Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.02.2013, 17:57   #1
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



Hallo!

Ich habe mir den polizei trojaner eingefangen.
Ich habe schon im netz gesucht und div. möglichkeiten probiert.
Das einzige was geholfen hat war mit der Systemwiederherstellung, allerdings habe ich mir 20h später den wieder eingefangen!
Wer kann mir helfen, kenne mich am PC nicht so gut aus?

SG Deepnoise

Alt 21.02.2013, 18:07   #2
markusg
/// Malware-holic
 
Polizei Trojaner - Standard

Polizei Trojaner



hi
keine systemwiederherstellung bei malware!
finger weg von illegalen angeboten wie Kinox.to, torrents, und filehostern wo jeder sein zeugs hochladen kann.
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________

__________________

Alt 21.02.2013, 18:40   #3
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



hi,

habe die systemwiederherstellung bereits gestartet und bin wieder "clean".
wie kann ich den nun eleminieren?
__________________

Alt 21.02.2013, 19:10   #4
markusg
/// Malware-holic
 
Polizei Trojaner - Standard

Polizei Trojaner



hab ich nicht was zum thema systemwiederherstellung gesagt, entweder du machst das, was hier steht, denn wenn nicht ist das ziemlich sinnlos und ich kann meine Zeit auch besser nutzen...

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 19:56   #5
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.02.2013 19:24:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hubert\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,74% Memory free
3,98 Gb Paging File | 3,01 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 99,76 Gb Free Space | 66,98% Space Free | Partition Type: NTFS
Drive D: | 4,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HUBERT-PC | User Name: Hubert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.21 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hubert\Downloads\OTL.exe
PRC - [2012.12.14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2012.12.14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012.12.14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012.07.16 12:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 12:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 12:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012.01.23 05:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.01.05 13:51:00 | 000,110,592 | ---- | M] () -- C:\Program Files\IR\shutTask.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.26 09:26:42 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.24 18:38:26 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3c0633ebbeacf2d66ef3952b50568479\System.Runtime.Remoting.ni.dll
MOD - [2012.07.23 21:40:07 | 000,115,137 | ---- | M] () -- C:\Users\Hubert\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.23 21:39:27 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\820a9c41552eda4086bb69d66ea61f69\Kies.Theme.ni.dll
MOD - [2012.07.23 21:39:27 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\215b7253a4736b11be6c9029fdd9407e\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012.07.23 21:39:23 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8fcdd711ed81a2e025ab7132f1ab3d68\Kies.Common.MediaDB.ni.dll
MOD - [2012.07.23 21:39:22 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\e4573289d048d9c4609f5f3504ade24c\ASF_cSharpAPI.ni.dll
MOD - [2012.07.23 21:39:22 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a32ec8357c3082df93334c3bb70739a5\Kies.Common.StoreManager.ni.dll
MOD - [2012.07.23 21:39:21 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3a216b5bfd6604447a4778f970e76836\Kies.Common.AllShare.ni.dll
MOD - [2012.07.23 21:39:20 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\48d673e85b6b63aeef616524cd7d1038\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012.07.23 21:39:20 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c60ef891df9980725bf0850eb88d95f\AdminCmdAgent.ni.dll
MOD - [2012.07.23 21:39:19 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b6a4a18223b463e5d114fb202f643242\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012.07.23 21:39:19 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ef585eeb720f6cdb182ef7cf3a7efe1d\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012.07.23 21:39:19 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\21576caebf91a28ddd5c7e29cc4e6b8f\Interop.DevFileServiceLib.ni.dll
MOD - [2012.07.23 21:39:18 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fb4e70fa16ad796a2e57e9764d99aa8a\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012.07.23 21:39:16 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\17b0a1e495d5e656d32c6f242fea3d42\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012.07.23 21:39:15 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\50ed235d395a159c1b4e66c1a0d6f586\Kies.Common.DeviceService.ni.dll
MOD - [2012.07.23 21:39:15 | 000,894,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d3676587281d6def73e70e93cd393184\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012.07.23 21:39:12 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\96d1e6d54ad7f1563756cfdc4193869f\Kies.Common.Multimedia.ni.dll
MOD - [2012.07.23 21:39:11 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\3a9cd3cd122f88f3b05039548c957aad\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012.07.23 21:39:11 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\523823b8e41a4f7de49c3f5600bf1ee5\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012.07.23 21:39:11 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\0f88de98bcaa670a7f76224c95b043bd\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012.07.23 21:39:10 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\e514f0432aa5a3e17ae4c9b8c200684c\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012.07.23 21:39:05 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\db77af205e49681ad412a3b7e452bdb8\Kies.Common.MainUI.ni.dll
MOD - [2012.07.23 21:39:03 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\00b28294f0e4b54beaaa9b0117c4d3f3\Kies.Common.DBManager.ni.dll
MOD - [2012.07.23 21:39:02 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\8fff053cee17024f78d5009b91e9450e\CabLib.ni.dll
MOD - [2012.07.23 21:39:01 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\adc6081b96ada807b858bd7dd6c44b08\System.Management.ni.dll
MOD - [2012.07.23 21:39:00 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\662ad64a2947dca9b8af71b9af3d6e3c\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012.07.23 21:38:59 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8cef6475318146515e69705b70e6dd18\Kies.UI.ni.dll
MOD - [2012.07.23 21:38:59 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\22913c84963c80212a3aaf7b88f85477\Kies.Common.Util.ni.dll
MOD - [2012.07.23 21:38:59 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\c77ef9c57125c95b5297267a9d50558a\Interop.DeviceSearchLib.ni.dll
MOD - [2012.07.23 21:38:58 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\1e36299d69d10f4d61f3795b697b7903\Kies.Locale.ni.dll
MOD - [2012.07.23 21:38:57 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d342cddb8b28a387f714a6b999d9b420\Kies.MVVM.ni.dll
MOD - [2012.07.23 21:38:56 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7336853cb03daa5d3673e7004d746e11\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012.07.23 21:38:55 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\db6e470b42d820f9c9b0dd412c002442\Kies.Interface.ni.dll
MOD - [2012.07.23 21:38:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\af346c0fe31d9b3a7abac8cca476212f\System.ServiceProcess.ni.dll
MOD - [2012.07.23 21:38:33 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\342641e4c406d6eab66ab58876212463\System.Runtime.Remoting.ni.dll
MOD - [2012.07.23 21:38:27 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b8f8841931a97c3ab2b652f13cfeb295\System.Xaml.ni.dll
MOD - [2012.07.23 21:38:27 | 001,690,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\4c82291b5e45e9896aca0342bec5bf34\Kies.ni.exe
MOD - [2012.07.23 21:30:00 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\945868a5fd952dcfe3fa4904cbab936a\PresentationFramework.ni.dll
MOD - [2012.07.23 21:29:51 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9db16bf8a565eaa6bbb182dcd147cfb6\PresentationFramework.Aero.ni.dll
MOD - [2012.07.23 21:29:48 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1020c111f6b4ffeafa3055475e8df7de\System.Windows.Forms.ni.dll
MOD - [2012.07.23 21:29:32 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2250dfa714756e8a58db82433c1ae275\System.Drawing.ni.dll
MOD - [2012.07.23 21:29:30 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7306f4ac763fc6264804397bc22226e8\PresentationCore.ni.dll
MOD - [2012.07.23 21:29:15 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\18ec39f6cef17c8576736b60e0be5131\System.Core.ni.dll
MOD - [2012.07.23 21:29:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1e012c88174d0a358d6ee00bf04d840e\System.Configuration.ni.dll
MOD - [2012.07.23 21:29:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\11a64ded5d210891688bdef1c54c26e4\System.Xml.ni.dll
MOD - [2012.07.23 21:29:01 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\968981974b267a245b7b78393836df5a\WindowsBase.ni.dll
MOD - [2012.07.23 21:28:56 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\34b8c9534065b074e4e5228f40310e13\System.ni.dll
MOD - [2012.07.23 21:28:47 | 014,409,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\404a37992b5c2de07993795fb48dfc65\mscorlib.ni.dll
MOD - [2012.07.16 12:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010.01.05 13:51:00 | 000,110,592 | ---- | M] () -- C:\Program Files\IR\shutTask.exe
MOD - [2010.01.05 13:48:46 | 000,028,672 | ---- | M] () -- C:\Program Files\IR\KeyBoard.dll
MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007.04.19 09:39:08 | 000,436,992 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\FPXLIB.DLL
MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
MOD - [2007.04.19 09:29:42 | 000,273,216 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\magengin.dll
MOD - [2007.04.19 09:29:38 | 000,187,136 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\kgl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.09 12:36:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.06 18:37:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.05.24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.04.26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.07.08 07:56:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.11.08 16:25:00 | 000,647,242 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fhgsjlna.sys -- (fhgsjlna)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2013.02.21 18:46:37 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{183E14C0-6B86-4355-87DA-07A9C56B603B}\MpKslf41e0007.sys -- (MpKslf41e0007)
DRV - [2012.12.05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011.11.06 13:02:53 | 000,483,200 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.12.21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.09 14:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.08.31 18:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.05 15:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008.09.22 12:55:36 | 000,514,432 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Ca1528av.sys -- (Ca1528av)
DRV - [2008.06.27 15:41:14 | 000,011,648 | ---- | M] (SunPlus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Bulk1528.sys -- (Bulk1528)
DRV - [2008.06.02 06:48:58 | 000,221,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.06.08 12:40:28 | 000,076,288 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2at.sys -- (Ser2at)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 47 2E D4 3F 55 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6D559FA2-29C7-4643-ABEB-39F87A474F5A}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "www.vol.at/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7Bb106b661-3e1b-4015-af5c-195e909f35c6%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.06 09:33:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.21 18:24:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.21 18:24:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.06 09:33:47 | 000,000,000 | ---D | M]
 
[2012.03.04 21:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Extensions
[2012.03.04 21:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.21 18:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions
[2013.02.21 18:24:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013.02.11 22:15:19 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.01.16 22:53:36 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.01.17 07:47:57 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\4egm8rk5.default\extensions\ffxtlbr@babylon.com
[2012.12.11 14:09:38 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\4egm8rk5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.04.17 18:51:20 | 000,000,915 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\4egm8rk5.default\searchplugins\conduit.xml
[2012.02.15 19:41:15 | 000,003,915 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\4egm8rk5.default\searchplugins\SweetIM Search.xml
[2013.02.21 18:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.06 18:37:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.12 12:15:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.05 13:33:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 22:35:15 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 13:26:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.05 13:33:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.05 13:33:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.05 13:33:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.05 13:33:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [shutTask] C:\Program Files\IR\shutTask.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Download-Version\Trayserver_DE.exe (MAGIX AG)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hubert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{670B1780-EA46-459B-BE03-B22C120EC449}: NameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A949BA0A-2196-4937-8EBB-6148CD362B4D}: DhcpNameServer = 192.168.0.254 213.33.99.70 80.120.17.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7299537-AE19-40D6-B355-ABF324C78627}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.12 22:41:16 | 000,000,000 | ---D | C] -- C:\Users\Hubert\Hubi Feuerwerk
[2013.02.12 20:48:30 | 000,000,000 | ---D | C] -- C:\Cobra
[2013.02.10 10:47:13 | 000,000,000 | ---D | C] -- C:\Users\Hubert\Desktop\Allerlei
[2013.02.10 10:34:57 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Roaming\ICAClient
[2013.02.10 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013.02.10 10:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2013.02.10 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\Citrix
[2013.02.10 10:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013.02.06 18:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.24 23:42:58 | 000,168,960 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2013.01.24 23:42:58 | 000,085,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2013.01.24 23:42:58 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2013.01.24 23:42:58 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2013.01.24 23:42:58 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2013.01.24 23:42:48 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2013.01.24 23:42:48 | 000,208,896 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2013.01.24 23:42:48 | 000,106,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2013.01.24 23:42:48 | 000,027,136 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2013.01.24 23:42:48 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2013.01.24 23:42:36 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2013.01.24 23:42:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{682BBE20-A9D0-4FC5-B965-BCFB5E5B4CF4}
[2013.01.24 23:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\A1 Dashboard
[2013.01.24 23:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1
[1 C:\Users\Hubert\Desktop\*.tmp files -> C:\Users\Hubert\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.21 19:20:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.21 18:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 18:33:25 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 18:33:25 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 18:29:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.21 18:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.21 18:25:19 | 1603,039,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.21 18:12:33 | 095,023,320 | ---- | M] () -- C:\ProgramData\5248351.pad
[2013.02.20 15:41:55 | 095,023,320 | ---- | M] () -- C:\ProgramData\3939281.pad
[2013.02.12 19:03:44 | 000,000,292 | ---- | M] () -- C:\Users\Hubert\Desktop\Cobra.csv
[2013.02.12 17:17:01 | 095,023,320 | ---- | M] () -- C:\ProgramData\3998058.pad
[2013.02.11 22:47:52 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.11 22:47:52 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.11 22:47:52 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.11 22:47:52 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.10 11:06:21 | 000,287,178 | ---- | M] () -- C:\Users\Hubert\Desktop\COBRA18R2CreatingandUploadingScripts.pdf
[2013.01.24 23:44:04 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\A1 Dashboard.lnk
[1 C:\Users\Hubert\Desktop\*.tmp files -> C:\Users\Hubert\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.21 15:09:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\5248351.pad
[2013.02.20 13:14:31 | 095,023,320 | ---- | C] () -- C:\ProgramData\3939281.pad
[2013.02.12 19:02:40 | 000,000,292 | ---- | C] () -- C:\Users\Hubert\Desktop\Cobra.csv
[2013.02.12 17:16:05 | 095,023,320 | ---- | C] () -- C:\ProgramData\3998058.pad
[2013.02.10 11:06:16 | 000,287,178 | ---- | C] () -- C:\Users\Hubert\Desktop\COBRA18R2CreatingandUploadingScripts.pdf
[2013.02.10 10:35:14 | 000,001,524 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2013.01.24 23:42:30 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\A1 Dashboard.lnk
[2012.07.24 05:54:02 | 000,004,608 | ---- | C] () -- C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.26 15:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.11.06 13:03:06 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2011.07.12 18:18:36 | 000,000,000 | ---- | C] () -- C:\Users\Hubert\AppData\Local\{2256EA86-E15A-4558-90C3-A909563513CB}
[2011.07.11 10:16:46 | 000,014,115 | ---- | C] () -- C:\Windows\twspmm.ini
[2011.06.19 09:37:41 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2011.06.05 09:38:00 | 000,000,000 | ---- | C] () -- C:\Users\Hubert\AppData\Local\{9640088A-663F-4F8A-A2B3-27F3EE562DAF}
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.12.08 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Amazon
[2012.02.27 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\AnvSoft
[2012.01.17 07:47:57 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Audacity
[2012.01.16 22:35:13 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Babylon
[2012.11.27 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\DVDVideoSoft
[2012.11.27 16:53:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.04 00:21:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\EurekaLog
[2013.02.21 18:24:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Foxit Software
[2010.12.04 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\GetRightToGo
[2013.02.10 10:34:58 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ICAClient
[2012.07.25 16:30:14 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\MAGIX
[2012.07.23 21:39:49 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Samsung
[2012.03.04 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.01 21:46:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.02.20 18:05:11 | 000,000,000 | ---D | M] -- C:\Cobra
[2013.02.10 11:20:02 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.01 08:51:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.04 15:29:17 | 000,000,000 | ---D | M] -- C:\EasyMaster
[2012.12.07 09:43:21 | 000,000,000 | ---D | M] -- C:\Explo
[2012.01.21 10:23:14 | 000,000,000 | ---D | M] -- C:\MAGIX
[2010.07.08 19:52:44 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.21 18:24:04 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.02.21 18:19:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.01 08:51:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.07.01 08:51:00 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.01.04 15:28:25 | 000,000,000 | ---D | M] -- C:\Stepper
[2013.02.21 19:28:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.24 05:52:44 | 000,000,000 | ---D | M] -- C:\Temp
[2011.01.31 21:18:44 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.21 18:25:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.07.09 19:17:16 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.07.09 19:17:17 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.13 21:25:00 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.21 19:44:57 | 002,883,584 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat
[2013.02.21 19:44:56 | 000,262,144 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat.LOG1
[2010.07.01 08:51:08 | 000,000,000 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat.LOG2
[2012.01.17 08:13:24 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{00fd6414-40d4-11e1-8ed6-002186cd9e87}.TM.blf
[2012.01.17 08:13:23 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{00fd6414-40d4-11e1-8ed6-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2012.01.17 08:13:24 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{00fd6414-40d4-11e1-8ed6-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2011.06.10 12:40:34 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{0ec7a90a-9355-11e0-a4ff-002186cd9e87}.TM.blf
[2011.06.10 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{0ec7a90a-9355-11e0-a4ff-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2011.06.10 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{0ec7a90a-9355-11e0-a4ff-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2012.02.15 22:18:32 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{20c3eacc-5806-11e1-8505-002186cd9e87}.TM.blf
[2012.02.15 22:18:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{20c3eacc-5806-11e1-8505-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2012.02.15 22:18:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{20c3eacc-5806-11e1-8505-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2013.02.21 18:29:03 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{32c9c45c-7c4a-11e2-9aa7-8b2f95820e95}.TM.blf
[2013.02.21 18:29:03 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{32c9c45c-7c4a-11e2-9aa7-8b2f95820e95}.TMContainer00000000000000000001.regtrans-ms
[2013.02.21 18:29:03 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{32c9c45c-7c4a-11e2-9aa7-8b2f95820e95}.TMContainer00000000000000000002.regtrans-ms
[2011.01.31 21:49:33 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{469b38b4-2d75-11e0-9fad-002186cd9e87}.TM.blf
[2011.01.31 21:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{469b38b4-2d75-11e0-9fad-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2011.01.31 21:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{469b38b4-2d75-11e0-9fad-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 14:34:00 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.07.01 14:34:00 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 14:34:00 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.08.07 21:36:25 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{85566f51-c130-11e0-b8c9-002186cd9e87}.TM.blf
[2011.08.07 21:36:25 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{85566f51-c130-11e0-b8c9-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2011.08.07 21:36:25 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{85566f51-c130-11e0-b8c9-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2012.01.12 23:02:55 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{9688b807-3d36-11e1-b753-002186cd9e87}.TM.blf
[2012.01.12 23:02:55 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{9688b807-3d36-11e1-b753-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2012.01.12 23:02:55 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{9688b807-3d36-11e1-b753-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2011.01.31 19:59:31 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{97c4e683-2d61-11e0-aa75-002186cd9e87}.TM.blf
[2011.01.31 19:59:31 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{97c4e683-2d61-11e0-aa75-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2011.01.31 19:59:31 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{97c4e683-2d61-11e0-aa75-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2011.09.05 21:28:51 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e89a93e0-d7f3-11e0-ac81-002186cd9e87}.TM.blf
[2011.09.05 21:28:51 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e89a93e0-d7f3-11e0-ac81-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2011.09.05 21:28:51 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e89a93e0-d7f3-11e0-ac81-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2013.02.20 19:00:09 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e8c57afd-7b7e-11e2-a69d-e13732fb0795}.TM.blf
[2013.02.20 19:00:08 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e8c57afd-7b7e-11e2-a69d-e13732fb0795}.TMContainer00000000000000000001.regtrans-ms
[2013.02.20 19:00:08 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{e8c57afd-7b7e-11e2-a69d-e13732fb0795}.TMContainer00000000000000000002.regtrans-ms
[2011.07.27 21:45:07 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{ee5c391d-b881-11e0-b84f-002186cd9e87}.TM.blf
[2011.07.27 21:45:07 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{ee5c391d-b881-11e0-b84f-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2011.07.27 21:45:07 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{ee5c391d-b881-11e0-b84f-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2012.03.08 23:04:42 | 000,065,536 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{f842589a-695a-11e1-a9b1-002186cd9e87}.TM.blf
[2012.03.08 23:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{f842589a-695a-11e1-a9b1-002186cd9e87}.TMContainer00000000000000000001.regtrans-ms
[2012.03.08 23:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\Hubert\ntuser.dat{f842589a-695a-11e1-a9b1-002186cd9e87}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 08:51:09 | 000,000,020 | -HS- | M] () -- C:\Users\Hubert\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.02.2013 19:24:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hubert\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,74% Memory free
3,98 Gb Paging File | 3,01 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 99,76 Gb Free Space | 66,98% Space Free | Partition Type: NTFS
Drive D: | 4,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HUBERT-PC | User Name: Hubert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D0FE71-992C-4FCC-915A-BF00A2C5742A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{15C9823D-DD77-4D6D-9433-746C3A60BF06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1917F0B8-0D14-430B-B24B-625EF119AB1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26EFCE51-E6DC-48C0-8AEB-6AAAA1D27A0E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29909F03-9463-4348-B35D-B9FE383E3D41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3246CE36-8A76-45D4-AD9A-EAEE7AD0709E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37CB36FF-89BC-490F-801A-715CEB017924}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3BECBF95-E376-4299-B794-7E04EA896523}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3C10E680-0DD4-425F-9CC6-672E66230C81}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{413D5B3F-DAA7-43D5-B75F-2B63BD04536B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46738151-7514-45BE-BE08-4EBE84B1B03D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{474250F9-D6BF-4456-91AD-9FB527E93529}" = lport=139 | protocol=6 | dir=in | app=system | 
"{50A41919-F27B-42EB-BFC0-9B44C46B852A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{56DD21A0-DA07-4602-9FE0-02A2C5494B5E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{65F8226E-1270-40E4-965C-3A07E6BC390A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{695677B4-3BE7-44D2-BB8B-B2BD2C3FB7D6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{75129D86-F8B7-42B5-A631-7F28563F3A87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{757C24FB-E9AC-454A-B37E-E6A537120C51}" = lport=137 | protocol=17 | dir=in | app=system | 
"{76BBD9F7-8EAB-40A3-9C3E-7D5EAAE0EDBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{82385117-9152-40C9-95AD-DD5324E8623A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83A1CC0F-7B4A-416D-B308-145C291D6B3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{907795E8-6627-499C-8F95-3F0A33ADF634}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9A8F1349-8B0D-4910-90DE-1FBC3DBAAB30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A49616B4-2C12-4DFD-BF6F-58CFFF6BA239}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5349581-2910-40DC-96DA-46EED7C75E59}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C1BFAB18-13F8-460B-9209-A9A5A0890CB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D099BEC4-9C5F-4014-9FDD-35E060C0C41B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DA8E3D46-4CD3-41BD-A9C9-C967F2BD2F11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF5F63DE-6B62-48FD-AB96-56E1B66C8494}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E8873315-AAF0-4708-AC50-14C1B9FED496}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED219A9C-2AAD-448E-B905-1867C057946E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BF5681-3806-4A03-BCDC-F392AF5E228B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{00CFC3EB-E580-4939-AD9C-755CB6C59E42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E84E032-928C-4137-924D-4DEA9F901673}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{12E84F01-EB8B-405A-8745-79F66056153E}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{1BA0E9B2-32A9-41AD-99B8-D7FF7F9E868A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{23519E9C-4264-4B72-BDE6-BEAB3704360D}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{279D1E26-86A9-4B10-9401-A8F849D55FFB}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{27FEEBC1-8411-4282-82C2-AFAC67C4584C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{28298982-A5CC-47B2-833B-CBB45631DBF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{28BFFACA-2C5E-494A-AD09-55821BAD1392}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BE98375-9BEF-44DA-9E6C-F91990A038C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F2DFF1C-8260-421B-A5DE-42562E2F8669}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{334D3564-D877-451C-807E-DD67ABC4085D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{359FD3EE-262E-40E2-A9B3-5B40090526C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{3904CA55-C560-41A5-8EC6-0A6D0DF1456B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{590F96E0-EF71-45AD-9E09-22777FAA5361}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{661DBF7A-3083-4EF7-A1DF-70C5DF5895B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{6FFE1669-E1B4-443F-8BBA-6F5FE154FB66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{771F2FAC-8A4D-4682-A7CA-4842A1BBE7EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{77737010-A4C3-4C9B-A49C-D31FF65F75DB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{7F9C0B20-2CE1-40D4-80BD-6BFDB9F2F897}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{81075B8B-3AF5-4559-9BCE-2E91D1E204A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{85FBDAB9-DCFF-4E89-A0F9-E257C33B4948}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{9BE582FD-C82A-44B0-A059-9ACE9A2BE38E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{A452D7BA-669B-4817-AC79-C150872C7EE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB38E881-F0E8-414A-AAAE-F608B13D9CF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AFF43A1A-22AF-4497-BE5A-6FBA7A267965}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{B20DFB0F-B5C3-4C83-9030-B86B266639AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{B58B3E5A-8D9B-46BE-92D2-E2F7ACC9941E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6251D8A-FE5E-4244-BBA8-EB89AB43F157}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9D20864-DB36-4BCF-BA6B-21A00D666B30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE710942-E567-47B8-AF0F-77CE2139F224}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{DAE5D694-9B36-408B-A77C-FD66BE4FD3BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{E0F92180-9797-45F6-B09D-A4951D20849D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E175A11B-7C44-4C43-98B3-79E12187E30E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E4BF7C78-BF57-45E8-B23E-45EBB9ADF18D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E9EB81C5-F8B5-4879-9BE8-DBD1126FAC85}" = protocol=6 | dir=out | app=system | 
"{FD6DC366-8C85-4762-849E-1B119BE6ADC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1DB8AC31-3567-4D11-A46E-230D6B810901}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{72633015-783B-4C58-BD75-CDDBCBE97D81}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{799D3008-D1AE-4232-85AD-D5262C3205C7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{9F1CA2D6-00A2-48C3-9A71-ACC4BCF9CD20}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0E8DC723-F1CD-424A-96CC-12428E7A1B4B}" = Citrix Receiver (HDX Flash-Umleitung)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23C08587-19F4-4BBC-9078-26CF8EB02256}" = PL-2303 Vista Driver Installer-ATEN
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3068513C-3AAC-410B-BAE7-C7837FFF8DEB}" = Citrix Receiver (USB)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6635B372-E2C5-4C2F-97FB-D1766E017CEE}" = MAGIX Screenshare
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7468ACCE-6FA8-4794-90B9-C28BD9CC79DD}" = Citrix Receiver Updater
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}" = Online Plug-in
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D431014-9F90-4335-A58E-8A14B0BD77F1}" = Citrix Receiver Inside
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAABD901-01A2-49B3-B650-2E13E7640441}" = MAGIX Music Maker Techno Edition 4
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04D7083-F906-4369-9AA5-DFCC98A05CD9}" = MAGIX Video deluxe MX Download-Version
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B92051A3-3ABB-4A26-A615-2298BE7CBC28}" = Citrix Authentication Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFD631C4-FBB5-4AC5-B807-9137B265628C}" = MAGIX Speed burnR (MSI)
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D29DDA9B-FE05-48F1-A9D1-F6346A0A301A}" = Citrix Receiver (DV)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E3A60962-B768-4EA3-B0B6-DA671276B81A}" = Citrix Receiver(Aero)
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = UC-232A USB-to-Serial
"{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}" = Self-Service Plug-in
"{F6BC20A5-3C48-4675-BDE6-E2E6FED30B9D}" = IRRecevie
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"A1 Dashboard" = A1 Dashboard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Any Video Converter_is1" = Any Video Converter 3.3.4
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"EasyMaster" = EasyMaster v1.0.0.55 
"FormatFactory" = FormatFactory 2.90
"Foxit Reader_is1" = Foxit Reader 5.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_mm17_techno_edition_4" = MAGIX Music Maker Techno Edition 4
"MAGIX_MSI_Videodeluxe18" = MAGIX Video deluxe MX Download-Version
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3-2-wav" = mp3-2-wav converter 1.14
"Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0
"Shop for HP Supplies" = Shop for HP Supplies
"ShowCreator" = ShowCreator v4.2.9 
"ShowCreator 3.0" = ShowCreator 3.0 v3.5.2 
"ShowCreator 4.0" = ShowCreator 4.0 v4.0.1 
"Stepper" = Stepper v4.0.1 
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.12.2011 12:58:08 | Computer Name = Hubert-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1268    Startzeit:
 01ccc3ef41fdea2f    Endzeit: 31    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 c764d323-2fe2-11e1-ae5a-002186cd9e87  
 
[ Media Center Events ]
Error - 16.04.2012 16:41:38 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 22:41:38 - Fehler beim Herstellen der Internetverbindung.  22:41:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2012 16:41:54 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 22:41:44 - Fehler beim Herstellen der Internetverbindung.  22:41:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.12.2012 18:54:34 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 23:54:34 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 03.12.2012 18:55:17 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 23:55:16 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 03.12.2012 18:55:17 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 23:55:17 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 03.12.2012 18:55:25 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 23:55:17 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 10.12.2012 17:47:49 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 22:47:49 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 10.12.2012 17:48:26 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 22:48:14 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 10.12.2012 17:48:53 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 22:48:41 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 10.12.2012 17:49:16 | Computer Name = Hubert-PC | Source = MCUpdate | ID = 0
Description = 22:49:10 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 21.02.2013 13:15:10 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  CSC  ctxusbm  DfsC  discache  MpFilter  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  vwififlt
Wanarpv6
WfpLwf
 
Error - 21.02.2013 13:15:46 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
 "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.02.2013 13:15:53 | Computer Name = Hubert-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 21.02.2013 13:17:10 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%126
 
Error - 21.02.2013 13:17:10 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2003
Description = Fehler in %%860 beim Aktualisieren des Moduls.     Neue Modulversion: 1.1.6802.0

	Vorherige
 Modulversion:      Modultyp: %%802     Benutzer: NT-AUTORITÄT\SYSTEM     Fehlercode: 0x80070666

	Fehlerbeschreibung:
 Eine andere Version des Produkts ist bereits installiert. Die Installation dieser
 Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption
 "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu 
entfernen. 
 
Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
 1.131.1006.0     Vorherige Signaturversion:      Aktualisierungsquelle: %%817     Aktualisierungsstufe:
 %%854     Quellpfad:      Signaturtyp: %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle
 Modulversion: 1.1.6802.0     Vorherige Modulversion:      Fehlercode: 0x80070666     Fehlerbeschreibung:
 Eine andere Version des Produkts ist bereits installiert. Die Installation dieser
 Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption
 "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu 
entfernen. 
 
Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
 1.131.1006.0     Vorherige Signaturversion:      Aktualisierungsquelle: %%817     Aktualisierungsstufe:
 %%854     Quellpfad:      Signaturtyp: %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle
 Modulversion: 1.1.6802.0     Vorherige Modulversion:      Fehlercode: 0x80070666     Fehlerbeschreibung:
 Eine andere Version des Produkts ist bereits installiert. Die Installation dieser
 Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption
 "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu 
entfernen. 
 
Error - 21.02.2013 13:25:51 | Computer Name = Hubert-PC | Source = Microsoft Antimalware | ID = 2004
Description = Fehler in %%860 beim Laden von Signaturen. Es wird versucht, einen
 bekannten Signatursatz wiederherzustellen.     Versuchte Signaturen: %%824     Fehlercode:
 0x80070002     Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden.
      Signaturversion: 0.0.0.0;0.0.0.0     Modulversion: 0.0.0.0
 
Error - 21.02.2013 13:25:55 | Computer Name = Hubert-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
 
< End of report >
         
--- --- ---


Alt 21.02.2013, 19:59   #6
markusg
/// Malware-holic
 
Polizei Trojaner - Standard

Polizei Trojaner



Hi,
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell - "" = AutoRun
O33 - MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> Polizei Trojaner

Alt 21.02.2013, 20:15   #7
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CitrixReceiver deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33bd188e-fb20-11df-b52a-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33bd188e-fb20-11df-b52a-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33bd188e-fb20-11df-b52a-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3561440c-dec3-11df-a849-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3561440c-dec3-11df-a849-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3561440c-dec3-11df-a849-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35614435-dec3-11df-a849-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35614435-dec3-11df-a849-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35614435-dec3-11df-a849-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ba4f8c2-d745-11e1-a650-002186cd9e87}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa292-8ac1-11df-aa0a-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ecfa29a-8ac1-11df-aa0a-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffa94-2e37-11e0-887d-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffa94-2e37-11e0-887d-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffa94-2e37-11e0-887d-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffabb-2e37-11e0-887d-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48dffabb-2e37-11e0-887d-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48dffabb-2e37-11e0-887d-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e548575-88ab-11e1-93af-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e548575-88ab-11e1-93af-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e548575-88ab-11e1-93af-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0139800-f738-11df-95ff-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0139800-f738-11df-95ff-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0139800-f738-11df-95ff-002186cd9e87}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ad735f-4eba-11e1-b659-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c25b687a-e59e-11df-a2a8-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbefd1cf-4cc7-11e1-8506-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df945751-08e2-11e2-a249-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df945751-08e2-11e2-a249-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df945751-08e2-11e2-a249-002186cd9e87}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6703d6d-3304-11e0-a186-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6703d6d-3304-11e0-a186-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6703d6d-3304-11e0-a186-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a3600-e2af-11df-b851-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a3600-e2af-11df-b851-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a3600-e2af-11df-b851-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a360d-e2af-11df-b851-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5a360d-e2af-11df-b851-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5a360d-e2af-11df-b851-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107634-666f-11e2-a20d-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107634-666f-11e2-a20d-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107634-666f-11e2-a20d-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff10763f-666f-11e2-a20d-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff10763f-666f-11e2-a20d-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff10763f-666f-11e2-a20d-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107660-666f-11e2-a20d-002186cd9e87}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff107660-666f-11e2-a20d-002186cd9e87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff107660-666f-11e2-a20d-002186cd9e87}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 56271 bytes
->Temporary Internet Files folder emptied: 32843 bytes
->FireFox cache emptied: 54109 bytes

User: Hubert
->Temp folder emptied: 930274927 bytes
->Temporary Internet Files folder emptied: 11208596 bytes
->Java cache emptied: 1491832 bytes
->FireFox cache emptied: 174523413 bytes
->Flash cache emptied: 17954 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 416092690 bytes
RecycleBin emptied: 3437954481 bytes

Total Files Cleaned = 4.741,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02212013_200649

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 22.02.2013, 15:15   #8
markusg
/// Malware-holic
 
Polizei Trojaner - Standard

Polizei Trojaner



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.02.2013, 16:23   #9
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



16:21:06.0371 0180 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:21:06.0601 0180 ============================================================
16:21:06.0601 0180 Current date / time: 2013/02/22 16:21:06.0601
16:21:06.0601 0180 SystemInfo:
16:21:06.0601 0180
16:21:06.0601 0180 OS Version: 6.1.7600 ServicePack: 0.0
16:21:06.0601 0180 Product type: Workstation
16:21:06.0601 0180 ComputerName: HUBERT-PC
16:21:06.0601 0180 UserName: Hubert
16:21:06.0601 0180 Windows directory: C:\Windows
16:21:06.0601 0180 System windows directory: C:\Windows
16:21:06.0601 0180 Processor architecture: Intel x86
16:21:06.0601 0180 Number of processors: 2
16:21:06.0601 0180 Page size: 0x1000
16:21:06.0601 0180 Boot type: Normal boot
16:21:06.0601 0180 ============================================================
16:21:08.0651 0180 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:21:08.0651 0180 ============================================================
16:21:08.0651 0180 \Device\Harddisk0\DR0:
16:21:08.0651 0180 MBR partitions:
16:21:08.0651 0180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:21:08.0651 0180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
16:21:08.0651 0180 ============================================================
16:21:08.0661 0180 C: <-> \Device\Harddisk0\DR0\Partition2
16:21:08.0661 0180 ============================================================
16:21:08.0661 0180 Initialize success
16:21:08.0661 0180 ============================================================
16:21:27.0351 6032 ============================================================
16:21:27.0351 6032 Scan started
16:21:27.0351 6032 Mode: Manual;
16:21:27.0351 6032 ============================================================
16:21:27.0721 6032 ================ Scan system memory ========================
16:21:27.0721 6032 System memory - ok
16:21:27.0721 6032 ================ Scan services =============================
16:21:28.0121 6032 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:21:28.0121 6032 1394ohci - ok
16:21:28.0311 6032 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:21:28.0321 6032 ACDaemon - ok
16:21:28.0371 6032 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:21:28.0371 6032 ACPI - ok
16:21:28.0431 6032 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:21:28.0431 6032 AcpiPmi - ok
16:21:28.0521 6032 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:21:28.0531 6032 AdobeFlashPlayerUpdateSvc - ok
16:21:28.0601 6032 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:21:28.0611 6032 adp94xx - ok
16:21:28.0631 6032 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:21:28.0641 6032 adpahci - ok
16:21:28.0651 6032 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:21:28.0651 6032 adpu320 - ok
16:21:28.0691 6032 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:21:28.0701 6032 AeLookupSvc - ok
16:21:28.0791 6032 [ E3F08935158038D385AD382442F4BB2D ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
16:21:28.0811 6032 AF15BDA - ok
16:21:28.0891 6032 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
16:21:28.0891 6032 Afc - ok
16:21:28.0971 6032 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
16:21:28.0971 6032 AFD - ok
16:21:29.0001 6032 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:21:29.0001 6032 agp440 - ok
16:21:29.0061 6032 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:21:29.0061 6032 aic78xx - ok
16:21:29.0121 6032 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:21:29.0131 6032 ALG - ok
16:21:29.0181 6032 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:21:29.0181 6032 aliide - ok
16:21:29.0191 6032 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
16:21:29.0191 6032 amdagp - ok
16:21:29.0221 6032 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:21:29.0221 6032 amdide - ok
16:21:29.0251 6032 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:21:29.0261 6032 AmdK8 - ok
16:21:29.0261 6032 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:21:29.0271 6032 AmdPPM - ok
16:21:29.0351 6032 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:21:29.0351 6032 amdsata - ok
16:21:29.0411 6032 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:21:29.0421 6032 amdsbs - ok
16:21:29.0441 6032 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:21:29.0441 6032 amdxata - ok
16:21:29.0491 6032 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:21:29.0491 6032 androidusb - ok
16:21:29.0531 6032 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
16:21:29.0541 6032 AppID - ok
16:21:29.0601 6032 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:21:29.0601 6032 AppIDSvc - ok
16:21:29.0611 6032 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
16:21:29.0621 6032 Appinfo - ok
16:21:29.0721 6032 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:21:29.0721 6032 AppMgmt - ok
16:21:29.0731 6032 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:21:29.0731 6032 arc - ok
16:21:29.0761 6032 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:21:29.0761 6032 arcsas - ok
16:21:29.0801 6032 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:29.0801 6032 AsyncMac - ok
16:21:29.0811 6032 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:21:29.0811 6032 atapi - ok
16:21:29.0971 6032 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
16:21:30.0031 6032 athr - ok
16:21:30.0111 6032 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:21:30.0131 6032 AudioEndpointBuilder - ok
16:21:30.0141 6032 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:21:30.0151 6032 Audiosrv - ok
16:21:30.0191 6032 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:21:30.0191 6032 AxInstSV - ok
16:21:30.0261 6032 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:21:30.0271 6032 b06bdrv - ok
16:21:30.0321 6032 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:21:30.0331 6032 b57nd60x - ok
16:21:30.0451 6032 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:21:30.0451 6032 BBSvc - ok
16:21:30.0481 6032 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:21:30.0481 6032 BDESVC - ok
16:21:30.0501 6032 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:21:30.0501 6032 Beep - ok
16:21:30.0551 6032 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
16:21:30.0571 6032 BFE - ok
16:21:30.0621 6032 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
16:21:30.0641 6032 BITS - ok
16:21:30.0661 6032 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:21:30.0661 6032 blbdrive - ok
16:21:30.0691 6032 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:21:30.0691 6032 bowser - ok
16:21:30.0701 6032 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:21:30.0701 6032 BrFiltLo - ok
16:21:30.0711 6032 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:21:30.0711 6032 BrFiltUp - ok
16:21:30.0771 6032 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
16:21:30.0771 6032 Browser - ok
16:21:30.0791 6032 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:21:30.0801 6032 Brserid - ok
16:21:30.0821 6032 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:21:30.0841 6032 BrSerWdm - ok
16:21:30.0851 6032 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:21:30.0851 6032 BrUsbMdm - ok
16:21:30.0861 6032 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:21:30.0861 6032 BrUsbSer - ok
16:21:30.0911 6032 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:21:30.0911 6032 BthEnum - ok
16:21:30.0921 6032 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:21:30.0931 6032 BTHMODEM - ok
16:21:30.0971 6032 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:21:30.0971 6032 BthPan - ok
16:21:31.0031 6032 [ 88059FF1DED4472ACD17EEBABD393069 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:21:31.0031 6032 BTHPORT - ok
16:21:31.0081 6032 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:21:31.0081 6032 bthserv - ok
16:21:31.0121 6032 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:21:31.0121 6032 BTHUSB - ok
16:21:31.0181 6032 [ ED1D7546E84A3EBD7F6E900DE73CF390 ] Bulk1528 C:\Windows\system32\Drivers\Bulk1528.sys
16:21:31.0191 6032 Bulk1528 - ok
16:21:31.0261 6032 [ FF20092469A416AD28D7F5E88D9C4E84 ] Ca1528av C:\Windows\system32\Drivers\Ca1528av.sys
16:21:31.0321 6032 Ca1528av - ok
16:21:31.0371 6032 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:21:31.0391 6032 cdfs - ok
16:21:31.0451 6032 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:21:31.0451 6032 cdrom - ok
16:21:31.0501 6032 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
16:21:31.0511 6032 CertPropSvc - ok
16:21:31.0531 6032 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:21:31.0531 6032 circlass - ok
16:21:31.0551 6032 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:21:31.0551 6032 CLFS - ok
16:21:31.0661 6032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:21:31.0671 6032 clr_optimization_v2.0.50727_32 - ok
16:21:31.0751 6032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:21:31.0751 6032 clr_optimization_v4.0.30319_32 - ok
16:21:31.0791 6032 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:21:31.0791 6032 CmBatt - ok
16:21:31.0811 6032 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:21:31.0811 6032 cmdide - ok
16:21:31.0861 6032 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
16:21:31.0861 6032 CNG - ok
16:21:31.0921 6032 [ 58BC03301EC3052F866532946BF51AD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
16:21:31.0921 6032 CnxtHdAudService - ok
16:21:31.0981 6032 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:21:31.0981 6032 Compbatt - ok
16:21:32.0021 6032 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:21:32.0021 6032 CompositeBus - ok
16:21:32.0051 6032 COMSysApp - ok
16:21:32.0091 6032 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:21:32.0091 6032 crcdisk - ok
16:21:32.0161 6032 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:21:32.0161 6032 CryptSvc - ok
16:21:32.0211 6032 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
16:21:32.0211 6032 CSC - ok
16:21:32.0241 6032 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
16:21:32.0261 6032 CscService - ok
16:21:32.0331 6032 [ ECDB9665937F737A7AB26390A6C68573 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
16:21:32.0371 6032 ctxusbm - ok
16:21:32.0451 6032 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
16:21:32.0461 6032 DcomLaunch - ok
16:21:32.0501 6032 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:21:32.0511 6032 defragsvc - ok
16:21:32.0561 6032 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:21:32.0571 6032 DfsC - ok
16:21:32.0601 6032 dgderdrv - ok
16:21:32.0661 6032 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:21:32.0661 6032 Dhcp - ok
16:21:32.0701 6032 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:21:32.0701 6032 discache - ok
16:21:32.0771 6032 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:21:32.0791 6032 Disk - ok
16:21:32.0811 6032 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:21:32.0821 6032 Dnscache - ok
16:21:32.0841 6032 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
16:21:32.0841 6032 dot3svc - ok
16:21:32.0901 6032 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:21:32.0911 6032 Dot4 - ok
16:21:32.0951 6032 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:21:32.0951 6032 Dot4Print - ok
16:21:33.0001 6032 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:21:33.0001 6032 dot4usb - ok
16:21:33.0031 6032 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
16:21:33.0031 6032 DPS - ok
16:21:33.0071 6032 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:21:33.0071 6032 drmkaud - ok
16:21:33.0121 6032 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:21:33.0141 6032 DXGKrnl - ok
16:21:33.0161 6032 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:21:33.0161 6032 EapHost - ok
16:21:33.0301 6032 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:21:33.0391 6032 ebdrv - ok
16:21:33.0451 6032 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
16:21:33.0461 6032 EFS - ok
16:21:33.0611 6032 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:21:33.0621 6032 ehRecvr - ok
16:21:33.0661 6032 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:21:33.0661 6032 ehSched - ok
16:21:33.0721 6032 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:21:33.0741 6032 elxstor - ok
16:21:33.0751 6032 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:21:33.0751 6032 ErrDev - ok
16:21:33.0821 6032 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:21:33.0851 6032 EventSystem - ok
16:21:33.0931 6032 [ 95BCB4321962028799EB2EA53319BB0C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
16:21:33.0941 6032 ewusbnet - ok
16:21:34.0001 6032 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:21:34.0001 6032 ew_hwusbdev - ok
16:21:34.0041 6032 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:21:34.0041 6032 exfat - ok
16:21:34.0141 6032 Fabs - ok
16:21:34.0171 6032 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:21:34.0171 6032 fastfat - ok
16:21:34.0271 6032 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
16:21:34.0291 6032 Fax - ok
16:21:34.0311 6032 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:21:34.0311 6032 fdc - ok
16:21:34.0341 6032 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:21:34.0341 6032 fdPHost - ok
16:21:34.0351 6032 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:21:34.0361 6032 FDResPub - ok
16:21:34.0391 6032 fhgsjlna - ok
16:21:34.0411 6032 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:21:34.0421 6032 FileInfo - ok
16:21:34.0431 6032 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:21:34.0431 6032 Filetrace - ok
16:21:34.0651 6032 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:21:34.0771 6032 FirebirdServerMAGIXInstance - ok
16:21:34.0791 6032 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:21:34.0791 6032 flpydisk - ok
16:21:34.0831 6032 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:21:34.0841 6032 FltMgr - ok
16:21:34.0891 6032 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
16:21:34.0911 6032 FontCache - ok
16:21:34.0981 6032 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:21:34.0991 6032 FontCache3.0.0.0 - ok
16:21:35.0011 6032 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:21:35.0011 6032 FsDepends - ok
16:21:35.0051 6032 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:21:35.0061 6032 Fs_Rec - ok
16:21:35.0121 6032 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:21:35.0121 6032 fvevol - ok
16:21:35.0161 6032 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:21:35.0161 6032 gagp30kx - ok
16:21:35.0211 6032 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
16:21:35.0231 6032 gpsvc - ok
16:21:35.0351 6032 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:21:35.0361 6032 gupdate - ok
16:21:35.0381 6032 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:21:35.0381 6032 gupdatem - ok
16:21:35.0411 6032 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:21:35.0421 6032 hcw85cir - ok
16:21:35.0461 6032 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:21:35.0471 6032 HdAudAddService - ok
16:21:35.0521 6032 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:21:35.0531 6032 HDAudBus - ok
16:21:35.0541 6032 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:21:35.0541 6032 HidBatt - ok
16:21:35.0551 6032 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:21:35.0561 6032 HidBth - ok
16:21:35.0601 6032 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:21:35.0601 6032 HidIr - ok
16:21:35.0631 6032 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:21:35.0641 6032 hidserv - ok
16:21:35.0711 6032 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:21:35.0711 6032 HidUsb - ok
16:21:35.0741 6032 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:21:35.0741 6032 hkmsvc - ok
16:21:35.0761 6032 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:21:35.0761 6032 HomeGroupListener - ok
16:21:35.0791 6032 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:21:35.0801 6032 HomeGroupProvider - ok
16:21:35.0961 6032 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:21:35.0971 6032 hpqcxs08 - ok
16:21:36.0011 6032 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:21:36.0011 6032 hpqddsvc - ok
16:21:36.0061 6032 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:21:36.0061 6032 HpSAMD - ok
16:21:36.0151 6032 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:21:36.0161 6032 HPSLPSVC - ok
16:21:36.0211 6032 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:21:36.0221 6032 HTTP - ok
16:21:36.0291 6032 [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:21:36.0291 6032 huawei_enumerator - ok
16:21:36.0391 6032 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:21:36.0391 6032 hwdatacard - ok
16:21:36.0421 6032 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:21:36.0421 6032 hwpolicy - ok
16:21:36.0461 6032 hwusbdev - ok
16:21:36.0501 6032 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:21:36.0501 6032 i8042prt - ok
16:21:36.0551 6032 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:21:36.0551 6032 iaStorV - ok
16:21:36.0621 6032 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:21:36.0641 6032 idsvc - ok
16:21:36.0821 6032 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:21:36.0931 6032 igfx - ok
16:21:36.0991 6032 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:21:36.0991 6032 iirsp - ok
16:21:37.0071 6032 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
16:21:37.0101 6032 IKEEXT - ok
16:21:37.0111 6032 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:21:37.0111 6032 intelide - ok
16:21:37.0161 6032 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:21:37.0161 6032 intelppm - ok
16:21:37.0181 6032 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:21:37.0181 6032 IPBusEnum - ok
16:21:37.0201 6032 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:37.0201 6032 IpFilterDriver - ok
16:21:37.0231 6032 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:21:37.0251 6032 iphlpsvc - ok
16:21:37.0261 6032 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:21:37.0261 6032 IPMIDRV - ok
16:21:37.0281 6032 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:21:37.0281 6032 IPNAT - ok
16:21:37.0341 6032 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:21:37.0351 6032 IRENUM - ok
16:21:37.0381 6032 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:21:37.0381 6032 isapnp - ok
16:21:37.0411 6032 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:21:37.0421 6032 iScsiPrt - ok
16:21:37.0461 6032 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:21:37.0461 6032 kbdclass - ok
16:21:37.0511 6032 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:21:37.0511 6032 kbdhid - ok
16:21:37.0531 6032 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
16:21:37.0541 6032 KeyIso - ok
16:21:37.0581 6032 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:21:37.0581 6032 KSecDD - ok
16:21:37.0601 6032 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:21:37.0601 6032 KSecPkg - ok
16:21:37.0651 6032 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:21:37.0661 6032 KtmRm - ok
16:21:37.0701 6032 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
16:21:37.0711 6032 LanmanServer - ok
16:21:37.0741 6032 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:21:37.0741 6032 LanmanWorkstation - ok
16:21:37.0801 6032 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:21:37.0801 6032 lltdio - ok
16:21:37.0851 6032 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:21:37.0851 6032 lltdsvc - ok
16:21:37.0871 6032 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:21:37.0871 6032 lmhosts - ok
16:21:37.0921 6032 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:21:37.0931 6032 LSI_FC - ok
16:21:37.0951 6032 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:21:37.0951 6032 LSI_SAS - ok
16:21:37.0971 6032 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:21:37.0971 6032 LSI_SAS2 - ok
16:21:37.0981 6032 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:21:37.0981 6032 LSI_SCSI - ok
16:21:38.0001 6032 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:21:38.0011 6032 luafv - ok
16:21:38.0071 6032 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\Windows\system32\drivers\massfilter.sys
16:21:38.0071 6032 massfilter - ok
16:21:38.0121 6032 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:21:38.0121 6032 Mcx2Svc - ok
16:21:38.0141 6032 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:21:38.0141 6032 megasas - ok
16:21:38.0171 6032 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:21:38.0181 6032 MegaSR - ok
16:21:38.0211 6032 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:21:38.0211 6032 MMCSS - ok
16:21:38.0231 6032 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:21:38.0231 6032 Modem - ok
16:21:38.0281 6032 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:21:38.0281 6032 monitor - ok
16:21:38.0301 6032 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:21:38.0301 6032 mouclass - ok
16:21:38.0341 6032 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:21:38.0341 6032 mouhid - ok
16:21:38.0361 6032 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:21:38.0371 6032 mountmgr - ok
16:21:38.0451 6032 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:21:38.0461 6032 MozillaMaintenance - ok
16:21:38.0541 6032 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:21:38.0541 6032 MpFilter - ok
16:21:38.0571 6032 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:21:38.0571 6032 mpio - ok
16:21:38.0711 6032 [ A69630D039C38018689190234F866D77 ] MpKslf5289976 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{183E14C0-6B86-4355-87DA-07A9C56B603B}\MpKslf5289976.sys
16:21:38.0711 6032 MpKslf5289976 - ok
16:21:38.0771 6032 [ 2C3489660D4A8D514C123C3F0D67DF46 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
16:21:38.0771 6032 MpNWMon - ok
16:21:38.0791 6032 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:21:38.0791 6032 mpsdrv - ok
16:21:38.0871 6032 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
16:21:38.0881 6032 MpsSvc - ok
16:21:38.0921 6032 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:21:38.0921 6032 MRxDAV - ok
16:21:38.0991 6032 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:39.0001 6032 mrxsmb - ok
16:21:39.0041 6032 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:39.0051 6032 mrxsmb10 - ok
16:21:39.0071 6032 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:39.0071 6032 mrxsmb20 - ok
16:21:39.0101 6032 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:21:39.0101 6032 msahci - ok
16:21:39.0121 6032 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:21:39.0121 6032 msdsm - ok
16:21:39.0151 6032 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:21:39.0151 6032 MSDTC - ok
16:21:39.0201 6032 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:21:39.0201 6032 Msfs - ok
16:21:39.0221 6032 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:21:39.0221 6032 mshidkmdf - ok
16:21:39.0231 6032 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:21:39.0231 6032 msisadrv - ok
16:21:39.0291 6032 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:21:39.0301 6032 MSiSCSI - ok
16:21:39.0301 6032 msiserver - ok
16:21:39.0371 6032 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:21:39.0371 6032 MSKSSRV - ok
16:21:39.0511 6032 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:21:39.0511 6032 MsMpSvc - ok
16:21:39.0561 6032 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:39.0561 6032 MSPCLOCK - ok
16:21:39.0571 6032 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:21:39.0571 6032 MSPQM - ok
16:21:39.0591 6032 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:21:39.0591 6032 MsRPC - ok
16:21:39.0611 6032 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:21:39.0611 6032 mssmbios - ok
16:21:39.0631 6032 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:21:39.0631 6032 MSTEE - ok
16:21:39.0631 6032 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:21:39.0641 6032 MTConfig - ok
16:21:39.0651 6032 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:21:39.0651 6032 Mup - ok
16:21:39.0691 6032 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
16:21:39.0691 6032 napagent - ok
16:21:39.0741 6032 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:21:39.0751 6032 NativeWifiP - ok
16:21:39.0801 6032 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:21:39.0821 6032 NDIS - ok
16:21:39.0871 6032 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:21:39.0871 6032 NdisCap - ok
16:21:39.0911 6032 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:39.0921 6032 NdisTapi - ok
16:21:39.0961 6032 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:39.0961 6032 Ndisuio - ok
16:21:39.0971 6032 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:39.0981 6032 NdisWan - ok
16:21:39.0991 6032 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:21:39.0991 6032 NDProxy - ok
16:21:40.0081 6032 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:21:40.0091 6032 Net Driver HPZ12 - ok
16:21:40.0141 6032 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:21:40.0141 6032 NetBIOS - ok
16:21:40.0151 6032 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:21:40.0161 6032 NetBT - ok
16:21:40.0181 6032 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
16:21:40.0181 6032 Netlogon - ok
16:21:40.0261 6032 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:21:40.0271 6032 Netman - ok
16:21:40.0301 6032 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:21:40.0301 6032 netprofm - ok
16:21:40.0331 6032 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:21:40.0341 6032 NetTcpPortSharing - ok
16:21:40.0391 6032 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:21:40.0391 6032 nfrd960 - ok
16:21:40.0441 6032 [ 7B01C6172CFD0B10116175E09200D4B4 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:21:40.0441 6032 NisDrv - ok
16:21:40.0491 6032 [ A5CB074F34BBD89948E34A630D459C0C ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:21:40.0491 6032 NisSrv - ok
16:21:40.0511 6032 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
16:21:40.0521 6032 NlaSvc - ok
16:21:40.0541 6032 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:21:40.0541 6032 Npfs - ok
16:21:40.0551 6032 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:21:40.0561 6032 nsi - ok
16:21:40.0571 6032 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:21:40.0571 6032 nsiproxy - ok
16:21:40.0651 6032 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:21:40.0681 6032 Ntfs - ok
16:21:40.0711 6032 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:21:40.0711 6032 Null - ok
16:21:40.0761 6032 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:21:40.0771 6032 nvraid - ok
16:21:40.0811 6032 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:21:40.0841 6032 nvstor - ok
16:21:40.0871 6032 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:21:40.0871 6032 nv_agp - ok
16:21:40.0981 6032 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:21:40.0991 6032 odserv - ok
16:21:41.0021 6032 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:21:41.0021 6032 ohci1394 - ok
16:21:41.0091 6032 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:21:41.0101 6032 ose - ok
16:21:41.0131 6032 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:21:41.0141 6032 p2pimsvc - ok
16:21:41.0171 6032 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:21:41.0181 6032 p2psvc - ok
16:21:41.0221 6032 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:21:41.0221 6032 Parport - ok
16:21:41.0261 6032 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:21:41.0281 6032 partmgr - ok
16:21:41.0301 6032 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:21:41.0311 6032 Parvdm - ok
16:21:41.0331 6032 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:21:41.0331 6032 PcaSvc - ok
16:21:41.0351 6032 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
16:21:41.0361 6032 pci - ok
16:21:41.0381 6032 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:21:41.0381 6032 pciide - ok
16:21:41.0411 6032 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:21:41.0411 6032 pcmcia - ok
16:21:41.0421 6032 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:21:41.0431 6032 pcw - ok
16:21:41.0481 6032 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:21:41.0511 6032 PEAUTH - ok
16:21:41.0761 6032 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:21:41.0781 6032 PeerDistSvc - ok
16:21:41.0971 6032 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
16:21:42.0021 6032 pla - ok
16:21:42.0101 6032 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:21:42.0111 6032 PlugPlay - ok
16:21:42.0181 6032 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:21:42.0201 6032 Pml Driver HPZ12 - ok
16:21:42.0211 6032 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:21:42.0221 6032 PNRPAutoReg - ok
16:21:42.0241 6032 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:21:42.0251 6032 PNRPsvc - ok
16:21:42.0311 6032 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:21:42.0321 6032 PolicyAgent - ok
16:21:42.0351 6032 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
16:21:42.0361 6032 Power - ok
16:21:42.0421 6032 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:21:42.0431 6032 PptpMiniport - ok
16:21:42.0461 6032 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:21:42.0471 6032 Processor - ok
16:21:42.0511 6032 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
16:21:42.0521 6032 ProfSvc - ok
16:21:42.0551 6032 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:21:42.0551 6032 ProtectedStorage - ok
16:21:42.0591 6032 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:21:42.0591 6032 Psched - ok
16:21:42.0831 6032 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:21:42.0851 6032 ql2300 - ok
16:21:42.0881 6032 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:21:42.0881 6032 ql40xx - ok
16:21:42.0911 6032 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:21:42.0921 6032 QWAVE - ok
16:21:42.0941 6032 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:21:42.0941 6032 QWAVEdrv - ok
16:21:42.0951 6032 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:21:42.0951 6032 RasAcd - ok
16:21:43.0011 6032 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:21:43.0011 6032 RasAgileVpn - ok
16:21:43.0031 6032 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:21:43.0041 6032 RasAuto - ok
16:21:43.0081 6032 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:43.0081 6032 Rasl2tp - ok
16:21:43.0151 6032 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
16:21:43.0161 6032 RasMan - ok
16:21:43.0171 6032 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:43.0171 6032 RasPppoe - ok
16:21:43.0221 6032 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:21:43.0221 6032 RasSstp - ok
16:21:43.0261 6032 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:21:43.0271 6032 rdbss - ok
16:21:43.0291 6032 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:21:43.0291 6032 rdpbus - ok
16:21:43.0311 6032 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:43.0311 6032 RDPCDD - ok
16:21:43.0341 6032 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:21:43.0351 6032 RDPDR - ok
16:21:43.0391 6032 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:21:43.0401 6032 RDPENCDD - ok
16:21:43.0441 6032 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:21:43.0441 6032 RDPREFMP - ok
16:21:43.0501 6032 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:21:43.0521 6032 RDPWD - ok
16:21:43.0541 6032 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:21:43.0541 6032 rdyboost - ok
16:21:43.0581 6032 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:21:43.0591 6032 RemoteAccess - ok
16:21:43.0621 6032 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:21:43.0631 6032 RemoteRegistry - ok
16:21:43.0681 6032 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:21:43.0701 6032 RFCOMM - ok
16:21:43.0741 6032 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:21:43.0741 6032 RpcEptMapper - ok
16:21:43.0781 6032 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:21:43.0781 6032 RpcLocator - ok
16:21:43.0811 6032 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
16:21:43.0811 6032 RpcSs - ok
16:21:43.0861 6032 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:21:43.0861 6032 rspndr - ok
16:21:43.0941 6032 [ 80B66A4181F782884A815E69D0AFA743 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:21:43.0941 6032 RTL8167 - ok
16:21:43.0981 6032 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
16:21:43.0981 6032 s3cap - ok
16:21:44.0001 6032 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
16:21:44.0011 6032 SamSs - ok
16:21:44.0051 6032 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:21:44.0051 6032 sbp2port - ok
16:21:44.0081 6032 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:21:44.0081 6032 SCardSvr - ok
16:21:44.0101 6032 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:21:44.0101 6032 scfilter - ok
16:21:44.0261 6032 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
16:21:44.0281 6032 Schedule - ok
16:21:44.0301 6032 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:21:44.0301 6032 SCPolicySvc - ok
16:21:44.0361 6032 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:21:44.0361 6032 sdbus - ok
16:21:44.0381 6032 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:21:44.0391 6032 SDRSVC - ok
16:21:44.0491 6032 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:21:44.0491 6032 SeaPort - ok
16:21:44.0541 6032 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:21:44.0541 6032 secdrv - ok
16:21:44.0561 6032 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:21:44.0571 6032 seclogon - ok
16:21:44.0611 6032 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:21:44.0641 6032 SENS - ok
16:21:44.0691 6032 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:21:44.0701 6032 SensrSvc - ok
16:21:44.0761 6032 [ 268DC6A0EA10A494B369E94525742589 ] Ser2at C:\Windows\system32\DRIVERS\ser2at.sys
16:21:44.0812 6032 Ser2at - ok
16:21:44.0832 6032 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:21:44.0842 6032 Serenum - ok
16:21:44.0862 6032 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:21:44.0862 6032 Serial - ok
16:21:44.0872 6032 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:21:44.0872 6032 sermouse - ok
16:21:44.0902 6032 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
16:21:44.0912 6032 SessionEnv - ok
16:21:44.0952 6032 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:21:44.0952 6032 sffdisk - ok
16:21:44.0972 6032 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:21:44.0972 6032 sffp_mmc - ok
16:21:44.0982 6032 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:21:44.0982 6032 sffp_sd - ok
16:21:44.0992 6032 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:21:44.0992 6032 sfloppy - ok
16:21:45.0052 6032 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:21:45.0052 6032 SharedAccess - ok
16:21:45.0082 6032 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:21:45.0092 6032 ShellHWDetection - ok
16:21:45.0102 6032 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
16:21:45.0102 6032 sisagp - ok
16:21:45.0152 6032 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:21:45.0152 6032 SiSRaid2 - ok
16:21:45.0172 6032 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:21:45.0182 6032 SiSRaid4 - ok
16:21:45.0212 6032 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:21:45.0212 6032 Smb - ok
16:21:45.0282 6032 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:21:45.0292 6032 SNMPTRAP - ok
16:21:45.0322 6032 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:21:45.0322 6032 spldr - ok
16:21:45.0382 6032 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
16:21:45.0392 6032 Spooler - ok
16:21:45.0492 6032 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
16:21:45.0572 6032 sppsvc - ok
16:21:45.0592 6032 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:21:45.0602 6032 sppuinotify - ok
16:21:45.0642 6032 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:21:45.0652 6032 srv - ok
16:21:45.0672 6032 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:21:45.0672 6032 srv2 - ok
16:21:45.0742 6032 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:21:45.0742 6032 SrvHsfHDA - ok
16:21:45.0792 6032 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:21:45.0822 6032 SrvHsfV92 - ok
16:21:45.0882 6032 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:21:45.0902 6032 SrvHsfWinac - ok
16:21:45.0952 6032 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:21:45.0952 6032 srvnet - ok
16:21:46.0002 6032 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
16:21:46.0012 6032 ssadbus - ok
16:21:46.0042 6032 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:21:46.0042 6032 ssadmdfl - ok
16:21:46.0062 6032 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
16:21:46.0062 6032 ssadmdm - ok
16:21:46.0082 6032 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
16:21:46.0082 6032 ssadserd - ok
16:21:46.0122 6032 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:21:46.0122 6032 SSDPSRV - ok
16:21:46.0152 6032 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:21:46.0152 6032 SstpSvc - ok
16:21:46.0182 6032 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:21:46.0182 6032 stexstor - ok
16:21:46.0212 6032 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
16:21:46.0242 6032 StiSvc - ok
16:21:46.0272 6032 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
16:21:46.0272 6032 storflt - ok
16:21:46.0312 6032 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:21:46.0312 6032 StorSvc - ok
16:21:46.0372 6032 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
16:21:46.0372 6032 storvsc - ok
16:21:46.0392 6032 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:21:46.0392 6032 swenum - ok
16:21:46.0412 6032 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:21:46.0422 6032 swprv - ok
16:21:46.0462 6032 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
16:21:46.0492 6032 SysMain - ok
16:21:46.0512 6032 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:21:46.0522 6032 TabletInputService - ok
16:21:46.0542 6032 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
16:21:46.0552 6032 TapiSrv - ok
16:21:46.0572 6032 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:21:46.0572 6032 TBS - ok
16:21:46.0642 6032 [ 56C198AC82EFA622DD93E9E43575F79C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:21:46.0682 6032 Tcpip - ok
16:21:46.0742 6032 [ 56C198AC82EFA622DD93E9E43575F79C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:21:46.0752 6032 TCPIP6 - ok
16:21:46.0802 6032 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:21:46.0802 6032 tcpipreg - ok
16:21:46.0842 6032 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:21:46.0842 6032 TDPIPE - ok
16:21:46.0872 6032 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:21:46.0872 6032 TDTCP - ok
16:21:46.0892 6032 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:21:46.0892 6032 tdx - ok
16:21:46.0902 6032 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:21:46.0912 6032 TermDD - ok
16:21:46.0942 6032 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
16:21:46.0962 6032 TermService - ok
16:21:46.0992 6032 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:21:46.0992 6032 Themes - ok
16:21:47.0012 6032 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:21:47.0012 6032 THREADORDER - ok
16:21:47.0122 6032 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
16:21:47.0122 6032 TomTomHOMEService - ok
16:21:47.0172 6032 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:21:47.0172 6032 TrkWks - ok
16:21:47.0222 6032 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:21:47.0232 6032 TrustedInstaller - ok
16:21:47.0252 6032 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:47.0262 6032 tssecsrv - ok
16:21:47.0322 6032 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:21:47.0322 6032 tunnel - ok
16:21:47.0342 6032 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:21:47.0342 6032 uagp35 - ok
16:21:47.0382 6032 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:21:47.0382 6032 udfs - ok
16:21:47.0422 6032 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:21:47.0422 6032 UI0Detect - ok
16:21:47.0462 6032 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:21:47.0462 6032 uliagpkx - ok
16:21:47.0482 6032 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:21:47.0492 6032 umbus - ok
16:21:47.0512 6032 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:21:47.0512 6032 UmPass - ok
16:21:47.0582 6032 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
16:21:47.0592 6032 UmRdpService - ok
16:21:47.0632 6032 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:21:47.0642 6032 upnphost - ok
16:21:47.0762 6032 [ 2F791A77655E6F61A21482F200C3864D ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
16:21:47.0922 6032 UPnPService - ok
16:21:47.0982 6032 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:21:47.0992 6032 usbaudio - ok
16:21:48.0002 6032 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:48.0012 6032 usbccgp - ok
16:21:48.0032 6032 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:21:48.0042 6032 usbcir - ok
16:21:48.0072 6032 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:21:48.0072 6032 usbehci - ok
16:21:48.0122 6032 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:21:48.0122 6032 usbhub - ok
16:21:48.0142 6032 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:21:48.0142 6032 usbohci - ok
16:21:48.0192 6032 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:21:48.0192 6032 usbprint - ok
16:21:48.0252 6032 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:21:48.0252 6032 usbscan - ok
16:21:48.0282 6032 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:48.0292 6032 USBSTOR - ok
16:21:48.0302 6032 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:21:48.0302 6032 usbuhci - ok
16:21:48.0342 6032 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:21:48.0352 6032 UxSms - ok
16:21:48.0362 6032 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
16:21:48.0372 6032 VaultSvc - ok
16:21:48.0392 6032 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:21:48.0392 6032 vdrvroot - ok
16:21:48.0422 6032 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
16:21:48.0452 6032 vds - ok
16:21:48.0492 6032 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:48.0492 6032 vga - ok
16:21:48.0512 6032 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:21:48.0522 6032 VgaSave - ok
16:21:48.0532 6032 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:21:48.0532 6032 vhdmp - ok
16:21:48.0562 6032 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
16:21:48.0572 6032 viaagp - ok
16:21:48.0592 6032 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:21:48.0592 6032 ViaC7 - ok
16:21:48.0622 6032 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:21:48.0622 6032 viaide - ok
16:21:48.0652 6032 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
16:21:48.0652 6032 vmbus - ok
16:21:48.0682 6032 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
16:21:48.0682 6032 VMBusHID - ok
16:21:48.0702 6032 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:21:48.0702 6032 volmgr - ok
16:21:48.0722 6032 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:21:48.0732 6032 volmgrx - ok
16:21:48.0762 6032 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:21:48.0762 6032 volsnap - ok
16:21:48.0802 6032 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:21:48.0802 6032 vsmraid - ok
16:21:48.0862 6032 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
16:21:48.0892 6032 VSS - ok
16:21:48.0912 6032 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:21:48.0922 6032 vwifibus - ok
16:21:48.0962 6032 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:21:48.0962 6032 vwififlt - ok
16:21:49.0022 6032 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:21:49.0022 6032 vwifimp - ok
16:21:49.0062 6032 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:21:49.0072 6032 W32Time - ok
16:21:49.0092 6032 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:21:49.0102 6032 WacomPen - ok
16:21:49.0142 6032 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:21:49.0142 6032 WANARP - ok
16:21:49.0152 6032 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:21:49.0152 6032 Wanarpv6 - ok
16:21:49.0232 6032 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:21:49.0272 6032 WatAdminSvc - ok
16:21:49.0312 6032 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
16:21:49.0352 6032 wbengine - ok
16:21:49.0372 6032 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:21:49.0382 6032 WbioSrvc - ok
16:21:49.0422 6032 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:21:49.0432 6032 wcncsvc - ok
16:21:49.0452 6032 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:21:49.0452 6032 WcsPlugInService - ok
16:21:49.0482 6032 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:21:49.0482 6032 Wd - ok
16:21:49.0512 6032 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:21:49.0522 6032 Wdf01000 - ok
16:21:49.0552 6032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:21:49.0562 6032 WdiServiceHost - ok
16:21:49.0562 6032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:21:49.0572 6032 WdiSystemHost - ok
16:21:49.0622 6032 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
16:21:49.0632 6032 WebClient - ok
16:21:49.0652 6032 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:21:49.0662 6032 Wecsvc - ok
16:21:49.0682 6032 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:21:49.0682 6032 wercplsupport - ok
16:21:49.0732 6032 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:21:49.0742 6032 WerSvc - ok
16:21:49.0752 6032 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:21:49.0752 6032 WfpLwf - ok
16:21:49.0772 6032 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:21:49.0782 6032 WIMMount - ok
16:21:49.0842 6032 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:21:49.0862 6032 WinDefend - ok
16:21:49.0872 6032 WinHttpAutoProxySvc - ok
16:21:49.0942 6032 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:21:49.0942 6032 Winmgmt - ok
16:21:50.0002 6032 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
16:21:50.0032 6032 WinRM - ok
16:21:50.0102 6032 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:21:50.0102 6032 WinUsb - ok
16:21:50.0152 6032 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:21:50.0182 6032 Wlansvc - ok
16:21:50.0262 6032 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:21:50.0262 6032 wlcrasvc - ok
16:21:50.0362 6032 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:21:50.0412 6032 wlidsvc - ok
16:21:50.0462 6032 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:21:50.0462 6032 WmiAcpi - ok
16:21:50.0502 6032 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:21:50.0502 6032 wmiApSrv - ok
16:21:50.0602 6032 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:21:50.0642 6032 WMPNetworkSvc - ok
16:21:50.0672 6032 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:21:50.0672 6032 WPCSvc - ok
16:21:50.0692 6032 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:21:50.0692 6032 WPDBusEnum - ok
16:21:50.0712 6032 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:21:50.0712 6032 ws2ifsl - ok
16:21:50.0752 6032 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
16:21:50.0752 6032 wscsvc - ok
16:21:50.0762 6032 WSearch - ok
16:21:50.0852 6032 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:21:50.0912 6032 wuauserv - ok
16:21:50.0962 6032 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:21:50.0972 6032 WudfPf - ok
16:21:51.0012 6032 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:51.0022 6032 WUDFRd - ok
16:21:51.0062 6032 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:21:51.0072 6032 wudfsvc - ok
16:21:51.0102 6032 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:21:51.0112 6032 WwanSvc - ok
16:21:51.0202 6032 ================ Scan global ===============================
16:21:51.0242 6032 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
16:21:51.0282 6032 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
16:21:51.0302 6032 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
16:21:51.0342 6032 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:21:51.0382 6032 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:21:51.0392 6032 [Global] - ok
16:21:51.0392 6032 ================ Scan MBR ==================================
16:21:51.0402 6032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:21:51.0612 6032 \Device\Harddisk0\DR0 - ok
16:21:51.0612 6032 ================ Scan VBR ==================================
16:21:51.0622 6032 [ 38C5839B2F2285D6F50AF3BBCAEF64CF ] \Device\Harddisk0\DR0\Partition1
16:21:51.0622 6032 \Device\Harddisk0\DR0\Partition1 - ok
16:21:51.0642 6032 [ 4B84D80BD04D4D8BEEDF36EDE36709E5 ] \Device\Harddisk0\DR0\Partition2
16:21:51.0642 6032 \Device\Harddisk0\DR0\Partition2 - ok
16:21:51.0642 6032 ============================================================
16:21:51.0642 6032 Scan finished
16:21:51.0642 6032 ============================================================
16:21:51.0662 6056 Detected object count: 0
16:21:51.0662 6056 Actual detected object count: 0

Alt 22.02.2013, 16:26   #10
markusg
/// Malware-holic
 
Polizei Trojaner - Standard

Polizei Trojaner



bitte anleitung noch mal lesen, tdss killer konfigurieren wie auf dem Bild.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.02.2013, 17:09   #11
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



Kann den Anhang nicht senden!

Alt 22.02.2013, 17:12   #12
markusg
/// Malware-holic
 
Polizei Trojaner - Standard

Polizei Trojaner



gehts vllt noch ungenauer, warum nicht? evtl. packen wenn zu groß.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.02.2013, 17:16   #13
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



pdf. im Anhang
Angehängte Dateien
Dateityp: pdf TXTXT - Editor.pdf (129,2 KB, 173x aufgerufen)

Alt 22.02.2013, 17:18   #14
markusg
/// Malware-holic
 
Polizei Trojaner - Standard

Polizei Trojaner



wieso pdf, das log wird als txt gespeichert, so hätte ichs gern
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.02.2013, 17:22   #15
deepnoise
 
Polizei Trojaner - Standard

Polizei Trojaner



wie kann ich packen?

Antwort

Themen zu Polizei Trojaner
einzige, ellung, geholfen, gesuch, gesucht, möglichkeiten, polizei, polizei trojaner, systemwiederherstellung, troja, trojane, trojaner



Ähnliche Themen: Polizei Trojaner


  1. GVU Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (26)
  2. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  3. Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (17)
  4. Polizei-Trojaner, ist er weg?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (1)
  5. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  6. Polizei Trojaner
    Log-Analyse und Auswertung - 24.10.2012 (8)
  7. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (6)
  8. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (9)
  9. Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (10)
  10. Polizei Trojaner
    Log-Analyse und Auswertung - 29.09.2012 (2)
  11. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  12. Polizei Trojaner
    Log-Analyse und Auswertung - 03.09.2012 (3)
  13. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (13)
  14. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (12)
  15. Polizei Trojaner
    Log-Analyse und Auswertung - 14.08.2012 (4)
  16. GVU/ Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  17. Polizei Trojaner
    Diskussionsforum - 21.11.2007 (64)

Zum Thema Polizei Trojaner - Hallo! Ich habe mir den polizei trojaner eingefangen. Ich habe schon im netz gesucht und div. möglichkeiten probiert. Das einzige was geholfen hat war mit der Systemwiederherstellung, allerdings habe ich - Polizei Trojaner...
Archiv
Du betrachtest: Polizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.