Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ebenfalls Trojaner drauf, ABER CD Laufwerk NICHT vorhanden! (https://www.trojaner-board.de/108479-ebenfalls-trojaner-drauf-cd-laufwerk-vorhanden.html)

Schakatak 23.01.2012 13:14
Ebenfalls Trojaner drauf, ABER CD Laufwerk NICHT vorhanden!
 
Hi

Ich habe hier jetzt viel über diesen Trojaner gelesen. Das Netbook meiner Tochter ist befallen und es kommt nach einem Start:

weißer Schirm

Ihre Internetverbindung wird hergestellt. bitte Warten!

Ich weiß, ich weiß, das haben andere hier im Forum auch.

ABER: Das Netbook meiner Tochter hat KEIN CD Laufwerk. Ich kann mir also KEINE CD herstellen.

Watt mach ich nu??

Sie hat ein Samsung Netbook 10 Zoll OHNE CD Laufwerk. Ich habe im Handbuch gelesen, dass die Taste F4 es ermöglichen soll, die WErkseinstellungen wieder herzustellen. Ist das denn hilfreich? Oder soll ich einen anderen Weg gehen?

Lieben Gruß

Chris4You 23.01.2012 13:48
Hi,

Scan:
Downloade dir bitte srep.exe und speichere diese auf einen USB Stick.
Wichtig: Nicht in einen Ordner speichern.
  • Starte den infizierten Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste. Danach solltest Du einige Optionen zur Auswahl haben. Navigiere mit den Pfeiltasten zu Abgesicherter Modus mit Eingabeaufforderung und drücke Enter
    ** Hinweis: Es kann sein, dass eine andere F Taste gedrückt werden muss, um in die Startoptionen zu kommen.
  • Logge dich nun in das infizierte Benutzerkonto ein.
  • Schließe den USB Stick an den infizierten Rechner an.
  • Nun ist etwas Handarbeit gefragt.
    • Du musst zuerst heraus finden, welchen Laufwerksbuchstaben der USB Stick hat.
    • Dazu gib bitte einfach E: ein und drücke Enter. Sollte folgende Meldung kommen.
      Zitat:
      Das System kann das angegeben Laufwerk nicht finden
      versuche einen anderen Laufwerksbuchstaben. ( z.B F: )
  • Sobald Du den richtigen Laufwerksbuchstaben gefunden hast, gib folgendes ein und drücke Enter.
    start srep.exe
  • Drücke nun auf Scan.
  • Lass das Tool in Ruhe laufen. Der Rechner wird automatisch neu starten.
Auf deinen USB Stick befindet sich eine shell.txt. Bitte poste diese in deiner nächsten Antwort.

Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.

Falls dem so ist:
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Schakatak 23.01.2012 22:22
Sorry, dass ich mich so spät melde. Ich bin noch auf der Arbeit und kann die Schritte erst morgen früh erledigen. Ich melde mich dann.

Vielen Dank erstmal für die Hilfe.

Schakatak 24.01.2012 09:45
Kleines Problemchen.

Das Netbookdisplay ist im mittleren Bereich beschädigt, so dass ich nichts sehen kann. Sie arbeitete seit der Beschädigung immer mit einem externen Monitor. Dieser Monitor wird aber, da Windows nicht gestartet wird, ebenfalls nicht gestartet und zeigt somit NICHT den Bildschirminhalt an.

Ich arbeite mehr oder weniger blind.

So, was ich bis jetzt erreicht habe:

Ich startete das Netbook und drückte dabei F8 mehrmals. Ich konnte auch starten mit Eingabeaufforderung erreichen.

Dann steckte ich den USB Stick rein und konnte das Laufwerk E: (den stick) ansteuern.

Ich tippte E:

Danach stand am Anfang E:\>

Ich gab dann

start srep.exe (mit Leertaste)

ein und drückte Enter.

Es passiert leider nichts. Leider weiß ich nicht, was der Bildschirm danach anzeigt, da der mittlere Bereich des Displays nichts anzeigt. Gut wäre jetzt ein Screen, damit ich sehen kann, was nach Eingabe von "start srep" angezeigt wird. Dann könnte ich mich leichter orientieren.

Wäre es möglich, mir einen Screen zu posten? Oder mir zu sagen, welche Tastenkombo ich drücken muss, um auf den Button Scan zu kommen? Falls überhauzpt nach Eingabe von start srep.exe ein Popup Fenster aufgeht.

Schakatak 24.01.2012 14:57
Hallo Chris

Oder soll ich das Netbook unter Drücken der F4 Taste in den Werksauslieferungszustand zurücksetzen? Hätte ich mit dieser Maßnahme mehr Erfolg, als halb blind weiterzuarbeiten?

Lieben Gruß Michael

Schakatak 24.01.2012 15:16
Da ich nicht sehen konnte, was der Bildschirm nach Eingabe von start srep.exe anzeigt, drückte ich einfach die Taste Alt und Tab und dann Enter. Nichts.

Ich drückte wieder Alt und Tab und dann Enter und plötzlich lief der srep los. Der Rechner startete dann auch zweimal neu und der extern angeschlossene Monitor zeigte ein Bild.

Jetzt geht es weiter mit OTL.

Bis gleich...

Schakatak 24.01.2012 15:50
Code:
OTL logfile created on: 1/24/2012 3:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Alina\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 303.42 Mb Available Physical Memory | 29.94% Memory free
1.99 Gb Paging File | 1.05 Gb Available in Paging File | 52.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 50.67 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
 
Computer Name: ALINA-PC | User Name: Alina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alina\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Users\Alina\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\XSManager\WTGService.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXE ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~4\HMXML.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SearchAnonymizer) -- C:\Users\Alina\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SaiU0CEA) -- C:\Windows\System32\drivers\SaiU0CEA.sys (Saitek)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (RecFltr) -- C:\Windows\System32\drivers\RecFltr.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com//406
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com//406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.2
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010/08/14 09:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/14 09:24:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/14 09:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/24 15:18:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/15 19:05:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011/01/11 16:51:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/04/29 22:05:00 | 000,000,000 | ---D | M]
 
[2011/09/01 20:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Extensions
[2012/01/24 15:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions
[2011/12/16 13:57:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/08 19:40:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/09/01 20:58:40 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/01/29 14:29:46 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/08 19:40:31 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012/01/24 15:18:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/20 12:47:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\engine@conduit.com
[2012/01/24 15:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\staged
[2011/04/29 22:05:02 | 000,001,084 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\conduit.xml
[2011/09/01 20:58:22 | 000,002,506 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\SearchResults.xml
[2011/04/29 22:05:02 | 000,004,220 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\sweetim.xml
[2011/04/29 22:05:02 | 000,001,864 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{45874666-7C4C-4049-BF24-EEC946BB9FFE}.xml
[2011/04/29 22:05:02 | 000,002,182 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{8143FFC0-D100-4FCB-9336-63F57AC1AAFF}.xml
[2011/04/29 22:05:02 | 000,002,071 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{D60951B2-8111-4C34-9F87-B7AA0456B805}.xml
[2011/04/29 22:07:56 | 000,001,088 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{E87A6B59-E594-4ADD-8E44-131A7630B767}.xml
[2011/12/15 19:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/08/24 20:37:26 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HWGHFHON.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HWGHFHON.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/01/24 15:18:13 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/24 15:18:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/24 15:18:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/24 15:18:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/04/29 22:07:56 | 000,001,617 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/04/29 22:05:02 | 000,001,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2012/01/24 15:18:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/01 20:58:22 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/24 15:18:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/24 15:18:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: No name found = C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0\
CHR - Extension: No name found = C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI3C8A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Alina\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [fTalk] C:\Users\Alina\AppData\Local\fTalk\ftalk.exe (Bandoo Media Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MozillaPlugins] C:\Users\Alina\AppData\Roaming\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152AAF1C-9EFD-4FD6-B0DA-2D2021C9AD22}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\datamngr.dll) -c:\progra~1\wi3c8a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\iebho.dll) -c:\progra~1\wi3c8a~1\datamngr\iebho.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/22 20:24:33 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Alina\AppData\Roaming\dwlGina3.dll
[2012/01/11 14:04:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/01/11 14:04:40 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/01/11 14:04:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Alina\Documents\*.tmp files -> C:\Users\Alina\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/24 15:37:07 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 15:17:21 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:17:21 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:13:27 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/24 15:13:27 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/24 15:13:26 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/01/24 15:13:26 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/01/24 15:06:10 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 15:05:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/24 15:04:49 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 20:24:33 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Alina\AppData\Roaming\dwlGina3.dll
[2012/01/22 19:45:22 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1076387279-2608573375-2991349267-1000UA.job
[2012/01/22 19:45:11 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1076387279-2608573375-2991349267-1000Core.job
[2012/01/12 22:19:06 | 000,734,917 | ---- | M] () -- C:\Users\Alina\100_1981.JPG
[2012/01/12 22:19:06 | 000,713,692 | ---- | M] () -- C:\Users\Alina\100_1982.JPG
[2012/01/07 12:36:16 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Alina\Documents\*.tmp files -> C:\Users\Alina\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/12 22:18:42 | 000,734,917 | ---- | C] () -- C:\Users\Alina\100_1981.JPG
[2012/01/12 22:18:42 | 000,713,692 | ---- | C] () -- C:\Users\Alina\100_1982.JPG
[2011/05/24 18:15:33 | 000,033,280 | -HS- | C] () -- C:\Users\Alina\AppData\Roaming\csrss.exe
[2010/12/30 13:35:27 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/30 13:08:22 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/15 00:36:21 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/08/15 00:36:21 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/08/15 00:36:21 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/08/15 00:36:21 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/08/14 08:22:30 | 000,002,018 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/14 08:15:18 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,424,080 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\windows\System32\SP7302.ini
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll
[2007/01/18 08:21:38 | 000,041,984 | ---- | C] () -- C:\windows\System32\drivers\RecFltr.sys

< End of report >
Und nachfolgend der Inhalt Extras.txt

Code:
OTL Extras logfile created on: 1/24/2012 3:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Alina\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 303.42 Mb Available Physical Memory | 29.94% Memory free
1.99 Gb Paging File | 1.05 Gb Available in Paging File | 52.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 50.67 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
 
Computer Name: ALINA-PC | User Name: Alina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE2B017-D82C-4B12-B071-5CF1B23D1A42}" = SweetIM for Messenger 3.4
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.0.3
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 2.10.32.305
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Marvell Miniport Driver" = Marvell Miniport Driver
"Maschinenschreiben Deluxe_is1" = Maschinenschreiben Deluxe 1.2.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PriceGong" = PriceGong 2.1.0
"SearchAnonymizer" = SearchAnonymizer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fTalk" = fTalk
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/4/2012 12:05:24 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/5/2012 2:30:11 PM | Computer Name = Alina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ftalk.exe, Version: 2.0.0.0, Zeitstempel:
 0x4e8641df  Name des fehlerhaften Moduls: ftalk.exe, Version: 2.0.0.0, Zeitstempel:
 0x4e8641df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a6b8ec  ID des fehlerhaften Prozesses:
 0xffc  Startzeit der fehlerhaften Anwendung: 0x01cccb19b164d81e  Pfad der fehlerhaften
 Anwendung: C:\Users\Alina\AppData\Local\fTalk\ftalk.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Alina\AppData\Local\fTalk\ftalk.exe  Berichtskennung: 4c91ebe6-37cb-11e1-88e2-4cedde05904e
 
Error - 1/8/2012 2:14:02 PM | Computer Name = Alina-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 1/11/2012 5:10:04 PM | Computer Name = Alina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.5.0.124, Zeitstempel:
 0x4e96a02b  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version: 2.0.10175.3910,
 Zeitstempel: 0x4b9715b8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9d8  ID des fehlerhaften
 Prozesses: 0x814  Startzeit der fehlerhaften Anwendung: 0x01ccd0a50acf9c7f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Skype\Phone\Skype.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax  Berichtskennung:
a0efbd2f-3c98-11e1-95be-4cedde05904e
 
Error - 1/15/2012 2:51:30 PM | Computer Name = Alina-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 1/20/2012 1:43:09 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/20/2012 1:43:13 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/20/2012 1:46:36 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/21/2012 11:58:03 AM | Computer Name = Alina-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed:
 
Error - 1/22/2012 2:57:42 PM | Computer Name = Alina-PC | Source = Windows Backup | ID = 4104
Description =
 
[ OSession Events ]
Error - 1/28/2011 11:25:29 AM | Computer Name = Alina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 189
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 1/28/2011 11:26:08 AM | Computer Name = Alina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/14/2011 5:20:48 AM | Computer Name = Alina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1471
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/4/2011 7:56:41 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/5/2011 5:39:12 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/5/2011 8:54:20 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/6/2011 12:19:19 PM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/6/2011 12:27:36 PM | Computer Name = Alina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?09.?2011 um 18:25:54 unerwartet heruntergefahren.
 
Error - 9/6/2011 12:30:13 PM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 9/6/2011 12:44:42 PM | Computer Name = Alina-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.111.1554.0)
 
Error - 9/7/2011 11:19:51 AM | Computer Name = Alina-PC | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2011 11:22:23 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 9/7/2011 11:35:29 AM | Computer Name = Alina-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

Schakatak 24.01.2012 18:31
zurzeit läuft

Malwarebytes in Fullscan

durch.

Das dauert.

Ich poste das Log File, wenn der Scan beendet ist.

Gruß Michael

Schakatak 24.01.2012 19:27
Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.24.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Alina :: ALINA-PC [Administrator]

Schutz: Aktiviert

24.01.2012 16:52:35
mbam-log-2012-01-24 (16-52-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 289396
Laufzeit: 2 Stunde(n), 17 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaPlugins (Spyware.Password) -> Daten: C:\Users\Alina\AppData\Roaming\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Alina\AppData\Roaming\csrss.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Chris4You 24.01.2012 22:26
Hi,

das sieht schon recht ordentlich aus, MAM hat einiges entfernt...
Trotzdem noch das Script auffahren...

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
O4 - HKCU..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
[2011/05/24 18:15:33 | 000,033,280 | -HS- | C] () -- C:\Users\Alina\AppData\Roaming\csrss.exe

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Schakatak 25.01.2012 10:09
hi

Nachdem ich den Code in die Codebox kopiert hatte und auf run fix klickte, lief der Fortschrittsbalken unten (grün) an. Nach sehr kurzer zeit erschien ein Fenster mit folgendem Inhalt:

"Kritischer Fehler. Windows wird in 1 Minute neu gestartet"

Und das tat der Rechner auch. OTL schien nicht fertig gewesen zu sein.

Auf dem Desktop waren plötzlich zwei Dateien vorhanden. Beide hatten denselben Namen, nämlich

desktop.ini

Vom Erscheinungsbild der Icons muss ich sagen, dass sie blass an Farbe waren. Vielleicht hilft das. Ich werde die Vorgehensweise mit OTL jetzt nochmal machen.

Schakatak 25.01.2012 10:31
Ich bin die Vorgehensweise mit OTL und dem Reinkopieren des Sciptcodes nochmal durchgegangen. Jetzt lief OTL bis zum Schluß durch und erstellte eine LOG. Den Inhalt siehst du nachfolgend.

Hinweis: die beiden desktop.ini dateien vom Desktop waren danach verschwunden. Ich hoffe, es läuft jetzt gut voran, oder habe ich einen Fehler gemacht?

OTL lief in minimal Scan durch.

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bPk0yiZRB98vWmQ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bPk0yiZRB98vWmQ not found.
File C:\Users\Alina\AppData\Roaming\csrss.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alina
->Temp folder emptied: 233730590 bytes
->Temporary Internet Files folder emptied: 99908642 bytes
->Java cache emptied: 3365879 bytes
->FireFox cache emptied: 110200663 bytes
->Google Chrome cache emptied: 6844823 bytes
->Flash cache emptied: 104429 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94539689 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 523.00 mb
 

 
OTL by OldTimer - Version 3.2.31.0 log created on 01252012_101807

Files\Folders moved on Reboot...
C:\windows\temp\TMP00000003CC890B1C6ACA3AA1 moved successfully.
C:\windows\temp\TMP00000024C8750512D7189A4E moved successfully.

Registry entries deleted on Reboot...

Schakatak 25.01.2012 10:47
und jetzt der TDSS Killer Code:

Code:
10:44:26.0288 3164        TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
10:44:26.0710 3164        ============================================================
10:44:26.0710 3164        Current date / time: 2012/01/25 10:44:26.0710
10:44:26.0710 3164        SystemInfo:
10:44:26.0710 3164       
10:44:26.0710 3164        OS Version: 6.1.7601 ServicePack: 1.0
10:44:26.0710 3164        Product type: Workstation
10:44:26.0710 3164        ComputerName: ALINA-PC
10:44:26.0710 3164        UserName: Alina
10:44:26.0710 3164        Windows directory: C:\windows
10:44:26.0710 3164        System windows directory: C:\windows
10:44:26.0710 3164        Processor architecture: Intel x86
10:44:26.0710 3164        Number of processors: 2
10:44:26.0710 3164        Page size: 0x1000
10:44:26.0710 3164        Boot type: Normal boot
10:44:26.0710 3164        ============================================================
10:44:28.0550 3164        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:44:28.0784 3164        Initialize success
10:44:59.0626 3596        ============================================================
10:44:59.0626 3596        Scan started
10:44:59.0626 3596        Mode: Manual;
10:44:59.0626 3596        ============================================================
10:45:00.0764 3596        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
10:45:00.0827 3596        1394ohci - ok
10:45:00.0967 3596        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
10:45:00.0983 3596        ACPI - ok
10:45:01.0264 3596        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
10:45:01.0295 3596        AcpiPmi - ok
10:45:01.0513 3596        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
10:45:01.0576 3596        adp94xx - ok
10:45:01.0778 3596        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
10:45:01.0856 3596        adpahci - ok
10:45:02.0059 3596        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
10:45:02.0122 3596        adpu320 - ok
10:45:02.0340 3596        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
10:45:02.0434 3596        AFD - ok
10:45:02.0652 3596        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
10:45:02.0699 3596        agp440 - ok
10:45:02.0839 3596        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
10:45:02.0886 3596        aic78xx - ok
10:45:03.0073 3596        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
10:45:03.0120 3596        aliide - ok
10:45:03.0229 3596        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
10:45:03.0245 3596        amdagp - ok
10:45:03.0401 3596        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
10:45:03.0432 3596        amdide - ok
10:45:03.0557 3596        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
10:45:03.0604 3596        AmdK8 - ok
10:45:03.0760 3596        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
10:45:03.0806 3596        AmdPPM - ok
10:45:03.0962 3596        amdsata        (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
10:45:03.0994 3596        amdsata - ok
10:45:04.0165 3596        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
10:45:04.0196 3596        amdsbs - ok
10:45:04.0243 3596        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
10:45:04.0290 3596        amdxata - ok
10:45:04.0493 3596        AppID          (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
10:45:04.0524 3596        AppID - ok
10:45:04.0680 3596        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
10:45:04.0727 3596        arc - ok
10:45:04.0883 3596        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
10:45:04.0945 3596        arcsas - ok
10:45:05.0101 3596        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
10:45:05.0132 3596        AsyncMac - ok
10:45:05.0257 3596        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
10:45:05.0288 3596        atapi - ok
10:45:05.0507 3596        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
10:45:05.0554 3596        avgntflt - ok
10:45:05.0725 3596        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
10:45:05.0772 3596        avipbb - ok
10:45:06.0240 3596        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
10:45:06.0287 3596        b06bdrv - ok
10:45:06.0474 3596        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
10:45:06.0536 3596        b57nd60x - ok
10:45:06.0942 3596        BCM43XX        (2a61f5c96032afdb0a6171cc591472f7) C:\windows\system32\DRIVERS\bcmwl6.sys
10:45:07.0067 3596        BCM43XX - ok
10:45:07.0238 3596        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
10:45:07.0254 3596        Beep - ok
10:45:07.0488 3596        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
10:45:07.0519 3596        blbdrive - ok
10:45:07.0816 3596        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
10:45:07.0862 3596        bowser - ok
10:45:07.0940 3596        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:45:07.0956 3596        BrFiltLo - ok
10:45:07.0987 3596        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:45:08.0003 3596        BrFiltUp - ok
10:45:08.0065 3596        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
10:45:08.0174 3596        Brserid - ok
10:45:08.0221 3596        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
10:45:08.0252 3596        BrSerWdm - ok
10:45:08.0284 3596        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
10:45:08.0315 3596        BrUsbMdm - ok
10:45:08.0330 3596        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
10:45:08.0346 3596        BrUsbSer - ok
10:45:08.0580 3596        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
10:45:08.0596 3596        BthEnum - ok
10:45:08.0767 3596        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
10:45:08.0798 3596        BTHMODEM - ok
10:45:08.0923 3596        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
10:45:08.0923 3596        BthPan - ok
10:45:09.0017 3596        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
10:45:09.0079 3596        BTHPORT - ok
10:45:09.0220 3596        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
10:45:09.0251 3596        BTHUSB - ok
10:45:09.0407 3596        btwampfl        (7061fe1715e5aded120fe4c608609357) C:\windows\system32\drivers\btwampfl.sys
10:45:09.0454 3596        btwampfl - ok
10:45:09.0610 3596        btwaudio        (a95b2fb3ca7b555b5cb306153f48ced8) C:\windows\system32\drivers\btwaudio.sys
10:45:09.0641 3596        btwaudio - ok
10:45:09.0797 3596        btwavdt        (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\DRIVERS\btwavdt.sys
10:45:09.0844 3596        btwavdt - ok
10:45:10.0015 3596        btwl2cap        (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
10:45:10.0047 3596        btwl2cap - ok
10:45:10.0156 3596        btwrchid        (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys
10:45:10.0187 3596        btwrchid - ok
10:45:10.0327 3596        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
10:45:10.0374 3596        cdfs - ok
10:45:10.0515 3596        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
10:45:10.0561 3596        cdrom - ok
10:45:10.0733 3596        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
10:45:10.0764 3596        circlass - ok
10:45:10.0905 3596        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
10:45:10.0983 3596        CLFS - ok
10:45:11.0107 3596        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
10:45:11.0139 3596        CmBatt - ok
10:45:11.0263 3596        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
10:45:11.0279 3596        cmdide - ok
10:45:11.0388 3596        cmnsusbser - ok
10:45:11.0451 3596        CNG            (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
10:45:11.0513 3596        CNG - ok
10:45:11.0653 3596        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
10:45:11.0685 3596        Compbatt - ok
10:45:11.0825 3596        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
10:45:11.0872 3596        CompositeBus - ok
10:45:12.0012 3596        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
10:45:12.0028 3596        crcdisk - ok
10:45:12.0231 3596        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
10:45:12.0277 3596        DfsC - ok
10:45:12.0340 3596        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
10:45:12.0355 3596        discache - ok
10:45:12.0496 3596        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
10:45:12.0511 3596        Disk - ok
10:45:12.0699 3596        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
10:45:12.0714 3596        drmkaud - ok
10:45:12.0855 3596        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
10:45:12.0948 3596        DXGKrnl - ok
10:45:13.0182 3596        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
10:45:13.0369 3596        ebdrv - ok
10:45:13.0541 3596        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
10:45:13.0603 3596        elxstor - ok
10:45:13.0728 3596        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
10:45:13.0744 3596        ErrDev - ok
10:45:13.0884 3596        ETD            (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys
10:45:13.0931 3596        ETD - ok
10:45:14.0071 3596        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
10:45:14.0118 3596        exfat - ok
10:45:14.0243 3596        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
10:45:14.0290 3596        fastfat - ok
10:45:14.0430 3596        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
10:45:14.0461 3596        fdc - ok
10:45:14.0524 3596        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
10:45:14.0586 3596        FileInfo - ok
10:45:14.0695 3596        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
10:45:14.0711 3596        Filetrace - ok
10:45:14.0758 3596        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
10:45:14.0789 3596        flpydisk - ok
10:45:14.0929 3596        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
10:45:14.0976 3596        FltMgr - ok
10:45:15.0117 3596        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
10:45:15.0132 3596        FsDepends - ok
10:45:15.0195 3596        fssfltr        (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
10:45:15.0226 3596        fssfltr - ok
10:45:15.0335 3596        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
10:45:15.0366 3596        Fs_Rec - ok
10:45:15.0522 3596        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
10:45:15.0585 3596        fvevol - ok
10:45:15.0709 3596        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
10:45:15.0756 3596        gagp30kx - ok
10:45:15.0928 3596        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
10:45:15.0943 3596        hcw85cir - ok
10:45:16.0084 3596        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
10:45:16.0162 3596        HdAudAddService - ok
10:45:16.0287 3596        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
10:45:16.0302 3596        HDAudBus - ok
10:45:16.0349 3596        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
10:45:16.0380 3596        HidBatt - ok
10:45:16.0427 3596        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
10:45:16.0458 3596        HidBth - ok
10:45:16.0599 3596        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
10:45:16.0630 3596        HidIr - ok
10:45:16.0786 3596        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
10:45:16.0817 3596        HidUsb - ok
10:45:16.0989 3596        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
10:45:17.0035 3596        HpSAMD - ok
10:45:17.0191 3596        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
10:45:17.0285 3596        HTTP - ok
10:45:17.0394 3596        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
10:45:17.0410 3596        hwpolicy - ok
10:45:17.0519 3596        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
10:45:17.0550 3596        i8042prt - ok
10:45:17.0675 3596        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
10:45:17.0691 3596        iaStor - ok
10:45:17.0815 3596        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
10:45:17.0909 3596        iaStorV - ok
10:45:18.0252 3596        igfx            (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys
10:45:18.0517 3596        igfx - ok
10:45:18.0642 3596        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
10:45:18.0673 3596        iirsp - ok
10:45:18.0939 3596        IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
10:45:19.0126 3596        IntcAzAudAddService - ok
10:45:19.0251 3596        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
10:45:19.0266 3596        intelide - ok
10:45:19.0344 3596        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
10:45:19.0344 3596        intelppm - ok
10:45:19.0469 3596        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:45:19.0500 3596        IpFilterDriver - ok
10:45:19.0625 3596        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
10:45:19.0656 3596        IPMIDRV - ok
10:45:19.0781 3596        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
10:45:19.0828 3596        IPNAT - ok
10:45:19.0953 3596        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
10:45:19.0984 3596        IRENUM - ok
10:45:20.0093 3596        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
10:45:20.0124 3596        isapnp - ok
10:45:20.0187 3596        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
10:45:20.0233 3596        iScsiPrt - ok
10:45:20.0374 3596        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
10:45:20.0436 3596        kbdclass - ok
10:45:20.0561 3596        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
10:45:20.0592 3596        kbdhid - ok
10:45:20.0717 3596        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
10:45:20.0764 3596        KSecDD - ok
10:45:20.0826 3596        KSecPkg        (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
10:45:20.0873 3596        KSecPkg - ok
10:45:21.0045 3596        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
10:45:21.0076 3596        lltdio - ok
10:45:21.0247 3596        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
10:45:21.0294 3596        LSI_FC - ok
10:45:21.0466 3596        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
10:45:21.0497 3596        LSI_SAS - ok
10:45:21.0622 3596        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:45:21.0653 3596        LSI_SAS2 - ok
10:45:21.0700 3596        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:45:21.0731 3596        LSI_SCSI - ok
10:45:21.0871 3596        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
10:45:21.0903 3596        luafv - ok
10:45:22.0074 3596        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
10:45:22.0105 3596        MBAMProtector - ok
10:45:22.0261 3596        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
10:45:22.0293 3596        megasas - ok
10:45:22.0433 3596        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
10:45:22.0464 3596        MegaSR - ok
10:45:22.0605 3596        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
10:45:22.0620 3596        Modem - ok
10:45:22.0667 3596        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
10:45:22.0683 3596        monitor - ok
10:45:22.0729 3596        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
10:45:22.0776 3596        mouclass - ok
10:45:22.0917 3596        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
10:45:22.0948 3596        mouhid - ok
10:45:23.0073 3596        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
10:45:23.0073 3596        mountmgr - ok
10:45:23.0135 3596        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
10:45:23.0182 3596        mpio - ok
10:45:23.0291 3596        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
10:45:23.0338 3596        mpsdrv - ok
10:45:23.0463 3596        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
10:45:23.0509 3596        MRxDAV - ok
10:45:23.0634 3596        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
10:45:23.0665 3596        mrxsmb - ok
10:45:23.0728 3596        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:45:23.0775 3596        mrxsmb10 - ok
10:45:23.0837 3596        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:45:23.0868 3596        mrxsmb20 - ok
10:45:23.0915 3596        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
10:45:23.0946 3596        msahci - ok
10:45:24.0009 3596        msdsm          (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
10:45:24.0024 3596        msdsm - ok
10:45:24.0118 3596        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
10:45:24.0149 3596        Msfs - ok
10:45:24.0180 3596        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
10:45:24.0196 3596        mshidkmdf - ok
10:45:24.0258 3596        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
10:45:24.0289 3596        msisadrv - ok
10:45:24.0430 3596        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
10:45:24.0461 3596        MSKSSRV - ok
10:45:24.0633 3596        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
10:45:24.0664 3596        MSPCLOCK - ok
10:45:24.0804 3596        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
10:45:24.0835 3596        MSPQM - ok
10:45:24.0960 3596        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
10:45:25.0007 3596        MsRPC - ok
10:45:25.0147 3596        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
10:45:25.0163 3596        mssmbios - ok
10:45:25.0225 3596        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
10:45:25.0241 3596        MSTEE - ok
10:45:25.0350 3596        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
10:45:25.0397 3596        MTConfig - ok
10:45:25.0522 3596        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
10:45:25.0553 3596        Mup - ok
10:45:25.0725 3596        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
10:45:25.0803 3596        NativeWifiP - ok
10:45:25.0927 3596        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
10:45:25.0959 3596        NDIS - ok
10:45:26.0083 3596        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
10:45:26.0130 3596        NdisCap - ok
10:45:26.0255 3596        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
10:45:26.0286 3596        NdisTapi - ok
10:45:26.0427 3596        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
10:45:26.0442 3596        Ndisuio - ok
10:45:26.0505 3596        NdisWan        (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
10:45:26.0520 3596        NdisWan - ok
10:45:26.0583 3596        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
10:45:26.0629 3596        NDProxy - ok
10:45:26.0770 3596        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
10:45:26.0801 3596        NetBIOS - ok
10:45:26.0848 3596        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
10:45:26.0910 3596        NetBT - ok
10:45:27.0113 3596        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
10:45:27.0144 3596        nfrd960 - ok
10:45:27.0300 3596        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
10:45:27.0331 3596        Npfs - ok
10:45:27.0472 3596        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
10:45:27.0487 3596        nsiproxy - ok
10:45:27.0597 3596        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
10:45:27.0737 3596        Ntfs - ok
10:45:27.0862 3596        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
10:45:27.0877 3596        Null - ok
10:45:28.0018 3596        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
10:45:28.0080 3596        nvraid - ok
10:45:28.0127 3596        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
10:45:28.0158 3596        nvstor - ok
10:45:28.0205 3596        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
10:45:28.0236 3596        nv_agp - ok
10:45:28.0299 3596        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
10:45:28.0345 3596        ohci1394 - ok
10:45:28.0564 3596        PAC7302        (81a0921e2a3fdcf840e43af64bf96ea2) C:\windows\system32\DRIVERS\PAC7302.SYS
10:45:28.0611 3596        PAC7302 - ok
10:45:28.0673 3596        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
10:45:28.0704 3596        Parport - ok
10:45:28.0751 3596        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
10:45:28.0798 3596        partmgr - ok
10:45:28.0845 3596        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
10:45:28.0860 3596        Parvdm - ok
10:45:28.0923 3596        pci            (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
10:45:28.0969 3596        pci - ok
10:45:29.0016 3596        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
10:45:29.0047 3596        pciide - ok
10:45:29.0094 3596        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
10:45:29.0157 3596        pcmcia - ok
10:45:29.0281 3596        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
10:45:29.0313 3596        pcw - ok
10:45:29.0469 3596        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
10:45:29.0547 3596        PEAUTH - ok
10:45:29.0827 3596        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
10:45:29.0859 3596        PptpMiniport - ok
10:45:29.0921 3596        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
10:45:29.0952 3596        Processor - ok
10:45:30.0093 3596        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
10:45:30.0093 3596        Psched - ok
10:45:30.0217 3596        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
10:45:30.0327 3596        ql2300 - ok
10:45:30.0451 3596        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
10:45:30.0483 3596        ql40xx - ok
10:45:30.0607 3596        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
10:45:30.0639 3596        QWAVEdrv - ok
10:45:30.0685 3596        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
10:45:30.0717 3596        RasAcd - ok
10:45:30.0857 3596        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
10:45:30.0873 3596        RasAgileVpn - ok
10:45:31.0029 3596        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
10:45:31.0044 3596        Rasl2tp - ok
10:45:31.0200 3596        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
10:45:31.0247 3596        RasPppoe - ok
10:45:31.0403 3596        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
10:45:31.0434 3596        RasSstp - ok
10:45:31.0559 3596        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
10:45:31.0621 3596        rdbss - ok
10:45:31.0684 3596        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
10:45:31.0684 3596        rdpbus - ok
10:45:31.0746 3596        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
10:45:31.0777 3596        RDPCDD - ok
10:45:31.0855 3596        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
10:45:31.0871 3596        RDPENCDD - ok
10:45:31.0933 3596        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
10:45:31.0949 3596        RDPREFMP - ok
10:45:32.0027 3596        RDPWD          (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
10:45:32.0043 3596        RDPWD - ok
10:45:32.0199 3596        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
10:45:32.0245 3596        rdyboost - ok
10:45:32.0370 3596        RecFltr        (c7775140fade828e746ff8f93d2dcca0) C:\windows\system32\Drivers\RecFltr.sys
10:45:32.0386 3596        RecFltr - ok
10:45:32.0464 3596        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
10:45:32.0495 3596        RFCOMM - ok
10:45:32.0713 3596        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
10:45:32.0745 3596        rspndr - ok
10:45:32.0791 3596        RTL8167        (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
10:45:32.0807 3596        RTL8167 - ok
10:45:32.0869 3596        rtport          (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
10:45:32.0885 3596        rtport - ok
10:45:32.0963 3596        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
10:45:32.0979 3596        SABI - ok
10:45:33.0119 3596        SaiU0CEA        (9d0dda383199833d8750366c248f88de) C:\windows\system32\DRIVERS\SaiU0CEA.sys
10:45:33.0150 3596        SaiU0CEA - ok
10:45:33.0228 3596        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
10:45:33.0275 3596        sbp2port - ok
10:45:33.0400 3596        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
10:45:33.0431 3596        scfilter - ok
10:45:33.0556 3596        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
10:45:33.0571 3596        secdrv - ok
10:45:33.0759 3596        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
10:45:33.0790 3596        Serenum - ok
10:45:33.0946 3596        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
10:45:33.0993 3596        Serial - ok
10:45:34.0117 3596        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
10:45:34.0133 3596        sermouse - ok
10:45:34.0289 3596        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
10:45:34.0305 3596        sffdisk - ok
10:45:34.0336 3596        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
10:45:34.0367 3596        sffp_mmc - ok
10:45:34.0398 3596        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
10:45:34.0445 3596        sffp_sd - ok
10:45:34.0507 3596        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
10:45:34.0539 3596        sfloppy - ok
10:45:34.0601 3596        Sftfs          (8f00cc8cacf83dce5b35079f615b0f12) C:\windows\system32\DRIVERS\Sftfslh.sys
10:45:34.0695 3596        Sftfs - ok
10:45:34.0851 3596        Sftplay        (afdb934586c4c8b2be39ae7eea6f52be) C:\windows\system32\DRIVERS\Sftplaylh.sys
10:45:34.0882 3596        Sftplay - ok
10:45:34.0929 3596        Sftredir        (6b1865d82e0290729ed7496c24275592) C:\windows\system32\DRIVERS\Sftredirlh.sys
10:45:34.0944 3596        Sftredir - ok
10:45:34.0991 3596        Sftvol          (621eccb1265a01ce2bdf6f2c5e727e2b) C:\windows\system32\DRIVERS\Sftvollh.sys
10:45:35.0007 3596        Sftvol - ok
10:45:35.0100 3596        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
10:45:35.0147 3596        sisagp - ok
10:45:35.0287 3596        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:45:35.0303 3596        SiSRaid2 - ok
10:45:35.0350 3596        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
10:45:35.0381 3596        SiSRaid4 - ok
10:45:35.0521 3596        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
10:45:35.0553 3596        Smb - ok
10:45:35.0740 3596        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
10:45:35.0771 3596        spldr - ok
10:45:35.0943 3596        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
10:45:35.0958 3596        srv - ok
10:45:36.0021 3596        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
10:45:36.0099 3596        srv2 - ok
10:45:36.0223 3596        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
10:45:36.0239 3596        srvnet - ok
10:45:36.0333 3596        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
10:45:36.0348 3596        ssmdrv - ok
10:45:36.0426 3596        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
10:45:36.0442 3596        stexstor - ok
10:45:36.0520 3596        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
10:45:36.0551 3596        swenum - ok
10:45:36.0801 3596        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
10:45:36.0972 3596        Tcpip - ok
10:45:37.0159 3596        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
10:45:37.0175 3596        TCPIP6 - ok
10:45:37.0347 3596        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
10:45:37.0378 3596        tcpipreg - ok
10:45:37.0456 3596        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
10:45:37.0487 3596        TDPIPE - ok
10:45:37.0534 3596        TDTCP          (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
10:45:37.0549 3596        TDTCP - ok
10:45:37.0612 3596        tdx            (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
10:45:37.0643 3596        tdx - ok
10:45:37.0705 3596        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
10:45:37.0737 3596        TermDD - ok
10:45:37.0861 3596        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
10:45:37.0893 3596        tssecsrv - ok
10:45:38.0049 3596        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
10:45:38.0064 3596        TsUsbFlt - ok
10:45:38.0220 3596        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
10:45:38.0267 3596        tunnel - ok
10:45:38.0329 3596        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
10:45:38.0361 3596        uagp35 - ok
10:45:38.0439 3596        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
10:45:38.0485 3596        udfs - ok
10:45:38.0595 3596        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
10:45:38.0610 3596        uliagpkx - ok
10:45:38.0688 3596        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
10:45:38.0719 3596        umbus - ok
10:45:38.0844 3596        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
10:45:38.0860 3596        UmPass - ok
10:45:39.0016 3596        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
10:45:39.0047 3596        usbaudio - ok
10:45:39.0109 3596        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
10:45:39.0125 3596        usbccgp - ok
10:45:39.0265 3596        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
10:45:39.0312 3596        usbcir - ok
10:45:39.0390 3596        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
10:45:39.0406 3596        usbehci - ok
10:45:39.0468 3596        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
10:45:39.0531 3596        usbhub - ok
10:45:39.0655 3596        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
10:45:39.0687 3596        usbohci - ok
10:45:39.0749 3596        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
10:45:39.0796 3596        usbprint - ok
10:45:39.0905 3596        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:45:39.0952 3596        USBSTOR - ok
10:45:40.0077 3596        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
10:45:40.0092 3596        usbuhci - ok
10:45:40.0155 3596        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
10:45:40.0186 3596        usbvideo - ok
10:45:40.0342 3596        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
10:45:40.0373 3596        vdrvroot - ok
10:45:40.0435 3596        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
10:45:40.0467 3596        vga - ok
10:45:40.0513 3596        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
10:45:40.0545 3596        VgaSave - ok
10:45:40.0607 3596        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
10:45:40.0638 3596        vhdmp - ok
10:45:40.0685 3596        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
10:45:40.0732 3596        viaagp - ok
10:45:40.0857 3596        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
10:45:40.0888 3596        ViaC7 - ok
10:45:40.0935 3596        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
10:45:40.0981 3596        viaide - ok
10:45:41.0106 3596        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
10:45:41.0137 3596        volmgr - ok
10:45:41.0262 3596        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
10:45:41.0356 3596        volmgrx - ok
10:45:41.0465 3596        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
10:45:41.0512 3596        volsnap - ok
10:45:41.0574 3596        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
10:45:41.0621 3596        vsmraid - ok
10:45:41.0777 3596        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
10:45:41.0793 3596        vwifibus - ok
10:45:41.0839 3596        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
10:45:41.0871 3596        vwififlt - ok
10:45:42.0027 3596        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
10:45:42.0058 3596        WacomPen - ok
10:45:42.0198 3596        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
10:45:42.0229 3596        WANARP - ok
10:45:42.0245 3596        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
10:45:42.0261 3596        Wanarpv6 - ok
10:45:42.0370 3596        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
10:45:42.0401 3596        Wd - ok
10:45:42.0541 3596        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
10:45:42.0588 3596        Wdf01000 - ok
10:45:42.0822 3596        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
10:45:42.0838 3596        WfpLwf - ok
10:45:42.0885 3596        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
10:45:42.0900 3596        WIMMount - ok
10:45:43.0134 3596        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
10:45:43.0181 3596        WinUsb - ok
10:45:43.0399 3596        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
10:45:43.0431 3596        WmiAcpi - ok
10:45:43.0633 3596        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
10:45:43.0649 3596        ws2ifsl - ok
10:45:43.0821 3596        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
10:45:43.0852 3596        WudfPf - ok
10:45:43.0914 3596        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
10:45:43.0945 3596        WUDFRd - ok
10:45:44.0133 3596        yukonw7        (49d10b542dacfbb0e2ebf3e59f83ef21) C:\windows\system32\DRIVERS\yk62x86.sys
10:45:44.0148 3596        yukonw7 - ok
10:45:44.0242 3596        MBR (0x1B8)    (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
10:45:45.0334 3596        \Device\Harddisk0\DR0 - ok
10:45:45.0349 3596        Boot (0x1200)  (5dc79a0a17a409ee186ac139cf9301cb) \Device\Harddisk0\DR0\Partition0
10:45:45.0349 3596        \Device\Harddisk0\DR0\Partition0 - ok
10:45:45.0396 3596        Boot (0x1200)  (feb8b7be0c7c1bcce4752dbf82452755) \Device\Harddisk0\DR0\Partition1
10:45:45.0396 3596        \Device\Harddisk0\DR0\Partition1 - ok
10:45:45.0427 3596        Boot (0x1200)  (07045dafb635ac29504b9d7a16cfc811) \Device\Harddisk0\DR0\Partition2
10:45:45.0427 3596        \Device\Harddisk0\DR0\Partition2 - ok
10:45:45.0427 3596        ============================================================
10:45:45.0427 3596        Scan finished
10:45:45.0427 3596        ============================================================
10:45:45.0474 5956        Detected object count: 0
10:45:45.0474 5956        Actual detected object count: 0

Chris4You 25.01.2012 17:42
Hi,

wie verhält sich der Rechner? Gibt es Umleitung im Internet etc.?
Wenn nichts mehr auftritt sollten wir durch sein...

chris

Schakatak 25.01.2012 17:51
Zitat:
Zitat von Chris4You (Beitrag 760437)
Hi,

wie verhält sich der Rechner? Gibt es Umleitung im Internet etc.?
Wenn nichts mehr auftritt sollten wir durch sein...

chris
Umleitungen? Wie ´meinst du das?

Anderes Problem: Die Internetverbindungen über unseren Router (4 Laptops angeschlossen über WLAN) bricht seit einiger zeit häufig ab oder die Geshwindigkeit lässt zu wünschen übrig.

Kann es ein Virus oder Trojaner sein?

Wie könnten wir das prüfen?

Achja. Der Rechner läuft stabil. Das Prob scheint gelöst zu sein. Dafür meinen herzlichen Dank.

Lieben Gruß Michael

Chris4You 26.01.2012 10:00
Hi,

alle Rechner mit MAM überprüfen lassen...
Mit Umleitungen meine ich, dassDu z. b. bei suchergebnissesn aus Google erstmal auf andere Seiten umgeleitet wirst...

chris

Schakatak 26.01.2012 18:19
Alle Rechner geprüft. Alles soweit ok.

Keine Umleitungen.

Was mir aber auffiel, ist, dass hin und wieder einfach Popup Fenster blitzartig aufgehen und sofort wieder zu und weg sind sie. Sie werden auch nicht als geöffnetes Fenster in der Taskleiste abgebildet. Macht das dieses MAM?

Gruß

PS: Vorher musste ich diese WErbe POP UPS immer von Hand schließen.

Lieben Gruß Michael

Schakatak 26.01.2012 18:39
Zitat:
Zitat von Schakatak (Beitrag 760441)
Anderes Problem: Die Internetverbindungen über unseren Router (4 Laptops angeschlossen über WLAN) bricht seit einiger zeit häufig ab oder die Geshwindigkeit lässt zu wünschen übrig.

Kann es ein Virus oder Trojaner sein?

Wie könnten wir das prüfen?
Lieben Gruß Michael
Wärst du so freundlich und gehst bitte noch auf dieses hoffentlich kleine Problem ein. Das wäre echt nett.

Michael

Chris4You 26.01.2012 21:00
Hi,

die Popups tauchen auf dem Rechner auf, der bereinigt wurde?

ESET Online Scanner ESET

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Du hast alle Rechner mit MAM überprüft?

Router resettet hast du schon, oder?

Dann würde ich alle Rechner ausschalten und nacheinander einschalten und versuchen festzustellen, ob einer identifiziert werden kann, bei dem das netzwerk anfängt zu spinnen...

Falls das auf anhieb nicht klappt:
TCPView auf jedem Rechner installieren und den Verkehr überwachen:

TCPView
Anzeige der vom Rechner aufgebauten Internetverbindungen mit Status, Zieladresse etc.
Lege ein Verzeichnis an, entpacke die Dateien in das Verzeichnis und starte dann die
tcpview.exe. Copyright und Co abnicken.
Das Log kann unter "File", "Save as.." abgespeichert werden, in den Editor laden
abkopieren und hier posten.
Download: Download
Anleitung: Sysinternals

chris

Schakatak 27.01.2012 07:27
Hi

Erstmal zur Verdeutlichung. Diese kommenden POPUPS, die sofort verschwinden, hatte ich sonst nicht beachtet. Vielleicht waren sie auch schon vorher da . Ich weiß es nicht. Manche POPUPs erzeugen auch ein neues Firefoxfenster. Dort ist dann WErbung, so von wegen Pokern und so. Die schließe ich immer händisch.

Sie erscheinen auf MEINEM Rechner, der auch mit Malwarebytes (MAM) untersucht worden ist. Alles sauber. Der REchner von meiner Tochter (der Infizierte) läuft rund.

Ich hoffe, MAM ist dieses Malwarebyteprogramm!?!

Router wurde NICHT resettet. Soll ich das jetzt nochmal machen?

Schakatak 27.01.2012 07:28
Zitat:
Zitat von Chris4You (Beitrag 761047)
Hi,

Dann würde ich alle Rechner ausschalten und nacheinander einschalten und versuchen festzustellen, ob einer identifiziert werden kann, bei dem das netzwerk anfängt zu spinnen...

chris
Wie stelle ich das denn nu wieder fest? *grins*

Chris4You 27.01.2012 14:02
Hi,

okay, TDSS-Killer auf Deinem Rechner ausführen und ein OTL-Log von dem Rechner posten...

Lasse Deinen Rechner mal aus dem Netzwerk und beobachte, ob es zu Zusammenbrüchen oder Performanceeinbußen kommt...

Resette den Router vorher...

Chris

Schakatak 27.01.2012 14:37
Hi Chris. Jetzt wirst du mir zu schnell.

Hinweis:Zusammenbrüche oder Performanceprobleme hatte ich offline nicht. Meine Performanceprobleme sind wohl normal, wenn man bedenkt, dass 4 Laptops gleichzeitig über WLAN ins Netz gehen, das leuchtet mir ein, aber es darf doch nicht zu Verbindungsabbrüchen kommen. Es geht zwar kurz danach weiter, aber diese Abbrüche nerven. ES MUSS NICHT ZWANGSLÄUFIG EIN VIRUS ODER TROJANER SEIN.

Vor deinem letzten Post hast du was von

ESET online Test

und

TCP View

geschrieben. Soll ich erst noch die Tipps oder sofort TDSS Killer und OTL ausführen?

Ich möchte nicht in der Reihenfolge durcheinander kommen.

Der jetzige Stand ist folgender:

ESET online Test und TCP View habe ich noch nicht gemacht.

So, was soll ich als nächstes durchführen?

Schakatak 27.01.2012 18:00
OTL

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bPk0yiZRB98vWmQ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bPk0yiZRB98vWmQ not found.
File C:\Users\Alina\AppData\Roaming\csrss.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Laptop Papa
->Temp folder emptied: 3312966 bytes
->Temporary Internet Files folder emptied: 1914917 bytes
->Java cache emptied: 28168637 bytes
->FireFox cache emptied: 53402012 bytes
->Flash cache emptied: 56983 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 563821 bytes
RecycleBin emptied: 7681 bytes
 
Total Files Cleaned = 83.00 mb
 

 
OTL by OldTimer - Version 3.2.31.0 log created on 01272012_175540

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\TMP00000025C8FC4E5D417226E4 not found!

Registry entries deleted on Reboot...
TDSS Killer hat 0 founds.

Was ist jetzt zu tun?

Ich habe noch nichts aus Antwort 19 gemacht. Ist es jetzt nötig?

Chris4You 28.01.2012 19:57
Hi,

auf dem Rechner mit den PopUps Eset durchführen (Post 19).
Mit welchem Browser arbeitest Du auf diesem Rechner (IE, FireFox, ???).

Mit Abbrüchen meinst Du das einfrieren der Verbindung (kurzzeitig geht die Übertragungsrate auf 0 oder komplett weg und z. B. download neu anschmeißen?

chris

Schakatak 29.01.2012 10:33
Ok ESET führe ich durch.

Icha rbeite mit Firefox.

Mit Abbrüchen meine ich folgendes:

Ich bin z.B. im Internet unterwegs. Meine Frau und meine beiden Kinder auch.

Unten in der Taskleiste im ganz rechtsseitigen Bereich befindet sich die "Verbindungstreppe" unseres Routers (DLink). Diese zeigt an, OB eine Verbindung besteht oder nicht.

Es kommt hin und wieder vor, dass die Treppe "keine Verbindung" meldet. Ohne etwas zu tun, wird die Verbindung meistens wieder hergestellt.

Und wenn wir alle "Drin" sind, ist die Geschwindigkeit langsam, was für mich auf Grund der Nutzer verständlich ist. Aber ich kann mir die kurzzeitigen Abbrüche nicht erklären.

Alle Rechner frieren in diesem Zustand NICHT ein. Jeder kann dann normal weiterarbeiten, aber eben nicht im Internet. Auch die Performance MEINES Rechners bei einer solchen Ungterbrechtung der Verbindung leidet NICHT.

ESET füre ich JETZT durch und ich melde mich dann.

Vielen Dank Chris

Schakatak 29.01.2012 14:40
0 found: Hier der Log

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b049e41478e37a42bd55ed1812981294
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-29 12:58:15
# local_time=2012-01-29 01:58:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 9235511 9235511 0 0
# compatibility_mode=5893 16776573 100 94 151213 79461731 0 0
# compatibility_mode=8192 67108863 100 0 3769 3769 0 0
# scanned=194708
# found=0
# cleaned=0
# scan_time=11354
Ich denke, wir wären durch. Oder hast du noch einen Vorschlag?

Gruß Michael

Chris4You 30.01.2012 12:28
Hi,

du kannst probieren ob die Popups verschwinden, wenn Du NoScript und WOT als Pluigins bei Firefox verwendest...

Ansonsten wäre wir durch...

Wenn Du Zeit hast poste nochmal ein OTL-Log von Deinem Rechner (du hattest damals den Fix laufen lassen... ;o)...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris

Schakatak 30.01.2012 14:02
Hi Chris

Ich bin Dank dir ja FAST Profi. Aber jetzt überforderst du mich doch ein wenig. Wie meinst du,,,,, Pulinns noscript oder WOT verwendest....

Danach googlen und dann als Plugin einbinden?

Code:
OTL logfile created on: 1/30/2012 2:11:41 PM - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Laptop Papa\Downloads\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.87% Memory free
5.93 Gb Paging File | 4.61 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.72 Gb Total Space | 91.98 Gb Free Space | 61.85% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 159.62 Gb Free Space | 52.86% Space Free | Partition Type: NTFS
Drive E: | 3.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOPPAPA-PC | User Name: Laptop Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Laptop Papa\Downloads\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Synology Data Replicator  3\SynoDrService.exe ()
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\a3f149cc41f01ea355bfd6002a0d0b81\Iris.Mapi.MessageStore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\bc9c845ea9353021378308e1c755c02b\BusinessLayer.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\2615f3b70244116a41336d06746c89b4\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\7a938c74567a4d911908009c35358777\Microsoft.Office.Interop.Outlook.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\1b4ee5f72049eb671c422b5c83896117\Microsoft.Interop.Mapi.Impl.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\bad645e10037a53cb4a78932b6f39005\Microsoft.Interop.Mapi.PropTags.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\BCMRes\73c29ccf6a763156229de9d6c0aeef31\BCMRes.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\office\1afafeb102463e853246f2297e679944\office.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\df78f68a3d201582605031b26d39b5b8\BCMCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\0ab3f1e3838ae7cecbc5258398a4d296\Microsoft.Interop.Mapi.Interfaces.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll ()
MOD - C:\windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.dll ()
MOD - C:\windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll ()
MOD - C:\windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll ()
MOD - C:\Program Files\Microsoft Small Business\Business Contact Manager\de-DE\BCMRes.resources.dll ()
MOD - C:\Program Files\Microsoft Small Business\Business Contact Manager\de-DE\Microsoft.Interop.Mapi.Interfaces.resources.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\vspdfdialogs100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\expertpdf4core.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\vspdfcore100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\vsvector100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\vspdfeditor100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\TMSlite100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\te100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\VirtualTree100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\uoolep100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\VSDesktop100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\visage100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\vsmisc100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\PKIECtrl100.bpl ()
MOD - C:\Program Files\Visagesoft\eXPert PDF\sqlite.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SynoDrService) -- C:\Program Files\Synology Data Replicator  3\SynoDrService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/01/15 11:25:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 09:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/13 18:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 09:59:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 09:16:40 | 000,000,000 | ---D | M]
 
[2009/12/21 19:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop Papa\AppData\Roaming\mozilla\Extensions
[2011/12/24 13:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop Papa\AppData\Roaming\mozilla\Firefox\Profiles\x5gcfm2n.default\extensions
[2011/11/23 18:45:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Laptop Papa\AppData\Roaming\mozilla\Firefox\Profiles\x5gcfm2n.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/12/24 13:03:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Laptop Papa\AppData\Roaming\mozilla\Firefox\Profiles\x5gcfm2n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/21 09:28:51 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Laptop Papa\AppData\Roaming\mozilla\Firefox\Profiles\x5gcfm2n.default\extensions\DeviceDetection@logitech.com
[2012/01/14 15:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\LAPTOP PAPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X5GCFM2N.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/01/13 18:52:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/02/22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2012/01/13 18:52:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/13 18:52:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/13 18:52:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/13 18:52:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/13 18:52:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/13 18:52:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
O4 - Startup: C:\Users\Laptop Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Laptop Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Program Files\Preispiraten\Preispiraten2\preispiraten2ie.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DFAB547-85C8-41E6-90AD-5DB35FFA349F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/22 16:23:16 | 001,196,032 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/22 16:23:07 | 000,000,108 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a4b19c11-95c2-11e0-8bac-0a607657dfcb}\Shell - "" = AutoRun
O33 - MountPoints2\{a4b19c11-95c2-11e0-8bac-0a607657dfcb}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{c4b4d030-b540-11de-b49f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b4d030-b540-11de-b49f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006/09/22 16:23:16 | 001,196,032 | R--- | M] ()
O33 - MountPoints2\{c4b4d030-b540-11de-b49f-806e6f6e6963}\Shell\install\command - "" = E:\autorun.exe -- [2006/09/22 16:23:16 | 001,196,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/30 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\Laptop Papa\Desktop\Forum
[2012/01/29 15:37:31 | 000,000,000 | R--D | C] -- C:\Users\Laptop Papa\Documents\Scanned Documents
[2012/01/29 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\Laptop Papa\Documents\Fax
[2012/01/29 10:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/27 17:55:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/26 18:13:20 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2012/01/26 18:13:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2012/01/24 10:46:13 | 000,000,000 | ---D | C] -- C:\Users\Laptop Papa\AppData\Roaming\Malwarebytes
[2012/01/24 10:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/24 10:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/24 10:46:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/24 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/18 11:11:09 | 000,000,000 | ---D | C] -- C:\Users\Laptop Papa\AppData\Roaming\BBBS_ActivityCalendar
[2012/01/15 11:28:26 | 000,000,000 | ---D | C] -- C:\Users\Laptop Papa\AppData\Local\assembly
[2012/01/15 11:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Earth 3D
[2012/01/11 11:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/01/11 09:43:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/01/11 09:43:46 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/01/11 09:43:45 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2012/01/01 11:19:31 | 000,000,000 | ---D | C] -- C:\Users\Laptop Papa\AppData\Roaming\CalculatedFieldsPlugin
[2011/12/31 16:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zone Five Software
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/30 13:37:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 12:58:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/30 10:23:36 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/29 15:41:01 | 000,081,006 | ---- | M] () -- C:\Users\Laptop Papa\Documents\http___web.bbs-winsen.de_index.php_eID=tx_nawsecuredl&u=0&file=fileadmin_user_upload_Bildungsangebote_Schulformen_BFS_2Jahr_Form_Anmeld_2j_BFS_berufqu.pdf
[2012/01/29 14:38:00 | 000,001,022 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2012/01/28 09:20:37 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 09:20:37 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 09:12:13 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 18:35:44 | 000,714,880 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/01/26 18:35:44 | 000,665,854 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/26 18:35:44 | 000,154,776 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/01/26 18:35:44 | 000,124,988 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/26 18:32:13 | 000,002,076 | ---- | M] () -- C:\Users\Laptop Papa\Desktop\WebUpdater.lnk
[2012/01/24 10:46:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/18 12:27:18 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\0000055F.LCS
[2012/01/11 11:12:53 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012/01/01 21:56:10 | 000,000,298 | ---- | M] () -- C:\windows\tasks\Synology Data Replicator 3-LaptopPapa-PC-Laptop Papa.job
[2011/12/31 16:22:22 | 000,002,126 | ---- | M] () -- C:\Users\Laptop Papa\Desktop\SportTracks 3.1.lnk
 
========== Files Created - No Company Name ==========
 
[2012/01/29 20:03:13 | 000,859,619 | ---- | C] () -- C:\Users\Laptop Papa\Desktop\Scannen0015.jpg
[2012/01/29 15:40:01 | 000,081,006 | ---- | C] () -- C:\Users\Laptop Papa\Documents\http___web.bbs-winsen.de_index.php_eID=tx_nawsecuredl&u=0&file=fileadmin_user_upload_Bildungsangebote_Schulformen_BFS_2Jahr_Form_Anmeld_2j_BFS_berufqu.pdf
[2012/01/26 18:32:13 | 000,002,076 | ---- | C] () -- C:\Users\Laptop Papa\Desktop\WebUpdater.lnk
[2012/01/24 10:46:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/15 11:25:04 | 000,001,992 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
[2011/12/31 16:22:22 | 000,002,126 | ---- | C] () -- C:\Users\Laptop Papa\Desktop\SportTracks 3.1.lnk
[2011/04/20 16:45:09 | 000,446,464 | ---- | C] () -- C:\windows\System32\Tx32.dll
[2011/04/20 16:45:09 | 000,016,070 | ---- | C] () -- C:\windows\German2.ini
[2011/04/20 16:45:09 | 000,000,151 | ---- | C] () -- C:\windows\System32\ic32.ini
[2010/12/27 20:09:23 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2010/12/27 19:54:37 | 000,003,584 | ---- | C] () -- C:\Users\Laptop Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/16 08:54:48 | 000,008,746 | -HS- | C] () -- C:\Users\Laptop Papa\AppData\Local\opRSK
[2010/11/03 15:09:12 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2010/11/03 15:08:54 | 000,007,119 | ---- | C] () -- C:\windows\mgxoschk.ini
[2010/08/17 16:09:29 | 000,000,072 | ---- | C] () -- C:\windows\EurekaLog.ini
[2010/06/24 13:24:42 | 000,159,744 | ---- | C] () -- C:\windows\System32\GBGraphics.dll
[2010/05/08 10:56:10 | 000,000,162 | ---- | C] () -- C:\Users\Laptop Papa\AppData\Roaming\.ptbt1
[2010/03/09 19:31:27 | 001,868,868 | ---- | C] () -- C:\windows\System32\RSA32_16.DLL
[2010/03/02 09:16:17 | 000,023,689 | ---- | C] () -- C:\windows\hpqins15.dat
[2010/01/26 10:55:37 | 000,014,336 | ---- | C] () -- C:\windows\System32\vsmon1.dll
[2010/01/16 18:15:04 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/01/10 10:22:47 | 000,320,000 | ---- | C] () -- C:\windows\System32\roboex32.dll
[2010/01/10 10:22:36 | 000,000,712 | RH-- | C] () -- C:\windows\System32\ttri.dat
[2010/01/02 17:04:10 | 000,015,873 | ---- | C] () -- C:\windows\System32\Inetde.dll
[2009/12/23 12:30:13 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2009/12/23 12:30:04 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2009/12/22 10:23:35 | 000,226,514 | ---- | C] () -- C:\windows\hpoins18.dat
[2009/12/22 10:23:35 | 000,005,355 | ---- | C] () -- C:\windows\hpomdl18.dat
[2009/12/08 20:56:24 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/12/08 20:40:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/09/22 23:05:23 | 000,714,880 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/09/22 23:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/09/22 23:05:23 | 000,154,776 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/09/22 23:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/09/22 06:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 001,790,112 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,665,854 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,124,988 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/07/09 17:23:54 | 000,024,376 | ---- | C] () -- C:\windows\System32\TALDM32A.dll
[2008/07/09 17:23:52 | 000,052,536 | ---- | C] () -- C:\windows\System32\TAL12832.DLL
[2008/07/09 17:23:52 | 000,022,832 | ---- | C] () -- C:\windows\System32\TALDM32.DLL
[2008/07/09 17:23:10 | 000,042,296 | ---- | C] () -- C:\windows\System32\SBSPAINT.DLL
[2008/07/09 17:23:08 | 000,255,288 | ---- | C] () -- C:\windows\System32\SBSPAIN3.DLL
[2008/07/09 17:23:06 | 000,050,488 | ---- | C] () -- C:\windows\System32\SBSPAIN2.DLL
[2008/07/09 17:22:28 | 000,075,576 | ---- | C] () -- C:\windows\System32\ENCODE32.DLL
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\windows\System32\tx14_ic.ini
[2001/04/01 07:00:00 | 000,013,778 | ---- | C] () -- C:\windows\System32\SELF32.INI

< End of report >
Code:
OTL Extras logfile created on: 1/30/2012 2:11:41 PM - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Laptop Papa\Downloads\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.87% Memory free
5.93 Gb Paging File | 4.61 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.72 Gb Total Space | 91.98 Gb Free Space | 61.85% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 159.62 Gb Free Space | 52.86% Space Free | Partition Type: NTFS
Drive E: | 3.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOPPAPA-PC | User Name: Laptop Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{13BD3885-C7E7-421A-82F1-A0A868579730}" = Preispiraten 2.1.2
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4037A2B9-A976-4538-8B08-A0D95B637F35}" = C5100
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D2D289F-007D-419C-871C-B8555B1ACB0B}" = Garmin BaseCamp Beta
"{6D80B6D8-C7FC-C635-B3D2-1DFE9BEE890D}" = TiltShiftGenerator: artandmobile.com
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74E69F8A-BCBB-4A0A-9361-32225755D8C3}" = Garmin BaseCamp
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9036076A-1473-48A2-AB08-6C765754DCF1}" = SportTracks 3.1
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA2F05A3-080A-4371-AAC1-F15404605982}" = Microsoft Camera Codec Pack
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 1.95
"{EA1641E2-B005-4E24-96A3-43866A4C6935}_is1" = 1click Fotorahmen
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"aio-dach" = aio-dach
"Aleo 3D Flash Slideshow Creator_is1" = Aleo 3D Flash Slideshow Creator 1.8
"Artensoft Photo Mosaic Wizard_is1" = Artensoft Photo Mosaic Wizard
"Ashampoo Photo Optimizer 2_is1" = Ashampoo Photo Optimizer 2.01
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.1.00" = Biet-O-Matic v2.1.00
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.9
"ElsterFormular  ***unknown variable buildnummer***" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"Equipment Plugin V3_is1" = Equipment Plugin V3
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.3
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Freelancer 1.0" = Freelancer
"Freizeitkarte_Deutschland" = Freizeitkarte_Deutschland (Ausgabe 12.01)
"Google Updater" = Google Updater
"GPS2PowerTrack Plugin_is1" = GPS2PowerTrack Plugin
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LANGMaster eduExplorer" = LANGMaster eduExplorer
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Neat Image_is1" = Neat Image v5.0 Pro+
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3c
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"PhotoResampling_is1" = PhotoResampling 9.2
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Portrait Professional Studio 8_is1" = Portrait Professional Studio 8.1
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"sd7e60d6fb575dea21c09236409da77e26_is1" = Secure Diary 2.1
"ShiftN_is1" = ShiftN 2.7.1
"Shop for HP Supplies" = Shop for HP Supplies
"Synology Assistant" = Synology Assistant (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1" = TiltShiftGenerator: artandmobile.com
"tintii" = indii.org/tintii
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.0.2
"Weather Plugin V3_is1" = Weather Plugin V3
"web2date" = DATA BECKER shop to date 5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.9.2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/28/2012 4:17:36 AM | Computer Name = LaptopPapa-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 1/28/2012 4:17:36 AM | Computer Name = LaptopPapa-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 1/28/2012 4:47:50 AM | Computer Name = LaptopPapa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CALMAIN.exe, Version: 8.1.0.14, Zeitstempel:
 0x433d11f9  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel:
 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00009966  ID des fehlerhaften Prozesses:
 0xdf8  Startzeit der fehlerhaften Anwendung: 0x01ccdd94a1d990e3  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Canon\CAL\CALMAIN.exe  Pfad des fehlerhaften Moduls:
C:\windows\system32\msvcrt.dll  Berichtskennung: c1d9c8f4-498c-11e1-a4c7-0a607657dfcb
 
Error - 1/29/2012 5:21:22 AM | Computer Name = LaptopPapa-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 1/29/2012 5:21:22 AM | Computer Name = LaptopPapa-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 1/29/2012 9:17:47 AM | Computer Name = LaptopPapa-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/29/2012 9:18:29 AM | Computer Name = LaptopPapa-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/29/2012 2:00:03 PM | Computer Name = LaptopPapa-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 1/30/2012 5:12:54 AM | Computer Name = LaptopPapa-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 1/30/2012 5:12:54 AM | Computer Name = LaptopPapa-PC | Source = MsiInstaller | ID = 1024
Description =
 
[ System Events ]
Error - 1/26/2012 5:04:07 PM | Computer Name = LaptopPapa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
 2007 (KB2596764)
 
Error - 1/27/2012 12:55:40 PM | Computer Name = LaptopPapa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 1/27/2012 1:10:02 PM | Computer Name = LaptopPapa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 1/27/2012 1:13:37 PM | Computer Name = LaptopPapa-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:  %%-2147467243
 
Error - 1/28/2012 4:17:46 AM | Computer Name = LaptopPapa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
 2007 (KB2596764)
 
Error - 1/28/2012 4:47:51 AM | Computer Name = LaptopPapa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 1/29/2012 5:20:54 AM | Computer Name = LaptopPapa-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 1/29/2012 5:21:04 AM | Computer Name = LaptopPapa-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{1DFAB547-85C8-41E6-90AD-5DB35FFA349F} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 1/29/2012 5:21:42 AM | Computer Name = LaptopPapa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
 2007 (KB2596764)
 
Error - 1/30/2012 5:13:26 AM | Computer Name = LaptopPapa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office PowerPoint
 2007 (KB2596764)
 
 
< End of report >

Chris4You 30.01.2012 17:04
Hi,

die Logs schaue ich mir heute Abend an...
WebOfTrust, NoScript.
Bei NoScript werden einige Seiten nicht mehr richtig angezeigt werden (weil sie z. B. JavaScript verwenden und nicht auf der positivliste stehen), die dann über das Menü von NoScript zulassen (temporär oder für immer wenn Du Dir sicher bist, dass die Seite OK ist)... aber das wirst Du sehen...

chris

Chris4You 30.01.2012 19:58
Hi,

Logs sehen ok aus...

chris

Schakatak 31.01.2012 09:49
Gut, die beiden Plugs werde ich mal installieren. Mal sehen, ob es besser wird.

Ich denke, dass wir durch sind, da ja die Logs ok sind.

Ich danke dir für deine Bemühungen, Chris. Es freut mich, dass alles wieder normal läuft.

Ich wünsche dir weiterhin viel Spaß beim Killen der Trojaner. Gute Sache, dass es SO ein Board gibt.

Ich hoffe, wir sehen uns NICHT wieder. (ironisch) *lach*

Lieben Gruß Michael

Schakatak 31.01.2012 10:04
Hi
Zack und schon bin ich schneller wieder da, als die Polizei erlaubt.


Beim Add on WOT fordert man mich auf,

Please enable JavaScript to use this feature.

Ich wollte mir die Einstellungen ansehen und ggf. anpassen.

In den Firefox Einstellungen ist ein Haken drin bei "Java aktivieren"

Bei Noscript war ein Haken bei "Java verbieten". Den habe ich testhalber mal entfernt und die Seite "Einstellungen zu WOT" neu geladen. Trotzdem ist es mir nicht möglich, dort Einstellungen vorzunehmen.

Ich komme da nicht weiter.

Ich weiß jetzt nicht, ob es in dein Aufgabenfeld hineinpasst, aber ich frage trotzdem mal vorsichtig an, wie ich zu den Einstellungen von WOT komme?

Oder ist es in den "normalen" Einstellungen von WOT NICHT erforderlich, etwas zu ändern?

Lieben Gruß Michael


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19