Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0 (https://www.trojaner-board.de/126100-browser-flackert-gefakter-vodafone-mail-dumbcrc-0-a.html)

summer pride 24.10.2012 21:25
Browser flackert nach gefakter Vodafone-Mail mit DumbCRC.0
 
Habe folgendes Problem und hoffe hier auf fachkundige Hilfe... :-)
Mein Vater bekam vorgestern eine Mail mit dieser gefakten Vodafone-Rechnung. Er rief mich gleich an und ich riet ihm (nachdem ich kurz gegoogelt hatte), die Mail sofort zu löschen, was er auch getan hat.
Gestern war ich bei ihm und er zeigte mir, dass sein Browser (IE) nicht mehr funktioniert. Der Browser flackert, also er blitzt immer ganz hell auf und es lässt sich nichts anklicken und öffnen. Hab dann mal den Virenscanner drübergejagt (Avira) und der hat den Virus DumbCRC.0 aus der PDF-Datei der Vodafon-Mail gefunden, obwohl mein Vater angeblich die Mail und auch nicht den Anhang geöffnet hat. Bei einem früheren Durchlauf gestern Morgen hat Avira noch nichts gefunden, da war aber das Browser-Problem schon da. Bei Firefox und Opera tritt das Flackern nicht auf.
Meine eigentliche Frage ist nun, hat das Flackern was mit dem Virus bzw Trojaner zu tun oder ist das ein ganz anderes Problem?
Hinzufügen möchte ich noch, dass mein Vater bisher immer Firefox benutzte, dieser aber immer langsamer wurde und spätestens beim Starten von Videos nix mehr ging. Seit dem benutze er problemlos den IE.
Danke fürs Helfen im Voraus!

markusg 24.10.2012 21:37
hi
wer solche, oder ähnlich verdächtige mails bekommt, diese an uns weiterleiten, wie das geht steht in meiner signatur.
zu der frage.
avira findet die pdf in der mail, egal ob sie geöffnet wurde oder nicht.
evtl. liegt sie im papierkorb des mail programms, dazu benötige ich den scan bericht um dir das sagen zu können.
avira, berichte, dort ist er.
außerdem:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

summer pride 24.10.2012 21:58
OK, werd ich tun. Am WE bin ich wieder dort.

Die Mail kann ich leider nicht mehr an Euch weiterleiten, da sie gelöscht wurde. Könnte sein, dass sie noch im Papierkorb ist, muss ich mal nachsehen...

summer pride 28.10.2012 12:10
So bin jetzt am betroffenen Rechner. Heute funktioniert der IE, mit Firefox und Chrome geht gar nix. Hier nun die Auswertung...

OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 28.10.2012 11:39:02 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Downloads_Internet\Programme
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,82% Memory free
3,99 Gb Paging File | 2,42 Gb Available in Paging File | 60,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 349,06 Gb Total Space | 249,39 Gb Free Space | 71,45% Space Free | Partition Type: NTFS
Drive D: | 116,70 Gb Total Space | 110,12 Gb Free Space | 94,36% Space Free | Partition Type: NTFS
 
Computer Name: WIHAKO-PC | User Name: wihako | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.28 11:31:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads_Internet\Programme\OTL.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.12.11 12:56:40 | 000,033,792 | ---- | M] (EasyBits Software Corp.) -- C:\WINDOWS\System32\ezntsvc.exe
PRC - [2011.08.14 15:51:46 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.08.14 15:51:45 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.08.14 15:51:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.27 18:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 18:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.03.01 16:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.18 07:43:56 | 000,183,320 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2010.10.29 21:02:38 | 000,751,616 | ---- | M] () -- C:\Programme\Logitech\Vid HD\vpxmd.dll
MOD - [2010.10.29 21:01:30 | 000,027,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\SDL.dll
MOD - [2009.04.22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009.04.10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtCore4.dll
MOD - [2009.03.03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009.03.03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009.03.03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009.03.03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtXml4.dll
MOD - [2009.03.03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtSql4.dll
MOD - [2009.03.03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009.03.03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtGui4.dll
MOD - [2009.03.03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Programme\Logitech\Vid HD\phonon4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.23 17:25:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.10 07:47:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.12.11 12:56:40 | 000,033,792 | ---- | M] (EasyBits Software Corp.) [Auto | Running] -- C:\WINDOWS\System32\ezntsvc.exe -- (ezntsvc)
SRV - [2011.08.14 15:51:46 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.08.14 15:51:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.01.09 11:46:24 | 000,410,976 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.08.14 15:51:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.14 15:51:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.22 20:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {ABC4246F-515B-46F1-94EC-45ADFD0F9B08}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{ABC4246F-515B-46F1-94EC-45ADFD0F9B08}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alba-schottland.de/start.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ABC4246F-515B-46F1-94EC-45ADFD0F9B08}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex6Kptuuyb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.alba-schottland.de/start.html"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {990af1c2-5a27-4460-8149-ecc6bc122af3}:10.10.27.6
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex6Kptuuyb&search="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.23 17:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.23 17:25:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.08.18 17:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wihako\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wihako\AppData\Roaming\mozilla\Firefox\Profiles\fk5zdrwx.default\extensions
[2011.08.22 14:45:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\wihako\AppData\Roaming\mozilla\Firefox\Profiles\fk5zdrwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.27 10:19:01 | 000,000,000 | ---D | M] (IncrediMail MediaBar Deutsch 2) -- C:\Users\wihako\AppData\Roaming\mozilla\Firefox\Profiles\fk5zdrwx.default\extensions\{990af1c2-5a27-4460-8149-ecc6bc122af3}
[2012.08.24 14:59:12 | 000,002,187 | ---- | M] () -- C:\Users\wihako\AppData\Roaming\mozilla\firefox\profiles\fk5zdrwx.default\searchplugins\MyStart Search.xml
[2012.10.23 17:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.23 17:24:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.23 17:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.23 17:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.23 17:25:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.03 07:44:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 19:43:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.03 07:44:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.03 07:44:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.03 07:44:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.03 07:44:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = hxxp://mystart.incredimail.com//?loc=GC_Default_Search&search={searchTerms}&a=1ex6Kptuuyb
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\wihako\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\wihako\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [dnstupack] C:\Users\wihako\AppData\Roaming\dnstupack.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22D3EAC-539E-47D7-9131-4048FF12A0AD}: NameServer = 89.246.64.8 82.145.9.8
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\WINDOWS\System32\ezShellStart.exe (EasyBits Software Corp.)
O24 - Desktop WallPaper: C:\Bilder\fotos 2007\2007 schottland\296.jpg
O24 - Desktop BackupWallPaper: C:\Bilder\fotos 2007\2007 schottland\296.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\WINDOWS\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.03 17:21:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.28 11:34:36 | 000,002,623 | ---- | M] () -- C:\Users\wihako\Desktop\Microsoft Word.lnk
[2012.10.28 11:23:42 | 000,050,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.28 11:23:42 | 000,018,148 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.28 11:23:42 | 000,013,316 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.28 11:23:42 | 000,007,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.28 11:18:31 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 11:18:31 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 11:18:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.28 11:18:12 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 19:25:37 | 000,001,744 | ---- | M] () -- C:\Users\wihako\Desktop\Mozilla Firefox.lnk
[2012.10.23 16:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 16:38:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 16:09:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.20 21:52:51 | 000,689,018 | ---- | M] () -- C:\Users\wihako\Documents\DSCI0054.JPG
[2012.10.20 21:52:37 | 001,381,083 | ---- | M] () -- C:\Users\wihako\Documents\DSCI0046.JPG
[2012.10.20 21:35:24 | 005,621,248 | ---- | M] () -- C:\Users\wihako\Documents\utf-8''Raindrops.pps
 
========== Files Created - No Company Name ==========
 
[2012.10.23 19:25:37 | 000,001,744 | ---- | C] () -- C:\Users\wihako\Desktop\Mozilla Firefox.lnk
[2012.10.20 21:52:51 | 000,689,018 | ---- | C] () -- C:\Users\wihako\Documents\DSCI0054.JPG
[2012.10.20 21:52:36 | 001,381,083 | ---- | C] () -- C:\Users\wihako\Documents\DSCI0046.JPG
[2012.10.20 21:35:23 | 005,621,248 | ---- | C] () -- C:\Users\wihako\Documents\utf-8''Raindrops.pps
[2012.07.19 09:41:20 | 000,102,180 | ---- | C] () -- C:\Users\wihako\Dias_Herbert_komplett.nri
[2012.07.09 14:49:57 | 000,006,688 | ---- | C] () -- C:\Windows\MOVEXE.EXE
[2012.04.01 12:09:44 | 000,246,451 | ---- | C] () -- C:\Users\wihako\Dias2.nri
[2012.04.01 12:08:48 | 000,289,409 | ---- | C] () -- C:\Users\wihako\Dias1.nri
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.12.31 11:25:14 | 000,000,680 | ---- | C] () -- C:\Users\wihako\AppData\Local\d3d9caps.dat
[2011.12.11 12:56:42 | 000,008,836 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2011.12.08 17:48:06 | 000,000,104 | ---- | C] () -- C:\Windows\GKERDE3D.INI
[2011.12.08 17:48:04 | 000,099,621 | ---- | C] () -- C:\Windows\GKEDEINS.EXE
[2011.11.29 10:28:22 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2011.11.07 17:53:06 | 000,024,206 | ---- | C] () -- C:\Users\wihako\AppData\Roaming\UserTile.png
[2011.10.20 08:30:46 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.09.21 18:44:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.10 17:02:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.10 17:02:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.08.29 13:56:10 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[2011.08.23 15:37:26 | 000,129,536 | ---- | C] () -- C:\Users\wihako\AppData\Roaming\dnstupack.exe
[2011.08.18 17:03:43 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.16 13:26:09 | 000,025,088 | ---- | C] () -- C:\Users\wihako\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.16 12:00:01 | 000,000,204 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.08.14 16:24:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.14 14:35:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.03 11:17:51 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Canon
[2012.01.04 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\CD-LabelPrint
[2012.01.07 10:55:28 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Digilabs
[2012.02.27 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Engelmann Media
[2011.11.26 19:39:30 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\Leadertech
[2012.10.23 16:28:46 | 000,000,000 | ---D | M] -- C:\Users\wihako\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.08.14 14:20:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.10.20 22:10:37 | 000,000,000 | ---D | M] -- C:\Anlagen_eMail
[2012.08.16 16:30:57 | 000,000,000 | ---D | M] -- C:\BAUKAST
[2012.02.15 19:15:15 | 000,000,000 | ---D | M] -- C:\Bilder
[2011.10.19 18:41:27 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.07.19 09:50:18 | 000,000,000 | ---D | M] -- C:\DIAS
[2011.08.14 14:10:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.29 13:39:46 | 000,000,000 | ---D | M] -- C:\Downloads_Internet
[2011.12.08 17:48:01 | 000,000,000 | ---D | M] -- C:\GKERDE
[2011.08.14 14:26:38 | 000,000,000 | -H-D | M] -- C:\hp
[2012.07.09 14:50:04 | 000,000,000 | ---D | M] -- C:\PCCHAMP
[2011.08.29 13:55:40 | 000,000,000 | ---D | M] -- C:\PCWELT
[2011.10.29 18:18:14 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.23 19:21:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.06.26 17:37:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.08.14 14:10:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.28 11:42:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.14 14:14:45 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.23 16:29:09 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 13:58:10 | 000,032,554 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.14 15:54:58 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.08.14 15:54:59 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.22 16:39:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011.08.18 20:32:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.08.18 20:32:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.08.18 20:32:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.08.18 20:31:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011.08.18 20:31:47 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011.08.18 20:31:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011.08.18 21:09:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011.08.18 21:09:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011.08.18 20:31:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.03.19 14:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys
[2007.03.19 14:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvstor32.inf_1306af02\nvstor32.sys
[2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\WINDOWS\System32\drivers\nvstor32.sys
[2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvrd32.inf_0f6358b4\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.07.03 16:46:23 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.07.03 16:46:23 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.10.27 08:11:49 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.10.27 08:11:49 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2012.04.01 12:33:12 | 000,289,409 | ---- | M] () -- C:\Users\wihako\Dias1.nri
[2012.04.01 12:20:00 | 000,246,451 | ---- | M] () -- C:\Users\wihako\Dias2.nri
[2012.07.19 10:00:30 | 000,102,180 | ---- | M] () -- C:\Users\wihako\Dias_Herbert_komplett.nri
[2012.10.28 11:50:16 | 003,670,016 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT
[2012.10.28 11:50:16 | 000,262,144 | -H-- | M] () -- C:\Users\wihako\ntuser.dat.LOG1
[2012.04.11 19:07:06 | 000,262,144 | -H-- | M] () -- C:\Users\wihako\ntuser.dat.LOG2
[2012.10.27 09:42:44 | 000,065,536 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2012.10.27 09:42:44 | 000,524,288 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2011.08.14 14:14:57 | 000,524,288 | -HS- | M] () -- C:\Users\wihako\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2011.08.14 14:14:58 | 000,000,020 | -HS- | M] () -- C:\Users\wihako\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 716 bytes -> C:\Users\wihako\Documents\Adventsfahrt.eml:OECustomProperty
@Alternate Data Stream - 681 bytes -> C:\Users\wihako\Documents\Weiterl__ WG_ (fwd).eml:OECustomProperty

< End of report >
--- --- ---


Extra.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 28.10.2012 11:39:02 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Downloads_Internet\Programme
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,82% Memory free
3,99 Gb Paging File | 2,42 Gb Available in Paging File | 60,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 349,06 Gb Total Space | 249,39 Gb Free Space | 71,45% Space Free | Partition Type: NTFS
Drive D: | 116,70 Gb Total Space | 110,12 Gb Free Space | 94,36% Space Free | Partition Type: NTFS
 
Computer Name: WIHAKO-PC | User Name: wihako | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29C8AE67-920D-44D2-B2E5-E6F9722C976C}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{30803E55-5175-4ACF-BCB6-BED2449331A1}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{616C8E8C-58A6-4043-B135-B0FEC7558C12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0F37311D-A804-4B0F-905B-33A3516228C8}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{CBBABC47-3DB6-49F6-9457-C50FF14890FF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6BBF4829-5616-48EB-837B-24866AF7B0F7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E34A6CF0-4D0B-48FB-8072-EBE9D1AA6902}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCFF1CFE-0327-424C-0001-6796B1D17F13}" = Photomizer Scan
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.23
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Fotobuch_is1" = Fotobuch
"Google Chrome" = Google Chrome
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"IncrediMail_MediaBar_Deutsch_2 Toolbar" = IncrediMail MediaBar Deutsch 2 Toolbar
"Logitech Vid" = Logitech Vid HD
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Paint Shop Pro 5.03" = Paint Shop Pro 5.03 CD
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"RealPlayer 6.0" = RealPlayer
"XnView_is1" = XnView 1.95.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.10.2012 08:10:34 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 15f4  Anfangszeit: 01cdb11696668a46  Zeitpunkt
 der Beendigung: 0
 
Error - 23.10.2012 08:59:33 | Computer Name = wihako-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
 0x503723f6, fehlerhaftes Modul IEFRAME.dll, Version 9.0.8112.16450, Zeitstempel
 0x5037273b, Ausnahmecode 0xc0000005, Fehleroffset 0x000b2b8e,  Prozess-ID 0xaec,
Anwendungsstartzeit 01cdb11df78437aa.
 
Error - 23.10.2012 09:01:05 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1dfc  Anfangszeit: 01cdb11e55e6828a  Zeitpunkt
 der Beendigung: 10
 
Error - 23.10.2012 09:01:45 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: fc8  Anfangszeit: 01cdb11e77a93d9a  Zeitpunkt
 der Beendigung: 8
 
Error - 23.10.2012 09:15:19 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 17d0  Anfangszeit: 01cdb120341b87b0  Zeitpunkt
 der Beendigung: 46
 
Error - 23.10.2012 09:16:47 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 318  Anfangszeit: 01cdb120764c1c30  Zeitpunkt
 der Beendigung: 285
 
Error - 23.10.2012 09:18:00 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1460  Anfangszeit: 01cdb120ad4809b0  Zeitpunkt
 der Beendigung: 151
 
Error - 23.10.2012 11:13:14 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: fe4  Anfangszeit: 01cdb130e0d9fdf0  Zeitpunkt
 der Beendigung: 24
 
Error - 23.10.2012 11:13:45 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1a24  Anfangszeit: 01cdb130e1220370  Zeitpunkt
 der Beendigung: 19
 
Error - 23.10.2012 11:18:25 | Computer Name = wihako-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: ed0  Anfangszeit: 01cdb13122336c50  Zeitpunkt
 der Beendigung: 0
 
[ System Events ]
Error - 23.10.2012 11:49:48 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.10.2012 14:07:47 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.10.2012 04:25:50 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.10.2012 12:29:35 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.10.2012 12:47:07 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.10.2012 12:56:32 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.10.2012 13:21:38 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.10.2012 12:29:55 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.10.2012 04:23:51 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.10.2012 06:19:57 | Computer Name = wihako-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


Hier mal noch der AviraAntiVir-Report vom 23.10.:

Beginne mit der Suche in 'C:\' <HP>
C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q21K7U8Y\1501793652RE.pdf
[FUND] Enthält Code des DumbCRC.0-Virus
C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGOLPX2W\1501793652RE.pdf
[FUND] Enthält Code des DumbCRC.0-Virus
Beginne mit der Suche in 'D:\' <Recovery>

Beginne mit der Desinfektion:
C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGOLPX2W\1501793652RE.pdf
[FUND] Enthält Code des DumbCRC.0-Virus
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e0787d.qua' verschoben!
C:\Users\wihako\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q21K7U8Y\1501793652RE.pdf
[FUND] Enthält Code des DumbCRC.0-Virus
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d7757da.qua' verschoben!

markusg 29.10.2012 20:02
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [dnstupack] C:\Users\wihako\AppData\Roaming\dnstupack.exe ()
 :Files
C:\Users\wihako\AppData\Roaming\dnstupack.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

summer pride 05.11.2012 15:10
Hi Markus,
danke für Deine schnelle Antwort, bin aber erst jetzt wieder am Problem-Rechner. Hier das Textdokument. Der Upload der zip-Datei folgt...



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dnstupack not found.
File C:\Users\wihako\AppData\Roaming\dnstupack.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: wihako
->Flash cache emptied: 3130572 bytes

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: wihako
->Temp folder emptied: 28830356 bytes
->Temporary Internet Files folder emptied: 530618605 bytes
->Java cache emptied: 68414 bytes
->FireFox cache emptied: 40341270 bytes
->Google Chrome cache emptied: 191869258 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7700 bytes
RecycleBin emptied: 104 bytes

Total Files Cleaned = 755,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11052012_145814

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Upload hat problemlos geklappt :-) Erwarte nun weitere Anweisungen ;-)

markusg 05.11.2012 19:36
hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

summer pride 06.11.2012 15:03
Hi Markus,
hier der Inhalt der txt-Datei:



Combofix Logfile:
Code:
ComboFix 12-11-06.03 - wihako 06.11.2012  14:38:59.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.1918.1097 [GMT 1:00]
ausgeführt von:: c:\users\wihako\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\wihako\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-06 bis 2012-11-06  ))))))))))))))))))))))))))))))
.
.
2012-11-06 13:46 . 2012-11-06 13:46        --------        d-----w-        c:\users\wihako\AppData\Local\temp
2012-11-06 13:46 . 2012-11-06 13:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-05 14:24 . 2012-10-12 05:56        6918632        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{657EBFE9-2AFD-4130-B32A-CBFF3C0E385E}\mpengine.dll
2012-11-05 13:58 . 2012-11-05 14:14        --------        d-----w-        C:\_OTL
2012-11-02 11:55 . 2012-11-02 11:55        26        ----a-w-        c:\windows\fiupd.bat
2012-10-23 13:00 . 2012-06-02 00:02        985088        ----a-w-        c:\windows\system32\crypt32.dll
2012-10-23 13:00 . 2012-06-02 00:02        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-10-23 13:00 . 2012-06-02 00:02        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-10-23 13:00 . 2012-08-24 15:53        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-10-23 13:00 . 2012-09-13 13:28        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-10-23 12:59 . 2012-08-29 11:27        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-10-23 12:59 . 2012-08-29 11:27        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 11:54 . 2012-07-09 13:49        6688        ----a-w-        c:\windows\MOVEXE.EXE
2012-10-10 06:47 . 2012-09-22 15:39        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-10-10 06:47 . 2011-08-22 13:27        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 12:35 . 2012-09-19 12:35        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-19 12:35 . 2011-12-31 10:24        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-10-28 17:13 . 2012-10-28 17:13        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-08-14 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 06:47]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-14 14:54]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-14 14:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.alba-schottland.de/start.html
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{D22D3EAC-539E-47D7-9131-4048FF12A0AD}: NameServer = 89.246.64.8 82.145.9.8
FF - ProfilePath - c:\users\wihako\AppData\Roaming\Mozilla\Firefox\Profiles\fk5zdrwx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.alba-schottland.de/start.html
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex6Kptuuyb&search=
FF - ExtSQL: 2012-09-19 14:35; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2011-08-22 13:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
BHO-{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
Toolbar-{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
WebBrowser-{990AF1C2-5A27-4460-8149-ECC6BC122AF3} - (no file)
AddRemove-Canon ScanGear Toolbox 3.1 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-06 14:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\wihako\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-06  14:48:56
ComboFix-quarantined-files.txt  2012-11-06 13:48
.
Vor Suchlauf: 14 Verzeichnis(se), 271.109.902.336 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 271.050.891.264 Bytes frei
.
- - End Of File - - CDEA6539E34F8D0FC3B125610B7D2C8B
--- --- ---

markusg 07.11.2012 16:46
hi
flackert er noch?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

summer pride 07.11.2012 20:17
Der IE lief gestern völlig problemlos und flackerte nicht mehr! Soll ich den tdss-killer trotzdem ausführen?

(Der Firefox hängt sich nach wie vor auf und z.B. Clips laufen nur unter ständigem Ruckeln bis zum Stillstand. Hatte ich ja so hier noch nicht geschildert, ist aber wahrscheinlich ein ganz anderes Problem. Das war der eigentliche Grund, weshalb mein Vater auf den IE umstieg, der ja dann flackerte... )

markusg 07.11.2012 20:19
tdss killer trotzdem ausführen, ff gucken wir uns noch an :-)

summer pride 08.11.2012 14:50
Liste der Anhänge anzeigen (Anzahl: 1)
Das Programm hat keine log-Datei erstellt, deshalb ein Screenshot vom Scan-Ergebnis.

markusg 08.11.2012 14:55
c: öffnen, tdss-killer-datum-version.txt öffnen, inhalt kopieren und hier einfügen bitte

summer pride 09.11.2012 14:56
OK, sorry, wusste ich nicht ;-)

14:43:51.0110 3868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:43:51.0464 3868 ============================================================
14:43:51.0464 3868 Current date / time: 2012/11/08 14:43:51.0464
14:43:51.0464 3868 SystemInfo:
14:43:51.0464 3868
14:43:51.0464 3868 OS Version: 6.0.6002 ServicePack: 2.0
14:43:51.0464 3868 Product type: Workstation
14:43:51.0464 3868 ComputerName: WIHAKO-PC
14:43:51.0464 3868 UserName: wihako
14:43:51.0464 3868 Windows directory: C:\Windows
14:43:51.0464 3868 System windows directory: C:\Windows
14:43:51.0464 3868 Processor architecture: Intel x86
14:43:51.0464 3868 Number of processors: 1
14:43:51.0464 3868 Page size: 0x1000
14:43:51.0464 3868 Boot type: Normal boot
14:43:51.0464 3868 ============================================================
14:43:51.0875 3868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:43:51.0889 3868 ============================================================
14:43:51.0889 3868 \Device\Harddisk0\DR0:
14:43:51.0889 3868 MBR partitions:
14:43:51.0889 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BA1F6B1
14:43:51.0889 3868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BA1F6F0, BlocksNum 0xE9651A0
14:43:51.0889 3868 ============================================================
14:43:51.0911 3868 C: <-> \Device\Harddisk0\DR0\Partition1
14:43:51.0952 3868 D: <-> \Device\Harddisk0\DR0\Partition2
14:43:51.0952 3868 ============================================================
14:43:51.0952 3868 Initialize success
14:43:51.0952 3868 ============================================================
14:44:04.0574 3932 ============================================================
14:44:04.0574 3932 Scan started
14:44:04.0574 3932 Mode: Manual; SigCheck; TDLFS;
14:44:04.0574 3932 ============================================================
14:44:04.0720 3932 ================ Scan system memory ========================
14:44:04.0720 3932 System memory - ok
14:44:04.0724 3932 ================ Scan services =============================
14:44:05.0253 3932 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:44:05.0436 3932 ACPI - ok
14:44:05.0482 3932 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:05.0496 3932 AdobeFlashPlayerUpdateSvc - ok
14:44:05.0553 3932 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:44:05.0578 3932 adp94xx - ok
14:44:05.0599 3932 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:44:05.0616 3932 adpahci - ok
14:44:05.0637 3932 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:44:05.0654 3932 adpu160m - ok
14:44:05.0687 3932 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:44:05.0702 3932 adpu320 - ok
14:44:05.0751 3932 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:44:05.0772 3932 AeLookupSvc - ok
14:44:05.0806 3932 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:44:05.0829 3932 AFD - ok
14:44:05.0856 3932 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:44:05.0869 3932 agp440 - ok
14:44:05.0886 3932 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:44:05.0900 3932 aic78xx - ok
14:44:05.0936 3932 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:44:05.0966 3932 ALG - ok
14:44:06.0006 3932 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
14:44:06.0018 3932 aliide - ok
14:44:06.0040 3932 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:44:06.0053 3932 amdagp - ok
14:44:06.0075 3932 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
14:44:06.0087 3932 amdide - ok
14:44:06.0106 3932 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:44:06.0150 3932 AmdK7 - ok
14:44:06.0187 3932 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:44:06.0217 3932 AmdK8 - ok
14:44:06.0288 3932 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:44:06.0300 3932 AntiVirSchedulerService - ok
14:44:06.0332 3932 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:44:06.0347 3932 AntiVirService - ok
14:44:06.0402 3932 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:44:06.0422 3932 Appinfo - ok
14:44:06.0477 3932 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
14:44:06.0490 3932 arc - ok
14:44:06.0528 3932 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:44:06.0541 3932 arcsas - ok
14:44:06.0577 3932 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:06.0602 3932 AsyncMac - ok
14:44:06.0634 3932 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:44:06.0647 3932 atapi - ok
14:44:06.0690 3932 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:44:06.0715 3932 AudioEndpointBuilder - ok
14:44:06.0734 3932 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:44:06.0760 3932 Audiosrv - ok
14:44:06.0787 3932 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:44:06.0802 3932 avgntflt - ok
14:44:06.0827 3932 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:44:06.0840 3932 avipbb - ok
14:44:06.0883 3932 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:44:06.0910 3932 Beep - ok
14:44:06.0935 3932 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:44:06.0963 3932 BFE - ok
14:44:07.0016 3932 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
14:44:07.0059 3932 BITS - ok
14:44:07.0074 3932 blbdrive - ok
14:44:07.0112 3932 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:44:07.0124 3932 bowser - ok
14:44:07.0152 3932 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:44:07.0178 3932 BrFiltLo - ok
14:44:07.0202 3932 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:44:07.0219 3932 BrFiltUp - ok
14:44:07.0250 3932 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:44:07.0277 3932 Browser - ok
14:44:07.0309 3932 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:44:07.0358 3932 Brserid - ok
14:44:07.0389 3932 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:44:07.0433 3932 BrSerWdm - ok
14:44:07.0459 3932 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:44:07.0508 3932 BrUsbMdm - ok
14:44:07.0532 3932 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:44:07.0576 3932 BrUsbSer - ok
14:44:07.0595 3932 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:44:07.0638 3932 BTHMODEM - ok
14:44:07.0705 3932 catchme - ok
14:44:07.0732 3932 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:44:07.0759 3932 cdfs - ok
14:44:07.0791 3932 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:44:07.0811 3932 cdrom - ok
14:44:07.0853 3932 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:44:07.0872 3932 CertPropSvc - ok
14:44:07.0908 3932 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
14:44:07.0953 3932 circlass - ok
14:44:07.0983 3932 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:44:08.0010 3932 CLFS - ok
14:44:08.0061 3932 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:08.0074 3932 clr_optimization_v2.0.50727_32 - ok
14:44:08.0123 3932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:08.0137 3932 clr_optimization_v4.0.30319_32 - ok
14:44:08.0163 3932 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:44:08.0174 3932 cmdide - ok
14:44:08.0200 3932 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:44:08.0211 3932 Compbatt - ok
14:44:08.0227 3932 COMSysApp - ok
14:44:08.0241 3932 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:44:08.0253 3932 crcdisk - ok
14:44:08.0274 3932 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:44:08.0324 3932 Crusoe - ok
14:44:08.0404 3932 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:44:08.0425 3932 CryptSvc - ok
14:44:08.0487 3932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:44:08.0526 3932 DcomLaunch - ok
14:44:08.0574 3932 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:44:08.0590 3932 DfsC - ok
14:44:08.0637 3932 [ 423C428326549DE67FB808C3A2F33F78 ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
14:44:08.0660 3932 DfSdkS - ok
14:44:08.0731 3932 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:44:08.0849 3932 DFSR - ok
14:44:08.0897 3932 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:44:08.0924 3932 Dhcp - ok
14:44:08.0951 3932 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:44:08.0967 3932 disk - ok
14:44:09.0007 3932 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:44:09.0040 3932 Dnscache - ok
14:44:09.0090 3932 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:44:09.0123 3932 dot3svc - ok
14:44:09.0173 3932 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:44:09.0211 3932 DPS - ok
14:44:09.0255 3932 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:44:09.0279 3932 drmkaud - ok
14:44:09.0329 3932 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:44:09.0362 3932 DXGKrnl - ok
14:44:09.0408 3932 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:44:09.0454 3932 E1G60 - ok
14:44:09.0501 3932 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:44:09.0520 3932 EapHost - ok
14:44:09.0565 3932 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:44:09.0580 3932 Ecache - ok
14:44:09.0618 3932 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:44:09.0643 3932 elxstor - ok
14:44:09.0692 3932 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:44:09.0717 3932 EMDMgmt - ok
14:44:09.0753 3932 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:44:09.0778 3932 EventSystem - ok
14:44:09.0816 3932 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:44:09.0830 3932 exfat - ok
14:44:09.0888 3932 [ 9F5984873CDEA9BA1A0689DABF931E13 ] ezntsvc C:\Windows\system32\ezNTSvc.exe
14:44:09.0893 3932 ezntsvc ( UnsignedFile.Multi.Generic ) - warning
14:44:09.0893 3932 ezntsvc - detected UnsignedFile.Multi.Generic (1)
14:44:09.0916 3932 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:44:09.0939 3932 fastfat - ok
14:44:09.0983 3932 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:44:10.0026 3932 fdc - ok
14:44:10.0068 3932 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:44:10.0095 3932 fdPHost - ok
14:44:10.0130 3932 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:44:10.0182 3932 FDResPub - ok
14:44:10.0223 3932 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:44:10.0237 3932 FileInfo - ok
14:44:10.0266 3932 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:44:10.0291 3932 Filetrace - ok
14:44:10.0311 3932 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:10.0354 3932 flpydisk - ok
14:44:10.0387 3932 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:44:10.0404 3932 FltMgr - ok
14:44:10.0460 3932 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:44:10.0488 3932 FontCache - ok
14:44:10.0543 3932 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:44:10.0554 3932 FontCache3.0.0.0 - ok
14:44:10.0582 3932 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:44:10.0603 3932 Fs_Rec - ok
14:44:10.0621 3932 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:44:10.0636 3932 gagp30kx - ok
14:44:10.0676 3932 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:44:10.0706 3932 gpsvc - ok
14:44:10.0764 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:44:10.0776 3932 gupdate - ok
14:44:10.0787 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:44:10.0800 3932 gupdatem - ok
14:44:10.0826 3932 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:44:10.0875 3932 HdAudAddService - ok
14:44:10.0915 3932 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:10.0943 3932 HDAudBus - ok
14:44:10.0959 3932 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:44:11.0008 3932 HidBth - ok
14:44:11.0029 3932 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:44:11.0072 3932 HidIr - ok
14:44:11.0123 3932 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
14:44:11.0135 3932 hidserv - ok
14:44:11.0159 3932 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:44:11.0178 3932 HidUsb - ok
14:44:11.0217 3932 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:44:11.0244 3932 hkmsvc - ok
14:44:11.0269 3932 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:44:11.0283 3932 HpCISSs - ok
14:44:11.0324 3932 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:44:11.0384 3932 HTTP - ok
14:44:11.0415 3932 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:44:11.0429 3932 i2omp - ok
14:44:11.0490 3932 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:11.0512 3932 i8042prt - ok
14:44:11.0559 3932 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:44:11.0576 3932 iaStorV - ok
14:44:11.0621 3932 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:44:11.0629 3932 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:44:11.0629 3932 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:44:11.0686 3932 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:44:11.0723 3932 idsvc - ok
14:44:11.0744 3932 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:44:11.0757 3932 iirsp - ok
14:44:11.0784 3932 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:44:11.0819 3932 IKEEXT - ok
14:44:11.0896 3932 [ 4A705BF2A6F7972F2F2AD8A0D8079F95 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:44:11.0988 3932 IntcAzAudAddService - ok
14:44:12.0030 3932 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
14:44:12.0046 3932 intelide - ok
14:44:12.0081 3932 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:44:12.0156 3932 intelppm - ok
14:44:12.0188 3932 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:44:12.0220 3932 IPBusEnum - ok
14:44:12.0242 3932 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:12.0273 3932 IpFilterDriver - ok
14:44:12.0323 3932 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:44:12.0342 3932 iphlpsvc - ok
14:44:12.0355 3932 IpInIp - ok
14:44:12.0375 3932 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:44:12.0422 3932 IPMIDRV - ok
14:44:12.0452 3932 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:44:12.0483 3932 IPNAT - ok
14:44:12.0509 3932 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:44:12.0533 3932 IRENUM - ok
14:44:12.0560 3932 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:44:12.0571 3932 isapnp - ok
14:44:12.0610 3932 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:12.0625 3932 iScsiPrt - ok
14:44:12.0648 3932 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:44:12.0661 3932 iteatapi - ok
14:44:12.0687 3932 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:44:12.0698 3932 iteraid - ok
14:44:12.0736 3932 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:12.0749 3932 kbdclass - ok
14:44:12.0779 3932 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:44:12.0825 3932 kbdhid - ok
14:44:12.0856 3932 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:44:12.0868 3932 KeyIso - ok
14:44:12.0921 3932 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:44:12.0945 3932 KSecDD - ok
14:44:12.0998 3932 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:44:13.0032 3932 KtmRm - ok
14:44:13.0061 3932 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
14:44:13.0081 3932 LanmanServer - ok
14:44:13.0128 3932 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:44:13.0152 3932 LanmanWorkstation - ok
14:44:13.0209 3932 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:44:13.0215 3932 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:44:13.0215 3932 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:44:13.0245 3932 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:44:13.0273 3932 lltdio - ok
14:44:13.0316 3932 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:44:13.0352 3932 lltdsvc - ok
14:44:13.0389 3932 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:44:13.0440 3932 lmhosts - ok
14:44:13.0475 3932 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:44:13.0491 3932 LSI_FC - ok
14:44:13.0510 3932 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:44:13.0525 3932 LSI_SAS - ok
14:44:13.0557 3932 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:44:13.0573 3932 LSI_SCSI - ok
14:44:13.0603 3932 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:44:13.0629 3932 luafv - ok
14:44:13.0689 3932 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
14:44:13.0707 3932 LVRS - ok
14:44:13.0798 3932 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
14:44:13.0967 3932 LVUVC - ok
14:44:14.0032 3932 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
14:44:14.0050 3932 MDM - ok
14:44:14.0082 3932 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
14:44:14.0094 3932 megasas - ok
14:44:14.0135 3932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:44:14.0169 3932 MMCSS - ok
14:44:14.0198 3932 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:44:14.0223 3932 Modem - ok
14:44:14.0252 3932 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:44:14.0276 3932 monitor - ok
14:44:14.0311 3932 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:44:14.0323 3932 mouclass - ok
14:44:14.0351 3932 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:44:14.0375 3932 mouhid - ok
14:44:14.0411 3932 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:44:14.0424 3932 MountMgr - ok
14:44:14.0476 3932 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:44:14.0490 3932 MozillaMaintenance - ok
14:44:14.0533 3932 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
14:44:14.0546 3932 mpio - ok
14:44:14.0574 3932 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:44:14.0595 3932 mpsdrv - ok
14:44:14.0636 3932 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:44:14.0670 3932 MpsSvc - ok
14:44:14.0694 3932 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:44:14.0706 3932 Mraid35x - ok
14:44:14.0725 3932 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:44:14.0740 3932 MRxDAV - ok
14:44:14.0763 3932 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:14.0787 3932 mrxsmb - ok
14:44:14.0812 3932 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:14.0829 3932 mrxsmb10 - ok
14:44:14.0844 3932 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:14.0858 3932 mrxsmb20 - ok
14:44:14.0876 3932 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
14:44:14.0888 3932 msahci - ok
14:44:14.0907 3932 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:44:14.0922 3932 msdsm - ok
14:44:14.0959 3932 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:44:14.0990 3932 MSDTC - ok
14:44:15.0038 3932 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:44:15.0065 3932 Msfs - ok
14:44:15.0103 3932 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:44:15.0118 3932 msisadrv - ok
14:44:15.0159 3932 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:44:15.0192 3932 MSiSCSI - ok
14:44:15.0225 3932 msiserver - ok
14:44:15.0250 3932 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:44:15.0280 3932 MSKSSRV - ok
14:44:15.0324 3932 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:15.0357 3932 MSPCLOCK - ok
14:44:15.0375 3932 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:44:15.0407 3932 MSPQM - ok
14:44:15.0443 3932 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:44:15.0462 3932 MsRPC - ok
14:44:15.0505 3932 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:15.0522 3932 mssmbios - ok
14:44:15.0544 3932 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:44:15.0573 3932 MSTEE - ok
14:44:15.0595 3932 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:44:15.0611 3932 Mup - ok
14:44:15.0635 3932 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:44:15.0671 3932 napagent - ok
14:44:15.0707 3932 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:44:15.0725 3932 NativeWifiP - ok
14:44:15.0794 3932 [ B498A14133BD09AD0817590ACE4470AD ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
14:44:15.0829 3932 NBService - ok
14:44:15.0867 3932 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:44:15.0895 3932 NDIS - ok
14:44:15.0933 3932 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:15.0957 3932 NdisTapi - ok
14:44:15.0982 3932 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:16.0019 3932 Ndisuio - ok
14:44:16.0061 3932 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:16.0086 3932 NdisWan - ok
14:44:16.0118 3932 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:44:16.0153 3932 NDProxy - ok
14:44:16.0193 3932 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:44:16.0224 3932 NetBIOS - ok
14:44:16.0255 3932 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:44:16.0282 3932 netbt - ok
14:44:16.0310 3932 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:44:16.0328 3932 Netlogon - ok
14:44:16.0371 3932 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:44:16.0410 3932 Netman - ok
14:44:16.0446 3932 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:44:16.0482 3932 netprofm - ok
14:44:16.0516 3932 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:44:16.0532 3932 NetTcpPortSharing - ok
14:44:16.0560 3932 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:44:16.0575 3932 nfrd960 - ok
14:44:16.0601 3932 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:44:16.0635 3932 NlaSvc - ok
14:44:16.0683 3932 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:44:16.0701 3932 NMIndexingService - ok
14:44:16.0731 3932 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:44:16.0754 3932 Npfs - ok
14:44:16.0780 3932 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:44:16.0811 3932 nsi - ok
14:44:16.0843 3932 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:44:16.0874 3932 nsiproxy - ok
14:44:16.0934 3932 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:44:16.0985 3932 Ntfs - ok
14:44:17.0012 3932 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:44:17.0055 3932 ntrigdigi - ok
14:44:17.0080 3932 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:44:17.0104 3932 Null - ok
14:44:17.0128 3932 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
14:44:17.0195 3932 NVENETFD - ok
14:44:17.0360 3932 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:44:17.0585 3932 nvlddmkm - ok
14:44:17.0633 3932 [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVNET C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:44:17.0651 3932 NVNET - ok
14:44:17.0674 3932 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:44:17.0689 3932 nvraid - ok
14:44:17.0713 3932 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:44:17.0726 3932 nvstor - ok
14:44:17.0751 3932 [ 7EBA6C9A0A295B1559EFB9062E701218 ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys
14:44:17.0763 3932 nvstor32 - ok
14:44:17.0793 3932 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:44:17.0813 3932 nvsvc - ok
14:44:17.0844 3932 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:44:17.0861 3932 nv_agp - ok
14:44:17.0881 3932 NwlnkFlt - ok
14:44:17.0896 3932 NwlnkFwd - ok
14:44:17.0938 3932 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:44:17.0962 3932 ohci1394 - ok
14:44:18.0014 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:44:18.0066 3932 p2pimsvc - ok
14:44:18.0088 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:44:18.0119 3932 p2psvc - ok
14:44:18.0148 3932 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:44:18.0210 3932 Parport - ok
14:44:18.0257 3932 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:44:18.0274 3932 partmgr - ok
14:44:18.0293 3932 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:44:18.0348 3932 Parvdm - ok
14:44:18.0404 3932 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:44:18.0422 3932 PcaSvc - ok
14:44:18.0453 3932 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:44:18.0471 3932 pci - ok
14:44:18.0492 3932 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
14:44:18.0508 3932 pciide - ok
14:44:18.0532 3932 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:44:18.0550 3932 pcmcia - ok
14:44:18.0598 3932 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:44:18.0675 3932 PEAUTH - ok
14:44:18.0787 3932 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:44:18.0862 3932 pla - ok
14:44:18.0904 3932 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:44:18.0927 3932 PlugPlay - ok
14:44:18.0954 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:44:18.0977 3932 PNRPAutoReg - ok
14:44:19.0004 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:44:19.0029 3932 PNRPsvc - ok
14:44:19.0078 3932 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:44:19.0104 3932 PolicyAgent - ok
14:44:19.0154 3932 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:44:19.0182 3932 PptpMiniport - ok
14:44:19.0233 3932 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
14:44:19.0279 3932 Processor - ok
14:44:19.0323 3932 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:44:19.0345 3932 ProfSvc - ok
14:44:19.0365 3932 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:44:19.0382 3932 ProtectedStorage - ok
14:44:19.0413 3932 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
14:44:19.0435 3932 Ps2 - ok
14:44:19.0475 3932 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:44:19.0496 3932 PSched - ok
14:44:19.0511 3932 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:44:19.0524 3932 PxHelp20 - ok
14:44:19.0575 3932 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:44:19.0613 3932 ql2300 - ok
14:44:19.0636 3932 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:44:19.0651 3932 ql40xx - ok
14:44:19.0685 3932 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:44:19.0703 3932 QWAVE - ok
14:44:19.0729 3932 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:44:19.0743 3932 QWAVEdrv - ok
14:44:19.0759 3932 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:44:19.0785 3932 RasAcd - ok
14:44:19.0815 3932 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:44:19.0842 3932 RasAuto - ok
14:44:19.0879 3932 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:19.0904 3932 Rasl2tp - ok
14:44:19.0945 3932 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:44:19.0967 3932 RasMan - ok
14:44:20.0003 3932 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:20.0022 3932 RasPppoe - ok
14:44:20.0048 3932 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:44:20.0065 3932 RasSstp - ok
14:44:20.0096 3932 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:44:20.0119 3932 rdbss - ok
14:44:20.0146 3932 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:20.0172 3932 RDPCDD - ok
14:44:20.0228 3932 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:44:20.0277 3932 rdpdr - ok
14:44:20.0291 3932 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:44:20.0318 3932 RDPENCDD - ok
14:44:20.0373 3932 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:44:20.0390 3932 RDPWD - ok
14:44:20.0425 3932 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:44:20.0451 3932 RemoteAccess - ok
14:44:20.0494 3932 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:44:20.0516 3932 RemoteRegistry - ok
14:44:20.0548 3932 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:44:20.0560 3932 RpcLocator - ok
14:44:20.0591 3932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:44:20.0623 3932 RpcSs - ok
14:44:20.0665 3932 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:44:20.0691 3932 rspndr - ok
14:44:20.0719 3932 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:44:20.0735 3932 SamSs - ok
14:44:20.0764 3932 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:44:20.0777 3932 sbp2port - ok
14:44:20.0810 3932 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:44:20.0832 3932 SCardSvr - ok
14:44:20.0880 3932 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:44:20.0906 3932 Schedule - ok
14:44:20.0939 3932 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:44:20.0960 3932 SCPolicySvc - ok
14:44:20.0981 3932 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:44:20.0998 3932 SDRSVC - ok
14:44:21.0022 3932 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:44:21.0074 3932 secdrv - ok
14:44:21.0100 3932 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:44:21.0131 3932 seclogon - ok
14:44:21.0148 3932 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
14:44:21.0179 3932 SENS - ok
14:44:21.0213 3932 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:44:21.0256 3932 Serenum - ok
14:44:21.0279 3932 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:44:21.0324 3932 Serial - ok
14:44:21.0343 3932 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:44:21.0385 3932 sermouse - ok
14:44:21.0436 3932 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:44:21.0461 3932 SessionEnv - ok
14:44:21.0488 3932 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:44:21.0531 3932 sffdisk - ok
14:44:21.0561 3932 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:44:21.0607 3932 sffp_mmc - ok
14:44:21.0632 3932 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:44:21.0680 3932 sffp_sd - ok
14:44:21.0700 3932 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:44:21.0751 3932 sfloppy - ok
14:44:21.0782 3932 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:44:21.0811 3932 SharedAccess - ok
14:44:21.0844 3932 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:44:21.0859 3932 ShellHWDetection - ok
14:44:21.0885 3932 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:44:21.0899 3932 sisagp - ok
14:44:21.0919 3932 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:44:21.0932 3932 SiSRaid2 - ok
14:44:21.0948 3932 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:44:21.0962 3932 SiSRaid4 - ok
14:44:22.0029 3932 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:44:22.0042 3932 SkypeUpdate - ok
14:44:22.0140 3932 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:44:22.0297 3932 slsvc - ok
14:44:22.0341 3932 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:44:22.0365 3932 SLUINotify - ok
14:44:22.0415 3932 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:44:22.0437 3932 Smb - ok
14:44:22.0476 3932 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:44:22.0489 3932 SNMPTRAP - ok
14:44:22.0515 3932 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:44:22.0527 3932 spldr - ok
14:44:22.0561 3932 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:44:22.0576 3932 Spooler - ok
14:44:22.0602 3932 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:44:22.0626 3932 srv - ok
14:44:22.0654 3932 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:44:22.0683 3932 srv2 - ok
14:44:22.0722 3932 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:44:22.0737 3932 srvnet - ok
14:44:22.0750 3932 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:44:22.0780 3932 SSDPSRV - ok
14:44:22.0813 3932 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:44:22.0823 3932 ssmdrv - ok
14:44:22.0867 3932 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:44:22.0882 3932 SstpSvc - ok
14:44:22.0907 3932 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:44:22.0928 3932 StillCam - ok
14:44:22.0980 3932 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:44:23.0004 3932 stisvc - ok
14:44:23.0034 3932 [ 4CFEB2BD9723489DA072B300940EA287 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:44:23.0045 3932 stllssvr - ok
14:44:23.0069 3932 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:44:23.0084 3932 swenum - ok
14:44:23.0111 3932 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:44:23.0138 3932 swprv - ok
14:44:23.0171 3932 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:44:23.0184 3932 Symc8xx - ok
14:44:23.0228 3932 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:44:23.0242 3932 Sym_hi - ok
14:44:23.0255 3932 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:44:23.0269 3932 Sym_u3 - ok
14:44:23.0300 3932 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:44:23.0329 3932 SysMain - ok
14:44:23.0364 3932 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:44:23.0380 3932 TabletInputService - ok
14:44:23.0421 3932 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:44:23.0445 3932 TapiSrv - ok
14:44:23.0486 3932 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:44:23.0511 3932 TBS - ok
14:44:23.0558 3932 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:44:23.0596 3932 Tcpip - ok
14:44:23.0622 3932 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:44:23.0654 3932 Tcpip6 - ok
14:44:23.0686 3932 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:44:23.0699 3932 tcpipreg - ok
14:44:23.0737 3932 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:44:23.0767 3932 TDPIPE - ok
14:44:23.0791 3932 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:44:23.0818 3932 TDTCP - ok
14:44:23.0853 3932 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:44:23.0874 3932 tdx - ok
14:44:23.0899 3932 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:44:23.0913 3932 TermDD - ok
14:44:23.0958 3932 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:44:23.0997 3932 TermService - ok
14:44:24.0033 3932 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:44:24.0051 3932 Themes - ok
14:44:24.0075 3932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:44:24.0109 3932 THREADORDER - ok
14:44:24.0148 3932 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:44:24.0177 3932 TrkWks - ok
14:44:24.0229 3932 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:44:24.0252 3932 TrustedInstaller - ok
14:44:24.0299 3932 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:24.0330 3932 tssecsrv - ok
14:44:24.0364 3932 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:44:24.0381 3932 tunmp - ok
14:44:24.0402 3932 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:44:24.0420 3932 tunnel - ok
14:44:24.0456 3932 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:44:24.0471 3932 uagp35 - ok
14:44:24.0508 3932 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:44:24.0535 3932 udfs - ok
14:44:24.0578 3932 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:44:24.0616 3932 UI0Detect - ok
14:44:24.0639 3932 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:44:24.0655 3932 uliagpkx - ok
14:44:24.0678 3932 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:44:24.0698 3932 uliahci - ok
14:44:24.0725 3932 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:44:24.0742 3932 UlSata - ok
14:44:24.0775 3932 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:44:24.0793 3932 ulsata2 - ok
14:44:24.0822 3932 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:44:24.0854 3932 umbus - ok
14:44:24.0923 3932 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:44:24.0948 3932 UMVPFSrv - ok
14:44:25.0002 3932 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:44:25.0045 3932 upnphost - ok
14:44:25.0079 3932 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:44:25.0103 3932 usbaudio - ok
14:44:25.0142 3932 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:25.0166 3932 usbccgp - ok
14:44:25.0204 3932 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:44:25.0261 3932 usbcir - ok
14:44:25.0319 3932 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:44:25.0343 3932 usbehci - ok
14:44:25.0369 3932 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:44:25.0398 3932 usbhub - ok
14:44:25.0418 3932 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:44:25.0444 3932 usbohci - ok
14:44:25.0490 3932 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:44:25.0515 3932 usbprint - ok
14:44:25.0554 3932 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:44:25.0573 3932 usbscan - ok
14:44:25.0593 3932 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:25.0612 3932 USBSTOR - ok
14:44:25.0647 3932 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:25.0689 3932 usbuhci - ok
14:44:25.0722 3932 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:44:25.0750 3932 usbvideo - ok
14:44:25.0780 3932 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:44:25.0802 3932 UxSms - ok
14:44:25.0851 3932 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:44:25.0879 3932 vds - ok
14:44:25.0907 3932 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:25.0953 3932 vga - ok
14:44:25.0983 3932 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:44:26.0009 3932 VgaSave - ok
14:44:26.0035 3932 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:44:26.0047 3932 viaagp - ok
14:44:26.0070 3932 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:44:26.0122 3932 ViaC7 - ok
14:44:26.0146 3932 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
14:44:26.0160 3932 viaide - ok
14:44:26.0178 3932 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:44:26.0190 3932 volmgr - ok
14:44:26.0216 3932 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:44:26.0234 3932 volmgrx - ok
14:44:26.0272 3932 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:44:26.0288 3932 volsnap - ok
14:44:26.0326 3932 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:44:26.0340 3932 vsmraid - ok
14:44:26.0372 3932 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:44:26.0426 3932 VSS - ok
14:44:26.0451 3932 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:44:26.0477 3932 W32Time - ok
14:44:26.0512 3932 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:44:26.0561 3932 WacomPen - ok
14:44:26.0596 3932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:44:26.0615 3932 Wanarp - ok
14:44:26.0628 3932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:44:26.0648 3932 Wanarpv6 - ok
14:44:26.0679 3932 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:44:26.0701 3932 wcncsvc - ok
14:44:26.0734 3932 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:44:26.0754 3932 WcsPlugInService - ok
14:44:26.0785 3932 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
14:44:26.0796 3932 Wd - ok
14:44:26.0847 3932 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:44:26.0873 3932 Wdf01000 - ok
14:44:26.0902 3932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:44:26.0931 3932 WdiServiceHost - ok
14:44:26.0943 3932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:44:26.0972 3932 WdiSystemHost - ok
14:44:27.0006 3932 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:44:27.0023 3932 WebClient - ok
14:44:27.0053 3932 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:44:27.0068 3932 Wecsvc - ok
14:44:27.0096 3932 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:44:27.0117 3932 wercplsupport - ok
14:44:27.0155 3932 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:44:27.0177 3932 WerSvc - ok
14:44:27.0230 3932 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:44:27.0249 3932 WinDefend - ok
14:44:27.0267 3932 WinHttpAutoProxySvc - ok
14:44:27.0305 3932 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:44:27.0341 3932 Winmgmt - ok
14:44:27.0394 3932 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:44:27.0446 3932 WinRM - ok
14:44:27.0512 3932 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:44:27.0540 3932 Wlansvc - ok
14:44:27.0579 3932 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:44:27.0641 3932 WmiAcpi - ok
14:44:27.0693 3932 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:44:27.0714 3932 wmiApSrv - ok
14:44:27.0768 3932 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:44:27.0795 3932 WMPNetworkSvc - ok
14:44:27.0812 3932 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:44:27.0830 3932 WPCSvc - ok
14:44:27.0872 3932 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:44:27.0886 3932 WPDBusEnum - ok
14:44:27.0947 3932 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:44:27.0976 3932 WPFFontCache_v0400 - ok
14:44:28.0012 3932 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:44:28.0037 3932 ws2ifsl - ok
14:44:28.0069 3932 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
14:44:28.0085 3932 wscsvc - ok
14:44:28.0099 3932 WSearch - ok
14:44:28.0190 3932 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:44:28.0270 3932 wuauserv - ok
14:44:28.0307 3932 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:28.0346 3932 WUDFRd - ok
14:44:28.0378 3932 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:44:28.0409 3932 wudfsvc - ok
14:44:28.0427 3932 ================ Scan global ===============================
14:44:28.0445 3932 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:44:28.0481 3932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:44:28.0500 3932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:44:28.0549 3932 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:44:28.0553 3932 [Global] - ok
14:44:28.0558 3932 ================ Scan MBR ==================================
14:44:28.0569 3932 [ 5F8B5082F3482CC06B72EC5806598AE9 ] \Device\Harddisk0\DR0
14:44:28.0756 3932 \Device\Harddisk0\DR0 - ok
14:44:28.0760 3932 ================ Scan VBR ==================================
14:44:28.0765 3932 [ 6D25862009067B46ABF3D71DF2398DFF ] \Device\Harddisk0\DR0\Partition1
14:44:28.0767 3932 \Device\Harddisk0\DR0\Partition1 - ok
14:44:28.0795 3932 [ 3F22F10C0F8E78ACFA380D9870C0E8A0 ] \Device\Harddisk0\DR0\Partition2
14:44:28.0797 3932 \Device\Harddisk0\DR0\Partition2 - ok
14:44:28.0802 3932 ============================================================
14:44:28.0802 3932 Scan finished
14:44:28.0802 3932 ============================================================
14:44:28.0825 3724 Detected object count: 3
14:44:28.0825 3724 Actual detected object count: 3
14:44:48.0232 3724 ezntsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:48.0233 3724 ezntsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:48.0233 3724 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:48.0233 3724 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:48.0239 3724 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:48.0239 3724 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:50:55.0250 4796 Deinitialize success

markusg 09.11.2012 19:27
deswegen sag ichs ja :-)
lade den CCleaner standard:
CCleaner Download - CCleaner 3.24.1850
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:20 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19