| |
| |||||||
Log-Analyse und Auswertung: Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über MahngebührenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.02.2013, 03:01
| #1 |
 |  Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hallo zusammen, ich hoffe ihr könnt mir bzw. meiner Freundin helfen. Folgendes ist meiner Freundin gestern dummerweise passiert: Meine Freundin hat eine Email mit einer Zahlungsaufforderung (Mahngebühren) erhalten, diese dummerweise nicht richtig gelesen und auf die Absender Mail-Adresse auch nicht geachtet und den Anhang (.zip Datei) geöffnet. Nachfolgend der Email-Text: Code:
ATTFilter
-----Ursprüngliche Nachricht-----
Von: borisberresheim@aol.com [mailto:borisberresheim@aol.com]
Gesendet: Montag, 11. Februar 2013 22:18
An: ***
Betreff: 11.02.2013 *** Mahngebühren Ihrer Bestellung Nr. 0006408
Guten Tag ***,
wir bedanken uns für Ihren Einkauf bei Alternate.
Leider hat unsere Buchhaltung bei Ihnen eine nicht beglichene Zahlung festgestellt.
Wenn Sie den Rechnungsbetrag in den letzten Tagen überwiesen haben, betrachten Sie diese Mahnung als gegenstandslos.
Vielleicht ist Ihnen jedoch entgangen die Rechnung 1374759 für Ihre Bestellung 17595500 fristgerecht zu überweisen.
Rechnungsbetrag: 351,52 Euro
Bitte begleichen Sie die Zahlung bis zum 16.02.2013.
Rechnungseinzelheiten und Widerruf-Möglichkeiten finden Sie in beigefügtem Anhang.
Sollte auch diese Frist ohne eine Zahlung verstreichen, so müssen wir diese Angelegenheit an unsere Anwälte zur Einforderung leiten.
Freundlich grüßt Sie
Jonathan Lehmann Ihr Kundenservice
Haben Sie Fragen? Unser Kundendienst ist gerne für Sie da.
Sie erreichen uns von Montag bis Freitag in der Zeit von 9 bis 12 Uhr und von 13 bis 18 Uhr unter unserer Service-Rufnummer: +49(0)3882-63425-2
Schritte 1 bis 3 und die Diagnose mit Malwarebytes Anti-Malware hat sie bereits durchgeführt. Log-Datei Malwarebytes Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.11.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Esra :: ESRA-PC [Administrator] 12.02.2013 00:47:48 MBAM-log-2013-02-12 (01-01-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224635 Laufzeit: 8 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Daten: http=127.0.0.1:52202 -> Keine Aktion durchgeführt. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|2600 (Trojan.Agent) -> Daten: C:\PROGRA~2\LOCALS~1\Temp\6805ffff.com -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Log-Datei OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.02.2013 01:21:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Esra\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,77% Memory free 4,23 Gb Paging File | 3,34 Gb Available in Paging File | 78,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,78 Gb Total Space | 4,67 Gb Free Space | 6,69% Space Free | Partition Type: NTFS Drive D: | 69,51 Gb Total Space | 46,30 Gb Free Space | 66,61% Space Free | Partition Type: NTFS Computer Name: ESRA-PC | User Name: Esra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.12 01:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Esra\Desktop\OTL.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.14 13:32:52 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.09.14 13:32:52 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.08.09 18:17:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.08.17 22:31:30 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe PRC - [2010.08.17 22:31:30 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe PRC - [2010.08.17 22:31:30 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe PRC - [2010.03.01 13:01:04 | 000,160,528 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.03.01 13:00:20 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.09.25 14:38:16 | 000,312,784 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe PRC - [2009.09.15 11:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe PRC - [2009.09.15 11:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.04.24 18:17:34 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.03.22 17:21:52 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2007.01.02 08:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006.12.22 13:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.09.15 11:22:06 | 000,115,008 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NPShellExtension.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.04.05 23:27:58 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.09.14 13:32:52 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.19 06:33:52 | 000,071,024 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService) SRV - [2010.08.17 22:31:30 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2010.08.17 22:31:30 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV - [2010.08.17 22:31:30 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2010.03.01 13:00:20 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.25 14:38:16 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService) SRV - [2009.09.15 11:20:30 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool) SRV - [2009.09.15 11:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (astcc) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.04.07 17:21:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.04.24 18:17:34 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.03.22 17:21:52 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.02.06 23:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.01.31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2007.01.02 08:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006.12.22 13:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\ZDPNDIS4.SYS -- (ZDPNDIS4) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2012.08.28 14:22:34 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.08.02 18:04:54 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nhcDriver.sys -- (nhcDriverDevice) DRV - [2010.07.22 04:42:38 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt) DRV - [2010.07.22 04:42:38 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.09 13:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.04.09 13:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2008.10.31 15:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2007.11.02 13:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) DRV - [2007.08.29 03:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3112r.sys -- (SI3112r) DRV - [2007.08.29 03:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007.06.19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm) DRV - [2007.06.19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt) DRV - [2007.06.19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic) DRV - [2007.06.19 08:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex) DRV - [2007.06.19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5) DRV - [2007.06.19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl) DRV - [2007.06.19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus) DRV - [2007.04.25 13:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2007.04.20 21:31:14 | 000,870,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athru6.sys -- (athrusb6) DRV - [2007.04.05 23:36:16 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.04.05 23:36:16 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.01.31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.12.27 02:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.21 07:24:02 | 000,062,464 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 09:57:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.08.05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {C828B2F7-D0A0-4CF4-9A68-9CE0B74CE0A7} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=64458969-6CE6-4CD0-AD22-A0754405EFA3&apn_sauid=4133B492-AB14-4AF5-8684-42185E944903 IE - HKCU\..\SearchScopes\{65A8F361-45C5-4E5F-95C4-BCA3471AF9DF}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{C828B2F7-D0A0-4CF4-9A68-9CE0B74CE0A7}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52202 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6e: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.09 15:24:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.09 15:24:17 | 000,000,000 | ---D | M] [2012.03.18 16:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esra\AppData\Roaming\mozilla\Extensions [2012.03.18 16:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esra\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.02.02 14:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esra\AppData\Roaming\mozilla\Firefox\Profiles\5izqepya.default\extensions [2010.04.28 19:24:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Esra\AppData\Roaming\mozilla\Firefox\Profiles\5izqepya.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.12.20 12:17:41 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Esra\AppData\Roaming\mozilla\firefox\profiles\5izqepya.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.02 14:20:01 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Esra\AppData\Roaming\mozilla\firefox\profiles\5izqepya.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.09 15:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.09 15:24:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.17 11:50:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.23 14:32:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 11:50:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 11:50:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 11:50:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 11:50:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.04.29 13:44:45 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (PROMT) - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Programme\PRMT8\PRMTIE\prmtie.dll (PROMT Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Automatically Determine Topic Template - C:\Programme\PRMT8\PRMTIE\aot.htm () O8 - Extra context menu item: Customize Translation Options - C:\Programme\PRMT8\PRMTIE\options.HTM () O8 - Extra context menu item: Free YouTube Download - C:\Users\Esra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Esra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Open Entry - C:\Programme\PRMT8\PRMTIE\addentry.HTM () O8 - Extra context menu item: Search the Web - C:\Programme\PRMT8\PRMTIE\search.HTM () O8 - Extra context menu item: Translate Page - C:\Programme\PRMT8\PRMTIE\page.HTM () O8 - Extra context menu item: Unknown Words - C:\Programme\PRMT8\PRMTIE\infopanel.HTM () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Customize Translation Options - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Programme\PRMT8\PRMTIE\options.HTM () O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Translate - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Programme\PRMT8\PRMTIE\Prmtie5.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{154256FC-86C7-4668-9292-6894213F8892}: DhcpNameServer = 129.143.2.1 129.143.2.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E598359-6257-400D-A047-2632BC607D23}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{678C72E0-58BE-41E6-AA6E-C5048663F9E7}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0E7D8A-39D8-4253-8D8D-1F03CAAC8FEA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB73B4A-4339-4FD6-B44E-B945B8EDC51F}: DhcpNameServer = 91.89.91.89 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F208D33A-2ADE-47E5-BC0A-F4D8293DDE26}: Domain = ad.fh-albsig.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F208D33A-2ADE-47E5-BC0A-F4D8293DDE26}: NameServer = 141.87.114.200,141.87.129.200 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Strand_und_Meer_3.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Strand_und_Meer_3.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0fcf36e0-d8d7-11de-a38e-001b382c7b03}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe O33 - MountPoints2\{0fcf36e0-d8d7-11de-a38e-001b382c7b03}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe O33 - MountPoints2\{939506c3-4cec-11e0-8e94-001b382c7b03}\Shell - "" = AutoRun O33 - MountPoints2\{939506c3-4cec-11e0-8e94-001b382c7b03}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c0f92c76-28e2-11de-a80d-001b382c7b03}\Shell - "" = AutoRun O33 - MountPoints2\{c0f92c76-28e2-11de-a80d-001b382c7b03}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{c729163f-9e2f-11e0-ae37-001b382c7b03}\Shell - "" = AutoRun O33 - MountPoints2\{c729163f-9e2f-11e0-ae37-001b382c7b03}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{eaa414d0-bcad-11dd-9f5f-001b382c7b03}\Shell\AutoRun\command - "" = F:\WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 01:19:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Esra\Desktop\OTL.exe [2013.02.12 00:46:46 | 000,000,000 | ---D | C] -- C:\Users\Esra\AppData\Roaming\Malwarebytes [2013.02.12 00:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 00:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 00:46:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.12 00:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.12 00:45:31 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Esra\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.09 15:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.02.12 01:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Esra\Desktop\OTL.exe [2013.02.12 01:18:27 | 000,000,000 | ---- | M] () -- C:\Users\Esra\defogger_reenable [2013.02.12 01:17:33 | 000,050,477 | ---- | M] () -- C:\Users\Esra\Desktop\Defogger.exe [2013.02.12 01:04:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 01:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 01:04:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.12 00:46:17 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 00:45:34 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Esra\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.28 17:27:13 | 002,339,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.24 20:58:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013.01.23 18:59:56 | 002,272,644 | ---- | M] () -- C:\Users\Esra\Desktop\Leitfaden.pdf ========== Files Created - No Company Name ========== [2013.02.12 01:18:27 | 000,000,000 | ---- | C] () -- C:\Users\Esra\defogger_reenable [2013.02.12 01:17:32 | 000,050,477 | ---- | C] () -- C:\Users\Esra\Desktop\Defogger.exe [2013.02.12 00:46:17 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.28 17:25:44 | 002,339,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.23 18:59:55 | 002,272,644 | ---- | C] () -- C:\Users\Esra\Desktop\Leitfaden.pdf [2011.05.17 20:39:16 | 000,140,520 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.10.01 14:14:56 | 000,038,451 | ---- | C] () -- C:\Users\Esra\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2009.08.25 22:36:38 | 000,038,478 | ---- | C] () -- C:\Users\Esra\AppData\Roaming\Microsoft Excel 97-2003.ADR [2008.07.22 16:58:31 | 000,000,680 | ---- | C] () -- C:\Users\Esra\AppData\Local\d3d9caps.dat [2008.04.06 19:59:22 | 000,233,984 | ---- | C] () -- C:\Users\Esra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.24 18:14:43 | 000,001,024 | ---- | C] () -- C:\Users\Esra\.rnd [2008.03.24 17:16:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.10 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\64495 [2011.11.10 23:07:08 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\79316 [2009.02.12 22:45:25 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Buhl Data Service [2011.06.27 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Canneverbe Limited [2008.05.05 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\CoCreate [2009.11.11 14:40:00 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Downloaded Installations [2012.06.17 12:18:53 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\DVDVideoSoft [2012.05.05 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.10 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\FileZilla [2008.08.09 16:24:32 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Haufe [2012.03.18 16:58:58 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Haufe Mediengruppe [2012.07.07 13:34:21 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Idiqw [2008.05.12 20:21:25 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Leadertech [2008.08.09 15:34:22 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Lexware [2011.03.09 16:19:49 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\MOBackup [2012.07.04 17:32:30 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Mupou [2012.02.05 13:23:08 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Nitro PDF [2012.07.07 20:37:15 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Noto [2010.01.11 01:35:09 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\OpenOffice.org [2009.04.13 12:34:19 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\PRMT [2009.04.13 12:28:21 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\PROject MT [2010.04.18 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\ScanSoft [2011.08.10 21:03:27 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\TeamViewer [2008.07.21 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Teleca [2012.10.05 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\TuneUp Software [2011.03.12 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\Vodafone [2011.06.24 10:29:07 | 000,000,000 | ---D | M] -- C:\Users\Esra\AppData\Roaming\XSManager ========== Purity Check ========== < End of report > [/CODE] Log-Datei OTL Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 01:21:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Esra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,77% Memory free
4,23 Gb Paging File | 3,34 Gb Available in Paging File | 78,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,78 Gb Total Space | 4,67 Gb Free Space | 6,69% Space Free | Partition Type: NTFS
Drive D: | 69,51 Gb Total Space | 46,30 Gb Free Space | 66,61% Space Free | Partition Type: NTFS
Computer Name: ESRA-PC | User Name: Esra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2072690226-1356156960-1647667346-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0976A5E1-A1BD-41C3-A35E-2140B9FA4545}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D607171-5340-4AF3-9ADF-9860E33405A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C5DC8A8-8079-46A3-8AC3-BB6440AB1A81}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3CE9C0BD-BFB1-40AF-B167-D0146DB06460}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B5CC961-F6D3-4458-90DF-8BB439C8734D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{64DBAEEC-6C25-4684-B55F-302CDF5F4309}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8353F7A3-A293-438D-801C-478C35FF723B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{953025CC-FB5A-4967-AD43-E3B1A1809685}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{985B2ED5-1658-44C4-AF20-F2F8759D30F0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A5F2BB2E-5CA2-4385-8607-02E6B7A15F3A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B2D79D5A-6470-421A-AB44-16715A27B917}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B86D3BBC-D748-4D7E-A891-46D7F52AB9CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D81EFE77-46C7-419D-8600-DB5A5510D23E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001845FD-18D2-41A5-A051-2F0EE5FBB20D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{00CB5EF8-B58D-4AA0-9A7A-40CA0D4E3287}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0363F056-A95A-445E-BEDA-7749774BC516}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{05A721EA-E783-48A8-91E2-620FFEB7CE37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0724FF6A-592D-404A-B5AB-92E8BC774880}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08117D7F-BACB-46B5-9AA1-6921EEB61F69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09B6FDE9-8935-48F5-ADEC-6EA948A333FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09C56964-8E4E-44FA-9CEB-0C7074FBB972}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09FA24F0-4B6E-40A2-AE8A-BBCFA4DCC50D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B8AF202-B172-4749-9E41-B796B6DB5FD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14159013-0B66-4663-B0AC-E5752987918D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B1B7438-2E5C-438A-A5B2-59FBA2A775B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C883297-FE97-44D4-8A97-AB2E287E27C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DEE48A9-A161-42F0-9B11-1E65AAFF4BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1ECEF8B9-C58B-4582-ACDB-230511D4A8F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F0483D2-77E9-4E6E-A71C-FF9E092C4C9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21BED82F-9956-43AB-B4ED-6F6F16CDF5EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{247A1EB7-A05B-4E55-9E17-98FA0162406E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{248EA4CC-912C-4D55-A6A8-D6A917F44B17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{258FD1EC-93C9-4AB2-AC11-E73C8E5F14BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{265D36EA-8189-44D3-A9A7-3A7EA49F89E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28C038F0-CD56-4885-8064-FC6D8ED29386}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BE41E4B-7AF7-4F9E-AE50-F884AC6F0016}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C046995-50DD-4A0F-BC08-F37907B3904A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C1AF0DF-6EDF-41D2-B142-AA04856FB39A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E146FFA-D3C2-453F-897E-29DC7AFEEFB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{331616E5-5F48-463A-ADB0-8A31E518E887}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35962187-DE8C-45B0-9666-BCFC0B96051F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35ECF20C-27AF-459F-9C6A-DFCAF38B0CC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36E3A1DE-6809-4A44-BB00-F0A3A345AB50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3723DD23-2E29-415D-AFF5-9516A12EC166}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37F73D83-DFE2-4DBE-84A1-1515ACEFF15A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3815EEC1-F8A1-4284-9731-0F00FACB906D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AEF97BD-B715-40DA-8E90-4E2DCF11E4F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C618B69-D29B-4793-81F4-9206DC7F9E22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DB8A25F-7ACC-4CC0-8980-4DF8FF861626}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40655590-C037-43E0-BE39-33BB2850840C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43149B14-6EDB-4AA0-B854-48479DA4F667}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4539EC09-D5F4-43EA-9D47-1E3C99EFE2B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{453F4BB8-09D5-4ABC-B7DF-8C2410854B50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4CE12602-2376-4519-8BC5-9B0982888F40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EAA5727-0A5C-41AA-80C9-DDB189391CDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F56BBEA-790F-4DBE-8175-DDC8AEA4B278}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{508D86EB-A343-4965-A554-BD0AFDA59449}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{533EA3C6-577F-493A-9E58-61D8553B96F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{583F7EF9-D50A-4647-A49B-A3E9C9B0C07F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58573504-1215-42D6-A933-7EFDE7EB42F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58E1335F-2390-45C8-A046-0C4EC6F41104}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CD19102-8ADC-4911-845A-3FAC04F5AEBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DBCAD57-B2F0-4443-90A2-BE63E7C924FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60B11F0B-7078-41ED-BB11-C7D962E9103C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60F343D6-7022-46C7-9C46-D25E29D321FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{633D9AA6-2C09-4465-8414-BA2FF36D414A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63BA59CB-1F22-4888-9922-600D4B8FE672}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{689B31C4-48AF-478A-8BD0-B28FDD13841C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A746CB1-4B5D-4398-B4FC-94E15870B180}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E95D45C-AC1E-43A6-B418-86C681552988}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F6F6DB8-18BE-487A-A3C8-F121C9B665AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{70318AF0-BBCF-4411-B11B-E3AA253DD664}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7172B256-7521-4B51-8566-4B932DB03A40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7271F1C7-D689-4CC9-8A84-3EEEC813DA5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7595C155-9913-484C-904C-CA43BB9698D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{765D7B4E-DB0B-4ADD-8870-CA4EC75949CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7941F602-FA1E-461B-9B12-5F266C2F7B3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7990F1AF-3C26-4B5B-A8F4-EEF4D88E5B54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AEF7B63-C7FB-4C26-95A3-F8CD8CF7E84E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B5302F4-FBC1-43DB-8C5C-032C3886CC80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8168AFFB-DF60-4211-A1EB-C9F04B322101}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{817206CE-41E9-4B19-A86C-E20BEF89A2B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8255F92B-7467-49FC-BEBA-1F14B8C7041E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86C892F4-9934-4551-AD83-6CF25384DE99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89681256-E2FA-4386-8704-88AD9B302CFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FA98D2C-0EEB-488C-AD95-F7A67EDA915A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FD0B854-5B05-4D0B-B176-79B30EABECA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91A94446-3540-4839-A235-F7620206A2B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91D45BBF-65F4-4174-A99F-8724FA7D7D8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9381E12A-B101-470F-80FA-048B15A1C20C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93BFD0FB-9AD1-4F42-8965-2923DB12E865}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94586FF0-5AFF-4D04-A951-151D1463652B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{949D498B-7AEA-4F89-98F8-01671495A21E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{951C2286-916B-4CB4-A6D2-0B243036253C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9929E989-3304-4978-9F82-444A248BCF81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D3BFB87-2395-41D5-97FE-741AB5B6CBEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E804BD0-7F3D-4365-B35E-9C153C5C4E87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A4510E44-0E9B-490D-B635-5CF94F2F4792}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A51D6EE6-A804-4146-AE70-F0F564473E30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6C4012D-6B7D-4B9B-A3B4-3409A2D1B0EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6DA5F93-1DF3-417D-B7F8-A08B9333B355}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A78E8BDE-DF3F-4AB9-B4A7-A178C87E9B2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A832F579-7030-4A04-8ED3-D380312404E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC101859-F5A0-493D-BE80-2A0CAA610812}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC46D9BD-FB3E-436F-87B1-4E4F2D8908B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD788203-8171-4425-965D-4ADB4C2C4A64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE895DFE-3648-45D2-A45E-D20D4AA6EC41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF97A67A-EF13-4AFC-A317-CEB168943B37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFF2D62F-0B09-48A8-91AD-CB5568A888C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B14C9B5E-F7AA-4061-B7A9-CC7F669FC63B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B526F511-FFA0-4CCE-8785-B8BD39C37E92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B659A635-BCD9-494C-83F9-FCF3C03052EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8101977-E579-45E5-8112-ECF664EAB045}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B92E7555-E04F-4412-89EB-EB4E2894B5CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BBB9DC4B-C8D1-4058-8FBC-248DF2E0AEF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC7FF43C-1045-487B-8E6E-46458443499E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFB18CB1-9EC6-4090-80AC-D1A3D1F7B97C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3E5E32D-25F8-41A5-A78B-1B82552047B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C41ABBFA-DACB-4FA6-AD9F-A95B0A2775E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C581726B-B01D-48DB-8337-EBF580E38AF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C74E24DA-7C54-430C-A9AD-2BE9E850E04C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB253AF0-C441-4881-8951-27B89B645DED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC5B8491-95BE-4C7B-9FDB-BDBF5960F4A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D32FDAAD-EE91-4C78-BB9E-2B7D2AE0C3B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3C79D2A-8594-454E-9B25-A204596A0E0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D72FC01B-55A6-45C0-BC04-0F8C58499E52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8BB1BC6-84E1-49E2-BBCA-B60CFAC5E07D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC6E0D9F-F1E7-455E-870B-5F4A97B0C1E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD18A148-0363-4B84-BABF-5313D194FB1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DD2E4638-689B-4B6C-BD24-B691FE570793}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{DD40AD3F-25E6-4394-9881-3C8EEBEA2C3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF3CB1F9-5D97-4727-8D09-3DC3441481E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E082A49C-207F-438C-8694-A4674EBA80A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E399E497-62FB-4563-8509-1CAECD1ACC00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E83D6655-1D54-4F10-985F-AB69327872C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9ACBDD7-A5B6-422E-AE99-5D0232F93CA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA2945CA-3919-44BD-B6E3-06006CD98087}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED192C30-D3BC-4313-B52A-74CA31212EF6}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{EDD88028-F2EE-47D7-B584-3EBE1B69AE49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0BCE4BF-F638-48C0-9606-95DA858FF091}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1C1A719-1577-4364-A3C5-9FBF50AA66FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F32C1447-83F2-4102-BE85-92E4239D9FE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6AF2A06-5C9E-4BFA-96D5-5FE01B289540}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F85E63EE-61B9-4841-A6AE-580F74AEA24A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8C62857-18F0-4009-B0F6-BEC9B82BA644}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8E15497-4E85-4836-8585-899AD3DC2705}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAB495F4-B718-457E-991D-36059318FCC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB7CF5F9-51DA-429C-91D5-69F515F0B8BE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FC9C45D7-CEE3-4A43-8978-5E80C039C21E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCD16DD9-9A97-46C2-9E51-C7D34EF60BE5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FD41849E-B6FD-4968-9F41-7D40D791B589}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEDC281D-7BA7-4D6C-AC9F-74CAADCB6CB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{048401E2-F780-42E1-879A-D6C113EA00A5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{39782464-51F9-4963-8FDB-65B6BDCA9588}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3E75047D-70A4-4F88-8F52-BFCFEAA8C8FB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4BA0CA6C-3595-4F92-8897-D3EF56AEB45F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{6532A551-10D1-403A-9FF1-CF366BA9E3AD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C5E55AB4-D42A-455E-9D5B-73939DEE350F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CF757C67-A56A-4B06-B31B-4C2241F63C56}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DA2FB945-EBB6-4C0E-BB02-66B65B657D34}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |
"UDP Query User{00FC7FB3-9698-4FB4-86F5-FCCDED85B7F0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{093E9FC8-79E2-4BBE-8E6E-B26624437E14}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |
"UDP Query User{1C808F2B-5FCA-4A99-BAE5-E964EF0CD853}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5ECC7151-D077-44F7-A42A-415520F441CF}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{921058A1-1470-47F6-93EF-0788A059EDD8}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B6E732D9-B5F6-4CC7-9623-CED96DF54BDF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C4AA7145-B0A5-429F-A46E-5FAB854FC33B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EF4E72D3-78B9-4261-B626-9389BDEAEEAB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{67A67432-9B34-11DE-9CAF-D9A555D89593}" = Nitro PDF Professional
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5CBE2E8-10AD-4786-A7C4-4B7E86525F50}" = Steuer Update 15.09
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"InfoRapid Wizard Writer" = InfoRapid Wizard Writer
"IsoBuster_is1" = IsoBuster 2.7
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PRJPRO" = Microsoft Office Project Professional 2007
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.02.2013 14:41:07 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 08.02.2013 06:20:41 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 08.02.2013 06:29:55 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 09.02.2013 08:16:48 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 09.02.2013 09:47:48 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 10.02.2013 09:32:27 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 10.02.2013 14:52:14 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 11.02.2013 07:02:25 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 11.02.2013 07:22:48 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
Error - 11.02.2013 20:08:55 | Computer Name = Esra-PC | Source = LoadPerf | ID = 3002
Description =
[ OSession Events ]
Error - 03.11.2008 14:03:26 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.02.2009 10:26:51 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.02.2009 14:10:38 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.02.2009 14:33:39 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 288
seconds with 180 seconds of active time. This session ended with a crash.
Error - 18.02.2009 14:36:18 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.07.2009 13:08:09 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1887
seconds with 240 seconds of active time. This session ended with a crash.
Error - 08.10.2009 10:51:29 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1857
seconds with 720 seconds of active time. This session ended with a crash.
Error - 09.09.2010 14:31:03 | Computer Name = Esra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.02.2013 16:05:31 | Computer Name = Esra-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 10.02.2013 09:28:00 | Computer Name = Esra-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Adobe PDF Converter nicht unter
dem Namen Adobe PDF Converter freigeben. Fehler: 2114. Der Drucker kann nicht von
anderen Benutzern im Netzwerk verwendet werden.
Error - 10.02.2013 09:28:16 | Computer Name = Esra-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.02.2013 06:58:07 | Computer Name = Esra-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.02.2013 06:59:52 | Computer Name = Esra-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.02.2013 07:01:05 | Computer Name = Esra-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.02.2013 07:02:25 | Computer Name = Esra-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.02.2013 07:03:04 | Computer Name = Esra-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.02.2013 07:04:10 | Computer Name = Esra-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.02.2013 20:04:42 | Computer Name = Esra-PC | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 31.07.2010 16:48:16 | Computer Name = Esra-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
[/CODE] Log-Datei Gmer: Code:
ATTFilter GMER Logfile: Die Email samt Anhang habe ich konvertiert, mit 7zip gepackt und euch per Email gesendet. Vielen Dank im Voraus. Ich freue mich über eine hoffentlich positive Nachricht. Gruß Joe Geändert von Joe_Da (12.02.2013 um 03:24 Uhr) |
|
12.02.2013, 16:03
| #2 |
| /// Malware-holic   | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren hi
__________________bitte leitet uns in Zukunft Spams an die in meiner Signatur angegebene Adresse weiter. Frage: sind persönliche Dateien verschlüsselt, könnt ihr also nicht mehr drauf zugreifen?
__________________ |
|
12.02.2013, 16:38
| #3 |
| | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi,
__________________danke für die rasche Antwort. Habe gestern die Email samt Anhang an die in der Signatur angegebene Adresse weitergeleitet mit Verweis (Link) aus dieses Thema. Melde mich heute Abend nochmal bezüglich deiner Frage, sobald meine Freundin getestet hat ob sie auf ihre persönlichen Daten zugreifen kann. Frage: Meinst du mit persönliche Daten, die Ordner im Verzeichnis: C:\Users\*** Vielen Dank schon mal. Hi Markus, also meine Freundin hat mir gerade eben mitgeteilt, dass sie zu allen persönlichen Daten Zugriff hat und sie auch nichts anderes auffälliges erkennen konnte. Wie soll sie weiter vorgehen? Schon irgendwelche Neuigkeiten wegen dem Anhang in der Email? Danke schon mal im Voraus. Grüße Joe |
|
13.02.2013, 11:18
| #4 |
| /// Malware-holic | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi, ich meine zb Bilder, Textdokumente. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.02.2013, 23:08
| #5 |
| | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hallo, ja sie kann Bilder und Textdokumente öffnen. Hier die TDSS-Log Datei Code:
ATTFilter 23:00:00.0033 1948 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:00:00.0080 1948 ============================================================
23:00:00.0080 1948 Current date / time: 2013/02/13 23:00:00.0080
23:00:00.0080 1948 SystemInfo:
23:00:00.0080 1948
23:00:00.0080 1948 OS Version: 6.0.6002 ServicePack: 2.0
23:00:00.0080 1948 Product type: Workstation
23:00:00.0080 1948 ComputerName: ESRA-PC
23:00:00.0080 1948 UserName: Esra
23:00:00.0080 1948 Windows directory: C:\Windows
23:00:00.0080 1948 System windows directory: C:\Windows
23:00:00.0080 1948 Processor architecture: Intel x86
23:00:00.0080 1948 Number of processors: 2
23:00:00.0080 1948 Page size: 0x1000
23:00:00.0080 1948 Boot type: Normal boot
23:00:00.0080 1948 ============================================================
23:00:00.0518 1948 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
23:00:00.0518 1948 ============================================================
23:00:00.0518 1948 \Device\Harddisk0\DR0:
23:00:00.0518 1948 MBR partitions:
23:00:00.0518 1948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1384C7A, BlocksNum 0x8B8E955
23:00:00.0518 1948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F135CF, BlocksNum 0x8B054F2
23:00:00.0518 1948 ============================================================
23:00:00.0565 1948 C: <-> \Device\Harddisk0\DR0\Partition1
23:00:00.0612 1948 D: <-> \Device\Harddisk0\DR0\Partition2
23:00:00.0612 1948 ============================================================
23:00:00.0612 1948 Initialize success
23:00:00.0612 1948 ============================================================
23:00:28.0255 3740 ============================================================
23:00:28.0255 3740 Scan started
23:00:28.0255 3740 Mode: Manual; SigCheck; TDLFS;
23:00:28.0255 3740 ============================================================
23:00:28.0615 3740 ================ Scan system memory ========================
23:00:28.0615 3740 System memory - ok
23:00:28.0615 3740 ================ Scan services =============================
23:00:28.0849 3740 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:00:29.0021 3740 ACPI - ok
23:00:29.0068 3740 adfs - ok
23:00:29.0226 3740 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:00:29.0242 3740 AdobeARMservice - ok
23:00:29.0335 3740 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:00:29.0367 3740 adp94xx - ok
23:00:29.0398 3740 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:00:29.0429 3740 adpahci - ok
23:00:29.0445 3740 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:00:29.0460 3740 adpu160m - ok
23:00:29.0476 3740 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:00:29.0492 3740 adpu320 - ok
23:00:29.0538 3740 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:00:29.0679 3740 AeLookupSvc - ok
23:00:29.0726 3740 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:00:29.0773 3740 AFD - ok
23:00:29.0835 3740 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:00:29.0835 3740 agp440 - ok
23:00:29.0882 3740 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:00:29.0898 3740 aic78xx - ok
23:00:29.0976 3740 [ 3845B6555DE995F6C0C07AE2ABCC0532 ] ALaunchService C:\Acer\ALaunch\ALaunchSvc.exe
23:00:30.0007 3740 ALaunchService ( UnsignedFile.Multi.Generic ) - warning
23:00:30.0007 3740 ALaunchService - detected UnsignedFile.Multi.Generic (1)
23:00:30.0054 3740 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:00:30.0196 3740 ALG - ok
23:00:30.0211 3740 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
23:00:30.0227 3740 aliide - ok
23:00:30.0258 3740 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:00:30.0274 3740 amdagp - ok
23:00:30.0305 3740 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
23:00:30.0321 3740 amdide - ok
23:00:30.0336 3740 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:00:30.0524 3740 AmdK7 - ok
23:00:30.0539 3740 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:00:30.0586 3740 AmdK8 - ok
23:00:30.0664 3740 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:00:30.0696 3740 AntiVirSchedulerService - ok
23:00:30.0742 3740 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:00:30.0758 3740 AntiVirService - ok
23:00:30.0805 3740 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:00:30.0836 3740 Appinfo - ok
23:00:30.0946 3740 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:00:30.0961 3740 Apple Mobile Device - ok
23:00:30.0977 3740 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
23:00:30.0992 3740 arc - ok
23:00:31.0024 3740 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:00:31.0039 3740 arcsas - ok
23:00:31.0133 3740 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:00:31.0149 3740 aspnet_state - ok
23:00:31.0199 3740 [ 2A7037F93AE6AB1305606DEE23C70F8C ] astcc C:\Windows\system32\ASTSRV.EXE
23:00:31.0214 3740 astcc - ok
23:00:31.0245 3740 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:31.0324 3740 AsyncMac - ok
23:00:31.0355 3740 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:00:31.0370 3740 atapi - ok
23:00:31.0449 3740 [ 373469E83FB000AAE521068C84827FA7 ] athrusb6 C:\Windows\system32\DRIVERS\athru6.sys
23:00:31.0589 3740 athrusb6 - ok
23:00:31.0636 3740 [ A63B95991D0036D8D5A188BB4A31CF18 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
23:00:31.0714 3740 Ati External Event Utility - ok
23:00:31.0808 3740 [ DACA081E9DC82D4A05B0D21E8AA93DF8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:00:31.0980 3740 atikmdag - ok
23:00:32.0042 3740 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:00:32.0089 3740 AudioEndpointBuilder - ok
23:00:32.0105 3740 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:00:32.0136 3740 Audiosrv - ok
23:00:32.0167 3740 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:00:32.0246 3740 avgntflt - ok
23:00:32.0278 3740 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:00:32.0356 3740 avipbb - ok
23:00:32.0371 3740 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:00:32.0434 3740 avkmgr - ok
23:00:32.0481 3740 [ 746F59822A5187510471FC46889B8CC9 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
23:00:32.0559 3740 BCM43XV - ok
23:00:32.0590 3740 [ 746F59822A5187510471FC46889B8CC9 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:00:32.0606 3740 BCM43XX - ok
23:00:32.0653 3740 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:00:32.0700 3740 Beep - ok
23:00:32.0746 3740 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:00:32.0793 3740 BFE - ok
23:00:32.0887 3740 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
23:00:32.0934 3740 BITS - ok
23:00:32.0950 3740 blbdrive - ok
23:00:33.0028 3740 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:00:33.0043 3740 Bonjour Service - ok
23:00:33.0075 3740 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:00:33.0121 3740 bowser - ok
23:00:33.0153 3740 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:00:33.0184 3740 BrFiltLo - ok
23:00:33.0219 3740 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:00:33.0266 3740 BrFiltUp - ok
23:00:33.0282 3740 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:00:33.0328 3740 Browser - ok
23:00:33.0360 3740 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:00:33.0430 3740 Brserid - ok
23:00:33.0453 3740 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:00:33.0508 3740 BrSerWdm - ok
23:00:33.0532 3740 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:00:33.0594 3740 BrUsbMdm - ok
23:00:33.0617 3740 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:00:33.0680 3740 BrUsbSer - ok
23:00:33.0696 3740 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:00:33.0766 3740 BTHMODEM - ok
23:00:33.0852 3740 [ D8BA0E0FFBCE2DD5DE110C5146C438B4 ] Cam5607 C:\Windows\system32\Drivers\BisonC07.sys
23:00:33.0953 3740 Cam5607 - ok
23:00:33.0992 3740 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:00:34.0024 3740 cdfs - ok
23:00:34.0039 3740 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:00:34.0071 3740 cdrom - ok
23:00:34.0117 3740 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:00:34.0164 3740 CertPropSvc - ok
23:00:34.0180 3740 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
23:00:34.0239 3740 circlass - ok
23:00:34.0273 3740 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:00:34.0292 3740 CLFS - ok
23:00:34.0351 3740 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:34.0365 3740 clr_optimization_v2.0.50727_32 - ok
23:00:34.0402 3740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:34.0417 3740 clr_optimization_v4.0.30319_32 - ok
23:00:34.0452 3740 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:00:34.0491 3740 CmBatt - ok
23:00:34.0514 3740 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:00:34.0527 3740 cmdide - ok
23:00:34.0583 3740 [ 675D67423980FC1784B93AA47D350A31 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
23:00:34.0627 3740 cmnsusbser - ok
23:00:34.0655 3740 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:00:34.0669 3740 Compbatt - ok
23:00:34.0677 3740 COMSysApp - ok
23:00:34.0688 3740 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:00:34.0700 3740 crcdisk - ok
23:00:34.0718 3740 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:00:34.0782 3740 Crusoe - ok
23:00:34.0815 3740 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:00:34.0863 3740 CryptSvc - ok
23:00:34.0898 3740 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
23:00:34.0929 3740 CVirtA - ok
23:00:35.0039 3740 [ 08D8FA119F2AD6AC0377FB667523482E ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
23:00:35.0152 3740 CVPND - ok
23:00:35.0191 3740 [ 1C2999966F0F36AA44EAECBEE70CF770 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
23:00:35.0217 3740 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
23:00:35.0217 3740 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
23:00:35.0268 3740 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:00:35.0338 3740 DcomLaunch - ok
23:00:35.0370 3740 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:00:35.0418 3740 DfsC - ok
23:00:35.0528 3740 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:00:35.0731 3740 DFSR - ok
23:00:35.0793 3740 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:00:35.0824 3740 Dhcp - ok
23:00:35.0856 3740 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:00:35.0871 3740 disk - ok
23:00:35.0903 3740 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
23:00:35.0965 3740 DKbFltr - ok
23:00:36.0012 3740 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
23:00:36.0028 3740 DNE - ok
23:00:36.0074 3740 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:00:36.0106 3740 Dnscache - ok
23:00:36.0153 3740 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:00:36.0184 3740 dot3svc - ok
23:00:36.0233 3740 [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:00:36.0264 3740 dot4 - ok
23:00:36.0295 3740 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:00:36.0342 3740 Dot4Print - ok
23:00:36.0358 3740 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:00:36.0405 3740 dot4usb - ok
23:00:36.0436 3740 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:00:36.0467 3740 DPS - ok
23:00:36.0514 3740 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
23:00:36.0576 3740 DritekPortIO - ok
23:00:36.0608 3740 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:00:36.0639 3740 drmkaud - ok
23:00:36.0670 3740 dtpd - ok
23:00:36.0717 3740 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:00:36.0764 3740 DXGKrnl - ok
23:00:36.0811 3740 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:00:36.0873 3740 E1G60 - ok
23:00:36.0920 3740 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:00:36.0951 3740 EapHost - ok
23:00:37.0014 3740 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:00:37.0030 3740 Ecache - ok
23:00:37.0123 3740 [ F87DDE13D57062DA8EBA2368667D8130 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
23:00:37.0201 3740 eDataSecurity Service - ok
23:00:37.0266 3740 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:00:37.0313 3740 ehRecvr - ok
23:00:37.0328 3740 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:00:37.0375 3740 ehSched - ok
23:00:37.0391 3740 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:00:37.0406 3740 ehstart - ok
23:00:37.0469 3740 [ 7A9E8C1BE235D0B0CA784A13FC960B6A ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
23:00:37.0485 3740 eLockService ( UnsignedFile.Multi.Generic ) - warning
23:00:37.0485 3740 eLockService - detected UnsignedFile.Multi.Generic (1)
23:00:37.0531 3740 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:00:37.0547 3740 elxstor - ok
23:00:37.0610 3740 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:00:37.0656 3740 EMDMgmt - ok
23:00:37.0703 3740 [ 1FA3F9DF8983873746FA6B72DD7E3C2C ] EMSCR C:\Windows\system32\DRIVERS\EMS7SK.sys
23:00:37.0750 3740 EMSCR - ok
23:00:37.0766 3740 [ 50CCDBEAF80876F9AB378FE5B8FC6D69 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
23:00:37.0781 3740 eNet Service ( UnsignedFile.Multi.Generic ) - warning
23:00:37.0781 3740 eNet Service - detected UnsignedFile.Multi.Generic (1)
23:00:37.0844 3740 [ A2580C15D2664D18C3E140C7F98B366C ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
23:00:37.0860 3740 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
23:00:37.0860 3740 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
23:00:37.0891 3740 [ 9C7487253AAD6BF61F9BC83D50E32CCC ] ESDCR C:\Windows\system32\DRIVERS\ESD7SK.sys
23:00:37.0922 3740 ESDCR - ok
23:00:37.0969 3740 [ D411B3C7005917470F5D9B9C8F48DD96 ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
23:00:37.0969 3740 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
23:00:37.0969 3740 eSettingsService - detected UnsignedFile.Multi.Generic (1)
23:00:37.0985 3740 [ 99589D975DA04F8BD31F124428FCC797 ] ESMCR C:\Windows\system32\DRIVERS\ESM7SK.sys
23:00:38.0016 3740 ESMCR - ok
23:00:38.0063 3740 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:00:38.0110 3740 EventSystem - ok
23:00:38.0156 3740 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:00:38.0188 3740 exfat - ok
23:00:38.0250 3740 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:00:38.0298 3740 fastfat - ok
23:00:38.0329 3740 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:00:38.0532 3740 fdc - ok
23:00:38.0579 3740 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:00:38.0611 3740 fdPHost - ok
23:00:38.0657 3740 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:00:38.0720 3740 FDResPub - ok
23:00:38.0767 3740 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:00:38.0782 3740 FileInfo - ok
23:00:38.0861 3740 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:00:38.0907 3740 Filetrace - ok
23:00:38.0986 3740 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:00:39.0032 3740 FLEXnet Licensing Service - ok
23:00:39.0079 3740 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:00:39.0142 3740 flpydisk - ok
23:00:39.0189 3740 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:00:39.0204 3740 FltMgr - ok
23:00:39.0288 3740 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:00:39.0382 3740 FontCache - ok
23:00:39.0445 3740 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:00:39.0460 3740 FontCache3.0.0.0 - ok
23:00:39.0491 3740 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:00:39.0538 3740 Fs_Rec - ok
23:00:39.0570 3740 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:00:39.0585 3740 gagp30kx - ok
23:00:39.0616 3740 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:00:39.0616 3740 GEARAspiWDM - ok
23:00:39.0663 3740 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:00:39.0710 3740 gpsvc - ok
23:00:39.0773 3740 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:00:39.0835 3740 HdAudAddService - ok
23:00:39.0882 3740 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:00:39.0960 3740 HDAudBus - ok
23:00:39.0976 3740 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:00:40.0038 3740 HidBth - ok
23:00:40.0054 3740 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:00:40.0116 3740 HidIr - ok
23:00:40.0148 3740 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
23:00:40.0195 3740 hidserv - ok
23:00:40.0226 3740 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:00:40.0273 3740 HidUsb - ok
23:00:40.0290 3740 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:00:40.0353 3740 hkmsvc - ok
23:00:40.0368 3740 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:00:40.0384 3740 HpCISSs - ok
23:00:40.0462 3740 [ 1406E58FBD73F8E704DEAA203B29340B ] HRService C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
23:00:40.0478 3740 HRService - ok
23:00:40.0525 3740 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:00:40.0556 3740 HSFHWAZL - ok
23:00:40.0603 3740 [ 9EFA5FEC26CEC696A66A891AC90B412D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:00:40.0712 3740 HSF_DPV - ok
23:00:40.0759 3740 [ 7E775360ECE92156CED6ED3B1DAF6208 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:00:40.0790 3740 HSXHWAZL - ok
23:00:40.0837 3740 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:00:40.0915 3740 HTTP - ok
23:00:40.0931 3740 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:00:40.0947 3740 i2omp - ok
23:00:40.0993 3740 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:00:41.0025 3740 i8042prt - ok
23:00:41.0056 3740 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:00:41.0072 3740 iaStorV - ok
23:00:41.0165 3740 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:00:41.0181 3740 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:00:41.0181 3740 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:00:41.0290 3740 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:00:41.0387 3740 idsvc - ok
23:00:41.0418 3740 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:00:41.0434 3740 iirsp - ok
23:00:41.0465 3740 iked - ok
23:00:41.0496 3740 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:00:41.0574 3740 IKEEXT - ok
23:00:41.0590 3740 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
23:00:41.0668 3740 int15 - ok
23:00:41.0762 3740 [ 04BEF1C4AA990E0D5851C7532FC8642C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:00:41.0996 3740 IntcAzAudAddService - ok
23:00:42.0028 3740 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
23:00:42.0028 3740 intelide - ok
23:00:42.0074 3740 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:00:42.0137 3740 intelppm - ok
23:00:42.0168 3740 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:00:42.0215 3740 IPBusEnum - ok
23:00:42.0246 3740 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:00:42.0278 3740 IpFilterDriver - ok
23:00:42.0324 3740 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:00:42.0357 3740 iphlpsvc - ok
23:00:42.0357 3740 IpInIp - ok
23:00:42.0388 3740 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:00:42.0466 3740 IPMIDRV - ok
23:00:42.0497 3740 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:00:42.0529 3740 IPNAT - ok
23:00:42.0591 3740 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:00:42.0654 3740 iPod Service - ok
23:00:42.0669 3740 ipsecd - ok
23:00:42.0700 3740 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
23:00:42.0732 3740 irda - ok
23:00:42.0763 3740 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:00:42.0810 3740 IRENUM - ok
23:00:42.0841 3740 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
23:00:42.0919 3740 Irmon - ok
23:00:42.0935 3740 [ D04DA73127FFED720DFC4EB673A23E04 ] irsir C:\Windows\system32\DRIVERS\irsir.sys
23:00:43.0013 3740 irsir - ok
23:00:43.0029 3740 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:00:43.0044 3740 isapnp - ok
23:00:43.0091 3740 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:00:43.0107 3740 iScsiPrt - ok
23:00:43.0122 3740 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:00:43.0138 3740 iteatapi - ok
23:00:43.0154 3740 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:00:43.0169 3740 iteraid - ok
23:00:43.0200 3740 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:00:43.0216 3740 kbdclass - ok
23:00:43.0232 3740 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:00:43.0263 3740 kbdhid - ok
23:00:43.0294 3740 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:00:43.0325 3740 KeyIso - ok
23:00:43.0375 3740 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:00:43.0406 3740 KSecDD - ok
23:00:43.0438 3740 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:00:43.0485 3740 KtmRm - ok
23:00:43.0531 3740 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
23:00:43.0563 3740 LanmanServer - ok
23:00:43.0594 3740 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:00:43.0641 3740 LanmanWorkstation - ok
23:00:43.0703 3740 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:00:43.0735 3740 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:00:43.0735 3740 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:00:43.0766 3740 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:00:43.0813 3740 lltdio - ok
23:00:43.0844 3740 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:00:43.0906 3740 lltdsvc - ok
23:00:43.0922 3740 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:00:44.0000 3740 lmhosts - ok
23:00:44.0016 3740 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:00:44.0031 3740 LSI_FC - ok
23:00:44.0063 3740 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:00:44.0078 3740 LSI_SAS - ok
23:00:44.0094 3740 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:00:44.0110 3740 LSI_SCSI - ok
23:00:44.0141 3740 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:00:44.0172 3740 luafv - ok
23:00:44.0219 3740 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
23:00:44.0250 3740 massfilter - ok
23:00:44.0281 3740 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:00:44.0313 3740 Mcx2Svc - ok
23:00:44.0407 3740 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:00:44.0423 3740 MDM ( UnsignedFile.Multi.Generic ) - warning
23:00:44.0423 3740 MDM - detected UnsignedFile.Multi.Generic (1)
23:00:44.0454 3740 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:00:44.0501 3740 mdmxsdk - ok
23:00:44.0532 3740 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
23:00:44.0548 3740 megasas - ok
23:00:44.0626 3740 Microsoft SharePoint Workspace Audit Service - ok
23:00:44.0657 3740 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:00:44.0689 3740 MMCSS - ok
23:00:44.0751 3740 MobilityService - ok
23:00:44.0767 3740 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:00:44.0814 3740 Modem - ok
23:00:44.0861 3740 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:00:44.0892 3740 monitor - ok
23:00:44.0907 3740 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:00:44.0923 3740 mouclass - ok
23:00:44.0954 3740 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:00:45.0001 3740 mouhid - ok
23:00:45.0032 3740 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:00:45.0048 3740 MountMgr - ok
23:00:45.0095 3740 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
23:00:45.0111 3740 mpio - ok
23:00:45.0142 3740 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:00:45.0173 3740 mpsdrv - ok
23:00:45.0220 3740 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:00:45.0251 3740 MpsSvc - ok
23:00:45.0282 3740 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:00:45.0298 3740 Mraid35x - ok
23:00:45.0329 3740 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:00:45.0345 3740 MRxDAV - ok
23:00:45.0393 3740 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:00:45.0440 3740 mrxsmb - ok
23:00:45.0487 3740 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:00:45.0518 3740 mrxsmb10 - ok
23:00:45.0549 3740 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:00:45.0565 3740 mrxsmb20 - ok
23:00:45.0580 3740 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
23:00:45.0596 3740 msahci - ok
23:00:45.0612 3740 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:00:45.0627 3740 msdsm - ok
23:00:45.0674 3740 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:00:45.0721 3740 MSDTC - ok
23:00:45.0752 3740 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:00:45.0783 3740 Msfs - ok
23:00:45.0830 3740 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:00:45.0846 3740 msisadrv - ok
23:00:45.0877 3740 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:00:45.0940 3740 MSiSCSI - ok
23:00:45.0940 3740 msiserver - ok
23:00:45.0971 3740 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:00:46.0002 3740 MSKSSRV - ok
23:00:46.0049 3740 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:00:46.0080 3740 MSPCLOCK - ok
23:00:46.0112 3740 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:00:46.0127 3740 MSPQM - ok
23:00:46.0158 3740 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:00:46.0190 3740 MsRPC - ok
23:00:46.0190 3740 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:00:46.0205 3740 mssmbios - ok
23:00:46.0237 3740 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:00:46.0252 3740 MSTEE - ok
23:00:46.0283 3740 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:00:46.0299 3740 Mup - ok
23:00:46.0330 3740 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:00:46.0362 3740 napagent - ok
23:00:46.0393 3740 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:00:46.0426 3740 NativeWifiP - ok
23:00:46.0473 3740 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:00:46.0504 3740 NDIS - ok
23:00:46.0535 3740 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:00:46.0567 3740 NdisTapi - ok
23:00:46.0598 3740 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:00:46.0629 3740 Ndisuio - ok
23:00:46.0660 3740 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:00:46.0676 3740 NdisWan - ok
23:00:46.0692 3740 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:00:46.0723 3740 NDProxy - ok
23:00:46.0832 3740 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23:00:46.0910 3740 Nero BackItUp Scheduler 3 - ok
23:00:46.0926 3740 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:00:46.0957 3740 NetBIOS - ok
23:00:46.0988 3740 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:00:47.0020 3740 netbt - ok
23:00:47.0035 3740 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:00:47.0067 3740 Netlogon - ok
23:00:47.0098 3740 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:00:47.0145 3740 Netman - ok
23:00:47.0207 3740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:00:47.0223 3740 NetMsmqActivator - ok
23:00:47.0238 3740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:00:47.0254 3740 NetPipeActivator - ok
23:00:47.0301 3740 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:00:47.0348 3740 netprofm - ok
23:00:47.0363 3740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:00:47.0379 3740 NetTcpActivator - ok
23:00:47.0379 3740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:00:47.0395 3740 NetTcpPortSharing - ok
23:00:47.0443 3740 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:00:47.0443 3740 nfrd960 - ok
23:00:47.0505 3740 [ 37260A293B6A89373AE76791E6CC5A12 ] nhcDriverDevice C:\Windows\system32\drivers\nhcDriver.sys
23:00:47.0521 3740 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - warning
23:00:47.0521 3740 nhcDriverDevice - detected UnsignedFile.Multi.Generic (1)
23:00:47.0568 3740 [ 9C14E80FF4CCDFF8129DC716C112C517 ] NitroDriverReadSpool C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
23:00:47.0583 3740 NitroDriverReadSpool - ok
23:00:47.0630 3740 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:00:47.0677 3740 NlaSvc - ok
23:00:47.0771 3740 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:00:47.0786 3740 NMIndexingService - ok
23:00:47.0849 3740 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:00:47.0880 3740 Npfs - ok
23:00:47.0911 3740 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:00:47.0943 3740 nsi - ok
23:00:47.0974 3740 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:00:48.0021 3740 nsiproxy - ok
23:00:48.0068 3740 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:00:48.0161 3740 Ntfs - ok
23:00:48.0193 3740 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:00:48.0193 3740 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
23:00:48.0193 3740 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
23:00:48.0208 3740 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:00:48.0271 3740 ntrigdigi - ok
23:00:48.0286 3740 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:00:48.0333 3740 Null - ok
23:00:48.0349 3740 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:00:48.0364 3740 nvraid - ok
23:00:48.0396 3740 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:00:48.0411 3740 nvstor - ok
23:00:48.0427 3740 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:00:48.0445 3740 nv_agp - ok
23:00:48.0460 3740 NwlnkFlt - ok
23:00:48.0460 3740 NwlnkFwd - ok
23:00:48.0538 3740 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:00:48.0554 3740 odserv - ok
23:00:48.0616 3740 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:00:48.0632 3740 ohci1394 - ok
23:00:48.0695 3740 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:00:48.0710 3740 ose - ok
23:00:48.0913 3740 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:00:49.0210 3740 osppsvc - ok
23:00:49.0273 3740 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:00:49.0366 3740 p2pimsvc - ok
23:00:49.0382 3740 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:00:49.0413 3740 p2psvc - ok
23:00:49.0446 3740 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:00:49.0509 3740 Parport - ok
23:00:49.0556 3740 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:00:49.0572 3740 partmgr - ok
23:00:49.0587 3740 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:00:49.0650 3740 Parvdm - ok
23:00:49.0697 3740 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:00:49.0728 3740 PcaSvc - ok
23:00:49.0759 3740 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:00:49.0775 3740 pci - ok
23:00:49.0822 3740 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:00:49.0837 3740 pciide - ok
23:00:49.0853 3740 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:00:49.0868 3740 pcmcia - ok
23:00:49.0915 3740 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:00:50.0025 3740 PEAUTH - ok
23:00:50.0118 3740 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:00:50.0243 3740 pla - ok
23:00:50.0275 3740 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:00:50.0306 3740 PlugPlay - ok
23:00:50.0337 3740 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:00:50.0368 3740 PNRPAutoReg - ok
23:00:50.0415 3740 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:00:50.0447 3740 PNRPsvc - ok
23:00:50.0512 3740 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:00:50.0606 3740 PolicyAgent - ok
23:00:50.0637 3740 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:00:50.0684 3740 PptpMiniport - ok
23:00:50.0699 3740 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
23:00:50.0778 3740 Processor - ok
23:00:50.0793 3740 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:00:50.0840 3740 ProfSvc - ok
23:00:50.0856 3740 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:00:50.0887 3740 ProtectedStorage - ok
23:00:50.0918 3740 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:00:50.0949 3740 PSched - ok
23:00:50.0981 3740 [ C2821F33B846A52FDC25FF554ACF11F2 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
23:00:51.0043 3740 PSDFilter - ok
23:00:51.0059 3740 [ 28D3A91FE7791B970E6B15C88F98DFBD ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
23:00:51.0121 3740 PSDNServ - ok
23:00:51.0137 3740 [ 3A66F69459052DE13EF8A0F77D728A73 ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
23:00:51.0215 3740 psdvdisk - ok
23:00:51.0262 3740 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:00:51.0340 3740 ql2300 - ok
23:00:51.0371 3740 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:00:51.0387 3740 ql40xx - ok
23:00:51.0418 3740 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:00:51.0465 3740 QWAVE - ok
23:00:51.0481 3740 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:00:51.0530 3740 QWAVEdrv - ok
23:00:51.0623 3740 [ DACA081E9DC82D4A05B0D21E8AA93DF8 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:00:51.0733 3740 R300 - ok
23:00:51.0780 3740 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:00:51.0811 3740 RasAcd - ok
23:00:51.0842 3740 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:00:51.0873 3740 RasAuto - ok
23:00:51.0905 3740 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:00:51.0951 3740 Rasl2tp - ok
23:00:51.0998 3740 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:00:52.0030 3740 RasMan - ok
23:00:52.0045 3740 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:00:52.0061 3740 RasPppoe - ok
23:00:52.0076 3740 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:00:52.0108 3740 RasSstp - ok
23:00:52.0123 3740 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:00:52.0155 3740 rdbss - ok
23:00:52.0170 3740 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:00:52.0201 3740 RDPCDD - ok
23:00:52.0248 3740 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:00:52.0311 3740 rdpdr - ok
23:00:52.0326 3740 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:00:52.0358 3740 RDPENCDD - ok
23:00:52.0405 3740 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:00:52.0451 3740 RDPWD - ok
23:00:52.0498 3740 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:00:52.0547 3740 RemoteAccess - ok
23:00:52.0578 3740 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:00:52.0610 3740 RemoteRegistry - ok
23:00:52.0656 3740 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:00:52.0672 3740 RichVideo ( UnsignedFile.Multi.Generic ) - warning
23:00:52.0672 3740 RichVideo - detected UnsignedFile.Multi.Generic (1)
23:00:52.0703 3740 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:00:52.0750 3740 RpcLocator - ok
23:00:52.0797 3740 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:00:52.0844 3740 RpcSs - ok
23:00:52.0875 3740 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:00:52.0922 3740 rspndr - ok
23:00:52.0953 3740 [ EC8BD9A495DD4231553B8F9258CA3B2A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
23:00:52.0985 3740 RTL8169 - ok
23:00:53.0016 3740 [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys
23:00:53.0094 3740 s217bus - ok
23:00:53.0141 3740 [ 8C156E6B568AA927EB5DEADEB870BDD2 ] s816bus C:\Windows\system32\DRIVERS\s816bus.sys
23:00:53.0141 3740 s816bus - ok
23:00:53.0188 3740 [ D4ED429953A2B8B09C702805813A26C8 ] s816mdfl C:\Windows\system32\DRIVERS\s816mdfl.sys
23:00:53.0203 3740 s816mdfl - ok
23:00:53.0235 3740 [ 94306F371A6FF8B690BEA81157111B3B ] s816mdm C:\Windows\system32\DRIVERS\s816mdm.sys
23:00:53.0250 3740 s816mdm - ok
23:00:53.0281 3740 [ FAFDD00ABAD1B6029BF7F4067764AB41 ] s816mgmt C:\Windows\system32\DRIVERS\s816mgmt.sys
23:00:53.0297 3740 s816mgmt - ok
23:00:53.0328 3740 [ FD0D1E39CB22558D79BFF59B66A5874A ] s816nd5 C:\Windows\system32\DRIVERS\s816nd5.sys
23:00:53.0344 3740 s816nd5 - ok
23:00:53.0360 3740 [ 8EACD5E46764463E75F171D9BF305348 ] s816obex C:\Windows\system32\DRIVERS\s816obex.sys
23:00:53.0375 3740 s816obex - ok
23:00:53.0391 3740 [ E2090B041B935430ABC8E184B7D6CD75 ] s816unic C:\Windows\system32\DRIVERS\s816unic.sys
23:00:53.0406 3740 s816unic - ok
23:00:53.0422 3740 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:00:53.0438 3740 SamSs - ok
23:00:53.0469 3740 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:00:53.0485 3740 sbp2port - ok
23:00:53.0516 3740 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:00:53.0566 3740 SCardSvr - ok
23:00:53.0613 3740 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:00:53.0691 3740 Schedule - ok
23:00:53.0706 3740 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:00:53.0738 3740 SCPolicySvc - ok
23:00:53.0753 3740 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:00:53.0784 3740 sdbus - ok
23:00:53.0831 3740 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:00:53.0847 3740 SDRSVC - ok
23:00:53.0894 3740 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:00:53.0956 3740 secdrv - ok
23:00:53.0988 3740 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:00:54.0019 3740 seclogon - ok
23:00:54.0034 3740 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:00:54.0066 3740 SENS - ok
23:00:54.0081 3740 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:00:54.0144 3740 Serenum - ok
23:00:54.0159 3740 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:00:54.0222 3740 Serial - ok
23:00:54.0238 3740 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:00:54.0269 3740 sermouse - ok
23:00:54.0316 3740 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:00:54.0347 3740 SessionEnv - ok
23:00:54.0363 3740 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:00:54.0441 3740 sffdisk - ok
23:00:54.0456 3740 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:00:54.0534 3740 sffp_mmc - ok
23:00:54.0551 3740 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:00:54.0613 3740 sffp_sd - ok
23:00:54.0645 3740 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:00:54.0660 3740 sfloppy - ok
23:00:54.0707 3740 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:00:54.0738 3740 SharedAccess - ok
23:00:54.0785 3740 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:00:54.0817 3740 ShellHWDetection - ok
23:00:54.0863 3740 [ 3DA2F680BFC8E92A535CEA5A5D80AC37 ] SI3112r C:\Windows\system32\DRIVERS\SI3112r.sys
23:00:54.0926 3740 SI3112r - ok
23:00:54.0942 3740 [ D893AA1D1EE007B7AB1B16E1099E9F17 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
23:00:55.0004 3740 SiFilter - ok
23:00:55.0020 3740 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:00:55.0035 3740 sisagp - ok
23:00:55.0067 3740 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:00:55.0082 3740 SiSRaid2 - ok
23:00:55.0098 3740 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:00:55.0113 3740 SiSRaid4 - ok
23:00:55.0238 3740 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:00:55.0504 3740 slsvc - ok
23:00:55.0535 3740 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:00:55.0586 3740 SLUINotify - ok
23:00:55.0633 3740 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:00:55.0664 3740 Smb - ok
23:00:55.0696 3740 [ D1BF7148144AD1851893E84363F78130 ] SMSCIRDA C:\Windows\system32\DRIVERS\SMSCirda.sys
23:00:55.0727 3740 SMSCIRDA - ok
23:00:55.0758 3740 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:00:55.0774 3740 SNMPTRAP - ok
23:00:55.0805 3740 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:00:55.0821 3740 spldr - ok
23:00:55.0852 3740 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:00:55.0899 3740 Spooler - ok
23:00:55.0946 3740 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:00:55.0977 3740 srv - ok
23:00:56.0008 3740 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:00:56.0039 3740 srv2 - ok
23:00:56.0055 3740 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:00:56.0086 3740 srvnet - ok
23:00:56.0117 3740 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:00:56.0149 3740 SSDPSRV - ok
23:00:56.0196 3740 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:00:56.0211 3740 ssmdrv - ok
23:00:56.0242 3740 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:00:56.0258 3740 SstpSvc - ok
23:00:56.0305 3740 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:00:56.0383 3740 stisvc - ok
23:00:56.0399 3740 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:00:56.0414 3740 swenum - ok
23:00:56.0461 3740 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:00:56.0508 3740 swprv - ok
23:00:56.0524 3740 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:00:56.0539 3740 Symc8xx - ok
23:00:56.0571 3740 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:00:56.0587 3740 Sym_hi - ok
23:00:56.0618 3740 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:00:56.0634 3740 Sym_u3 - ok
23:00:56.0665 3740 [ F7A4250BB3E3AFCD4AF100E551509352 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:00:56.0728 3740 SynTP - ok
23:00:56.0775 3740 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:00:56.0837 3740 SysMain - ok
23:00:56.0868 3740 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:00:56.0884 3740 TabletInputService - ok
23:00:56.0931 3740 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:00:56.0978 3740 TapiSrv - ok
23:00:56.0993 3740 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:00:57.0040 3740 TBS - ok
23:00:57.0103 3740 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:00:57.0181 3740 Tcpip - ok
23:00:57.0228 3740 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:00:57.0306 3740 Tcpip6 - ok
23:00:57.0353 3740 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:00:57.0384 3740 tcpipreg - ok
23:00:57.0431 3740 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:00:57.0462 3740 TDPIPE - ok
23:00:57.0493 3740 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:00:57.0525 3740 TDTCP - ok
23:00:57.0572 3740 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:00:57.0620 3740 tdx - ok
23:00:57.0636 3740 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:00:57.0652 3740 TermDD - ok
23:00:57.0683 3740 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:00:57.0761 3740 TermService - ok
23:00:57.0777 3740 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:00:57.0808 3740 Themes - ok
23:00:57.0839 3740 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:00:57.0870 3740 THREADORDER - ok
23:00:57.0886 3740 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:00:57.0917 3740 TrkWks - ok
23:00:57.0964 3740 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:00:57.0980 3740 TrustedInstaller - ok
23:00:58.0027 3740 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:00:58.0042 3740 tssecsrv - ok
23:00:58.0183 3740 [ 6474B357B47503FC66FC712F89F34473 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
23:00:58.0308 3740 TuneUp.UtilitiesSvc - ok
23:00:58.0355 3740 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
23:00:58.0417 3740 TuneUpUtilitiesDrv - ok
23:00:58.0448 3740 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:00:58.0480 3740 tunmp - ok
23:00:58.0511 3740 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:00:58.0527 3740 tunnel - ok
23:00:58.0558 3740 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:00:58.0573 3740 uagp35 - ok
23:00:58.0605 3740 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:00:58.0638 3740 udfs - ok
23:00:58.0669 3740 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:00:58.0700 3740 UI0Detect - ok
23:00:58.0716 3740 UIUSys - ok
23:00:58.0732 3740 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:00:58.0747 3740 uliagpkx - ok
23:00:58.0779 3740 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:00:58.0794 3740 uliahci - ok
23:00:58.0825 3740 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:00:58.0841 3740 UlSata - ok
23:00:58.0857 3740 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:00:58.0872 3740 ulsata2 - ok
23:00:58.0904 3740 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:00:58.0935 3740 umbus - ok
23:00:58.0982 3740 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:00:59.0013 3740 upnphost - ok
23:00:59.0060 3740 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:00:59.0091 3740 USBAAPL - ok
23:00:59.0138 3740 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:00:59.0185 3740 usbccgp - ok
23:00:59.0200 3740 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:00:59.0263 3740 usbcir - ok
23:00:59.0294 3740 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:00:59.0325 3740 usbehci - ok
23:00:59.0357 3740 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:00:59.0388 3740 usbhub - ok
23:00:59.0419 3740 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:00:59.0435 3740 usbohci - ok
23:00:59.0466 3740 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:00:59.0513 3740 usbprint - ok
23:00:59.0544 3740 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:00:59.0575 3740 usbscan - ok
23:00:59.0591 3740 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:00:59.0634 3740 USBSTOR - ok
23:00:59.0663 3740 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:00:59.0724 3740 usbuhci - ok
23:00:59.0762 3740 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:00:59.0797 3740 UxSms - ok
23:00:59.0830 3740 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:00:59.0927 3740 vds - ok
23:00:59.0997 3740 [ B149FC750A51D272A25E0ADC7F52DBFD ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
23:01:00.0025 3740 vflt - ok
23:01:00.0040 3740 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:00.0094 3740 vga - ok
23:01:00.0126 3740 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:01:00.0156 3740 VgaSave - ok
23:01:00.0196 3740 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:01:00.0228 3740 viaagp - ok
23:01:00.0253 3740 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:01:00.0306 3740 ViaC7 - ok
23:01:00.0326 3740 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
23:01:00.0339 3740 viaide - ok
23:01:00.0385 3740 [ 1B13A6A5253E7F046728980CCB59C0B7 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
23:01:00.0431 3740 vnet - ok
23:01:00.0468 3740 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:01:00.0483 3740 volmgr - ok
23:01:00.0527 3740 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:01:00.0549 3740 volmgrx - ok
23:01:00.0610 3740 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:01:00.0629 3740 volsnap - ok
23:01:00.0679 3740 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:01:00.0694 3740 vsmraid - ok
23:01:00.0764 3740 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:01:00.0870 3740 VSS - ok
23:01:01.0011 3740 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:01:01.0051 3740 W32Time - ok
23:01:01.0074 3740 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:01:01.0147 3740 WacomPen - ok
23:01:01.0173 3740 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:01:01.0195 3740 Wanarp - ok
23:01:01.0208 3740 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:01:01.0231 3740 Wanarpv6 - ok
23:01:01.0295 3740 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:01:01.0338 3740 wcncsvc - ok
23:01:01.0384 3740 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:01:01.0427 3740 WcsPlugInService - ok
23:01:01.0460 3740 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
23:01:01.0483 3740 Wd - ok
23:01:01.0582 3740 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:01:01.0629 3740 Wdf01000 - ok
23:01:01.0682 3740 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:01:01.0721 3740 WdiServiceHost - ok
23:01:01.0729 3740 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:01:01.0775 3740 WdiSystemHost - ok
23:01:01.0854 3740 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:01:01.0885 3740 WebClient - ok
23:01:01.0916 3740 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:01:01.0947 3740 Wecsvc - ok
23:01:01.0963 3740 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:01:02.0010 3740 wercplsupport - ok
23:01:02.0041 3740 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:01:02.0072 3740 WerSvc - ok
23:01:02.0166 3740 [ CF27EDAC75C87F2B776D9218F02F8301 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:01:02.0244 3740 winachsf - ok
23:01:02.0260 3740 WinHttpAutoProxySvc - ok
23:01:02.0619 3740 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:01:02.0650 3740 Winmgmt - ok
23:01:02.0731 3740 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:01:02.0856 3740 WinRM - ok
23:01:02.0902 3740 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:01:02.0965 3740 Wlansvc - ok
23:01:03.0106 3740 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:01:03.0215 3740 wlidsvc - ok
23:01:03.0277 3740 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:01:03.0324 3740 WmiAcpi - ok
23:01:03.0356 3740 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:01:03.0402 3740 wmiApSrv - ok
23:01:03.0527 3740 [ D4DBD5DF926A2A16F6F148559E006075 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
23:01:03.0527 3740 WMIService ( UnsignedFile.Multi.Generic ) - warning
23:01:03.0527 3740 WMIService - detected UnsignedFile.Multi.Generic (1)
23:01:03.0606 3740 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:01:03.0720 3740 WMPNetworkSvc - ok
23:01:03.0751 3740 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:01:03.0782 3740 WPCSvc - ok
23:01:03.0845 3740 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:01:03.0876 3740 WPDBusEnum - ok
23:01:03.0907 3740 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:01:03.0939 3740 WpdUsb - ok
23:01:04.0064 3740 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:01:04.0126 3740 WPFFontCache_v0400 - ok
23:01:04.0157 3740 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:01:04.0189 3740 ws2ifsl - ok
23:01:04.0220 3740 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
23:01:04.0267 3740 wscsvc - ok
23:01:04.0267 3740 WSearch - ok
23:01:04.0329 3740 [ 62EBAACC7E419E85584E49658EEF7B37 ] WTGService C:\Program Files\XSManager\WTGService.exe
23:01:04.0345 3740 WTGService - ok
23:01:04.0439 3740 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:01:04.0642 3740 wuauserv - ok
23:01:04.0689 3740 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:01:04.0722 3740 WudfPf - ok
23:01:04.0753 3740 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:04.0784 3740 WUDFRd - ok
23:01:04.0816 3740 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:01:04.0847 3740 wudfsvc - ok
23:01:04.0862 3740 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
23:01:04.0878 3740 XAudio - ok
23:01:04.0894 3740 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
23:01:04.0956 3740 XAudioService - ok
23:01:05.0019 3740 [ CF86B3A5B30A28D170662D019087A90F ] XS Stick Service C:\Windows\service4g.exe
23:01:05.0034 3740 XS Stick Service - ok
23:01:05.0050 3740 ZDPNDIS4 - ok
23:01:05.0097 3740 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:01:05.0144 3740 ZTEusbmdm6k - ok
23:01:05.0159 3740 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
23:01:05.0206 3740 ZTEusbnet - ok
23:01:05.0237 3740 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:01:05.0269 3740 ZTEusbnmea - ok
23:01:05.0316 3740 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:01:05.0331 3740 ZTEusbser6k - ok
23:01:05.0362 3740 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
23:01:05.0378 3740 ZTEusbvoice - ok
23:01:05.0441 3740 ================ Scan global ===============================
23:01:05.0472 3740 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:01:05.0503 3740 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:01:05.0534 3740 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:01:05.0597 3740 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:01:05.0597 3740 [Global] - ok
23:01:05.0597 3740 ================ Scan MBR ==================================
23:01:05.0612 3740 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
23:01:08.0978 3740 \Device\Harddisk0\DR0 - ok
23:01:08.0978 3740 ================ Scan VBR ==================================
23:01:08.0978 3740 [ 2FB236DE8021FAE6765DED30655549E6 ] \Device\Harddisk0\DR0\Partition1
23:01:08.0978 3740 \Device\Harddisk0\DR0\Partition1 - ok
23:01:09.0009 3740 [ 975E9E7621BCDE409E53E7E0EBB09A3C ] \Device\Harddisk0\DR0\Partition2
23:01:09.0009 3740 \Device\Harddisk0\DR0\Partition2 - ok
23:01:09.0009 3740 ============================================================
23:01:09.0009 3740 Scan finished
23:01:09.0009 3740 ============================================================
23:01:09.0024 1220 Detected object count: 13
23:01:09.0024 1220 Actual detected object count: 13
23:04:15.0574 1220 ALaunchService ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0574 1220 ALaunchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0574 1220 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0574 1220 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0590 1220 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0590 1220 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0590 1220 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0590 1220 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0590 1220 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0590 1220 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0590 1220 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0590 1220 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0590 1220 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0590 1220 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0605 1220 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0605 1220 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0605 1220 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0605 1220 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0605 1220 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0605 1220 nhcDriverDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0605 1220 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0605 1220 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0605 1220 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0605 1220 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:04:15.0605 1220 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
23:04:15.0605 1220 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß Joe |
|
14.02.2013, 14:35
| #6 |
| /// Malware-holic | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi, Scan mit Combofix
__________________ --> Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren |
|
14.02.2013, 22:23
| #7 |
| | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi, Combofix ausgeführt. Dazugehörige Log-Datei: Code:
ATTFilter ComboFix 13-02-13.02 - Esra 14.02.2013 22:06:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1276 [GMT 1:00]
ausgeführt von:: c:\users\Esra\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\B036\180A.tmp
c:\program files\LP\B036\41C9.tmp
c:\program files\LP\B036\94DA.tmp
c:\program files\LP\B036\BDA2.tmp
c:\program files\LP\B036\C812.tmp
c:\program files\LP\B036\D215.tmp
c:\program files\LP\B036\EB3C.tmp
c:\program files\LP\B036\EC93.tmp
c:\program files\LP\B037\480.tmp
c:\program files\LP\B037\573B.tmp
c:\program files\LP\B037\63D7.tmp
c:\program files\LP\B037\9143.tmp
c:\program files\LP\B037\A447.tmp
c:\program files\LP\B037\B67E.tmp
c:\program files\LP\B037\D7D2.tmp
c:\program files\LP\B037\EAD.tmp
c:\program files\LP\B037\FB61.tmp
c:\users\Esra\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-14 bis 2013-02-14 ))))))))))))))))))))))))))))))
.
.
2013-02-14 21:15 . 2013-02-14 21:15 -------- d-----w- c:\users\Esra\AppData\Local\temp
2013-02-14 21:15 . 2013-02-14 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-13 22:20 . 2013-01-08 22:42 149528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-02-13 22:19 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 20:05 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 20:05 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 20:05 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 20:05 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 20:05 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-11 23:46 . 2013-02-11 23:46 -------- d-----w- c:\users\Esra\AppData\Roaming\Malwarebytes
2013-02-11 23:46 . 2013-02-11 23:46 -------- d-----w- c:\programdata\Malwarebytes
2013-02-11 23:46 . 2013-02-11 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-11 23:46 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 13:12 . 2012-12-23 01:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-23 01:17 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-20 04:22 . 2013-01-09 18:46 204288 ----a-w- c:\windows\system32\ncrypt.dll
2009-07-14 00:16 . 2013-02-09 14:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2013-02-09 14:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2013-02-09 14:24 . 2013-02-09 14:24 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2072690226-1356156960-1647667346-1000]
"EnableNotificationsRef"=dword:00000005
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Automatically Determine Topic Template - c:\program files\PRMT8\PRMTIE\aot.htm
IE: Customize Translation Options - c:\program files\PRMT8\PRMTIE\options.htm
IE: Free YouTube Download - c:\users\Esra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Esra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open Entry - c:\program files\PRMT8\PRMTIE\addentry.htm
IE: Search the Web - c:\program files\PRMT8\PRMTIE\search.htm
IE: Translate Page - c:\program files\PRMT8\PRMTIE\page.htm
IE: Unknown Words - c:\program files\PRMT8\PRMTIE\infopanel.htm
IE: {{4034D172-4C52-49de-A6A1-E75F8F591FEC} - c:\program files\PRMT8\PRMTIE\options.htm
IE: {{A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - c:\program files\PRMT8\PRMTIE\prmtie5.htm
TCP: DhcpNameServer = 129.143.2.1 129.143.2.4
TCP: Interfaces\{F208D33A-2ADE-47E5-BC0A-F4D8293DDE26}: NameServer = 141.87.114.200,141.87.129.200
FF - ProfilePath - c:\users\Esra\AppData\Roaming\Mozilla\Firefox\Profiles\5izqepya.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52202
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-08-19 20:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2416472 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2487367 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2789642 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-14 22:18:26
ComboFix-quarantined-files.txt 2013-02-14 21:18
.
Vor Suchlauf: 8.276.140.032 Bytes frei
Nach Suchlauf: 8.028.901.376 Bytes frei
.
- - End Of File - - 467208016F2EDBBEBF2566CB46DC02DB
|
|
14.02.2013, 23:08
| #8 |
| /// Malware-holic | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren hi sieht gut aus lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2013, 22:32
| #9 |
| | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi, freut mich dass es gut aussieht :-) Hier noch die gewünschte CCleaner-Datei: Code:
ATTFilter Acer eDataSecurity Management 08.05.2009 30,7MB Notwendig Acer OrbiCam 13.12.2009 Notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 01.01.2012 2,95MB 11.1.102.55 Notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 01.01.2012 11.1.102.55 Notwendig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 27.01.2013 165,7MB 10.1.5 Notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 01.01.2012 8,26MB 11.6.3.633 Notwendig Apple Application Support Apple Inc. 15.10.2011 61,2MB 2.1.5 Notwendig Apple Mobile Device Support Apple Inc. 15.10.2011 24,1MB 4.0.0.96 Notwendig Apple Software Update Apple Inc. 29.08.2011 2,38MB 2.1.3.127 Notwendig ATI Catalyst Install Manager 08.05.2009 13,8MB Notwendig Avira Free Antivirus Avira 17.11.2012 119,6MB 12.1.9.1236 Notwendig Bonjour Apple Inc. 15.10.2011 1,08MB 3.0.0.10 Notwendig Brother MFL-Pro Suite MFC-250C Brother Industries, Ltd. 27.02.2010 10,0MB 1.1.8.0 Notwendig Catalyst Control Center Core Implementation 08.05.2009 Notwendig Catalyst Control Center Graphics Full Existing Notwendig Catalyst Control Center Graphics Full New 08.05.2009 Notwendig Catalyst Control Center Graphics Light 08.05.2009 Notwendig Catalyst Control Center Localization Czech 08.05.2009 Unnötig Catalyst Control Center Localization Danish 08.05.2009 Unnötig ccc-core-static 08.05.2009 Unbekannt ccc-utility 08.05.2009 Unbekannt CCleaner Piriform 09.11.2011 4,13MB 3.12 Notwendig CDBurnerXP CDBurnerXP 26.06.2011 12,0MB 4.3.8.2568 Notwendig Cisco Systems VPN Client 5.0.00.0340 08.05.2009 12,1MB Unnötig CoCreate OneSpace Drafting 08.05.2009 95,3MB Unnötig DivX Codec DivX, Inc. 06.10.2009 1,31MB 6.8.5 Notwendig DivX Converter DivX, Inc. 06.10.2009 45,3MB 7.1.0 Notwendig DivX Player DivX, Inc. 06.10.2009 8,43MB 7.2.0 Notwendig DivX Plus DirectShow Filters DivX, Inc. 06.10.2009 1,58MB Notwendig DivX Web Player DivX,Inc. 06.10.2009 2,83MB 1.5.0 Notwendig Duden Korrektor kompakt 08.05.2009 Notwendig FileZilla Client 3.3.5.1 16.12.2010 16,9MB 3.3.5.1 Unnötig Free YouTube to MP3 Converter version 3.11.24.608 DVDVideoSoft Ltd. 16.06.2012 3,41MB 3.11.24.608 Notwendig iCloud Apple Inc. 16.10.2011 23,6MB 1.0.1.29 Notwendig InfoRapid Wizard Writer Ingo Straub Softwareentwicklung 08.05.2009 16,5MB 2008e Freeware Edition Unnötig iTunes Apple Inc. 15.10.2011 168,7MB 10.5.0.142 Notwendig J2SE Runtime Environment 5.0 Update 4 08.05.2009 144,0MB Notwendig Java(TM) 6 Update 2 08.05.2009 160,7MB Notwendig Java(TM) 6 Update 23 Sun Microsystems, Inc. 15.12.2010 97,2MB 6.0.230 Notwendig Java(TM) 7 Update 2 Oracle 01.01.2012 99,1MB 7.0.20 Notwendig JDownloader AppWork UG (haftungsbeschränkt) 13.11.2010 51,5MB Notwendig LightScribe 1.4.136.1 08.05.2009 Unnötig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 11.02.2013 12,3MB 1.70.0.1100 Notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 18.08.2009 37,0MB Notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 17.07.2009 27,8MB Notwendig Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 15.10.2010 83,5MB 4.0.30319 Notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 09.06.2010 0,49MB 2.0.4024.1 Notwendig Microsoft Office Outlook Connector Microsoft Corporation 20.07.2009 6,13MB 12.0.6423.1000 Notwendig Microsoft Office Professional Plus 2010 Microsoft Corporation 21.11.2011 1.102MB 14.0.6029.1000 Notwendig Microsoft Office Project Professional 2007 Microsoft Corporation 14.03.2012 654MB 12.0.6612.1000 Notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 Notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 Notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 05.11.2009 0,19MB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 18.04.2011 0,58MB 9.0.30729.5570 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.11.2009 0,58MB 9.0.30729 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.03.2011 0,57MB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.03.2012 16,6MB 10.0.40219 Notwendig Microsoft Visual Studio 2005 Tools for Office Runtime 08.05.2009 Notwendig Microsoft XML Parser 08.05.2009 Notwendig MobileMe Control Panel Apple Inc. 16.10.2011 12,9MB 3.1.8.0 Notwendig Mozilla Firefox 18.0.2 (x86 de) Mozilla 08.02.2013 48,2MB 18.0.2 Notwendig MSXML 4.0 SP2 (KB936181) 08.05.2009 1,27MB Notwendig MSXML 4.0 SP2 (KB941833) 08.05.2009 1,27MB Notwendig MSXML 4.0 SP2 (KB954430) 08.05.2009 1,28MB Notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 Notwendig Multisim 8 Trial 08.05.2009 Unnötig Notebook Hardware Control 2.0 Pre-Release-06 Bugfix Manfred Jaider 23.08.2009 4,87MB 2.0 Pre-Release-06 Bugfix Unnötig Paint.NET v3.5.8 dotPDN LLC 23.03.2011 10,4MB 3.58.0 Notwendig PaperPort Image Printer Nuance Communications, Inc. 27.02.2010 0,51MB 1.00.0000 Notwendig QuickTime Apple Inc. 05.11.2011 73,3MB 7.71.80.42 Notwendig Realtek High Definition Audio Driver 13.12.2009 10,8MB Notwendig Safari Apple Inc. 15.10.2011 43,2MB 5.34.51.22 Notwendig ScanSoft PaperPort 11 Nuance Communications, Inc. 27.02.2010 128,4MB 11.1.0000 Notwendig Security Update for CAPICOM (KB931906) 08.05.2009 Notwendig Shrew Soft VPN Client 11.01.2011 4,11MB Unnötig Skins 08.05.2009 Unbekannt Skype™ 4.0 08.05.2009 32,0MB Notwendig Sony Ericsson Device Data 08.05.2009 Unnötig Sony Ericsson Drivers 08.05.2009 Unnötig Sony Ericsson PC Suite 08.05.2009 Unnötig Vista Codec Package Notwendig Windows Installer Clean Up 08.05.2009 Unnötig Windows Live Essentials Microsoft Corporation 21.03.2011 44,0MB 14.0.8117.0416 Notwendig Windows Live ID-Anmelde-Assistent Microsoft Corporation 09.06.2010 4,69MB 6.500.3165.0 Notwendig Windows Live-Uploadtool Microsoft Corporation 17.07.2009 0,22MB 14.0.8014.1029 Notwendig WPF Toolkit February 2010 (Version 3.5.50211.1) Microsoft Corporation 15.10.2010 4,85MB 3.5.50211.1 Notwendig XSManager XSManager 23.06.2011 24,3MB 3.0 Notwendig Grüße Joe |
|
18.02.2013, 18:04
| #10 |
| /// Malware-holic | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Cisco CoCreate FileZilla InfoRapid J2SE Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: LightScribe Multisim Notebook Shrew Skins Skype™ : Skype auf Ihren Computer herunterladen aktuell version 6, upgraden bitte. Deinstaliere: Sony : alle Öffne bitte CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2013, 23:52
| #11 |
| | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi Markus, danke habe alle Anweisungen befolgt. Hier noch die Log-Datei: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 18/02/2013 um 23:24:53 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Esra - ESRA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Esra\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Esra\AppData\Roaming\Mozilla\Firefox\Profiles\5izqepya.default\prefs.js
C:\Users\Esra\AppData\Roaming\Mozilla\Firefox\Profiles\5izqepya.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[S1].txt - [1481 octets] - [18/02/2013 23:24:53]
########## EOF - C:\AdwCleaner[S1].txt - [1541 octets] ##########
Gruß Joe |
|
19.02.2013, 00:18
| #12 |
| /// Malware-holic | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi, HitmanPro - Download - Filepony Lade Hitmanpro. Lizenz, Testlizenz. Scannen, nichts löschen. Log als XML exportieren und posten. Oder packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.02.2013, 22:03
| #13 |
| | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi Markus, sorry hab auf weiter gedrückt und da hat Hitman schon die beiden Cookies, die gefunden wurden gelöscht. Ansonsten wurde nichts mehr gefunden. Das exportieren in eine .xml-Datei klappt auch nicht, das Programm speichert die Datei immer als .log-Datei ab. Hier mal die Hitman Log-Datei: Code:
ATTFilter HitmanPro 3.7.2.188
www.hitmanpro.com
Computer name . . . . : ESRA-PC
Windows . . . . . . . : 6.0.2.6002.X86/2
User name . . . . . . : Esra-PC\Esra
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-02-19 21:34:58
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 55s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 2
Objects scanned . . . : 2.094.413
Files scanned . . . . : 15.261
Remnants scanned . . : 444.173 files / 1.634.979 keys
Cookies _____________________________________________________________________
C:\Users\Esra\AppData\Roaming\Microsoft\Windows\Cookies\ON8BWN8W.txt
C:\Users\Esra\AppData\Roaming\Microsoft\Windows\Cookies\Z0JW3JTS.txt
Gruß Joe Geändert von Joe_Da (19.02.2013 um 22:10 Uhr) |
|
20.02.2013, 18:46
| #14 |
| /// Malware-holic | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi noch probleme mit PC bzw programmen wie Browsern festzustellen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.02.2013, 20:44
| #15 |
| | Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren Hi, konnte keinerlei Probleme mit dem Laptop und auch den Programmen feststellen. Ist er jetzt wieder sauber? Was war es denn genau für eine Malware? Danke für die Hilfe!!! |
|
| Themen zu Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren |
| .zip datei, adobe after effects, antivir, avira, bho, bonjour, converter, email, error, fake; email-anhang geöffnet;, februar 2013, fehler, firefox, flash player, frage, home, hängen, iexplore.exe, install.exe, jdownloader, kunde, logfile, mp3, netzwerk, office 2007, plug-in, realtek, registry, rundll, search the web, senden, software, stick, svchost.exe, third party, vista |
WARNUNG an die MITLESER: 
Linear-Darstellung
