32\Macromed
2013-05-02 14:33 . 2013-05-02 14:33 -------- d-----w- c:\program files (x86)\7-Zip
2013-05-02 13:44 . 2013-05-02 13:44 -------- d-----w- c:\programdata\Malwarebytes
2013-04-24 06:32 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 01:00 . 2013-02-21 10:15 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-04-11 01:00 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-11 01:00 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 06:34 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 06:34 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 06:34 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 06:34 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 06:34 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 06:34 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 06:34 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 06:34 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-06 09:41 . 2013-04-06 09:41 -------- d-----w- c:\users\Susanne\AppData\Roaming\hpqlog
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 01:02 . 2013-03-28 03:11 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-28 14:42 . 2013-03-28 14:42 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-03-28 14:42 . 2013-03-28 14:42 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-03-28 14:42 . 2013-03-28 14:42 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-03-28 14:42 . 2013-03-28 14:42 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-03-28 14:42 . 2013-03-28 14:42 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-03-28 14:42 . 2013-03-28 14:42 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-03-28 14:42 . 2013-03-28 14:42 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-03-28 14:42 . 2013-03-28 14:42 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-03-28 14:42 . 2013-03-28 14:42 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-03-28 14:42 . 2013-03-28 14:42 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-03-28 14:42 . 2013-03-28 14:42 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-03-28 14:42 . 2013-03-28 14:42 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-03-28 14:42 . 2013-03-28 14:42 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-03-28 14:42 . 2013-03-28 14:42 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-03-28 14:10 . 2013-03-28 14:10 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-28 14:10 . 2013-03-28 14:10 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-28 14:10 . 2013-03-28 14:10 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-28 14:10 . 2013-03-28 14:10 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-28 14:10 . 2013-03-28 14:10 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-28 14:10 . 2013-03-28 14:10 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-28 14:10 . 2013-03-28 14:10 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-28 14:10 . 2013-03-28 14:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-28 14:10 . 2013-03-28 14:10 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-28 14:10 . 2013-03-28 14:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-28 14:10 . 2013-03-28 14:10 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-28 14:10 . 2013-03-28 14:10 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-28 14:10 . 2013-03-28 14:10 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-28 14:10 . 2013-03-28 14:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-28 14:10 . 2013-03-28 14:10 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-28 14:10 . 2013-03-28 14:10 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-28 14:10 . 2013-03-28 14:10 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-28 14:10 . 2013-03-28 14:10 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-28 14:10 . 2013-03-28 14:10 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-28 14:10 . 2013-03-28 14:10 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-28 14:10 . 2013-03-28 14:10 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-28 14:10 . 2013-03-28 14:10 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-28 14:10 . 2013-03-28 14:10 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-28 14:10 . 2013-03-28 14:10 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-28 14:10 . 2013-03-28 14:10 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-28 14:10 . 2013-03-28 14:10 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-28 14:10 . 2013-03-28 14:10 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-28 14:10 . 2013-03-28 14:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-28 14:10 . 2013-03-28 14:10 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-28 14:10 . 2013-03-28 14:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-28 14:10 . 2013-03-28 14:10 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-28 14:10 . 2013-03-28 14:10 441856 ----a-w- c:\windows\system32\html.iec
2013-03-28 14:10 . 2013-03-28 14:10 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-28 14:10 . 2013-03-28 14:10 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-28 14:10 . 2013-03-28 14:10 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-28 14:10 . 2013-03-28 14:10 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-28 14:10 . 2013-03-28 14:10 235008 ----a-w- c:\windows\system32\url.dll
2013-03-28 14:10 . 2013-03-28 14:10 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-28 14:10 . 2013-03-28 14:10 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-28 14:10 . 2013-03-28 14:10 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-28 14:10 . 2013-03-28 14:10 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-28 14:10 . 2013-03-28 14:10 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-28 14:10 . 2013-03-28 14:10 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-28 14:10 . 2013-03-28 14:10 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-28 14:10 . 2013-03-28 14:10 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-28 14:10 . 2013-03-28 14:10 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-28 14:10 . 2013-03-28 14:10 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-28 14:10 . 2013-03-28 14:10 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-28 14:10 . 2013-03-28 14:10 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-28 14:09 . 2013-03-28 14:09 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-28 14:09 . 2013-03-28 14:09 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-28 14:09 . 2013-03-28 14:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-28 14:09 . 2013-03-28 14:09 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-28 14:09 . 2013-03-28 14:09 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-28 14:09 . 2013-03-28 14:09 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 14:09 . 2013-03-28 14:09 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-28 14:09 . 2013-03-28 14:09 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-28 14:09 . 2013-03-28 14:09 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-28 14:09 . 2013-03-28 14:09 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-28 14:09 . 2013-03-28 14:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-28 14:09 . 2013-03-28 14:09 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-28 14:09 . 2013-03-28 14:09 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-28 14:09 . 2013-03-28 14:09 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-28 14:09 . 2013-03-28 14:09 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-28 14:09 . 2013-03-28 14:09 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-28 14:09 . 2013-03-28 14:09 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-28 14:09 . 2013-03-28 14:09 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-28 14:09 . 2013-03-28 14:09 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-28 14:09 . 2013-03-28 14:09 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 celmkt;celmkt;c:\windows\system32\Drivers\celmkt_x64.sys [2009-10-06 48488]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-03-28 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2013-03-28 13952]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2013-03-28 98816]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2013-03-28 28672]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2013-03-28 212992]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-27 28600]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-28 86016]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 10:04 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 23:11]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 23:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-23 172032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.benefind.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{181AF04A-74F0-4087-949B-19A0AB5FC4E2}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{6F872112-0BF1-4EE0-A9F0-46665E889F19}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{989A43FD-BC5B-4A94-B219-E263F30CB4A4}: NameServer = 139.7.30.125 139.7.30.126
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-04 17:33:40
ComboFix-quarantined-files.txt 2013-05-04 15:33
.
Vor Suchlauf: 8 Verzeichnis(se), 242.563.784.704 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 242.976.542.720 Bytes frei
.
- - End Of File - - 8C053D8B50622F34C5E23DDBFFE4261C
|
|
04.05.2013, 21:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware? Spionage von Email Passwörtern JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.05.2013, 12:10
| #11 |
| | Malware? Spionage von Email Passwörtern Danke, anbei die drei Logs! Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by Susanne on 04.05.2013 at 23:26:11,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
~~~ Files
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.05.2013 at 23:29:31,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 04/05/2013 um 23:34:48 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Susanne - SUSANNE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Susanne\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [723 octets] - [04/05/2013 23:34:48]
########## EOF - C:\AdwCleaner[S1].txt - [782 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 23:52:14 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susanne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 74,33% Memory free
7,73 Gb Paging File | 6,47 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,89 Gb Total Space | 226,21 Gb Free Space | 79,40% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32
Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32
Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-44154158-779545507-3128274890-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E13646-031C-4D63-8E2C-519FBC33306B}" = rport=138 | protocol=17 | dir=out | app=system |
"{04252F46-FE52-4788-BEB8-14AB86D42AA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{101B128E-90A8-4903-8DC7-79EE187CF730}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{317D60CE-391D-4C00-8EB2-9B618EC89804}" = rport=139 | protocol=6 | dir=out | app=system |
"{31BE142A-4638-4761-AA49-78553D4FF2FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38B5FBEB-8B4E-41F8-AEBD-E9141835109D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A9EC5FA-F2A2-4F33-A6D9-CF8A0361B14F}" = lport=139 | protocol=6 | dir=in | app=system |
"{47C09A6D-DBD6-4774-933F-C5A0ABFC333B}" = lport=137 | protocol=17 | dir=in | app=system |
"{570AF88F-5B35-4017-B21B-14BD983B7621}" = rport=445 | protocol=6 | dir=out | app=system |
"{59861AAD-C033-4B8A-8661-52D0F1B790BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DB434BF-4D65-4D5D-BB8A-580E54B415B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6472F28A-42F9-4051-BAF3-2AD6C9A75BF2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76D496F1-1DE2-4299-B2C6-5CD9B2827AEA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F571AC9-29D4-4E1A-AC8A-3B6FA6ADDB55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A84D54A0-00D7-4513-8C5A-BB7956D1A0DD}" = lport=138 | protocol=17 | dir=in | app=system |
"{B928F0A8-4AED-44D0-ABBD-DA63028FA1A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD5BC235-8C84-40FD-AF6E-E485AFAC3D47}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD8DC53F-669F-4F51-AF2C-783544C0ED22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7299E4F-5FB5-4DD0-9A19-FA23A2261D2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE94DA1A-5CF8-4DB0-B2AA-856EE85472F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF252669-F899-42A3-8663-69AFC4C4897F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F33438B2-3EAA-4109-A12D-0AB86A9469C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5639180-A5A5-42A3-96A3-0F8F727250EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{FDD2F485-64DA-425D-9175-DD0D8394AA1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AADA7F3-2885-4ECA-BEC2-254985BB6FCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{368AAFC2-B438-46E4-B759-99D59F0339BA}" = protocol=6 | dir=out | app=system |
"{3FD9CC3B-87D4-4B85-BEE6-9BE2AEFB175E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56A29773-AA47-41B9-82C9-7C124702DFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{584601BA-9DFB-44B6-A568-E784B874FF63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A0AF75F-36B4-43B8-927E-DF981CB92A83}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5D30B85A-D69A-430B-9EDD-6218AABF75C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69F57D4E-89E7-4191-89E6-76701B961BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6BBE4CAF-3792-4555-AE85-F17029E61731}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C433974-967C-4044-B2D1-4842C60660FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70C50F4C-78BC-41A7-9173-64517195C2CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{713EF3A1-F0FA-411F-B44C-18DB0E58E62D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{77361F11-48B6-414D-823B-A63C6043F1D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F0E0F82-2C6C-4B89-A2FD-4DCA093B8817}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4E6C821-87CE-4CAE-B407-E418F06F4BF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8D4DA27-3FC2-4B9A-96AE-C86712984FB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAE39440-4513-4105-9EE3-6141F234335A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B4E0B5BC-0C52-496E-B1D9-DDF2AA37585C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6996356-E04B-4776-8499-1A18F0BF509D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C7AD2E47-7FB5-49AA-ACD2-B48CC0F02CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD7A6CDA-EDB8-496B-8166-8DB274889FD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1F42F7A-FA17-4481-8F38-8E14BBD6BD9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F58A85A4-75FA-4F36-AC9E-A9FC1F35C8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19E2CC1A-981D-49FD-B42A-143DC96D40C8}" = adebisKITA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A981A9BA-8670-4419-8B2F-F3E6C0514531}_is1" = Psyprax
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"hp print screen utility" = hp print screen utility
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mobile Partner" = Mobile Partner
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"VLC media player" = VLC media player 2.0.5
< End of report >
|
|
06.05.2013, 09:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware? Spionage von Email Passwörtern Das andere Log von OTL fehlt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2013, 14:27
| #13 |
| | Malware? Spionage von Email Passwörtern Entschuldigung, das habe ich vergessen: Code:
ATTFilter OTL logfile created on: 04.05.2013 23:52:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susanne\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 74,33% Memory free 7,73 Gb Paging File | 6,47 Gb Available in Paging File | 83,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,89 Gb Total Space | 226,21 Gb Free Space | 79,40% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32 Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32 Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Susanne\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (celmkt) -- C:\Windows\SysNative\drivers\celmkt_x64.sys () DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/ IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: benefind (Enabled) CHR - default_search_provider: search_url = hxxp://www.benefind.de/web.php?q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://www.benefind.de/autocomplete/autocompletev.php?q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.05.04 17:32:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-44154158-779545507-3128274890-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-44154158-779545507-3128274890-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-44154158-779545507-3128274890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{181AF04A-74F0-4087-949B-19A0AB5FC4E2}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F872112-0BF1-4EE0-A9F0-46665E889F19}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6FDD47-75AB-4987-8034-237DAF5F86B5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989A43FD-BC5B-4A94-B219-E263F30CB4A4}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.04 23:28:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.04 23:26:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.04 23:26:03 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.04 23:23:38 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Susanne\Desktop\JRT.exe [2013.05.04 17:33:42 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.04 17:23:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.04 17:23:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.04 17:23:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.04 17:23:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.04 17:23:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.04 17:21:43 | 005,065,726 | R--- | C] (Swearware) -- C:\Users\Susanne\Desktop\ComboFix.exe [2013.05.04 11:12:00 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.04 11:12:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.04 11:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.05.03 18:17:06 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\mbar [2013.05.03 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Stellenbeschreibeung2 [2013.05.02 18:24:51 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\2.scands und logs [2013.05.02 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\1.scans [2013.05.02 16:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.05.02 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.05.02 15:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.16 08:07:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Fotos Projektantrag [2013.04.11 03:01:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 03:01:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 03:01:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.11 03:01:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 03:01:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.11 03:01:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.11 03:01:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.11 03:01:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.11 03:01:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.11 03:01:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.11 03:01:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.11 03:01:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.11 03:01:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 03:01:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 03:01:01 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 08:34:45 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 08:34:44 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 08:34:43 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 08:34:43 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 08:34:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 08:34:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Stellenbeschreibungen [2013.04.06 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\hpqlog ========== Files - Modified Within 30 Days ========== [2013.05.04 23:45:29 | 000,034,957 | ---- | M] () -- C:\Users\Susanne\Desktop\85104-otl-otlogfile-by-oldtimer.html [2013.05.04 23:43:45 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 23:43:45 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 23:36:19 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.04 23:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.04 23:36:06 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 23:23:40 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Susanne\Desktop\JRT.exe [2013.05.04 23:16:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.04 17:32:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.04 17:21:49 | 005,065,726 | R--- | M] (Swearware) -- C:\Users\Susanne\Desktop\ComboFix.exe [2013.05.04 11:19:57 | 000,947,445 | ---- | M] () -- C:\Users\Susanne\Desktop\ZKN03053-2.pdf [2013.05.04 11:19:57 | 000,921,073 | ---- | M] () -- C:\Users\Susanne\Desktop\ZKN03053-1.pdf [2013.05.04 11:12:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.04 11:12:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.03 17:07:13 | 000,000,512 | ---- | M] () -- C:\Users\Susanne\Desktop\MBR.dat [2013.04.30 12:08:50 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.30 12:08:50 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.30 12:08:50 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.30 12:08:50 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.30 12:08:50 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.26 21:31:53 | 000,000,000 | ---- | M] () -- C:\Users\Susanne\defogger_reenable [2013.04.19 12:00:52 | 002,846,090 | ---- | M] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv [2013.04.17 14:36:21 | 000,103,137 | ---- | M] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf [2013.04.17 11:56:59 | 008,141,664 | ---- | M] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip [2013.04.17 09:16:55 | 000,323,879 | ---- | M] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf [2013.04.11 03:20:57 | 000,389,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 19:39:51 | 000,279,832 | ---- | M] () -- C:\Users\Susanne\Desktop\Projektbeschreibung Zentrum **Zensiert**.pdf [2013.04.05 18:56:03 | 000,162,031 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.05 18:32:26 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat ========== Files Created - No Company Name ========== [2013.05.04 23:45:29 | 000,034,957 | ---- | C] () -- C:\Users\Susanne\Desktop\85104-otl-otlogfile-by-oldtimer.html [2013.05.04 17:23:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.04 17:23:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.04 17:23:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.04 17:23:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.04 17:23:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.04 11:19:57 | 000,947,445 | ---- | C] () -- C:\Users\Susanne\Desktop\ZKN03053-2.pdf [2013.05.04 11:19:57 | 000,921,073 | ---- | C] () -- C:\Users\Susanne\Desktop\ZKN03053-1.pdf [2013.05.03 17:07:13 | 000,000,512 | ---- | C] () -- C:\Users\Susanne\Desktop\MBR.dat [2013.04.26 21:31:53 | 000,000,000 | ---- | C] () -- C:\Users\Susanne\defogger_reenable [2013.04.19 12:00:52 | 002,846,090 | ---- | C] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv [2013.04.17 14:36:21 | 000,103,137 | ---- | C] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf [2013.04.17 09:16:54 | 000,323,879 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf [2013.04.13 07:38:15 | 008,141,664 | ---- | C] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip [2013.04.10 19:39:51 | 000,279,832 | ---- | C] () -- C:\Users\Susanne\Desktop\Projektbeschreibung **Zensiert**.pdf [2013.04.05 18:56:03 | 000,162,031 | ---- | C] () -- C:\Users\Susanne\Desktop\Familie auf Zeit_Wochenendväter.pdf [2013.04.05 18:32:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2013.03.28 18:45:22 | 000,009,251 | ---- | C] () -- C:\Windows\hpdj3600.ini [2013.03.28 01:47:07 | 000,010,631 | ---- | C] () -- C:\Users\Susanne\**Zensiert**_elster_2048.pfx ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
06.05.2013, 14:32
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware? Spionage von Email Passwörtern Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2013, 22:54
| #15 |
| | Malware? Spionage von Email Passwörtern Danke, hier die zwei Letzten Logs ohne Funde, schaut gut aus, oder? Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Susanne :: SUSANNE [Administrator] Schutz: Aktiviert 06.05.2013 16:33:09 mbam-log-2013-05-06 (16-33-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 401603 Laufzeit: 52 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e7fc593b053c2a419acb3a8782f4261d
# engine=13767
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-06 04:57:14
# local_time=2013-05-06 06:57:14 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 12435 3440917 5214 0
# compatibility_mode=5893 16776574 66 85 3387049 119489284 0 0
# scanned=194402
# found=0
# cleaned=0
# scan_time=3947
|
|
| Themen zu Malware? Spionage von Email Passwörtern |
| angelegt, bds/androm.eb.94, canon, emailadresse, emailadressen, geliefert, hallo zusammen, html-scriptvirus html/redirector.eu, install.exe, kompromittiert, launch, massenhaft, neuinstallation, passwörter, passwörtern, plug-in, richtlinie, sicherheit, spionage, tr/psw.fareit.c.10, tr/psw.tepfer.eb.63, tr/yakes.o, verschiedene, verschiedenen, virenschutz, zusammen |
Linear-Darstellung
