| |
| |||||||
Log-Analyse und Auswertung: emailadresse verschickt spamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.04.2013, 13:07
| #1 |
 |  emailadresse verschickt spam Hallo Leute, der folgende Rechner verschickt seit geraumer Zeit täglich Spam-Mails an unbekannte Adressen („Inkassoschreiben“). Auf dem Rechner befindet sich eine aktuelle Microsoft Security Essentials-Version. Der letzte (schnell)Scan ist vom 08.04. In einer der letzten Scans wurde eine Win32/autorun!inf auf f: (vermutlich UBS) gefunden (welcher in Quarantäne ist). Software/windowsupdates werden (gerade) durchgeführt. Ein vollständiger Suchdurchlauf von mbam: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.18.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Heike :: *** [Administrator] 18.04.2013 12:03:04 mbam-log-2013-04-18 (12-03-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343525 Laufzeit: 1 Stunde(n), 45 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von Atina (18.04.2013 um 13:18 Uhr) |
|
18.04.2013, 13:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | emailadresse verschickt spam Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.04.2013, 13:29
| #3 |
| | emailadresse verschickt spam Ein GMER Scan liegt noch vor:
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-18 14:27:32
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD800JD-08MSA1 rev.10.01E01 74,54GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Heike\AppData\Local\Temp\kwdoipog.sys
---- Kernel code sections - GMER 2.1 ----
? system32\DRIVERS\PROCDD.SYS Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1340] ntdll.dll!LdrLoadDll 77289378 5 Bytes JMP 60BA6D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1340] kernel32.dll!HeapSetInformation + 26 76B9A8B0 7 Bytes JMP 60BC1C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1340] kernel32.dll!LockResource + C 76BB6ACB 7 Bytes JMP 60EFD713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1340] kernel32.dll!VirtualAllocEx + 54 76BBAF50 7 Bytes JMP 60EFD736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1340] GDI32.dll!SetStretchBltMode + 256 76DF745C 7 Bytes JMP 60EFD694 C:\Program Files\Mozilla Firefox\xul.dll
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
""" Rootkitscan mit GMER Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig) Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest. Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen: WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ? Unbedingt auf "No" klicken. Entferne rechts den Haken bei: IAT/EAT und Show All Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken. Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft. Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet. """ |
|
18.04.2013, 13:30
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | emailadresse verschickt spam GMER ist kein Virenscanner, sondern ein Anti-Rookit-Tool. Ich wolte aber wissen, ob der Virenscanner bei diesem Rechner jemals fündig wurde und wenn ja, wollte ich die Logs dazu sehen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.04.2013, 13:33
| #5 |
| | emailadresse verschickt spam Bis auf folgendes, kann ich dazu nichts weiter sagen. Ein weiterer Virenscanner war und ist nicht installiert. Daher keine weiteren Funde. Ein mbam Scan aus 2012 ist noch vorhanden, (keine) Funde, ansonsten nichts... "Auf dem Rechner befindet sich eine aktuelle Microsoft Security Essentials-Version. Der letzte (schnell)Scan ist vom 08.04. In einer der letzten Scans wurde eine Win32/autorun!inf auf f: (vermutlich UBS) gefunden (welcher in Quarantäne ist)." |
|
18.04.2013, 13:35
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | emailadresse verschickt spam Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ --> emailadresse verschickt spam |
|
18.04.2013, 13:48
| #7 |
| | emailadresse verschickt spam OTL.txt Code:
ATTFilter OTL logfile created on: 18.04.2013 14:36:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 46,32% Memory free 4,00 Gb Paging File | 2,80 Gb Available in Paging File | 69,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,21 Gb Total Space | 3,70 Gb Free Space | 5,35% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.) PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll () MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PROCDD) -- system32\DRIVERS\PROCDD.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (kwdoipog) -- C:\Users\***\AppData\Local\Temp\kwdoipog.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.) DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKLM\..\SearchScopes,DefaultScope = {A537DD92-568B-4D03-B7DF-BD7C5285681C} IE - HKLM\..\SearchScopes\{A537DD92-568B-4D03-B7DF-BD7C5285681C}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=101702 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {A537DD92-568B-4D03-B7DF-BD7C5285681C} IE - HKCU\..\SearchScopes\{A537DD92-568B-4D03-B7DF-BD7C5285681C}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\..\SearchScopes\{DB944F20-2B82-44C7-870D-6BEC5ACF98F5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=33d4a297-f124-4853-8696-797f40bad524&apn_sauid=E9A7B184-A4A4-4970-8BA8-10037A87859C IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.17 07:46:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2004.01.01 01:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.18 13:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions [2013.04.18 13:28:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.18 13:28:41 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\firefox@ghostery.com [2013.04.18 13:28:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\ich@maltegoetz.de [2012.05.13 09:50:09 | 000,002,404 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cdqgoz7k.default\searchplugins\askcom.xml [2013.04.17 07:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.17 07:46:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.17 07:45:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.17 07:45:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.17 07:45:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.17 07:45:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.17 07:45:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.17 07:45:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA83122A-07F8-48A5-8696-A7F39FA8CC4D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC60E0C-770F-4F0E-93E0-8841EB3DD5CF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.18 13:31:21 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.18 13:31:21 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.18 13:27:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2013.04.18 13:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.18 13:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013.04.18 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Schul Curriculum [2013.04.18 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HP drucker verknüpfg [2013.04.18 11:55:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.17 21:29:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.17 21:29:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.17 21:29:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.17 21:29:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.17 21:29:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.17 21:29:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.17 21:29:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.17 21:28:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.17 07:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.13 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Venedig etc [2013.04.10 07:28:27 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 07:28:27 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 07:28:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 07:28:07 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.10 07:21:09 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.03.22 15:50:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys ========== Files - Modified Within 30 Days ========== [2013.04.18 13:53:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 13:53:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 13:31:21 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.18 13:31:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.18 13:27:05 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.18 13:22:24 | 022,916,830 | ---- | M] () -- C:\Users\***\Documents\vlc-2.0.5-win32.exe [2013.04.18 13:14:42 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2013.04.18 13:03:23 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.04.18 12:00:47 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.18 11:55:02 | 000,017,886 | ---- | M] () -- C:\Users\***\Documents\cc_20130418_115453.reg [2013.04.18 11:53:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.17 21:43:57 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.17 21:43:56 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.17 21:43:56 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.17 21:43:56 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.17 21:35:41 | 000,368,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.17 21:34:30 | 2012,405,760 | -HS- | M] () -- C:\hiberfil.sys [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.04 10:48:37 | 000,418,411 | ---- | M] () -- C:\Users\***\Documents\Scan0043.pdf [2013.04.04 09:13:52 | 000,423,365 | ---- | M] () -- C:\Users\***\Documents\Scan0042.pdf [2013.04.04 07:41:54 | 000,370,403 | ---- | M] () -- C:\Users\***\Documents\Scan0041.pdf [2013.04.04 07:41:17 | 000,233,383 | ---- | M] () -- C:\Users\***\Documents\Scan0040.pdf [2013.04.04 07:40:32 | 000,219,780 | ---- | M] () -- C:\Users\***\Documents\Scan0039.pdf [2013.04.03 19:14:53 | 000,677,090 | ---- | M] () -- C:\Users\***\Documents\Scan0038.pdf [2013.04.03 19:13:49 | 000,212,573 | ---- | M] () -- C:\Users\***\Documents\Scan0037.pdf [2013.04.02 16:57:36 | 000,463,116 | ---- | M] () -- C:\Users\***\Documents\Scan0036.pdf [2013.04.02 12:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.03.24 12:54:12 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk ========== Files Created - No Company Name ========== [2013.04.18 13:27:05 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.18 13:20:50 | 022,916,830 | ---- | C] () -- C:\Users\***\Documents\vlc-2.0.5-win32.exe [2013.04.18 13:03:23 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013.04.18 12:00:47 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.18 11:55:00 | 000,017,886 | ---- | C] () -- C:\Users\***\Documents\cc_20130418_115453.reg [2013.04.04 10:48:37 | 000,418,411 | ---- | C] () -- C:\Users\***\Documents\Scan0043.pdf [2013.04.04 09:13:52 | 000,423,365 | ---- | C] () -- C:\Users\***\Documents\Scan0042.pdf [2013.04.04 07:41:54 | 000,370,403 | ---- | C] () -- C:\Users\***\Documents\Scan0041.pdf [2013.04.04 07:41:16 | 000,233,383 | ---- | C] () -- C:\Users\***\Documents\Scan0040.pdf [2013.04.04 07:40:32 | 000,219,780 | ---- | C] () -- C:\Users\***\Documents\Scan0039.pdf [2013.04.03 19:14:52 | 000,677,090 | ---- | C] () -- C:\Users\***\Documents\Scan0038.pdf [2013.04.03 19:13:48 | 000,212,573 | ---- | C] () -- C:\Users\***\Documents\Scan0037.pdf [2013.04.02 16:57:35 | 000,463,116 | ---- | C] () -- C:\Users\***\Documents\Scan0036.pdf [2013.03.24 12:54:12 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk [2012.04.15 17:36:51 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2012.03.16 19:14:57 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini [2012.01.15 17:13:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2011.12.18 07:53:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.12.18 07:53:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.12.18 07:52:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.12.18 07:52:03 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.13 00:22:11 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.01 09:14:44 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.04.2013 14:36:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 46,32% Memory free
4,00 Gb Paging File | 2,80 Gb Available in Paging File | 69,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,21 Gb Total Space | 3,70 Gb Free Space | 5,35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0842A158-3D32-4AED-B4CF-41544E86C8CE}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{1A199FBE-74D8-4C1A-85BF-A1725069B402}" = lport=445 | protocol=6 | dir=in | app=system |
"{1AC4E986-EA5C-4AB1-8F7D-0980AC2C7289}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C63919E-AE0C-4058-943F-7F4E01CDF9FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A55DF0F-1B60-4935-A02F-944CC4478960}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E0A0F36-7424-4CE4-AB87-8C2A7C6FF18C}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{8431C6E5-5B98-4ECF-9233-0D1D46FE4317}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CA4F74A2-850B-4F3D-87F1-5219C6F3E06C}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{D3C41FE5-CF9B-4E80-A4EE-E38EE6207A39}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE2C8E1F-72A7-4754-BC45-4F89087306F4}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFA9F5F2-AC71-49FB-BDA7-B99748E89947}" = lport=137 | protocol=17 | dir=in | app=system |
"{E028A655-0DAB-4B9A-9C35-FCB3FFAA61E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED917DD1-3A61-4C10-A539-659DAA5221A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE0BE00C-FBE0-41AC-AFE3-043D166499D2}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B697008-C009-40A9-B789-1D6DE939B1F6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{2EE88B89-FD7B-4DFA-886C-16300272B20D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4106E108-CA8B-4903-8528-E78A4A89AD92}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{4C57F9E7-A549-4D64-8632-EBB47193134E}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{6AD15296-C3F7-4B92-AEC9-A6447D24105C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75FA4284-4540-461E-9562-8ACCD47C667B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8F8291AC-862F-41C3-97A6-5C26C9BEC302}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9C4F54DE-AE00-4A58-B8F5-789A85B7B6E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5FAD6EF-C4D3-4BCE-B0BD-ACE22CB53271}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B0745AB1-012D-480A-ABD9-400D400BFF0B}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{BF7AA649-E438-432F-A1FA-B7710E34F1FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D40774CC-AB18-477B-B92D-54E4A33B845C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D4F17648-EAB7-491A-BFBA-9A58DA9C4AD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6129C1E-7488-449A-8E7F-0E22426860ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EB3FB244-1F5A-423E-9A7B-BEC4666DA6E3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{5393EA08-9772-4328-9145-4ABD7E1A823E}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F57F765D-F5C0-4C1E-8AC2-C9B369914625}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B92F401D-22F8-44ED-8AD9-9AFACC543593}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C753BCD2-C811-4559-B615-87DCC42CAC57}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06973580-503D-B2F8-B932-C6FFF6DE7615}" = CCC Help Chinese Traditional
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0ADB6A81-F35D-4040-36CE-C50206F09737}" = CCC Help Japanese
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1438FB49-8B53-D209-2B32-B0F33DA65336}" = Catalyst Control Center Localization Thai
"{18B9E358-08D9-0955-2FF3-EA15FF11DF02}" = Catalyst Control Center Localization Italian
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{2641973f-107f-4a4a-83a5-dfaff7a75097}" = Nero 9
"{27A7337A-765F-AA01-7115-06C3023E88E1}" = CCC Help Czech
"{2A73DA05-35C1-AA35-07D5-36C077D3183F}" = Catalyst Control Center Core Implementation
"{2AFE1AE5-1828-E0AE-B067-6B71620AF388}" = Catalyst Control Center Localization German
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3184A571-E021-817E-378D-9EC6EE412E09}" = Catalyst Control Center Graphics Light
"{36249169-E3FC-6737-9FA7-9BA520BE0DB2}" = CCC Help French
"{37652D83-7BDC-4735-8954-3FE0C2F2AD18}" = ccc-Branding
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40BCF117-291F-BA1E-FC3E-C5C80F061641}" = CCC Help Hungarian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4654A4C6-B8C4-CC1C-91C3-2D938EFD12E8}" = Catalyst Control Center Localization Polish
"{46A62B59-10D1-46B9-C32A-D5CA90899A8B}" = Catalyst Control Center Graphics Full Existing
"{47229A8F-CB6D-E104-412D-206B0D68E02A}" = Catalyst Control Center Localization Turkish
"{476796E1-CD51-1300-F212-15B10724A91F}" = CCC Help Russian
"{48B0DEBB-4A67-0523-0DBB-E82D88FA333D}" = Catalyst Control Center Localization Spanish
"{49850071-F9BA-1736-29B8-3B663CE7738C}" = CCC Help Chinese Standard
"{4BAB05AF-F263-D3FC-217B-33B0F1B9D118}" = Catalyst Control Center Localization Hungarian
"{4CFA2AC8-FE0B-C8F8-4C3C-73EC24CD52C8}" = CCC Help German
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{51242B4E-E559-29D1-F01C-FAD101303CD3}" = CCC Help Italian
"{53A363EF-AC2C-ED65-7011-8F21641E5FAB}" = Catalyst Control Center Localization Portuguese
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56AA716F-007D-66D2-EC91-9A4C48947E00}" = CCC Help Swedish
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{577E5938-7280-43C8-6585-CCE7CC0B286C}" = Catalyst Control Center Localization Norwegian
"{5967C9BB-1F4D-AAD2-2EDB-93B57376ECD5}" = Catalyst Control Center Localization Danish
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{689C7F35-3627-E074-E17B-A03DC82DF234}" = Catalyst Control Center Localization Japanese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6BA6EB17-ABA5-32E6-FD02-618F39E07347}" = Catalyst Control Center Localization Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747B2C81-B13B-F720-9DDC-C31BF1D492DF}" = Catalyst Control Center Localization Korean
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76A0AADC-437C-10ED-7210-9B9FC38EACE6}" = CCC Help Korean
"{76AB986D-421F-B618-F738-028626176904}" = CCC Help Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7B462657-E26A-BB05-1064-A3A94D84583D}" = CCC Help Polish
"{7C032D1E-DD75-6856-2F78-1FF1FE3712DB}" = CCC Help Norwegian
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818EA00F-8D02-671E-FE70-C2377EE4F24C}" = Catalyst Control Center Localization Dutch
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FC6E83A-EE8C-88D6-7C7B-74E6BE7C8667}" = CCC Help Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{949997C4-6532-8E7A-A1A0-AACBC665123E}" = Catalyst Control Center Localization French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A6700AA-8775-4DAB-6284-771145BAA661}" = Catalyst Control Center Graphics Full New
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9AFF5F50-1936-8859-AF93-5F66F785EE63}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A1A84D7F-3C2E-1255-2469-8175F972AB58}" = CCC Help Greek
"{A682297F-4CA6-A1EE-D68B-06A3EB847255}" = ccc-core-static
"{A6C2B54A-5D1C-45DE-0FD1-2C3A200163A4}" = CCC Help Turkish
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A88852F0-1790-1E1D-9164-95FFCF435E97}" = Catalyst Control Center Localization Chinese Traditional
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AE6D88D5-9064-84EA-C9DD-AC5927C44AA1}" = CCC Help Finnish
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B346EA79-BF20-5BE1-E599-45EEFB0CB3BD}" = Catalyst Control Center Localization Greek
"{B460F0C7-98ED-9B55-6D24-E54E98A89A78}" = Skins
"{B4B5E290-81EF-A724-E52C-DE05DC85B2E6}" = Catalyst Control Center Graphics Previews Vista
"{B4BCBF59-3F39-1F6D-2ED2-72198CC7AC49}" = Catalyst Control Center Localization Russian
"{B84B5373-AAC0-07AD-38A0-C44AAA4BD82F}" = CCC Help Spanish
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF0B0BF5-366A-6B6E-5718-A98E2E845322}" = ccc-utility
"{C0D49C3F-237B-94C7-EECD-10D22851C76E}" = CCC Help English
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9521CC8-D7EC-145F-33B7-B27BFF631715}" = CCC Help Portuguese
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkCentre
"{D7A2D358-B2BB-691E-EAD7-E95CDAE9842F}" = Catalyst Control Center Localization Swedish
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DB6B6CCF-D509-C223-D06E-1D2118ECD193}" = Catalyst Control Center Localization Finnish
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E048D0DC-7419-7867-FCD2-CF176C73E629}" = Catalyst Control Center Localization Chinese Standard
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5991C8EB35AA0A2B41B0060067BD0DA30E877FFF" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"89838CF0B3DF29FE9FFF8893ACB04964C75A6F1E" = Windows Driver Package - ATI Technogies Inc (pci) System (11/02/2006 1.00.0000.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"C16E2639B8851B54030DE09318A01581A8096E29" = Windows Driver Package - Marvell (yukonwlh) Net (09/18/2007 10.24.1.3)
"CCleaner" = CCleaner
"D4B97D41574F60753BAE597542C02A55D48392C9" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"VLC media player" = VLC media player 2.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.02.2013 07:53:39 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.02.2013 07:57:08 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.02.2013 01:27:51 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2013 07:34:55 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2013 07:36:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung bmgr32.exe, Version 4.0.106.0, Zeitstempel 0x4693e0f2,
fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0xe0c, Anwendungsstartzeit
01ce10f0cb59a66a.
Error - 22.02.2013 07:40:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2013 08:22:34 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
Error - 24.02.2013 08:22:34 | Computer Name = ***-PC | Source = System Restore | ID = 8210
Description =
Error - 24.02.2013 08:22:59 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
Error - 24.02.2013 08:22:59 | Computer Name = ***-PC | Source = VSS | ID = 12291
Description =
[ System Events ]
Error - 14.04.2013 09:08:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.04.2013 09:09:52 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 14.04.2013 09:10:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.04.2013 09:10:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.04.2013 09:11:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.04.2013 09:11:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 17.04.2013 15:36:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.04.2013 15:36:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.04.2013 15:37:54 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 17.04.2013 15:38:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >
|
|
18.04.2013, 13:52
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | emailadresse verschickt spamZitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2013, 13:55
| #9 |
| | emailadresse verschickt spam Die Windowsversion war vorinstalliert, als der Rechner gebraucht gekauft wurde. |
|
18.04.2013, 14:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | emailadresse verschickt spam Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2013, 21:19
| #11 |
| | emailadresse verschickt spam Hallo nochmal von meiner Seite, danke erst einmal für die Hilfestellungen! Ich werde die Punkte am Samstag abarbeiten können, da ich dann wieder Zugriff auf den Rechner habe. Bitte den Thread offen lassen, so dass ich die Logs posten kann. Bis dahin einen angenehmen Freitag! Beste Grüße, Atina |
|
19.04.2013, 00:59
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | emailadresse verschickt spam Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2013, 13:52
| #13 |
| | emailadresse verschickt spam TDSS-Killer: Code:
ATTFilter 14:39:56.0932 2288 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:39:57.0235 2288 ============================================================
14:39:57.0235 2288 Current date / time: 2013/04/20 14:39:57.0235
14:39:57.0235 2288 SystemInfo:
14:39:57.0235 2288
14:39:57.0235 2288 OS Version: 6.0.6002 ServicePack: 2.0
14:39:57.0235 2288 Product type: Workstation
14:39:57.0235 2288 ComputerName: ***
14:39:57.0235 2288 UserName: ***
14:39:57.0235 2288 Windows directory: C:\Windows
14:39:57.0235 2288 System windows directory: C:\Windows
14:39:57.0235 2288 Processor architecture: Intel x86
14:39:57.0235 2288 Number of processors: 2
14:39:57.0235 2288 Page size: 0x1000
14:39:57.0235 2288 Boot type: Normal boot
14:39:57.0235 2288 ============================================================
14:39:59.0233 2288 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0xB396, SectorsPerTrack: 0x11, TracksPerCylinder: 0xC8, Type 'K0', Flags 0x00000050
14:39:59.0271 2288 ============================================================
14:39:59.0271 2288 \Device\Harddisk0\DR0:
14:39:59.0271 2288 MBR partitions:
14:39:59.0271 2288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAA4000, BlocksNum 0x8A6D800
14:39:59.0271 2288 ============================================================
14:39:59.0321 2288 C: <-> \Device\Harddisk0\DR0\Partition1
14:39:59.0321 2288 ============================================================
14:39:59.0321 2288 Initialize success
14:39:59.0321 2288 ============================================================
14:42:41.0007 1528 ============================================================
14:42:41.0007 1528 Scan started
14:42:41.0007 1528 Mode: Manual; SigCheck; TDLFS;
14:42:41.0007 1528 ============================================================
14:42:42.0567 1528 ================ Scan system memory ========================
14:42:42.0567 1528 System memory - ok
14:42:42.0567 1528 ================ Scan services =============================
14:42:43.0020 1528 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:42:43.0269 1528 AAV UpdateService - ok
14:42:43.0690 1528 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:42:43.0753 1528 ACPI - ok
14:42:44.0018 1528 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:42:44.0049 1528 AdobeARMservice - ok
14:42:44.0143 1528 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:42:44.0205 1528 adp94xx - ok
14:42:44.0361 1528 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:42:44.0439 1528 adpahci - ok
14:42:44.0502 1528 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:42:44.0533 1528 adpu160m - ok
14:42:44.0564 1528 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:42:44.0580 1528 adpu320 - ok
14:42:44.0720 1528 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:42:45.0375 1528 AeLookupSvc - ok
14:42:45.0531 1528 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:42:45.0687 1528 AFD - ok
14:42:45.0796 1528 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:42:45.0843 1528 agp440 - ok
14:42:45.0999 1528 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:42:46.0046 1528 aic78xx - ok
14:42:46.0124 1528 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:42:46.0873 1528 ALG - ok
14:42:46.0920 1528 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:42:46.0951 1528 aliide - ok
14:42:47.0044 1528 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:42:47.0122 1528 amdagp - ok
14:42:47.0138 1528 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:42:47.0200 1528 amdide - ok
14:42:47.0278 1528 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:42:47.0325 1528 AmdK7 - ok
14:42:47.0356 1528 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:42:47.0434 1528 AmdK8 - ok
14:42:47.0606 1528 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:42:47.0778 1528 Appinfo - ok
14:42:47.0965 1528 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:42:48.0012 1528 Apple Mobile Device - ok
14:42:48.0230 1528 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
14:42:48.0355 1528 AppMgmt - ok
14:42:48.0418 1528 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:42:48.0496 1528 arc - ok
14:42:48.0559 1528 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:42:48.0590 1528 arcsas - ok
14:42:48.0621 1528 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:48.0715 1528 AsyncMac - ok
14:42:48.0793 1528 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:42:48.0808 1528 atapi - ok
14:42:48.0980 1528 [ A63B95991D0036D8D5A188BB4A31CF18 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
14:42:49.0198 1528 Ati External Event Utility - ok
14:42:49.0479 1528 [ DACA081E9DC82D4A05B0D21E8AA93DF8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:42:50.0025 1528 atikmdag - ok
14:42:50.0212 1528 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:42:50.0290 1528 AtiPcie ( UnsignedFile.Multi.Generic ) - warning
14:42:50.0290 1528 AtiPcie - detected UnsignedFile.Multi.Generic (1)
14:42:50.0399 1528 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:42:50.0477 1528 AudioEndpointBuilder - ok
14:42:50.0524 1528 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:42:50.0587 1528 Audiosrv - ok
14:42:50.0805 1528 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:42:50.0883 1528 Beep - ok
14:42:51.0086 1528 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:42:51.0257 1528 BFE - ok
14:42:51.0398 1528 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
14:42:51.0507 1528 BITS - ok
14:42:51.0585 1528 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:42:51.0647 1528 blbdrive - ok
14:42:51.0991 1528 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:42:52.0053 1528 Bonjour Service - ok
14:42:52.0147 1528 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:42:52.0271 1528 bowser - ok
14:42:52.0381 1528 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:42:52.0459 1528 BrFiltLo - ok
14:42:52.0490 1528 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:42:52.0568 1528 BrFiltUp - ok
14:42:52.0646 1528 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:42:52.0708 1528 Browser - ok
14:42:52.0849 1528 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:42:53.0254 1528 Brserid - ok
14:42:53.0301 1528 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:42:53.0426 1528 BrSerWdm - ok
14:42:53.0473 1528 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:42:53.0644 1528 BrUsbMdm - ok
14:42:53.0675 1528 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:42:53.0753 1528 BrUsbSer - ok
14:42:53.0863 1528 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:42:53.0956 1528 BTHMODEM - ok
14:42:54.0081 1528 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:42:54.0206 1528 cdfs - ok
14:42:54.0268 1528 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:42:54.0424 1528 cdrom - ok
14:42:54.0487 1528 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:42:54.0596 1528 CertPropSvc - ok
14:42:54.0689 1528 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:42:54.0767 1528 circlass - ok
14:42:54.0861 1528 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:42:55.0033 1528 CLFS - ok
14:42:55.0298 1528 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:55.0313 1528 clr_optimization_v2.0.50727_32 - ok
14:42:55.0360 1528 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:42:55.0391 1528 cmdide - ok
14:42:55.0438 1528 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:42:55.0469 1528 Compbatt - ok
14:42:55.0469 1528 COMSysApp - ok
14:42:55.0501 1528 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:42:55.0547 1528 crcdisk - ok
14:42:55.0625 1528 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:42:55.0688 1528 Crusoe - ok
14:42:55.0797 1528 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:42:55.0922 1528 CryptSvc - ok
14:42:56.0015 1528 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
14:42:56.0234 1528 CSC - ok
14:42:56.0327 1528 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
14:42:56.0608 1528 CscService - ok
14:42:56.0858 1528 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:42:57.0107 1528 DcomLaunch - ok
14:42:57.0154 1528 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:42:57.0232 1528 DfsC - ok
14:42:57.0560 1528 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:42:58.0137 1528 DFSR - ok
14:42:58.0309 1528 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:42:58.0480 1528 Dhcp - ok
14:42:58.0574 1528 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:42:58.0621 1528 disk - ok
14:42:58.0730 1528 [ 5F4944CFB8E60F2B02B7CD7419B3C314 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
14:42:58.0839 1528 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
14:42:58.0839 1528 Diskeeper - detected UnsignedFile.Multi.Generic (1)
14:42:58.0933 1528 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:42:59.0089 1528 Dnscache - ok
14:42:59.0167 1528 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:42:59.0323 1528 dot3svc - ok
14:42:59.0354 1528 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:42:59.0447 1528 DPS - ok
14:42:59.0525 1528 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:42:59.0666 1528 drmkaud - ok
14:42:59.0759 1528 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:42:59.0915 1528 DXGKrnl - ok
14:43:00.0025 1528 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
14:43:00.0165 1528 e1express - ok
14:43:00.0227 1528 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:43:00.0321 1528 E1G60 - ok
14:43:00.0383 1528 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:43:00.0461 1528 EapHost - ok
14:43:00.0617 1528 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:43:00.0680 1528 Ecache - ok
14:43:00.0805 1528 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:43:00.0945 1528 elxstor - ok
14:43:01.0070 1528 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:43:01.0413 1528 EMDMgmt - ok
14:43:01.0475 1528 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:43:01.0553 1528 ErrDev - ok
14:43:01.0756 1528 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:43:01.0834 1528 EventSystem - ok
14:43:01.0943 1528 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:43:02.0146 1528 exfat - ok
14:43:02.0209 1528 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:43:02.0318 1528 fastfat - ok
14:43:02.0396 1528 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
14:43:02.0552 1528 Fax - ok
14:43:02.0645 1528 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:43:02.0723 1528 fdc - ok
14:43:02.0755 1528 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:43:02.0801 1528 fdPHost - ok
14:43:02.0833 1528 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:43:02.0911 1528 FDResPub - ok
14:43:02.0942 1528 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:43:02.0973 1528 FileInfo - ok
14:43:02.0989 1528 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:43:03.0051 1528 Filetrace - ok
14:43:03.0098 1528 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:03.0145 1528 flpydisk - ok
14:43:03.0176 1528 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:43:03.0254 1528 FltMgr - ok
14:43:03.0410 1528 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
14:43:03.0800 1528 FontCache - ok
14:43:03.0956 1528 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:43:04.0018 1528 FontCache3.0.0.0 - ok
14:43:04.0065 1528 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:43:04.0143 1528 Fs_Rec - ok
14:43:04.0221 1528 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:43:04.0252 1528 gagp30kx - ok
14:43:04.0346 1528 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:04.0377 1528 GEARAspiWDM - ok
14:43:04.0564 1528 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:43:04.0689 1528 gpsvc - ok
14:43:04.0814 1528 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:43:04.0829 1528 gusvc - ok
14:43:04.0892 1528 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:43:05.0017 1528 HdAudAddService - ok
14:43:05.0204 1528 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:05.0251 1528 HDAudBus - ok
14:43:05.0297 1528 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:43:05.0407 1528 HidBth - ok
14:43:05.0469 1528 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:43:05.0563 1528 HidIr - ok
14:43:05.0656 1528 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
14:43:05.0843 1528 hidserv - ok
14:43:05.0906 1528 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:43:05.0968 1528 HidUsb - ok
14:43:06.0015 1528 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:43:06.0093 1528 hkmsvc - ok
14:43:06.0124 1528 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:43:06.0155 1528 HpCISSs - ok
14:43:06.0296 1528 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:43:06.0639 1528 HTTP - ok
14:43:06.0717 1528 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:43:06.0733 1528 i2omp - ok
14:43:06.0842 1528 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:06.0951 1528 i8042prt - ok
14:43:06.0982 1528 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:43:07.0076 1528 iaStorV - ok
14:43:07.0247 1528 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:43:07.0341 1528 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:43:07.0341 1528 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:43:07.0528 1528 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:43:07.0622 1528 idsvc - ok
14:43:07.0684 1528 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:43:07.0700 1528 iirsp - ok
14:43:07.0778 1528 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:43:07.0856 1528 IKEEXT - ok
14:43:07.0996 1528 [ 60AD91FDA0D2C285435AA76860DCAF35 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:43:08.0761 1528 IntcAzAudAddService - ok
14:43:08.0917 1528 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:43:08.0948 1528 intelide - ok
14:43:08.0979 1528 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:43:09.0026 1528 intelppm - ok
14:43:09.0073 1528 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:43:09.0119 1528 IPBusEnum - ok
14:43:09.0166 1528 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:09.0244 1528 IpFilterDriver - ok
14:43:09.0307 1528 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:43:09.0463 1528 iphlpsvc - ok
14:43:09.0463 1528 IpInIp - ok
14:43:09.0494 1528 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:43:09.0556 1528 IPMIDRV - ok
14:43:09.0587 1528 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:43:09.0681 1528 IPNAT - ok
14:43:09.0853 1528 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:43:09.0884 1528 iPod Service - ok
14:43:09.0931 1528 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:43:10.0024 1528 IRENUM - ok
14:43:10.0087 1528 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:43:10.0133 1528 isapnp - ok
14:43:10.0196 1528 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:43:10.0274 1528 iScsiPrt - ok
14:43:10.0305 1528 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:43:10.0321 1528 iteatapi - ok
14:43:10.0336 1528 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:43:10.0336 1528 iteraid - ok
14:43:10.0461 1528 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:43:10.0492 1528 IviRegMgr - ok
14:43:10.0539 1528 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:10.0570 1528 kbdclass - ok
14:43:10.0633 1528 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:10.0742 1528 kbdhid - ok
14:43:10.0804 1528 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:43:10.0945 1528 KeyIso - ok
14:43:11.0132 1528 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:43:11.0288 1528 KSecDD - ok
14:43:11.0413 1528 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:43:11.0569 1528 KtmRm - ok
14:43:11.0647 1528 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
14:43:11.0771 1528 LanmanServer - ok
14:43:11.0865 1528 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:43:12.0052 1528 LanmanWorkstation - ok
14:43:12.0099 1528 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:43:12.0146 1528 lltdio - ok
14:43:12.0208 1528 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:43:12.0317 1528 lltdsvc - ok
14:43:12.0489 1528 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:43:12.0551 1528 lmhosts - ok
14:43:12.0583 1528 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:43:12.0629 1528 LSI_FC - ok
14:43:12.0676 1528 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:43:12.0723 1528 LSI_SAS - ok
14:43:12.0754 1528 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:43:12.0771 1528 LSI_SCSI - ok
14:43:12.0818 1528 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:43:12.0849 1528 luafv - ok
14:43:12.0911 1528 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:43:12.0958 1528 megasas - ok
14:43:13.0067 1528 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:43:13.0301 1528 MegaSR - ok
14:43:13.0364 1528 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:43:13.0442 1528 MMCSS - ok
14:43:13.0520 1528 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:43:13.0598 1528 Modem - ok
14:43:13.0629 1528 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:43:13.0691 1528 monitor - ok
14:43:13.0769 1528 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:43:13.0785 1528 mouclass - ok
14:43:13.0832 1528 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:43:13.0925 1528 mouhid - ok
14:43:13.0988 1528 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:43:14.0019 1528 MountMgr - ok
14:43:14.0175 1528 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:43:14.0253 1528 MozillaMaintenance - ok
14:43:14.0378 1528 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:14.0471 1528 MpFilter - ok
14:43:14.0487 1528 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:43:14.0518 1528 mpio - ok
14:43:14.0565 1528 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:43:14.0674 1528 mpsdrv - ok
14:43:14.0861 1528 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:43:15.0033 1528 MpsSvc - ok
14:43:15.0111 1528 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:43:15.0126 1528 Mraid35x - ok
14:43:15.0189 1528 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:43:15.0236 1528 MRxDAV - ok
14:43:15.0298 1528 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:15.0438 1528 mrxsmb - ok
14:43:15.0485 1528 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:15.0626 1528 mrxsmb10 - ok
14:43:15.0672 1528 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:15.0750 1528 mrxsmb20 - ok
14:43:15.0797 1528 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
14:43:15.0844 1528 msahci - ok
14:43:15.0875 1528 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:43:15.0922 1528 msdsm - ok
14:43:16.0000 1528 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:43:16.0078 1528 MSDTC - ok
14:43:16.0140 1528 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:43:16.0265 1528 Msfs - ok
14:43:16.0374 1528 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:43:16.0390 1528 msisadrv - ok
14:43:16.0484 1528 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:43:16.0546 1528 MSiSCSI - ok
14:43:16.0562 1528 msiserver - ok
14:43:16.0593 1528 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:43:16.0624 1528 MSKSSRV - ok
14:43:16.0811 1528 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:43:16.0858 1528 MsMpSvc - ok
14:43:16.0905 1528 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:16.0952 1528 MSPCLOCK - ok
14:43:17.0030 1528 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:43:17.0061 1528 MSPQM - ok
14:43:17.0186 1528 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:43:17.0232 1528 MsRPC - ok
14:43:17.0264 1528 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:17.0310 1528 mssmbios - ok
14:43:17.0357 1528 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:43:17.0388 1528 MSTEE - ok
14:43:17.0420 1528 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:43:17.0498 1528 Mup - ok
14:43:17.0607 1528 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:43:17.0716 1528 napagent - ok
14:43:17.0825 1528 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:43:17.0856 1528 NativeWifiP - ok
14:43:17.0981 1528 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:43:18.0090 1528 NDIS - ok
14:43:18.0168 1528 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:18.0231 1528 NdisTapi - ok
14:43:18.0278 1528 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:18.0324 1528 Ndisuio - ok
14:43:18.0402 1528 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:18.0512 1528 NdisWan - ok
14:43:18.0543 1528 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:43:18.0590 1528 NDProxy - ok
14:43:19.0011 1528 [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:43:19.0058 1528 Nero BackItUp Scheduler 4.0 - ok
14:43:19.0136 1528 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:43:19.0245 1528 NetBIOS - ok
14:43:19.0292 1528 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:43:19.0416 1528 netbt - ok
14:43:19.0448 1528 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:43:19.0463 1528 Netlogon - ok
14:43:19.0541 1528 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:43:19.0666 1528 Netman - ok
14:43:19.0744 1528 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:43:19.0978 1528 netprofm - ok
14:43:20.0040 1528 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:43:20.0056 1528 NetTcpPortSharing - ok
14:43:20.0134 1528 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:43:20.0150 1528 nfrd960 - ok
14:43:20.0259 1528 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:43:20.0306 1528 NisDrv - ok
14:43:20.0415 1528 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:43:20.0524 1528 NisSrv - ok
14:43:20.0586 1528 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:43:20.0664 1528 NlaSvc - ok
14:43:20.0758 1528 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:43:20.0805 1528 Npfs - ok
14:43:20.0836 1528 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:43:20.0883 1528 nsi - ok
14:43:20.0930 1528 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:43:21.0008 1528 nsiproxy - ok
14:43:21.0320 1528 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:43:21.0522 1528 Ntfs - ok
14:43:21.0585 1528 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:43:21.0678 1528 ntrigdigi - ok
14:43:21.0710 1528 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:43:21.0866 1528 Null - ok
14:43:21.0928 1528 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:43:21.0975 1528 nvraid - ok
14:43:22.0022 1528 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:43:22.0068 1528 nvstor - ok
14:43:22.0131 1528 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:43:22.0193 1528 nv_agp - ok
14:43:22.0193 1528 NwlnkFlt - ok
14:43:22.0209 1528 NwlnkFwd - ok
14:43:22.0380 1528 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:43:22.0396 1528 odserv - ok
14:43:22.0427 1528 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:43:22.0552 1528 ohci1394 - ok
14:43:22.0770 1528 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:22.0833 1528 ose - ok
14:43:23.0067 1528 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:43:23.0363 1528 p2pimsvc - ok
14:43:23.0457 1528 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:43:23.0566 1528 p2psvc - ok
14:43:23.0613 1528 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:43:23.0691 1528 Parport - ok
14:43:23.0738 1528 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:43:23.0800 1528 partmgr - ok
14:43:23.0878 1528 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:43:23.0972 1528 Parvdm - ok
14:43:24.0003 1528 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:43:24.0284 1528 PcaSvc - ok
14:43:24.0424 1528 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:43:24.0486 1528 pci - ok
14:43:24.0549 1528 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
14:43:24.0611 1528 pciide - ok
14:43:24.0658 1528 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:43:24.0674 1528 pcmcia - ok
14:43:24.0876 1528 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:43:25.0251 1528 PEAUTH - ok
14:43:25.0344 1528 [ DCB53E6BA9DF64260F821613E2B37D1D ] pelmouse C:\Windows\system32\DRIVERS\pelmouse.sys
14:43:25.0422 1528 pelmouse - ok
14:43:25.0454 1528 [ 2DCCDEAA4F79DF03824D93CE9ECC84B7 ] pelusblf C:\Windows\system32\DRIVERS\pelusblf.sys
14:43:25.0485 1528 pelusblf - ok
14:43:25.0812 1528 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:43:26.0140 1528 pla - ok
14:43:26.0296 1528 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:43:26.0405 1528 PlugPlay - ok
14:43:26.0483 1528 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:43:26.0655 1528 PNRPAutoReg - ok
14:43:26.0780 1528 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:43:26.0873 1528 PNRPsvc - ok
14:43:26.0982 1528 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:43:27.0154 1528 PolicyAgent - ok
14:43:27.0279 1528 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:43:27.0404 1528 PptpMiniport - ok
14:43:27.0466 1528 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:43:27.0606 1528 Processor - ok
14:43:27.0716 1528 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:43:27.0762 1528 ProfSvc - ok
14:43:27.0825 1528 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:43:27.0856 1528 ProtectedStorage - ok
14:43:27.0950 1528 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
14:43:28.0043 1528 psadd - ok
14:43:28.0106 1528 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:43:28.0230 1528 PSched - ok
14:43:28.0308 1528 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
14:43:28.0355 1528 PSI - ok
14:43:28.0386 1528 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:43:28.0402 1528 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:43:28.0402 1528 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:43:28.0589 1528 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:43:28.0683 1528 ql2300 - ok
14:43:28.0808 1528 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:43:28.0870 1528 ql40xx - ok
14:43:28.0995 1528 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:43:29.0088 1528 QWAVE - ok
14:43:29.0104 1528 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:43:29.0135 1528 QWAVEdrv - ok
14:43:29.0182 1528 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:43:29.0276 1528 RasAcd - ok
14:43:29.0291 1528 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:43:29.0369 1528 RasAuto - ok
14:43:29.0416 1528 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:29.0494 1528 Rasl2tp - ok
14:43:29.0556 1528 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:43:29.0619 1528 RasMan - ok
14:43:29.0681 1528 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:29.0790 1528 RasPppoe - ok
14:43:29.0884 1528 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:43:30.0040 1528 RasSstp - ok
14:43:30.0147 1528 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:43:30.0240 1528 rdbss - ok
14:43:30.0303 1528 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:30.0412 1528 RDPCDD - ok
14:43:30.0583 1528 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
14:43:30.0755 1528 rdpdr - ok
14:43:30.0771 1528 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:43:30.0817 1528 RDPENCDD - ok
14:43:30.0942 1528 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:43:31.0067 1528 RDPWD - ok
14:43:31.0192 1528 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:43:31.0270 1528 RemoteAccess - ok
14:43:31.0348 1528 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:43:31.0379 1528 RemoteRegistry - ok
14:43:31.0457 1528 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:43:31.0644 1528 RpcLocator - ok
14:43:31.0691 1528 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:43:31.0800 1528 RpcSs - ok
14:43:31.0863 1528 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:43:31.0909 1528 rspndr - ok
14:43:32.0097 1528 [ 0797877413D3225700D94488F06273A8 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
14:43:32.0143 1528 RTL8192su - ok
14:43:32.0190 1528 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:43:32.0190 1528 SamSs - ok
14:43:32.0221 1528 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:43:32.0237 1528 sbp2port - ok
14:43:32.0315 1528 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:43:32.0377 1528 SCardSvr - ok
14:43:32.0533 1528 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:43:32.0845 1528 Schedule - ok
14:43:32.0892 1528 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:43:32.0923 1528 SCPolicySvc - ok
14:43:32.0970 1528 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:43:33.0267 1528 SDRSVC - ok
14:43:33.0298 1528 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:43:33.0391 1528 secdrv - ok
14:43:33.0438 1528 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:43:33.0469 1528 seclogon - ok
14:43:33.0750 1528 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
14:43:33.0844 1528 Secunia PSI Agent - ok
14:43:33.0937 1528 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
14:43:34.0125 1528 Secunia Update Agent - ok
14:43:34.0187 1528 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:43:34.0281 1528 SENS - ok
14:43:34.0312 1528 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:43:34.0437 1528 Serenum - ok
14:43:34.0515 1528 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:43:34.0577 1528 Serial - ok
14:43:34.0655 1528 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:43:34.0717 1528 sermouse - ok
14:43:34.0780 1528 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:43:34.0842 1528 SessionEnv - ok
14:43:34.0858 1528 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:43:34.0936 1528 sffdisk - ok
14:43:34.0967 1528 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:43:35.0045 1528 sffp_mmc - ok
14:43:35.0107 1528 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:43:35.0201 1528 sffp_sd - ok
14:43:35.0326 1528 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:43:35.0466 1528 sfloppy - ok
14:43:35.0560 1528 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:43:35.0638 1528 SharedAccess - ok
14:43:35.0747 1528 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:43:35.0997 1528 ShellHWDetection - ok
14:43:36.0043 1528 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:43:36.0106 1528 sisagp - ok
14:43:36.0153 1528 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:43:36.0200 1528 SiSRaid2 - ok
14:43:36.0216 1528 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:43:36.0232 1528 SiSRaid4 - ok
14:43:36.0372 1528 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:43:36.0419 1528 SkypeUpdate - ok
14:43:36.0668 1528 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:43:37.0808 1528 slsvc - ok
14:43:37.0933 1528 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:43:37.0964 1528 SLUINotify - ok
14:43:38.0027 1528 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:43:38.0105 1528 Smb - ok
14:43:38.0151 1528 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:43:38.0246 1528 SNMPTRAP - ok
14:43:38.0308 1528 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:43:38.0340 1528 spldr - ok
14:43:38.0433 1528 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:43:38.0558 1528 Spooler - ok
14:43:38.0652 1528 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:43:38.0917 1528 srv - ok
14:43:38.0979 1528 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:43:39.0120 1528 srv2 - ok
14:43:39.0166 1528 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:43:39.0213 1528 srvnet - ok
14:43:39.0276 1528 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:43:39.0307 1528 SSDPSRV - ok
14:43:39.0432 1528 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:43:39.0525 1528 SstpSvc - ok
14:43:39.0650 1528 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:43:39.0744 1528 stisvc - ok
14:43:39.0900 1528 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
14:43:39.0915 1528 SUService ( UnsignedFile.Multi.Generic ) - warning
14:43:39.0915 1528 SUService - detected UnsignedFile.Multi.Generic (1)
14:43:39.0993 1528 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:43:40.0024 1528 swenum - ok
14:43:40.0118 1528 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:43:40.0243 1528 swprv - ok
14:43:40.0305 1528 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:43:40.0321 1528 Symc8xx - ok
14:43:40.0368 1528 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:43:40.0399 1528 Sym_hi - ok
14:43:40.0414 1528 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:43:40.0430 1528 Sym_u3 - ok
14:43:40.0602 1528 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:43:40.0789 1528 SysMain - ok
14:43:40.0836 1528 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:43:41.0070 1528 TabletInputService - ok
14:43:41.0179 1528 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:43:41.0320 1528 TapiSrv - ok
14:43:41.0383 1528 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:43:41.0492 1528 TBS - ok
14:43:41.0648 1528 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:43:41.0960 1528 Tcpip - ok
14:43:42.0069 1528 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:43:42.0163 1528 Tcpip6 - ok
14:43:42.0241 1528 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:43:42.0350 1528 tcpipreg - ok
14:43:42.0475 1528 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:43:42.0506 1528 TDPIPE - ok
14:43:42.0537 1528 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:43:42.0631 1528 TDTCP - ok
14:43:42.0724 1528 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:43:42.0802 1528 tdx - ok
14:43:42.0849 1528 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:43:42.0911 1528 TermDD - ok
14:43:42.0989 1528 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:43:43.0145 1528 TermService - ok
14:43:43.0255 1528 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:43:43.0333 1528 Themes - ok
14:43:43.0520 1528 [ 64CFBE1A6A66A5062C26D0B178A42C91 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
14:43:43.0660 1528 ThinkVantage Registry Monitor Service - ok
14:43:43.0707 1528 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:43:43.0738 1528 THREADORDER - ok
14:43:43.0816 1528 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
14:43:43.0863 1528 TPM - ok
14:43:43.0957 1528 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:43:44.0113 1528 TrkWks - ok
14:43:44.0253 1528 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:43:44.0378 1528 TrustedInstaller - ok
14:43:44.0596 1528 [ 865760E60F51D2A33E51AE9BA1806FF8 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
14:43:44.0955 1528 TSSCoreService - ok
14:43:44.0986 1528 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:45.0033 1528 tssecsrv - ok
14:43:45.0080 1528 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:43:45.0251 1528 tunmp - ok
14:43:45.0376 1528 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:43:45.0439 1528 tunnel - ok
14:43:45.0610 1528 [ 40489F1CD98AC221C97B4E1D269C3331 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
14:43:45.0673 1528 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
14:43:45.0673 1528 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
14:43:45.0844 1528 [ 06519C96036F937B829D4E3EAF8F7596 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
14:43:46.0016 1528 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0016 1528 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
14:43:46.0453 1528 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
14:43:46.0546 1528 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0546 1528 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
14:43:46.0640 1528 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
14:43:46.0640 1528 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0640 1528 tvtfilter - detected UnsignedFile.Multi.Generic (1)
14:43:46.0733 1528 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
14:43:46.0827 1528 TVTI2C - ok
14:43:46.0874 1528 [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
14:43:46.0889 1528 tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0889 1528 tvtnetwk - detected UnsignedFile.Multi.Generic (1)
14:43:46.0921 1528 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:43:46.0936 1528 uagp35 - ok
14:43:47.0061 1528 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:43:47.0170 1528 udfs - ok
14:43:47.0248 1528 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:43:47.0311 1528 UI0Detect - ok
14:43:47.0342 1528 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:43:47.0373 1528 uliagpkx - ok
14:43:47.0420 1528 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:43:47.0435 1528 uliahci - ok
14:43:47.0467 1528 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:43:47.0498 1528 UlSata - ok
14:43:47.0529 1528 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:43:47.0545 1528 ulsata2 - ok
14:43:47.0576 1528 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:43:47.0638 1528 umbus - ok
14:43:47.0747 1528 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
14:43:47.0935 1528 UmRdpService - ok
14:43:48.0075 1528 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:43:48.0215 1528 upnphost - ok
14:43:48.0340 1528 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:43:48.0434 1528 USBAAPL - ok
14:43:48.0543 1528 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:48.0605 1528 usbccgp - ok
14:43:48.0668 1528 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:43:48.0761 1528 usbcir - ok
14:43:48.0871 1528 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:43:48.0917 1528 usbehci - ok
14:43:48.0980 1528 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:43:49.0073 1528 usbhub - ok
14:43:49.0105 1528 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:43:49.0136 1528 usbohci - ok
14:43:49.0214 1528 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:43:49.0276 1528 usbprint - ok
14:43:49.0339 1528 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:43:49.0370 1528 usbscan - ok
14:43:49.0463 1528 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:49.0588 1528 USBSTOR - ok
14:43:49.0635 1528 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:43:49.0713 1528 usbuhci - ok
14:43:49.0791 1528 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:43:49.0885 1528 UxSms - ok
14:43:50.0041 1528 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:43:50.0243 1528 vds - ok
14:43:50.0321 1528 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:50.0384 1528 vga - ok
14:43:50.0477 1528 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:43:50.0555 1528 VgaSave - ok
14:43:50.0633 1528 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:43:50.0680 1528 viaagp - ok
14:43:50.0774 1528 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:43:50.0852 1528 ViaC7 - ok
14:43:50.0899 1528 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:43:50.0930 1528 viaide - ok
14:43:50.0992 1528 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:43:51.0023 1528 volmgr - ok
14:43:51.0164 1528 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:43:51.0273 1528 volmgrx - ok
14:43:51.0367 1528 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:43:51.0429 1528 volsnap - ok
14:43:51.0507 1528 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:43:51.0554 1528 vsmraid - ok
14:43:51.0725 1528 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:43:52.0022 1528 VSS - ok
14:43:52.0131 1528 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:43:52.0318 1528 W32Time - ok
14:43:52.0334 1528 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:43:52.0412 1528 WacomPen - ok
14:43:52.0443 1528 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:43:52.0459 1528 Wanarp - ok
14:43:52.0505 1528 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:43:52.0537 1528 Wanarpv6 - ok
14:43:52.0677 1528 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
14:43:52.0927 1528 wbengine - ok
14:43:53.0176 1528 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:43:53.0504 1528 wcncsvc - ok
14:43:53.0613 1528 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:43:53.0753 1528 WcsPlugInService - ok
14:43:53.0847 1528 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:43:53.0878 1528 Wd - ok
14:43:54.0050 1528 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:43:54.0362 1528 Wdf01000 - ok
14:43:54.0377 1528 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:43:54.0455 1528 WdiServiceHost - ok
14:43:54.0471 1528 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:43:54.0533 1528 WdiSystemHost - ok
14:43:54.0627 1528 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:43:54.0705 1528 WebClient - ok
14:43:55.0001 1528 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:43:55.0173 1528 Wecsvc - ok
14:43:55.0220 1528 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:43:55.0329 1528 wercplsupport - ok
14:43:55.0376 1528 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:43:55.0407 1528 WerSvc - ok
14:43:55.0469 1528 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
14:43:55.0563 1528 WimFltr - ok
14:43:55.0750 1528 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:43:55.0766 1528 WinDefend - ok
14:43:55.0781 1528 WinHttpAutoProxySvc - ok
14:43:56.0015 1528 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:43:56.0031 1528 Winmgmt - ok
14:43:56.0187 1528 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
14:43:56.0437 1528 WinRM - ok
14:43:56.0593 1528 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:43:56.0717 1528 Wlansvc - ok
14:43:56.0749 1528 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:43:56.0827 1528 WmiAcpi - ok
14:43:56.0936 1528 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:43:57.0014 1528 wmiApSrv - ok
14:43:57.0185 1528 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:43:57.0622 1528 WMPNetworkSvc - ok
14:43:57.0685 1528 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:43:57.0872 1528 WPDBusEnum - ok
14:43:57.0950 1528 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:43:57.0997 1528 WpdUsb - ok
14:43:58.0075 1528 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:43:58.0121 1528 ws2ifsl - ok
14:43:58.0262 1528 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
14:43:58.0324 1528 wscsvc - ok
14:43:58.0324 1528 WSearch - ok
14:43:58.0730 1528 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:43:59.0260 1528 wuauserv - ok
14:43:59.0291 1528 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:59.0354 1528 WUDFRd - ok
14:43:59.0416 1528 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:43:59.0479 1528 wudfsvc - ok
14:43:59.0681 1528 [ F081ED0B8BD09D7F50AC9A30BBBB06BC ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
14:43:59.0822 1528 yukonwlh - ok
14:43:59.0837 1528 ================ Scan global ===============================
14:43:59.0915 1528 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:44:00.0056 1528 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:44:00.0087 1528 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:44:00.0274 1528 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:44:00.0430 1528 [Global] - ok
14:44:00.0430 1528 ================ Scan MBR ==================================
14:44:00.0461 1528 [ 5DD6CFB684A01AEE2A4361080F2C881B ] \Device\Harddisk0\DR0
14:44:01.0460 1528 \Device\Harddisk0\DR0 - ok
14:44:01.0475 1528 ================ Scan VBR ==================================
14:44:01.0475 1528 [ 9CDADEB8350067C53B1B0DD2E30CE973 ] \Device\Harddisk0\DR0\Partition1
14:44:01.0491 1528 \Device\Harddisk0\DR0\Partition1 - ok
14:44:01.0491 1528 ============================================================
14:44:01.0491 1528 Scan finished
14:44:01.0491 1528 ============================================================
14:44:01.0538 1428 Detected object count: 10
14:44:01.0538 1428 Actual detected object count: 10
14:44:31.0460 1428 AtiPcie ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0460 1428 AtiPcie ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0460 1428 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0460 1428 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0460 1428 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0460 1428 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428 tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428 tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip
mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.20.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heike :: *** [administrator]
20.04.2013 13:40:00
mbar-log-2013-04-20 (13-40-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28136
Time elapsed: 24 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 13:51:20
-----------------------------
13:51:20.544 OS Version: Windows 6.0.6002 Service Pack 2
13:51:20.544 Number of processors: 2 586 0x6B01
13:51:20.545 ComputerName: HEIKE-PC UserName: Heike
13:51:21.003 Initialize success
13:51:38.453 AVAST engine defs: 13042000
13:51:42.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6
13:51:42.710 Disk 0 Vendor: WDC_WD800JD-08MSA1 10.01E01 Size: 76324MB BusType: 3
13:51:43.368 Disk 0 MBR read successfully
13:51:43.375 Disk 0 MBR scan
13:51:43.387 Disk 0 unknown MBR code
13:51:43.409 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5447 MB offset 2048
13:51:43.467 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 70875 MB offset 11157504
13:51:43.500 Disk 0 scanning sectors +156309504
13:51:43.699 Disk 0 scanning C:\Windows\system32\drivers
13:52:09.196 Service scanning
13:52:42.118 Modules scanning
13:52:49.050 Disk 0 trace - called modules:
13:52:49.081 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:52:49.081 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850f4780]
13:52:49.097 3 CLASSPNP.SYS[877a98b3] -> nt!IofCallDriver -> [0x84c1d8f8]
13:52:49.097 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-6[0x84c155a8]
13:52:49.971 AVAST engine scan C:\
14:52:01.296 Disk 0 MBR has been saved successfully to "C:\Users\Heike\Desktop\MBR.dat"
14:52:01.312 The log file has been saved successfully to "C:\Users\Heike\Desktop\aswMBR.txt"
|
|
20.04.2013, 17:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | emailadresse verschickt spam Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2013, 16:33
| #15 |
| | emailadresse verschickt spam Combofix: Code:
ATTFilter ComboFix 13-04-23.02 - *** 23.04.2013 16:32:50.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.1918.1082 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-23 bis 2013-04-23 ))))))))))))))))))))))))))))))
.
.
2013-04-23 14:41 . 2013-04-23 14:42 -------- d-----w- c:\users\***\AppData\Local\temp
2013-04-23 14:41 . 2013-04-23 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 08:10 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AD7E4F0-74FD-4894-84CA-38AC4A7DB202}\mpengine.dll
2013-04-22 07:23 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-18 11:31 . 2013-04-18 11:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-18 11:31 . 2013-04-18 11:31 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-18 11:27 . 2013-04-18 11:38 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2013-04-17 19:28 . 2013-02-22 03:37 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-10 05:28 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 05:28 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 05:28 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 05:28 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 05:28 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 05:28 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 05:21 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 12:50 . 2012-07-25 21:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:33 . 2011-12-10 20:54 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 01:57 . 2013-03-22 13:50 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-17 05:46 . 2013-04-17 05:46 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-22 4702208]
"Mouse Suite 98 Daemon"="ICO.EXE" [2007-02-11 77824]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoRegistration.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LenovoRegistration.lnk
backup=c:\windows\pss\LenovoRegistration.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-11-15 15:21 217176 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-12 23:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10 120368 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 12:18 17420464 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-11-07 17:15 9478320 ----a-w- c:\users\***\AppData\Roaming\Spotify\spotify.exe
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=101702
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-04-18 13:28; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-18 13:28; ich@maltegoetz.de; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-04-18 13:28; firefox@ghostery.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\firefox@ghostery.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EzPrint - c:\program files\Lexmark 5400 Series\ezprint.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-23 16:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\***\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Zeit der Fertigstellung: 2013-04-23 16:47:42
ComboFix-quarantined-files.txt 2013-04-23 14:47
.
Vor Suchlauf: 3.878.707.200 Bytes frei
Nach Suchlauf: 4.009.435.136 Bytes frei
.
- - End Of File - - B077CFB12B297071445ED91848155093
|
|
| Themen zu emailadresse verschickt spam |
| administrator, aktuelle, anti-malware, autostart, code, dateien, emailadresse, explorer, folge, leute, malwarebytes, mbam, microsoft, quarantäne, rechner, scan, schnell, security, service, service pack 2, spam, speicher, vista, win |
Linear-Darstellung
