| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Böse Anwalts-Mail mit Anhang geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2013, 21:51
| #1 |
 |  Böse Anwalts-Mail mit Anhang geöffnet HI  Meine Mum hat ausversehen den Anhang von einer Mail geöffnet wo ein Anwalt mit einer Mahnung und Strafe gedroht hat (Phishing Mail). Dann hat sie es gemerkt und sofort alle Dateien gelöscht und die Mail glaube ich auch. Nun habe ich hier irgendwo hier im Forum mal eine Anleitung für solche Fälle gelesen, was man da tun muss bzw. welche Programme helfen. Irre ich mich da oder hab ich sie einfach nicht gefunden? Und reicht es, wenn ich mit sämtlichen Programmen den, wahrscheinlich, infizierten Rechner durchsuche oder MUSS ich den PC neu formatieren? Danke für die Hilfe |
|
13.06.2013, 21:59
| #2 |
| /// Malware-holic   | Böse Anwalts-Mail mit Anhang geöffnet hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
13.06.2013, 22:08
| #3 |
| | Böse Anwalts-Mail mit Anhang geöffnet Hallo,
__________________alles klar werde ich machen. Bringt es also nichts, wenn ich Malwarebytes, Spybot usw. drüber laufen lasse? |
|
13.06.2013, 22:18
| #4 |
| /// Malware-holic | Böse Anwalts-Mail mit Anhang geöffnet nein poste erst mal das log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 19:22
| #5 |
| | Böse Anwalts-Mail mit Anhang geöffnet Wenn ich vergessen habe private Stellen zu löschen wäre ich dankbar, wenn ihr mir kurz Bescheid gebt OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2013 19:19:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,81% Memory free 5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 193,52 Gb Total Space | 137,53 Gb Free Space | 71,07% Space Free | Partition Type: NTFS Drive D: | 104,57 Gb Total Space | 98,79 Gb Free Space | 94,47% Space Free | Partition Type: NTFS Drive F: | 14,40 Gb Total Space | 14,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: xxxx-LAPTOP | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.14 19:16:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.06.30 21:01:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.01 00:06:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme2\maxdome\DCBin\DCService.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2013.01.09 18:12:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.30 21:01:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.01 00:06:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.28 12:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Programme2\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 21:01:14 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 21:01:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.12.20 16:30:54 | 000,193,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.12 01:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.08.24 19:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.08.24 19:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.08.24 19:30:40 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2010.08.24 19:30:40 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.04.27 04:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.04.27 04:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2008.07.10 12:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 3C 1C 3F 95 95 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {A2DC3FEF-AB4D-442c-8517-34EC6E125C8D} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6EF530F9-6C3A-4178-BAB2-E62D97095CBD}: "URL" = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} IE - HKCU\..\SearchScopes\{9790F99F-1AC4-49EE-AC3F-34E9D096FD49}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang=de&zip=&town=&site=&country=&safe=[safe,off,strict] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910 FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.4 FF - prefs.js..extensions.enabledAddons: leethax@leethax.net:2013.03.16 FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.5 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.15 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: ffext@startpage24:2.0.0.586 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\Program Files\Startpage24\Plugin\Version_586\firefox\plugins\nplink64.dll (Link64 GmbH) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme2\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.07 09:18:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffext@startpage24: C:\Program Files\Startpage24\Plugin\Version_586\firefox [2011.03.20 01:07:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.09 18:12:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.27 13:41:32 | 000,000,000 | ---D | M] [2010.12.07 00:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2013.06.13 22:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions [2013.01.09 18:12:36 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.09.27 13:20:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.06.13 22:36:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.03.18 17:30:00 | 000,021,579 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\extensions\leethax@leethax.net.xpi [2013.06.12 19:51:00 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.03.13 18:55:47 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.06.23 23:42:20 | 000,005,248 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\searchplugins\Startpage24.xml [2012.04.03 14:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.09 18:12:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2013.01.09 18:12:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.09 18:12:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.09 18:12:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.09 18:12:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.09 18:12:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.09 18:12:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Startpage24) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\Programme\Startpage24\Plugin\Version_586\link64_plugin.dll (Link64 GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [mixerxg] C:\Users\xxxx\AppData\Roaming\mixerxg.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6FC371A-76B7-4E47-907A-6CF51C121652}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF1D08D3-8994-4CF2-B2CB-23D9207DED51}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F29978D8-AFC5-4CEF-BFA5-623864B62C7A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\startpage24 {879506D7-73DF-8D45-BBDD-123467926D12} - C:\Programme\Startpage24\Plugin\Version_586\link64_plugin.dll (Link64 GmbH) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5ad0a7b2-8ed6-11e0-8659-001f160bd76a}\Shell - "" = AutoRun O33 - MountPoints2\{5ad0a7b2-8ed6-11e0-8659-001f160bd76a}\Shell\AutoRun\command - "" = F:\NPSAI.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2EB3FE2C-D1A6-65F2-61CA-0D299031B992} - Java (Sun) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^xxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme2\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Programme2\CCleaner\CCleaner.exe (Piriform Ltd) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme2\Home Cinema\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme2\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Programme2\Home Cinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: Ulead Photo Express 5 SE Calendar Checker - hkey= - key= - File not found MsConfig - StartUpReg: ulutclbu - hkey= - key= - C:\Users\xxxx\AppData\Roaming\Tswvdpj\osmhclbu.exe (Bloodshed Software) MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Programme2\Home Cinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Programme2\Home Cinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 19:16:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2013.06.14 17:38:43 | 000,000,000 | ---D | C] -- C:\d6af526708e6e9ddbfffdbd8fbc6bf [2013.06.14 17:15:34 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2013.06.14 17:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.14 17:15:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.14 17:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.14 17:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.06.14 17:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.06.14 17:15:07 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.06.14 17:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.06.14 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Programs [2013.06.14 17:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.06.14 17:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.06.14 17:05:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.06.13 22:24:30 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Tswvdpj [2013.06.11 21:57:25 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Saved Games [2013.05.19 14:46:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8100CF49-B584-4762-9002-E1877B4E6602} ========== Files - Modified Within 30 Days ========== [2013.06.14 19:19:51 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 19:19:51 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 19:19:26 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.14 19:19:26 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.14 19:19:26 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.14 19:19:26 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.14 19:16:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2013.06.14 19:11:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 19:11:40 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 17:15:24 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.14 17:15:12 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.06.14 17:09:18 | 314,125,949 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.11 21:56:32 | 000,443,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.06.14 17:15:24 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.14 17:15:12 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.06.14 17:15:12 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.06.14 17:05:42 | 314,125,949 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.10.19 13:44:40 | 000,166,152 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.12.10 08:19:46 | 000,003,584 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.07 18:44:08 | 000,055,302 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.12.07 09:06:50 | 000,055,302 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.14 01:11:09 | 000,265,216 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\mixerxg.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.03.29 15:39:58 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Ashampoo [2010.12.12 17:31:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Boomzap [2011.01.14 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Gaijin Ent [2011.06.18 16:00:39 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GARMIN [2011.06.01 22:36:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Leadertech [2010.12.08 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Lexmark Productivity Studio [2011.06.08 00:06:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ML [2011.03.27 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Opera [2010.12.12 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Runes of Avalon 2 [2011.08.12 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Samsung [2010.12.08 15:40:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ScreenSeven [2011.06.14 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Startpage24 [2013.06.13 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Tswvdpj [2010.12.11 22:19:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TuneUp Software [2010.12.20 19:43:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.09 00:50:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.02.25 08:52:33 | 000,000,000 | -HSD | M] -- C:\Boot [2013.06.14 17:28:11 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2013.06.14 17:38:45 | 000,000,000 | ---D | M] -- C:\d6af526708e6e9ddbfffdbd8fbc6bf [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.12.06 23:28:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.19 14:54:41 | 000,000,000 | ---D | M] -- C:\Intel [2011.06.22 15:29:28 | 000,000,000 | ---D | M] -- C:\Medion [2010.12.07 23:29:01 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.03.29 15:52:54 | 000,000,000 | ---D | M] -- C:\PlugIns [2013.06.14 17:27:45 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.14 17:15:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.06 23:28:30 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.27 13:41:06 | 000,000,000 | ---D | M] -- C:\Programme2 [2010.12.06 23:28:30 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.03.20 01:03:09 | 000,000,000 | ---D | M] -- C:\startpage24 [2013.06.14 19:21:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.14 00:13:36 | 000,000,000 | R--D | M] -- C:\Users [2013.06.14 17:05:49 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme2\Home Cinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2013.05.16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2010.12.20 16:31:08 | 000,435,736 | R--- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Medion\[02] AHCI\f6flpy-x86\iaStor.sys [2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys [2010.12.20 16:31:08 | 000,540,696 | R--- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Medion\[02] AHCI\f6flpy-x64\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.02.25 15:58:44 | 000,000,068 | -HS- | M] () -- C:\Users\xxxx\desktop.ini [2013.06.14 19:33:20 | 004,980,736 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat [2013.06.14 19:33:20 | 000,262,144 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat.LOG1 [2010.12.06 23:28:44 | 000,000,000 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat.LOG2 [2010.12.06 23:31:05 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.12.06 23:31:05 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.12.06 23:31:05 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.06.14 16:56:36 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{90bf9e35-d502-11e2-9a74-001f160bd76a}.TM.blf [2013.06.14 16:56:36 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{90bf9e35-d502-11e2-9a74-001f160bd76a}.TMContainer00000000000000000001.regtrans-ms [2013.06.14 16:56:36 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{90bf9e35-d502-11e2-9a74-001f160bd76a}.TMContainer00000000000000000002.regtrans-ms [2013.06.14 17:07:01 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{daae2454-d503-11e2-a596-ea975c9c1fc5}.TM.blf [2013.06.14 17:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{daae2454-d503-11e2-a596-ea975c9c1fc5}.TMContainer00000000000000000001.regtrans-ms [2013.06.14 17:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{daae2454-d503-11e2-a596-ea975c9c1fc5}.TMContainer00000000000000000002.regtrans-ms [2010.12.06 23:28:44 | 000,000,020 | -HS- | M] () -- C:\Users\xxxx\ntuser.ini [2011.06.22 14:36:49 | 000,024,576 | -HS- | M] () -- C:\Users\xxxx\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 19:19:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,81% Memory free
5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 193,52 Gb Total Space | 137,53 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
Drive D: | 104,57 Gb Total Space | 98,79 Gb Free Space | 94,47% Space Free | Partition Type: NTFS
Drive F: | 14,40 Gb Total Space | 14,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: xxxx-LAPTOP | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Value error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme2\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme2\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030A659D-410B-4F5F-B511-04D722BB44BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{03754F17-452F-40DA-9F30-D17F9D523FCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06B67EBB-E2B7-4926-BEAB-9E9FFF426EEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{09317976-D20A-429F-8EF7-FA437BF6CECE}" = lport=445 | protocol=6 | dir=in | app=system |
"{1542E7CB-0899-45DC-9118-0D6A218917CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{257FD803-98E3-499D-B458-22037EE2AF65}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{35C49F7D-6A98-4575-B713-E1D9D1FFB0EF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F249D69-C1A1-49EC-96AA-D8CF7E32161A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54FFC2B5-11D3-4A95-B5B4-59954C342D17}" = rport=137 | protocol=17 | dir=out | app=system |
"{625B1F86-CA57-466C-B684-90E95D4066CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CACD5C9-AA2E-44AA-BC3C-54B425EBE4C9}" = lport=139 | protocol=6 | dir=in | app=system |
"{72354DB2-471A-4F1F-8F71-8CF6FC4415FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77B91F04-8D3B-497F-98B8-B560878F3CF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DCE56E0-1AC8-4D99-B2F0-760272664C8A}" = lport=137 | protocol=17 | dir=in | app=system |
"{93CA5423-F597-4631-A99D-F224821D1C7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96ECFDC2-C1B8-4D81-8F71-5516928025C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{A82CF7A0-E391-4C10-AA89-3888E0ED51CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{ABF83973-87CB-428B-BB26-AB89A1E73E39}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AEBF8162-7DE7-4121-B0F0-D2EDB2024A3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3500120-D640-4ED9-BF0D-32E76E7CB547}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEE9C603-42BD-4E25-8E04-016B9E350CF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5AE2446-0939-47CC-92F4-0E03625622FC}" = lport=138 | protocol=17 | dir=in | app=system |
"{F85F0CF1-50E5-490C-B456-47935AD07AA4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0359F-AD03-4DC6-B919-573190B58A6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{173C1A67-4B5A-42D0-9DFE-7C8443C7346B}" = dir=in | app=c:\programme2\home cinema\powerdirector\pdr.exe |
"{1C127D0C-1830-4A47-B7C8-C97ED4194C1A}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{217FDAA1-1D00-41D0-B267-E41BBFE427AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2689889B-F9DA-4362-B2D6-BB1DF0D27844}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{301D55E1-F710-43BC-BFB5-FAEF5CAD4742}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{33C97A31-4D9A-4919-B7E3-4734187E6ED2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41565D94-10BD-4132-9F91-C6A07EF9E7BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49A0AA4D-14DE-4BB6-B91B-B9843EA3142C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6384186A-5554-44F8-B6DF-8E912E9CC2F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{68CE7A8E-F9BB-42A2-9EBD-9054AD73AF8C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6E1CFCBE-EC08-44C0-9EE3-ADDE2C0193D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{76666B47-88D6-4F69-8F10-4A5139F48AB4}" = dir=in | app=c:\programme2\home cinema\makedisc\makedisc.exe |
"{7A740734-8FEE-4EE4-9300-EF4CD269F963}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7B0068AE-2BF3-4CB2-8290-7F780DF61A79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82DDC07C-9BD8-420E-B834-970E0CB97DDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89AA73A7-BF89-48AA-A829-BE0A9064E180}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9C254811-D043-4F38-AB4C-5765198195A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A99CD1E3-5BEB-4ABB-BFFA-DD19B43B23D3}" = protocol=6 | dir=out | app=system |
"{AEC104F8-D628-4B86-958B-E76F90EDF62F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{C9E4E7E9-17E4-4C32-8ECA-78AE219085DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCD44D1C-00F5-4E44-8EFA-A6B0104E3415}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D8FA1A3F-A36D-4699-B756-8840D94C9165}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0F917C6-30E1-4AF8-A0C9-0E3EB65E4FC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E181C0EA-F939-4385-AEBA-FC6E465DCC85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2B3C887-E279-463E-9152-F698D411C1E3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E55EC7D8-4144-40AF-9BF8-310EA14448F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7D4D6FD-6416-42D8-844B-FF7845C8C4A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB9938A6-977C-4CC9-9C5E-292F31CBD15F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{EE46C667-2031-471C-BF17-5F11914B8D3B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{F1C786FB-1670-482B-A448-CF8CF5AECD6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F464BCCC-FC3D-408B-940F-28DDF4B4C79E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F96F2974-9C99-47CD-ADB2-A471F98CCA6E}" = dir=in | app=c:\programme2\home cinema\powerdvd\powerdvd.exe |
"TCP Query User{ECF4BA0E-7A85-4BBD-99AF-36042BD1C065}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BAB381E8-E909-4E87-A8AB-3C90279B88D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7446C2-CB1F-41CC-88E3-126760717473}" = Nero Kwik Media
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0
"Ashampoo Photo Commander Plugin Pack_is1" = Ashampoo Photo Commander Plugin Pack
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.60
"Gekko Mahjongg (Weihnachts-Edition)" = Gekko Mahjongg (Weihnachts-Edition)
"Great Mahjong Special" = Great Mahjong Special
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neptunia Vollversion" = Neptunia Vollversion
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealPlayer 12.0" = RealPlayer
"saver3" = saver3
"sp6" = Logitech SetPoint 6.22
"Startpage24" = Startpage24
"Treiber-Studio 2011" = Treiber-Studio 2011 7.0.3.112
"VLC media player" = VLC media player 1.1.8
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.7.0
"WinLiveSuite" = Windows Live Essentials
"World Mosaics 2" = World Mosaics 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.03.2013 11:21:21 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14883
Error - 18.03.2013 11:22:45 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.03.2013 11:22:45 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 99342
Error - 18.03.2013 11:22:45 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 99342
Error - 18.03.2013 11:22:46 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.03.2013 11:22:46 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 100387
Error - 18.03.2013 11:22:46 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 100387
Error - 09.04.2013 05:02:03 | Computer Name = xxxx-Laptop | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Publisher.
Error - 09.04.2013 05:03:45 | Computer Name = xxxx-Laptop | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\xxxx\Pictures\Downloads\paket2_alle\paket2_alle\IMG_3443_janette_manu.jpg.
[ACCESS_VIOLATION Exception!! EIP = 0xd77462] Bitte Avira informieren und die obige
Datei übersenden!
Error - 14.06.2013 11:36:28 | Computer Name = xxxx-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01a90fef ID des fehlerhaften
Prozesses: 0x754 Startzeit der fehlerhaften Anwendung: 0x01ce6910ee04cd52 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
2d831934-d508-11e2-8729-001f160bd76a
[ System Events ]
Error - 14.06.2013 11:05:47 | Computer Name = xxxx-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.06.2013 11:05:47 | Computer Name = xxxx-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx Wanarpv6 WfpLwf
Error - 14.06.2013 11:05:54 | Computer Name = xxxx-Laptop | Source = BugCheck | ID = 1001
Description =
Error - 14.06.2013 11:07:32 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2839894)
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2813430)
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2839229)
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
9 unter Windows 7 (KB2838727)
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2845690)
Error - 14.06.2013 13:11:56 | Computer Name = xxxx-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?06.?2013 um 17:39:29 unerwartet heruntergefahren.
< End of report >
--- --- --- |
|
14.06.2013, 20:06
| #6 |
| /// Malware-holic | Böse Anwalts-Mail mit Anhang geöffnet Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [mixerxg] C:\Users\xxxx\AppData\Roaming\mixerxg.exe ()
:files
:Commands
[emptytemp]
__________________ --> Böse Anwalts-Mail mit Anhang geöffnet |
|
14.06.2013, 20:50
| #7 |
| | Böse Anwalts-Mail mit Anhang geöffnet Hi Markus Heißt das nun eigentlich, dass ein Trojaner auf dem PC war oder was hab ich da gefixt? Und kann ich den Trojaner nun auf meinem anderen PC haben, wenn ich mit dem USB Stick die Textfiles vom OTL zwischen infizierten PC und meinem Laptop getauscht hab? Hier der Inhalt des Files: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mixerxg deleted successfully.
C:\Users\xxx\AppData\Roaming\mixerxg.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1672955 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65606404 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 556 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7617473 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 71,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06142013_214517
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
15.06.2013, 13:42
| #8 |
| /// Malware-holic | Böse Anwalts-Mail mit Anhang geöffnet nein der "überträgt" sich nicht, sind persönliche Daten, wie Bilder zugänglich?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.06.2013, 13:47
| #9 |
| | Böse Anwalts-Mail mit Anhang geöffnet Du meinst, ob Bilder etc. auf dem "infizierten" Rechner zugänglich sind? Sorry verstehe die Frage nicht ganz. Ja die Daten sind zugänglich. |
|
15.06.2013, 13:52
| #10 |
| /// Malware-holic | Böse Anwalts-Mail mit Anhang geöffnet ja, ob sie zb verschlüsselt sind,also nicht mehr zu öffnen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.06.2013, 19:33
| #11 |
| | Böse Anwalts-Mail mit Anhang geöffnet Hallo, hier ist das Logfile vom TDSSKiller. Es gab 4 Funde: Code:
ATTFilter 20:27:46.0907 0672 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:27:47.0172 0672 ============================================================
20:27:47.0172 0672 Current date / time: 2013/06/16 20:27:47.0172
20:27:47.0172 0672 SystemInfo:
20:27:47.0172 0672
20:27:47.0172 0672 OS Version: 6.1.7601 ServicePack: 1.0
20:27:47.0172 0672 Product type: Workstation
20:27:47.0172 0672 ComputerName: yyy-LAPTOP
20:27:47.0172 0672 UserName: xxx
20:27:47.0172 0672 Windows directory: C:\Windows
20:27:47.0172 0672 System windows directory: C:\Windows
20:27:47.0172 0672 Processor architecture: Intel x86
20:27:47.0172 0672 Number of processors: 2
20:27:47.0172 0672 Page size: 0x1000
20:27:47.0172 0672 Boot type: Normal boot
20:27:47.0172 0672 ============================================================
20:27:48.0872 0672 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:27:48.0872 0672 Drive \Device\Harddisk1\DR1 - Size: 0x39AA7E800 (14.42 Gb), SectorSize: 0x200, Cylinders: 0x759, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:27:48.0872 0672 ============================================================
20:27:48.0872 0672 \Device\Harddisk0\DR0:
20:27:48.0872 0672 MBR partitions:
20:27:48.0872 0672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x18307FF8
20:27:48.0872 0672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18308800, BlocksNum 0xD125000
20:27:48.0872 0672 \Device\Harddisk1\DR1:
20:27:48.0872 0672 MBR partitions:
20:27:48.0872 0672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1CD4D41
20:27:48.0872 0672 ============================================================
20:27:48.0903 0672 C: <-> \Device\Harddisk0\DR0\Partition1
20:27:48.0950 0672 D: <-> \Device\Harddisk0\DR0\Partition2
20:27:48.0950 0672 ============================================================
20:27:48.0950 0672 Initialize success
20:27:48.0950 0672 ============================================================
20:28:37.0575 1680 ============================================================
20:28:37.0575 1680 Scan started
20:28:37.0575 1680 Mode: Manual; SigCheck; TDLFS;
20:28:37.0575 1680 ============================================================
20:28:37.0981 1680 ================ Scan system memory ========================
20:28:37.0981 1680 System memory - ok
20:28:37.0981 1680 ================ Scan services =============================
20:28:38.0496 1680 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:28:38.0636 1680 1394ohci - ok
20:28:38.0714 1680 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:28:38.0730 1680 ACPI - ok
20:28:38.0808 1680 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:28:38.0901 1680 AcpiPmi - ok
20:28:39.0089 1680 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:28:39.0135 1680 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
20:28:39.0135 1680 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
20:28:39.0276 1680 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:28:39.0291 1680 AdobeARMservice - ok
20:28:39.0354 1680 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:28:39.0385 1680 adp94xx - ok
20:28:39.0416 1680 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:28:39.0447 1680 adpahci - ok
20:28:39.0479 1680 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:28:39.0510 1680 adpu320 - ok
20:28:39.0572 1680 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:28:39.0635 1680 AeLookupSvc - ok
20:28:39.0681 1680 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:28:39.0791 1680 AFD - ok
20:28:39.0822 1680 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:28:39.0837 1680 agp440 - ok
20:28:39.0884 1680 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:28:39.0900 1680 aic78xx - ok
20:28:39.0962 1680 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:28:40.0025 1680 ALG - ok
20:28:40.0056 1680 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:28:40.0087 1680 aliide - ok
20:28:40.0103 1680 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:28:40.0134 1680 amdagp - ok
20:28:40.0149 1680 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:28:40.0165 1680 amdide - ok
20:28:40.0212 1680 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:28:40.0305 1680 AmdK8 - ok
20:28:40.0337 1680 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:28:40.0384 1680 AmdPPM - ok
20:28:40.0415 1680 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:28:40.0430 1680 amdsata - ok
20:28:40.0493 1680 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:28:40.0508 1680 amdsbs - ok
20:28:40.0540 1680 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:28:40.0555 1680 amdxata - ok
20:28:40.0852 1680 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:28:40.0883 1680 AntiVirSchedulerService - ok
20:28:40.0976 1680 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:28:41.0008 1680 AntiVirService - ok
20:28:41.0039 1680 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:28:41.0210 1680 AppID - ok
20:28:41.0257 1680 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:28:41.0304 1680 AppIDSvc - ok
20:28:41.0351 1680 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
20:28:41.0429 1680 Appinfo - ok
20:28:41.0585 1680 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:28:41.0600 1680 Apple Mobile Device - ok
20:28:41.0678 1680 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:28:41.0741 1680 AppMgmt - ok
20:28:41.0788 1680 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:28:41.0819 1680 arc - ok
20:28:41.0834 1680 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:28:41.0866 1680 arcsas - ok
20:28:41.0897 1680 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:28:42.0022 1680 AsyncMac - ok
20:28:42.0068 1680 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:28:42.0100 1680 atapi - ok
20:28:42.0224 1680 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:28:42.0380 1680 AudioEndpointBuilder - ok
20:28:42.0380 1680 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:28:42.0412 1680 Audiosrv - ok
20:28:42.0490 1680 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:28:42.0552 1680 avgntflt - ok
20:28:42.0630 1680 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:28:42.0646 1680 avipbb - ok
20:28:42.0661 1680 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:28:42.0677 1680 avkmgr - ok
20:28:42.0739 1680 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:28:42.0786 1680 AxInstSV - ok
20:28:42.0864 1680 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:28:42.0958 1680 b06bdrv - ok
20:28:43.0004 1680 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:28:43.0036 1680 b57nd60x - ok
20:28:43.0129 1680 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:28:43.0192 1680 BDESVC - ok
20:28:43.0207 1680 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:28:43.0254 1680 Beep - ok
20:28:43.0301 1680 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:28:43.0363 1680 BFE - ok
20:28:43.0394 1680 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:28:43.0457 1680 BITS - ok
20:28:43.0488 1680 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:28:43.0535 1680 blbdrive - ok
20:28:43.0628 1680 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:28:43.0660 1680 Bonjour Service - ok
20:28:43.0706 1680 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:28:43.0753 1680 bowser - ok
20:28:43.0784 1680 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:28:43.0862 1680 BrFiltLo - ok
20:28:43.0878 1680 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:28:43.0925 1680 BrFiltUp - ok
20:28:43.0956 1680 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:28:44.0003 1680 Browser - ok
20:28:44.0018 1680 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:28:44.0050 1680 Brserid - ok
20:28:44.0081 1680 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:28:44.0112 1680 BrSerWdm - ok
20:28:44.0128 1680 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:28:44.0174 1680 BrUsbMdm - ok
20:28:44.0174 1680 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:28:44.0206 1680 BrUsbSer - ok
20:28:44.0268 1680 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:28:44.0346 1680 BthEnum - ok
20:28:44.0377 1680 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:28:44.0440 1680 BTHMODEM - ok
20:28:44.0455 1680 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:28:44.0486 1680 BthPan - ok
20:28:44.0549 1680 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:28:44.0596 1680 BTHPORT - ok
20:28:44.0642 1680 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:28:44.0705 1680 bthserv - ok
20:28:44.0736 1680 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:28:44.0767 1680 BTHUSB - ok
20:28:44.0798 1680 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:28:44.0845 1680 cdfs - ok
20:28:44.0892 1680 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:28:44.0923 1680 cdrom - ok
20:28:44.0986 1680 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:28:45.0032 1680 CertPropSvc - ok
20:28:45.0064 1680 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:28:45.0095 1680 circlass - ok
20:28:45.0126 1680 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:28:45.0188 1680 CLFS - ok
20:28:45.0298 1680 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:45.0329 1680 clr_optimization_v2.0.50727_32 - ok
20:28:45.0391 1680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:45.0469 1680 clr_optimization_v4.0.30319_32 - ok
20:28:45.0500 1680 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:28:45.0516 1680 CmBatt - ok
20:28:45.0532 1680 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:28:45.0547 1680 cmdide - ok
20:28:45.0578 1680 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
20:28:45.0656 1680 CNG - ok
20:28:45.0688 1680 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:28:45.0703 1680 Compbatt - ok
20:28:45.0766 1680 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:28:45.0828 1680 CompositeBus - ok
20:28:45.0844 1680 COMSysApp - ok
20:28:45.0859 1680 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:28:45.0890 1680 crcdisk - ok
20:28:45.0922 1680 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:28:45.0953 1680 CryptSvc - ok
20:28:46.0000 1680 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:28:46.0062 1680 CSC - ok
20:28:46.0093 1680 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:28:46.0124 1680 CscService - ok
20:28:46.0171 1680 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:28:46.0234 1680 DcomLaunch - ok
20:28:46.0265 1680 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:28:46.0327 1680 defragsvc - ok
20:28:46.0390 1680 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:28:46.0436 1680 DfsC - ok
20:28:46.0499 1680 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:28:46.0561 1680 Dhcp - ok
20:28:46.0592 1680 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:28:46.0655 1680 discache - ok
20:28:46.0702 1680 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:28:46.0733 1680 Disk - ok
20:28:46.0780 1680 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:28:46.0858 1680 Dnscache - ok
20:28:46.0904 1680 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:28:46.0967 1680 dot3svc - ok
20:28:46.0982 1680 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:28:47.0029 1680 DPS - ok
20:28:47.0092 1680 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:28:47.0123 1680 drmkaud - ok
20:28:47.0170 1680 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:28:47.0216 1680 DXGKrnl - ok
20:28:47.0263 1680 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:28:47.0326 1680 EapHost - ok
20:28:47.0466 1680 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:28:47.0653 1680 ebdrv - ok
20:28:47.0700 1680 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:28:47.0731 1680 EFS - ok
20:28:47.0809 1680 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:28:47.0872 1680 ehRecvr - ok
20:28:47.0918 1680 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:28:47.0950 1680 ehSched - ok
20:28:48.0012 1680 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:28:48.0043 1680 elxstor - ok
20:28:48.0059 1680 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:28:48.0090 1680 ErrDev - ok
20:28:48.0168 1680 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:28:48.0215 1680 EventSystem - ok
20:28:48.0230 1680 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:28:48.0277 1680 exfat - ok
20:28:48.0293 1680 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:28:48.0355 1680 fastfat - ok
20:28:48.0402 1680 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:28:48.0464 1680 Fax - ok
20:28:48.0480 1680 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:28:48.0511 1680 fdc - ok
20:28:48.0527 1680 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:28:48.0558 1680 fdPHost - ok
20:28:48.0589 1680 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:28:48.0652 1680 FDResPub - ok
20:28:48.0667 1680 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:28:48.0683 1680 FileInfo - ok
20:28:48.0698 1680 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:28:48.0776 1680 Filetrace - ok
20:28:48.0792 1680 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:28:48.0823 1680 flpydisk - ok
20:28:48.0854 1680 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:28:48.0886 1680 FltMgr - ok
20:28:48.0995 1680 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
20:28:49.0057 1680 FontCache - ok
20:28:49.0135 1680 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:28:49.0151 1680 FontCache3.0.0.0 - ok
20:28:49.0166 1680 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:28:49.0198 1680 FsDepends - ok
20:28:49.0260 1680 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
20:28:49.0260 1680 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:28:49.0260 1680 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:28:49.0291 1680 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:28:49.0307 1680 Fs_Rec - ok
20:28:49.0385 1680 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:28:49.0432 1680 fvevol - ok
20:28:49.0478 1680 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:28:49.0494 1680 gagp30kx - ok
20:28:49.0541 1680 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:28:49.0556 1680 GEARAspiWDM - ok
20:28:49.0603 1680 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:28:49.0681 1680 gpsvc - ok
20:28:49.0697 1680 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:28:49.0728 1680 hcw85cir - ok
20:28:49.0775 1680 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:28:49.0806 1680 HdAudAddService - ok
20:28:49.0837 1680 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:28:49.0868 1680 HDAudBus - ok
20:28:49.0884 1680 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:28:49.0900 1680 HidBatt - ok
20:28:49.0915 1680 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:28:49.0962 1680 HidBth - ok
20:28:49.0993 1680 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:28:50.0024 1680 HidIr - ok
20:28:50.0040 1680 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:28:50.0087 1680 hidserv - ok
20:28:50.0134 1680 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:28:50.0165 1680 HidUsb - ok
20:28:50.0196 1680 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:28:50.0258 1680 hkmsvc - ok
20:28:50.0290 1680 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:28:50.0352 1680 HomeGroupListener - ok
20:28:50.0383 1680 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:28:50.0430 1680 HomeGroupProvider - ok
20:28:50.0492 1680 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:28:50.0508 1680 HpSAMD - ok
20:28:50.0555 1680 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:28:50.0617 1680 HTTP - ok
20:28:50.0648 1680 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:28:50.0664 1680 hwpolicy - ok
20:28:50.0711 1680 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:28:50.0742 1680 i8042prt - ok
20:28:50.0758 1680 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:28:50.0773 1680 iaStor - ok
20:28:50.0867 1680 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:28:50.0898 1680 IAStorDataMgrSvc - ok
20:28:50.0960 1680 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:28:51.0007 1680 iaStorV - ok
20:28:51.0070 1680 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:28:51.0179 1680 idsvc - ok
20:28:53.0956 1680 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:28:53.0971 1680 iirsp - ok
20:28:54.0049 1680 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:28:54.0112 1680 IKEEXT - ok
20:28:54.0252 1680 [ 763FA415837A3768CF5E6C6FB8626602 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:28:54.0330 1680 IntcAzAudAddService - ok
20:28:54.0361 1680 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:28:54.0377 1680 intelide - ok
20:28:54.0424 1680 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:28:54.0455 1680 intelppm - ok
20:28:54.0486 1680 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:28:54.0533 1680 IPBusEnum - ok
20:28:54.0548 1680 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:28:54.0595 1680 IpFilterDriver - ok
20:28:54.0673 1680 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:28:54.0720 1680 iphlpsvc - ok
20:28:54.0736 1680 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:28:54.0767 1680 IPMIDRV - ok
20:28:54.0782 1680 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:28:54.0829 1680 IPNAT - ok
20:28:54.0892 1680 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:28:54.0970 1680 iPod Service - ok
20:28:55.0016 1680 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:28:55.0048 1680 IRENUM - ok
20:28:55.0079 1680 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:28:55.0110 1680 isapnp - ok
20:28:55.0141 1680 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:28:55.0172 1680 iScsiPrt - ok
20:28:55.0219 1680 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:28:55.0235 1680 kbdclass - ok
20:28:55.0266 1680 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:28:55.0297 1680 kbdhid - ok
20:28:55.0328 1680 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:28:55.0344 1680 KeyIso - ok
20:28:55.0406 1680 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:28:55.0438 1680 KSecDD - ok
20:28:55.0469 1680 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:28:55.0484 1680 KSecPkg - ok
20:28:55.0516 1680 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:28:55.0578 1680 KtmRm - ok
20:28:55.0640 1680 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:28:55.0734 1680 LanmanServer - ok
20:28:55.0750 1680 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:28:55.0828 1680 LanmanWorkstation - ok
20:28:56.0015 1680 [ 0F98B9384C37C8C29904B8AE4359A54F ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:28:56.0124 1680 LBTServ - ok
20:28:56.0233 1680 [ EEE5A87EC378C9AD7CE91073FBD63465 ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
20:28:56.0264 1680 LEqdUsb - ok
20:28:56.0296 1680 [ 62663B385087F5977D8EBD1FDC67B639 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
20:28:56.0327 1680 LHidEqd - ok
20:28:56.0405 1680 [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:28:56.0420 1680 LHidFilt - ok
20:28:56.0483 1680 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:28:56.0530 1680 lltdio - ok
20:28:56.0576 1680 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:28:56.0608 1680 lltdsvc - ok
20:28:56.0623 1680 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:28:56.0670 1680 lmhosts - ok
20:28:56.0701 1680 [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:28:56.0717 1680 LMouFilt - ok
20:28:56.0748 1680 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:28:56.0764 1680 LSI_FC - ok
20:28:56.0795 1680 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:28:56.0810 1680 LSI_SAS - ok
20:28:56.0826 1680 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:28:56.0842 1680 LSI_SAS2 - ok
20:28:56.0873 1680 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:28:56.0888 1680 LSI_SCSI - ok
20:28:56.0935 1680 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:28:56.0966 1680 luafv - ok
20:28:57.0013 1680 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:28:57.0029 1680 Mcx2Svc - ok
20:28:57.0107 1680 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:28:57.0138 1680 MDM ( UnsignedFile.Multi.Generic ) - warning
20:28:57.0138 1680 MDM - detected UnsignedFile.Multi.Generic (1)
20:28:57.0154 1680 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:28:57.0169 1680 megasas - ok
20:28:57.0200 1680 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:28:57.0232 1680 MegaSR - ok
20:28:57.0263 1680 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:28:57.0310 1680 MMCSS - ok
20:28:57.0325 1680 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:28:57.0372 1680 Modem - ok
20:28:57.0403 1680 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:28:57.0434 1680 monitor - ok
20:28:57.0481 1680 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:28:57.0497 1680 mouclass - ok
20:28:57.0544 1680 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:28:57.0575 1680 mouhid - ok
20:28:57.0606 1680 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:28:57.0622 1680 mountmgr - ok
20:28:57.0700 1680 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:28:57.0715 1680 MozillaMaintenance - ok
20:28:57.0731 1680 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:28:57.0762 1680 mpio - ok
20:28:57.0778 1680 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:28:57.0840 1680 mpsdrv - ok
20:28:57.0887 1680 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:28:57.0965 1680 MpsSvc - ok
20:28:58.0043 1680 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:28:58.0058 1680 MRxDAV - ok
20:28:58.0230 1680 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:58.0558 1680 mrxsmb - ok
20:28:58.0667 1680 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:58.0854 1680 mrxsmb10 - ok
20:28:58.0916 1680 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:59.0041 1680 mrxsmb20 - ok
20:28:59.0088 1680 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:28:59.0104 1680 msahci - ok
20:28:59.0291 1680 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:28:59.0322 1680 msdsm - ok
20:28:59.0338 1680 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:28:59.0384 1680 MSDTC - ok
20:28:59.0431 1680 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:28:59.0494 1680 Msfs - ok
20:28:59.0540 1680 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:28:59.0618 1680 mshidkmdf - ok
20:28:59.0665 1680 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:28:59.0681 1680 msisadrv - ok
20:28:59.0790 1680 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:28:59.0837 1680 MSiSCSI - ok
20:28:59.0837 1680 msiserver - ok
20:28:59.0899 1680 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:28:59.0930 1680 MSKSSRV - ok
20:29:00.0102 1680 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:29:00.0227 1680 MSPCLOCK - ok
20:29:00.0242 1680 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:29:00.0305 1680 MSPQM - ok
20:29:00.0554 1680 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:29:00.0586 1680 MsRPC - ok
20:29:00.0632 1680 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:29:00.0648 1680 mssmbios - ok
20:29:00.0820 1680 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:29:00.0851 1680 MSTEE - ok
20:29:00.0882 1680 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:29:00.0929 1680 MTConfig - ok
20:29:00.0960 1680 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:29:00.0991 1680 Mup - ok
20:29:01.0038 1680 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:29:01.0178 1680 napagent - ok
20:29:01.0256 1680 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:29:01.0303 1680 NativeWifiP - ok
20:29:01.0584 1680 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
20:29:01.0615 1680 NAUpdate - ok
20:29:01.0756 1680 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:29:02.0036 1680 NDIS - ok
20:29:02.0146 1680 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:29:02.0208 1680 NdisCap - ok
20:29:02.0364 1680 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:29:02.0411 1680 NdisTapi - ok
20:29:02.0598 1680 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:29:02.0660 1680 Ndisuio - ok
20:29:02.0832 1680 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:29:02.0879 1680 NdisWan - ok
20:29:02.0972 1680 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:29:03.0019 1680 NDProxy - ok
20:29:03.0082 1680 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
20:29:03.0206 1680 Netaapl - ok
20:29:03.0284 1680 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:29:03.0362 1680 NetBIOS - ok
20:29:03.0409 1680 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:29:03.0503 1680 NetBT - ok
20:29:03.0534 1680 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:29:03.0550 1680 Netlogon - ok
20:29:03.0846 1680 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:29:03.0908 1680 Netman - ok
20:29:03.0940 1680 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:29:04.0111 1680 netprofm - ok
20:29:04.0376 1680 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:29:04.0423 1680 NetTcpPortSharing - ok
20:29:04.0579 1680 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:29:04.0922 1680 netw5v32 - ok
20:29:04.0985 1680 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:29:05.0047 1680 nfrd960 - ok
20:29:05.0125 1680 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:29:05.0515 1680 NlaSvc - ok
20:29:05.0640 1680 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:29:05.0687 1680 Npfs - ok
20:29:05.0718 1680 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:29:05.0812 1680 nsi - ok
20:29:05.0827 1680 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:29:05.0983 1680 nsiproxy - ok
20:29:06.0046 1680 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:29:06.0139 1680 Ntfs - ok
20:29:06.0186 1680 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:29:06.0233 1680 Null - ok
20:29:06.0311 1680 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:29:06.0326 1680 NVHDA - ok
20:29:06.0607 1680 [ 1CCE9097830775F447DD78BD1B35FC8E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:29:06.0779 1680 nvlddmkm - ok
20:29:07.0091 1680 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:29:07.0153 1680 nvraid - ok
20:29:07.0294 1680 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:29:07.0309 1680 nvstor - ok
20:29:07.0372 1680 [ 0136C91BBD22751D79940E62AC95195F ] nvsvc C:\Windows\system32\nvvsvc.exe
20:29:07.0403 1680 nvsvc - ok
20:29:08.0136 1680 [ 3D0A45F8F033B4DAE58D96601991A3AE ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:29:08.0183 1680 nvUpdatusService - ok
20:29:08.0354 1680 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:29:08.0370 1680 nv_agp - ok
20:29:08.0699 1680 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:29:08.0855 1680 odserv - ok
20:29:08.0995 1680 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:29:09.0323 1680 ohci1394 - ok
20:29:09.0542 1680 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:09.0573 1680 ose - ok
20:29:09.0604 1680 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:29:09.0651 1680 p2pimsvc - ok
20:29:09.0667 1680 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:29:09.0932 1680 p2psvc - ok
20:29:10.0135 1680 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:29:10.0260 1680 Parport - ok
20:29:10.0322 1680 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:29:10.0369 1680 partmgr - ok
20:29:10.0588 1680 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:29:10.0682 1680 Parvdm - ok
20:29:10.0713 1680 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:29:10.0744 1680 PcaSvc - ok
20:29:11.0337 1680 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:29:11.0446 1680 pci - ok
20:29:11.0509 1680 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:29:11.0540 1680 pciide - ok
20:29:11.0574 1680 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:29:11.0808 1680 pcmcia - ok
20:29:11.0902 1680 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:29:12.0026 1680 pcw - ok
20:29:12.0089 1680 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:29:12.0292 1680 PEAUTH - ok
20:29:12.0338 1680 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:29:12.0401 1680 PeerDistSvc - ok
20:29:12.0463 1680 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:29:12.0775 1680 pla - ok
20:29:12.0947 1680 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:29:13.0274 1680 PlugPlay - ok
20:29:13.0321 1680 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:29:13.0462 1680 PNRPAutoReg - ok
20:29:13.0508 1680 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:29:13.0524 1680 PNRPsvc - ok
20:29:13.0618 1680 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:29:13.0820 1680 PolicyAgent - ok
20:29:13.0852 1680 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:29:13.0883 1680 Power - ok
20:29:13.0945 1680 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:29:14.0023 1680 PptpMiniport - ok
20:29:14.0070 1680 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:29:14.0164 1680 Processor - ok
20:29:14.0226 1680 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:29:14.0382 1680 ProfSvc - ok
20:29:14.0616 1680 [ 9CC2C93394241E602DA63826413055FF ] Prosieben C:\Programme2\maxdome\DCBin\DCService.exe
20:29:14.0741 1680 Prosieben - ok
20:29:14.0772 1680 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:29:14.0788 1680 ProtectedStorage - ok
20:29:15.0100 1680 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
20:29:15.0209 1680 ProtexisLicensing - ok
20:29:15.0349 1680 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:29:15.0474 1680 Psched - ok
20:29:16.0021 1680 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:29:16.0505 1680 ql2300 - ok
20:29:16.0551 1680 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:29:16.0693 1680 ql40xx - ok
20:29:16.0771 1680 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:29:17.0052 1680 QWAVE - ok
20:29:17.0083 1680 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:29:17.0098 1680 QWAVEdrv - ok
20:29:17.0176 1680 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:29:17.0208 1680 RasAcd - ok
20:29:17.0286 1680 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:29:17.0332 1680 RasAgileVpn - ok
20:29:17.0364 1680 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:29:17.0410 1680 RasAuto - ok
20:29:17.0442 1680 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:29:17.0504 1680 Rasl2tp - ok
20:29:17.0535 1680 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:29:17.0644 1680 RasMan - ok
20:29:17.0691 1680 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:29:17.0863 1680 RasPppoe - ok
20:29:17.0910 1680 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:29:17.0988 1680 RasSstp - ok
20:29:18.0019 1680 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:29:18.0144 1680 rdbss - ok
20:29:18.0190 1680 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:29:18.0253 1680 rdpbus - ok
20:29:18.0284 1680 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:29:18.0378 1680 RDPCDD - ok
20:29:18.0456 1680 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:29:18.0549 1680 RDPDR - ok
20:29:18.0627 1680 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:29:18.0674 1680 RDPENCDD - ok
20:29:18.0690 1680 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:29:18.0736 1680 RDPREFMP - ok
20:29:18.0892 1680 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:29:18.0924 1680 RdpVideoMiniport - ok
20:29:18.0955 1680 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:29:19.0002 1680 RDPWD - ok
20:29:19.0064 1680 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:29:19.0095 1680 rdyboost - ok
20:29:19.0173 1680 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:29:19.0298 1680 RemoteAccess - ok
20:29:19.0376 1680 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:29:19.0485 1680 RemoteRegistry - ok
20:29:19.0563 1680 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:29:19.0641 1680 RFCOMM - ok
20:29:19.0891 1680 [ D1F1D0EE50F8C070A612796676971699 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:29:19.0969 1680 RichVideo ( UnsignedFile.Multi.Generic ) - warning
20:29:19.0969 1680 RichVideo - detected UnsignedFile.Multi.Generic (1)
20:29:20.0016 1680 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:29:20.0078 1680 RpcEptMapper - ok
20:29:20.0109 1680 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:29:20.0156 1680 RpcLocator - ok
20:29:20.0203 1680 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:29:20.0234 1680 RpcSs - ok
20:29:20.0359 1680 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:29:20.0406 1680 rspndr - ok
20:29:20.0484 1680 [ 0340A381B920A6E68178B832889F33F8 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:29:20.0499 1680 RSUSBSTOR - ok
20:29:20.0624 1680 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:29:20.0655 1680 RTL8167 - ok
20:29:20.0733 1680 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:29:20.0764 1680 s3cap - ok
20:29:20.0811 1680 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:29:20.0827 1680 SamSs - ok
20:29:20.0920 1680 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:29:20.0952 1680 sbp2port - ok
20:29:21.0030 1680 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:29:21.0092 1680 SCardSvr - ok
20:29:21.0154 1680 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:29:21.0310 1680 scfilter - ok
20:29:21.0373 1680 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:29:21.0466 1680 Schedule - ok
20:29:21.0638 1680 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:29:21.0669 1680 SCPolicySvc - ok
20:29:21.0856 1680 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:29:21.0903 1680 SDRSVC - ok
20:29:22.0215 1680 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
20:29:22.0278 1680 SDScannerService - ok
20:29:22.0324 1680 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:29:22.0371 1680 SDUpdateService - ok
20:29:22.0402 1680 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:29:22.0418 1680 SDWSCService - ok
20:29:22.0465 1680 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:29:22.0527 1680 secdrv - ok
20:29:22.0558 1680 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:29:22.0621 1680 seclogon - ok
20:29:22.0683 1680 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:29:22.0746 1680 SENS - ok
20:29:22.0870 1680 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:29:22.0948 1680 SensrSvc - ok
20:29:23.0011 1680 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:29:23.0042 1680 Serenum - ok
20:29:23.0089 1680 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:29:23.0136 1680 Serial - ok
20:29:23.0198 1680 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:29:23.0229 1680 sermouse - ok
20:29:23.0260 1680 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:29:23.0307 1680 SessionEnv - ok
20:29:23.0338 1680 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:29:23.0370 1680 sffdisk - ok
20:29:23.0401 1680 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:29:23.0416 1680 sffp_mmc - ok
20:29:23.0432 1680 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:29:23.0448 1680 sffp_sd - ok
20:29:23.0479 1680 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:29:23.0494 1680 sfloppy - ok
20:29:23.0541 1680 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:29:23.0619 1680 SharedAccess - ok
20:29:23.0650 1680 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:29:23.0728 1680 ShellHWDetection - ok
20:29:23.0744 1680 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:29:23.0760 1680 sisagp - ok
20:29:23.0822 1680 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:29:23.0853 1680 SiSRaid2 - ok
20:29:23.0853 1680 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:29:23.0884 1680 SiSRaid4 - ok
20:29:23.0931 1680 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:29:24.0009 1680 SkypeUpdate - ok
20:29:24.0040 1680 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:29:24.0072 1680 Smb - ok
20:29:24.0134 1680 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:29:24.0165 1680 SNMPTRAP - ok
20:29:24.0259 1680 [ 913D2CE973ED904FE54DE9DB38FCEFF2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:29:24.0384 1680 SNP2UVC - ok
20:29:24.0415 1680 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:29:24.0430 1680 spldr - ok
20:29:24.0493 1680 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:29:24.0540 1680 Spooler - ok
20:29:24.0633 1680 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:29:24.0742 1680 sppsvc - ok
20:29:24.0789 1680 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:29:24.0883 1680 sppuinotify - ok
20:29:24.0930 1680 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:29:24.0992 1680 srv - ok
20:29:25.0070 1680 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:29:25.0179 1680 srv2 - ok
20:29:25.0257 1680 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:29:25.0273 1680 srvnet - ok
20:29:25.0335 1680 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
20:29:25.0444 1680 sscdbus - ok
20:29:25.0491 1680 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:29:25.0538 1680 sscdmdfl - ok
20:29:25.0569 1680 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
20:29:25.0585 1680 sscdmdm - ok
20:29:25.0694 1680 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:29:25.0866 1680 SSDPSRV - ok
20:29:25.0959 1680 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:29:26.0006 1680 ssmdrv - ok
20:29:26.0037 1680 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:29:26.0084 1680 SstpSvc - ok
20:29:26.0162 1680 [ 17FC2EAD763F0237457817A753A5A676 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:29:26.0209 1680 Stereo Service - ok
20:29:26.0271 1680 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:29:26.0287 1680 stexstor - ok
20:29:26.0365 1680 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:29:26.0412 1680 StiSvc - ok
20:29:26.0443 1680 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:29:26.0458 1680 storflt - ok
20:29:26.0490 1680 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:29:26.0521 1680 StorSvc - ok
20:29:26.0552 1680 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:29:26.0568 1680 storvsc - ok
20:29:26.0599 1680 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:29:26.0614 1680 swenum - ok
20:29:26.0724 1680 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:29:26.0880 1680 swprv - ok
20:29:26.0926 1680 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:29:27.0004 1680 SysMain - ok
20:29:27.0067 1680 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:29:27.0114 1680 TabletInputService - ok
20:29:27.0145 1680 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:29:27.0192 1680 TapiSrv - ok
20:29:27.0223 1680 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:29:27.0270 1680 TBS - ok
20:29:27.0316 1680 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:29:27.0441 1680 Tcpip - ok
20:29:27.0472 1680 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:29:27.0519 1680 TCPIP6 - ok
20:29:27.0566 1680 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:29:27.0597 1680 tcpipreg - ok
20:29:27.0628 1680 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:29:27.0660 1680 TDPIPE - ok
20:29:27.0675 1680 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:29:27.0706 1680 TDTCP - ok
20:29:27.0738 1680 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:29:27.0784 1680 tdx - ok
20:29:27.0784 1680 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:29:27.0816 1680 TermDD - ok
20:29:27.0862 1680 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:29:27.0940 1680 TermService - ok
20:29:27.0972 1680 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:29:28.0003 1680 Themes - ok
20:29:28.0018 1680 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:29:28.0050 1680 THREADORDER - ok
20:29:28.0096 1680 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:29:28.0143 1680 TrkWks - ok
20:29:28.0252 1680 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:29:28.0299 1680 TrustedInstaller - ok
20:29:28.0362 1680 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:29:28.0440 1680 tssecsrv - ok
20:29:28.0486 1680 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:29:28.0502 1680 TsUsbFlt - ok
20:29:28.0752 1680 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:29:28.0861 1680 tunnel - ok
20:29:28.0986 1680 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:29:29.0079 1680 uagp35 - ok
20:29:29.0157 1680 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:29:29.0298 1680 udfs - ok
20:29:29.0578 1680 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:29:29.0734 1680 UI0Detect - ok
20:29:29.0797 1680 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:29:29.0812 1680 uliagpkx - ok
20:29:29.0859 1680 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:29:29.0890 1680 umbus - ok
20:29:29.0922 1680 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:29:29.0937 1680 UmPass - ok
20:29:29.0968 1680 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:29:30.0000 1680 UmRdpService - ok
20:29:30.0046 1680 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:29:30.0140 1680 upnphost - ok
20:29:30.0202 1680 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:29:30.0234 1680 USBAAPL - ok
20:29:30.0265 1680 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:29:30.0296 1680 usbccgp - ok
20:29:30.0343 1680 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:29:30.0374 1680 usbcir - ok
20:29:30.0421 1680 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:29:30.0436 1680 usbehci - ok
20:29:30.0483 1680 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:29:30.0530 1680 usbhub - ok
20:29:30.0624 1680 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:29:30.0686 1680 usbohci - ok
20:29:30.0686 1680 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:29:30.0764 1680 usbprint - ok
20:29:31.0045 1680 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:29:31.0076 1680 usbscan - ok
20:29:31.0107 1680 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:29:31.0170 1680 USBSTOR - ok
20:29:31.0216 1680 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:29:31.0232 1680 usbuhci - ok
20:29:31.0294 1680 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:29:31.0341 1680 usbvideo - ok
20:29:31.0357 1680 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:29:31.0404 1680 UxSms - ok
20:29:31.0435 1680 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:29:31.0450 1680 VaultSvc - ok
20:29:31.0482 1680 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:29:31.0497 1680 vdrvroot - ok
20:29:31.0528 1680 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:29:31.0622 1680 vds - ok
20:29:31.0653 1680 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:29:31.0700 1680 vga - ok
20:29:31.0731 1680 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:29:31.0778 1680 VgaSave - ok
20:29:31.0809 1680 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:29:31.0840 1680 vhdmp - ok
20:29:31.0872 1680 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:29:31.0887 1680 viaagp - ok
20:29:31.0887 1680 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:29:31.0934 1680 ViaC7 - ok
20:29:31.0965 1680 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:29:31.0996 1680 viaide - ok
20:29:32.0012 1680 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:29:32.0043 1680 vmbus - ok
20:29:32.0059 1680 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:29:32.0074 1680 VMBusHID - ok
20:29:32.0106 1680 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:29:32.0121 1680 volmgr - ok
20:29:32.0137 1680 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:29:32.0168 1680 volmgrx - ok
20:29:32.0199 1680 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:29:32.0246 1680 volsnap - ok
20:29:32.0293 1680 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:29:32.0308 1680 vsmraid - ok
20:29:32.0355 1680 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:29:32.0496 1680 VSS - ok
20:29:32.0511 1680 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:29:32.0542 1680 vwifibus - ok
20:29:32.0605 1680 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:29:32.0667 1680 W32Time - ok
20:29:32.0730 1680 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:29:32.0776 1680 WacomPen - ok
20:29:32.0808 1680 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:29:32.0854 1680 WANARP - ok
20:29:32.0870 1680 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:29:32.0901 1680 Wanarpv6 - ok
20:29:32.0948 1680 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:29:33.0042 1680 wbengine - ok
20:29:33.0073 1680 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:29:33.0104 1680 WbioSrvc - ok
20:29:33.0135 1680 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:29:33.0198 1680 wcncsvc - ok
20:29:33.0213 1680 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:29:33.0260 1680 WcsPlugInService - ok
20:29:33.0291 1680 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:29:33.0307 1680 Wd - ok
20:29:33.0369 1680 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:29:33.0416 1680 Wdf01000 - ok
20:29:33.0447 1680 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:29:33.0572 1680 WdiServiceHost - ok
20:29:33.0572 1680 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:29:33.0634 1680 WdiSystemHost - ok
20:29:33.0666 1680 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:29:33.0822 1680 WebClient - ok
20:29:33.0837 1680 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:29:33.0946 1680 Wecsvc - ok
20:29:33.0962 1680 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:29:34.0149 1680 wercplsupport - ok
20:29:34.0196 1680 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:29:34.0383 1680 WerSvc - ok
20:29:34.0446 1680 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:29:34.0492 1680 WfpLwf - ok
20:29:34.0524 1680 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:29:34.0570 1680 WIMMount - ok
20:29:34.0648 1680 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:29:34.0789 1680 WinDefend - ok
20:29:34.0804 1680 WinHttpAutoProxySvc - ok
20:29:34.0882 1680 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:29:35.0007 1680 Winmgmt - ok
20:29:35.0054 1680 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:29:35.0163 1680 WinRM - ok
20:29:35.0241 1680 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:29:35.0288 1680 WinUsb - ok
20:29:35.0335 1680 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:29:35.0413 1680 Wlansvc - ok
20:29:35.0522 1680 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:29:35.0584 1680 wlidsvc - ok
20:29:35.0631 1680 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:29:35.0662 1680 WmiAcpi - ok
20:29:35.0694 1680 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:29:35.0725 1680 wmiApSrv - ok
20:29:35.0834 1680 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:29:35.0912 1680 WMPNetworkSvc - ok
20:29:35.0943 1680 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:29:35.0974 1680 WPCSvc - ok
20:29:35.0990 1680 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:29:36.0037 1680 WPDBusEnum - ok
20:29:36.0052 1680 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:29:36.0099 1680 ws2ifsl - ok
20:29:36.0146 1680 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:29:36.0177 1680 wscsvc - ok
20:29:36.0193 1680 WSearch - ok
20:29:36.0286 1680 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:29:36.0380 1680 wuauserv - ok
20:29:36.0411 1680 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:29:36.0442 1680 WudfPf - ok
20:29:36.0489 1680 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:29:36.0536 1680 WUDFRd - ok
20:29:36.0567 1680 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:29:36.0598 1680 wudfsvc - ok
20:29:36.0661 1680 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:29:36.0692 1680 WwanSvc - ok
20:29:36.0754 1680 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
20:29:36.0770 1680 XUIF - ok
20:29:36.0801 1680 ================ Scan global ===============================
20:29:36.0848 1680 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:29:36.0879 1680 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:29:36.0910 1680 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:29:36.0942 1680 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:29:36.0988 1680 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:29:37.0004 1680 [Global] - ok
20:29:37.0004 1680 ================ Scan MBR ==================================
20:29:37.0020 1680 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:29:37.0534 1680 \Device\Harddisk0\DR0 - ok
20:29:37.0534 1680 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:29:42.0526 1680 \Device\Harddisk1\DR1 - ok
20:29:42.0526 1680 ================ Scan VBR ==================================
20:29:42.0558 1680 [ 055061CD6B335C43818C3F1676E75A32 ] \Device\Harddisk0\DR0\Partition1
20:29:42.0558 1680 \Device\Harddisk0\DR0\Partition1 - ok
20:29:42.0604 1680 [ 0448A84D9282637A989C84F5CD224C93 ] \Device\Harddisk0\DR0\Partition2
20:29:42.0620 1680 \Device\Harddisk0\DR0\Partition2 - ok
20:29:42.0620 1680 [ 58E6B133F44201755CAA26198205259A ] \Device\Harddisk1\DR1\Partition1
20:29:42.0620 1680 \Device\Harddisk1\DR1\Partition1 - ok
20:29:42.0620 1680 ============================================================
20:29:42.0620 1680 Scan finished
20:29:42.0620 1680 ============================================================
20:29:42.0636 1684 Detected object count: 4
20:29:42.0636 1684 Actual detected object count: 4
20:30:07.0564 1684 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:07.0564 1684 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:07.0564 1684 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:07.0564 1684 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:07.0564 1684 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:07.0564 1684 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:07.0564 1684 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
20:30:07.0564 1684 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.06.2013, 14:14
| #12 |
| /// Malware-holic | Böse Anwalts-Mail mit Anhang geöffnet Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 19:01
| #13 |
| | Böse Anwalts-Mail mit Anhang geöffnet Hier das Log vom Combo Fix: Code:
ATTFilter ComboFix 13-06-17.01 - xxx 17.06.2013 19:48:12.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3067.2189 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Recent\desktop_35712912.ico
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-17 bis 2013-06-17 ))))))))))))))))))))))))))))))
.
.
2013-06-17 17:54 . 2013-06-17 17:55 -------- d-----w- c:\users\xxx\AppData\Local\temp
2013-06-17 17:54 . 2013-06-17 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-14 20:55 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-14 20:40 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-14 20:38 . 2013-06-14 20:38 -------- d-----w- c:\users\UpdatusUser
2013-06-14 20:29 . 2013-06-14 20:29 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-14 20:29 . 2013-06-14 20:29 -------- d-----w- c:\users\xxx\AppData\Roaming\Avira
2013-06-14 20:25 . 2013-03-06 14:13 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-06-14 20:25 . 2013-02-27 11:22 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-06-14 20:25 . 2013-02-27 11:22 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-06-14 20:25 . 2013-06-14 20:25 -------- d-----w- c:\programdata\Avira
2013-06-14 20:25 . 2013-06-14 20:25 -------- d-----w- c:\program files\Avira
2013-06-14 20:20 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-06-14 20:20 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-06-14 20:20 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-06-14 20:20 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-06-14 20:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-06-14 20:18 . 2013-06-14 20:18 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-06-14 20:18 . 2013-06-14 20:18 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-14 20:18 . 2013-06-14 20:18 26520 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-06-14 20:18 . 2013-06-14 20:18 170232 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-06-14 20:18 . 2013-06-14 20:18 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-06-14 20:13 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C48DDB8-EF79-4178-B3C9-46833C5FA54E}\mpengine.dll
2013-06-14 19:45 . 2013-06-14 19:45 -------- d-----w- C:\_OTL
2013-06-14 15:20 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-14 15:14 . 2013-06-14 15:14 -------- d-----w- c:\users\xxx\AppData\Local\Programs
2013-06-14 15:14 . 2013-06-14 15:14 -------- d-----w- c:\program files\Microsoft
2013-06-13 20:21 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-13 20:21 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-19 09:58 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-19 09:58 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-19 09:58 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-19 09:58 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-19 09:58 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-19 09:58 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-19 09:58 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-19 09:58 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 20:26 . 2011-06-01 20:35 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-05-19 09:49 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-12-06 21:44 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-19 09:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-19 09:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 19:18 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\programme2\Adobe Reader\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2013-05-24 14:03 3591960 ----a-w- c:\programme2\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\programme2\Home Cinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-10 21:10 4129568 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-01-10 21:10 108832 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 19:51 71216 ------w- c:\programme2\Home Cinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-05-03 13:50 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-07 07:18 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 17:11 210216 ------w- c:\programme2\Home Cinema\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 10:02 222504 ------w- c:\programme2\Home Cinema\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-02-21 20:04 222504 ------w- c:\programme2\Home Cinema\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IAStorIcon"=c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\programme2\QuickTime\QTTask.exe" -atboottime
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 Prosieben;maxdome Download Manager;c:\programme2\maxdome\DCBin\DCService.exe [2009-05-01 77032]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-10 383264]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-20 193056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - c:\program files\Startpage24\Plugin\Version_586\link64_plugin.dll
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ejm50llh.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Ulead Photo Express 5 SE Calendar Checker - c:\programme2\UleadPhotoExpress\calcheck.exe
MSConfigStartUp-ulutclbu - c:\users\xxx\AppData\Roaming\Tswvdpj\osmhclbu.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\programme2\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3683071446-431322705-3428669061-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3683071446-431322705-3428669061-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3683071446-431322705-3428669061-1001)
@Denied: (2) (LocalSystem)
"Progid"="vcard_wab_auto_file"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-17 19:57:12
ComboFix-quarantined-files.txt 2013-06-17 17:57
.
Vor Suchlauf: 11 Verzeichnis(se), 147.211.653.120 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 146.732.777.472 Bytes frei
.
- - End Of File - - 900CCCCED5C77F0DF872C32D2F184752
A36C5E4F47E84449FF07ED3517B43A31
|
|
18.06.2013, 14:42
| #14 |
| /// Malware-holic | Böse Anwalts-Mail mit Anhang geöffnet malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.06.2013, 20:41
| #15 |
| | Böse Anwalts-Mail mit Anhang geöffnet Hallo Der erste Suchlauf wurde nun unfreiwillig nach 1,5 Stunden beendet. Malwarebytes reagiert nicht mehr  Es wurden aber bisher 0 Infizierte Objekte gefunden. Soll ich den Suchlauf morgen nochmal versuchen? |
|
| Themen zu Böse Anwalts-Mail mit Anhang geöffnet |
| anhang, anleitung, anwalt, dateien, dateien gelöscht, einfach, formatiere, formatieren, forum, gelöscht, gemerkt, glaube, infizierte, infizierten, leitung, mail, neu, phishing, phishing mail, programme, programmen, rechner, reich, sofort, strafe, sämtliche, wahrscheinlich |
WARNUNG an die MITLESER: 
Linear-Darstellung
