Polizeitrojaner Windows 7

xandl · 23.05.2013, 19:54

hallo,

ich habe ein problem mit einem polizeitrojaner unter windows 7

hier die entsprechenden logfiles:

OTL:

Code:

ATTFilter

OTL logfile created on: 23.05.2013 19:25:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Moosi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,86% Memory free
6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 748,28 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS
Drive F: | 900,73 Mb Total Space | 840,00 Mb Free Space | 93,26% Space Free | Partition Type: FAT
 
Computer Name: MOOSI-PC | User Name: Moosi | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.23 19:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.06.18 11:31:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.13 20:39:31 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.08.19 10:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 10:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B5B0A47-E6FC-43F1-89A4-C04C64916EA3}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109220&babsrc=SP_ss&mntrId=a03a8f6200000000000074f06d1a153d
IE - HKCU\..\SearchScopes\{21F7EF69-5C34-40C5-BAA3-E9CEE1F76C26}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.10 22:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.10 22:32:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.01.26 21:47:40 | 000,000,000 | ---D | M]
 
[2010.09.23 18:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\Extensions
[2013.03.10 12:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\Firefox\Profiles\bhc369s5.default\extensions
[2012.07.29 16:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\extensions\gophoto@gophoto.it.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.01.26 21:47:32 | 000,002,422 | ---- | M] () -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\searchplugins\babylon1.xml
[2011.12.19 19:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.23 18:22:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010.09.23 18:22:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2013.03.10 12:50:13 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.26 21:47:24 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=109220&babsrc=HP_ss&mntrId=a03a8f6200000000000074f06d1a153d
CHR - Extension: No name found = C:\Users\Moosi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1FB09BA-161C-4ECE-9D32-300BC9A0165F}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Moosi\AppData\Roaming\skype.dat) - C:\Users\Moosi\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aff8a662-de35-11e0-8181-6c626d4ee36f}\Shell - "" = AutoRun
O33 - MountPoints2\{aff8a662-de35-11e0-8181-6c626d4ee36f}\Shell\AutoRun\command - "" = J:\MMMTest.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 19:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe
[2013.05.20 18:32:33 | 000,000,000 | ---D | C] -- C:\Users\Moosi\AppData\Local\Cisco
[2013.05.20 18:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013.05.20 18:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 19:24:57 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.23 19:24:57 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.23 19:24:57 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.23 19:24:57 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.23 19:24:36 | 000,000,156 | ---- | M] () -- C:\Users\Moosi\defogger_reenable
[2013.05.23 19:20:06 | 000,377,856 | ---- | M] () -- C:\Users\Moosi\Desktop\gmer_2.1.19163.exe
[2013.05.23 19:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe
[2013.05.23 19:19:28 | 000,050,477 | ---- | M] () -- C:\Users\Moosi\Desktop\Defogger.exe
[2013.05.23 18:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 18:59:03 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.23 18:55:41 | 000,000,004 | ---- | M] () -- C:\Users\Moosi\AppData\Roaming\skype.ini
[2013.05.23 18:54:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.21 23:47:33 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:43:28 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 22:43:28 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 22:26:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 15:10:25 | 000,429,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.23 19:24:34 | 000,000,156 | ---- | C] () -- C:\Users\Moosi\defogger_reenable
[2013.05.23 19:23:56 | 000,377,856 | ---- | C] () -- C:\Users\Moosi\Desktop\gmer_2.1.19163.exe
[2013.05.23 19:23:56 | 000,050,477 | ---- | C] () -- C:\Users\Moosi\Desktop\Defogger.exe
[2013.05.21 23:47:33 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.20 23:05:40 | 000,000,004 | ---- | C] () -- C:\Users\Moosi\AppData\Roaming\skype.ini
[2012.09.06 12:18:07 | 000,005,236 | ---- | C] () -- C:\Users\Moosi\AppData\Local\recently-used.xbel
[2012.07.04 22:32:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.01.11 20:00:55 | 000,098,304 | ---- | C] () -- C:\Users\Moosi\AppData\Roaming\skype.dat
[2011.12.21 22:55:16 | 000,003,584 | ---- | C] () -- C:\Users\Moosi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.28 15:40:04 | 000,001,027 | ---- | C] () -- C:\Users\Moosi\Musik - Verknüpfung.lnk
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.30 11:38:49 | 000,000,000 | -HSD | M] -- C:\Users\Moosi\AppData\Roaming\.#
[2013.01.26 21:47:42 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\BabSolution
[2013.01.26 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\Babylon
[2011.12.23 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\DAEMON Tools Lite
[2010.12.06 19:29:44 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\GrabIt
[2011.11.27 11:49:09 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\Leadertech
[2011.01.04 12:19:45 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\MAGIX
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 23.05.2013 19:25:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Moosi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,86% Memory free
6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 748,28 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS
Drive F: | 900,73 Mb Total Space | 840,00 Mb Free Space | 93,26% Space Free | Partition Type: FAT
 
Computer Name: MOOSI-PC | User Name: Moosi | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EE1441E-2B98-4015-93B6-C97F997F1C6F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1CB99D37-5903-44FB-AD6C-5FA294D0822B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{252AEF40-23BA-45AC-A5CD-BE7B34148DCC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2C29B114-9C81-49E7-9BC3-CF837BA143B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35147092-AE6E-40C1-8DE3-6CD0857ECCBF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3986147F-9D10-4FC2-AFB3-7CE85329BA67}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{727EA388-CEA3-4FFA-B033-F2738048880B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75CBBD62-C7AF-49A1-966F-EC47BDED0704}" = lport=445 | protocol=6 | dir=in | app=system | 
"{88311290-C3A9-49D8-B9F9-62DE2010F09E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C73AAF57-23B4-4F24-B95C-0E90AD58A8C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CF9E3D6B-44AB-43CB-8D20-FDDDFA1392B4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8031C98-DAE9-4910-93B0-0A680D551E9D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E8BFF9A2-2742-49ED-BC70-3B1D22326CAA}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{1D898DAE-2DDA-469D-8C7A-4D1014A15F41}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | 
"{2BDC0C5A-E6F4-4881-B14B-4A23F1A8DB1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{50933ACB-76DC-4BC2-84B3-0FEC618AC2D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{731D7A7C-8350-4DCF-A968-852DD455EA7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A13E4A01-0C3E-4986-8F10-EADE9C25FDAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBE53DF1-89C7-4D34-B4AB-BAE1F40BECE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{CC741BA1-2D89-4560-A474-DEED886E0445}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{DB3060D5-19A4-4D0C-A7AD-83C99DABFE1E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E5EFDB5F-0061-4A31-8498-6C8573DDEBF5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5F1E9D0A-99DA-42C3-A7E2-CE02CD6CEE01}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DC48926A-65EC-4241-9F57-7063E05706A0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F3A1E182-A325-4FAD-B07C-301B69FBD5CD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New
"{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English
"{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish
"{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{45854A38-F4B0-4434-BB40-A8ED6FDDEEC9}" = 
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese
"{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADF60A14-CFC4-7174-D088-E1CFE6663EF3}" = ATI Catalyst Install Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8A6E0DE-B25F-D008-C10F-81DB91224A41}" = ccc-utility
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E7F56612-69F7-4F85-AD0B-B04B1C5BC3BD}" = Creative ZEN V Series (R2)
"{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish
"{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BabylonToolbar" = Babylon toolbar 
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deutsch 3 v1.2" = Deutsch 3 v1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Gehirnjogging 3" = Gehirnjogging 3
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Hofer Foto Manager Free D" = Hofer Foto Manager Free
"Hofer Foto Service D" = Hofer Foto Service
"Hofer Fotodruck Service" = Hofer Fotodruck Service 4.5
"Hofer Online Druck Service D" = Hofer Online Druck Service
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Loewe4" = Löwenzahn 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"MEDION Fotos auf CD & DVD SE Hofer D" = MEDION Fotos auf CD & DVD SE Hofer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"QuickPar" = QuickPar 0.9
"QuickTime" = QuickTime
"SysInfo" = Creative Systeminformationen
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zahlenreise 3. Übungs-CD-ROM_is1" = Zahlenreise 3. Übungs-CD-ROM, V 1.0.2
"ZENcast Organizer" = ZENcast Organizer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.12.2011 06:02:08 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 06:05:46 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 09:33:29 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 10:01:59 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 10:22:26 | Computer Name = Moosi-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 16.12.2011 11:14:02 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 14:03:02 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 15:13:27 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 16:13:58 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 17:01:13 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 20.05.2013 13:22:40 | Computer Name = Moosi-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 673 Invoked Function:
 ConnectMgr::initiateConnect Return Code: -29622263 (0xFE3C0009) Description: CONNECTMGR_ERROR_UNEXPECTED

 
Error - 20.05.2013 13:22:42 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostLocator::buildHostLocator File: .\Utility\HostLocator.cpp
Line:
 293 Invoked Function: CHostLocator::ResolveHostname Return Code: -28049397 (0xFE54000B)
Description:
 HOSTLOCATOR_ERROR_DNS_TIME_LIMIT_EXCEEDED 
 
Error - 20.05.2013 13:22:42 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processConnectNotification File: .\MainThread.cpp
Line:
 11462 Invoked Function: CMainThread::resolveSGHost Return Code: -32702442 (0xFE0D0016)
Description:
 MAINTHREAD_ERROR_DNS_RESOLUTION_FAILED 
 
Error - 20.05.2013 13:22:45 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CAutoProxy::GetAutoProxyStrings File: .\Proxy\AutoProxy.cpp
Line:
 139 Invoked Function: WinHttpGetProxyForUrl Return Code: 12180 (0x00002F94) Description:
 WINDOWS_ERROR_CODE SG URL https://univpn.univie.ac.at:443
 
Error - 20.05.2013 13:22:45 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
 1032 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System
 kann die angegebene Datei nicht finden.   
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1790 Invoked Function: ::WSAGetOverlappedResult Return Code: 995 (0x000003E3) Description:
 Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung 
abgebrochen.   
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1791 Invoked Function: ::WSARecv/::WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 895 Invoked Function: CSocketTransport::readSocket Return Code: -31588312 (0xFE1E0028)
Description:
 SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get result call for the socket
 failed. 
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 1047 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31588312
 (0xFE1E0028) Description: SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get
 result call for the socket failed. 
 
[ OSession Events ]
Error - 21.10.2010 17:33:45 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5883
 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error - 13.04.2011 14:04:05 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 13864
 seconds with 6420 seconds of active time.  This session ended with a crash.
 
Error - 13.04.2011 14:14:41 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 614
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2011 13:36:05 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 2489
 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error - 31.05.2011 15:38:36 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5951
 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error - 09.06.2011 13:44:14 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 106
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.06.2011 13:57:23 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 778
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2011 15:51:15 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 1858
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 04.01.2013 18:05:01 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 9039
 seconds with 4560 seconds of active time.  This session ended with a crash.
 
Error - 13.03.2013 17:27:28 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 10842
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

GMER:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-23 20:46:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000053 WDC_WD10 rev.80.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Moosi\AppData\Local\Temp\pwdoypoc.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                        82842A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                          8287C1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                        fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Moosi\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----

während des GMER scans sind fehlermeldungen ala "device kann nicht gefunden werden" angezeigt worden, ich habe diese weggeklickt.

bitte um hilfe =)

danke und lg

markusg · 23.05.2013, 20:25

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O20 - HKCU Winlogon: Shell - (C:\Users\Moosi\AppData\Roaming\skype.dat) - C:\Users\Moosi\AppData\Roaming\skype.dat ()
[2013.05.23 18:55:41 | 000,000,004 | ---- | M] () -- C:\Users\Moosi\AppData\Roaming\skype.ini
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

xandl · 23.05.2013, 20:44

Hallo,

sieht gut aus, nach dem starten in den normalen Modus sieht alles aus wie immer.

Herzlichen Dank =)

gibts noch weitere Schritte?

markusg · 23.05.2013, 20:47

Danke erst mal fürs hochladen.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

xandl · 23.05.2013, 21:37

hier das tdss logfile:

Code:

ATTFilter

22:28:39.0192 6020  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:28:39.0347 6020  ============================================================
22:28:39.0347 6020  Current date / time: 2013/05/23 22:28:39.0347
22:28:39.0347 6020  SystemInfo:
22:28:39.0347 6020  
22:28:39.0347 6020  OS Version: 6.1.7601 ServicePack: 1.0
22:28:39.0347 6020  Product type: Workstation
22:28:39.0347 6020  ComputerName: MOOSI-PC
22:28:39.0347 6020  UserName: Moosi
22:28:39.0347 6020  Windows directory: C:\Windows
22:28:39.0347 6020  System windows directory: C:\Windows
22:28:39.0347 6020  Processor architecture: Intel x86
22:28:39.0347 6020  Number of processors: 4
22:28:39.0347 6020  Page size: 0x1000
22:28:39.0347 6020  Boot type: Normal boot
22:28:39.0347 6020  ============================================================
22:28:40.0960 6020  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:28:40.0979 6020  ============================================================
22:28:40.0979 6020  \Device\Harddisk0\DR0:
22:28:40.0980 6020  MBR partitions:
22:28:40.0980 6020  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:28:40.0980 6020  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3800
22:28:40.0980 6020  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D06000, BlocksNum 0x2800000
22:28:40.0980 6020  ============================================================
22:28:41.0012 6020  C: <-> \Device\Harddisk0\DR0\Partition2
22:28:41.0062 6020  D: <-> \Device\Harddisk0\DR0\Partition3
22:28:41.0063 6020  ============================================================
22:28:41.0063 6020  Initialize success
22:28:41.0063 6020  ============================================================
22:29:19.0992 5820  ============================================================
22:29:19.0992 5820  Scan started
22:29:19.0992 5820  Mode: Manual; SigCheck; TDLFS; 
22:29:19.0992 5820  ============================================================
22:29:21.0370 5820  ================ Scan system memory ========================
22:29:21.0370 5820  System memory - ok
22:29:21.0371 5820  ================ Scan services =============================
22:29:21.0565 5820  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:29:21.0697 5820  1394ohci - ok
22:29:21.0746 5820  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:29:21.0788 5820  ACPI - ok
22:29:21.0815 5820  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:29:21.0886 5820  AcpiPmi - ok
22:29:21.0926 5820  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:29:21.0944 5820  adp94xx - ok
22:29:21.0967 5820  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:29:21.0983 5820  adpahci - ok
22:29:22.0003 5820  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:29:22.0016 5820  adpu320 - ok
22:29:22.0029 5820  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:29:22.0086 5820  AeLookupSvc - ok
22:29:22.0135 5820  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
22:29:22.0181 5820  AFD - ok
22:29:22.0215 5820  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:29:22.0230 5820  agp440 - ok
22:29:22.0244 5820  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:29:22.0260 5820  aic78xx - ok
22:29:22.0272 5820  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
22:29:22.0323 5820  ALG - ok
22:29:22.0340 5820  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:29:22.0355 5820  aliide - ok
22:29:22.0402 5820  [ 8570625CA5DBD8083BEA7CB73065B53D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:29:22.0478 5820  AMD External Events Utility - ok
22:29:22.0491 5820  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:29:22.0506 5820  amdagp - ok
22:29:22.0519 5820  [ 211FCE336502911EC03FC15A91344C98 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
22:29:22.0534 5820  amdide - ok
22:29:22.0545 5820  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:29:22.0603 5820  AmdK8 - ok
22:29:22.0756 5820  [ C22BDFCBED2596692096F85A9BF54358 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:29:22.0903 5820  amdkmdag - ok
22:29:22.0925 5820  [ CC6A16CE23DBC94A59F8E821558D5754 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:29:22.0948 5820  amdkmdap - ok
22:29:22.0967 5820  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:29:22.0978 5820  AmdPPM - ok
22:29:23.0002 5820  [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
22:29:23.0010 5820  amdsata - ok
22:29:23.0029 5820  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:29:23.0043 5820  amdsbs - ok
22:29:23.0061 5820  [ E27866684780606BCCE640A57937D88A ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
22:29:23.0070 5820  amdxata - ok
22:29:23.0097 5820  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
22:29:23.0167 5820  AppID - ok
22:29:23.0182 5820  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:29:23.0210 5820  AppIDSvc - ok
22:29:23.0248 5820  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
22:29:23.0264 5820  Appinfo - ok
22:29:23.0325 5820  [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
22:29:23.0366 5820  Application Updater - ok
22:29:23.0402 5820  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:29:23.0431 5820  arc - ok
22:29:23.0451 5820  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:29:23.0467 5820  arcsas - ok
22:29:23.0490 5820  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:29:23.0620 5820  AsyncMac - ok
22:29:23.0644 5820  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
22:29:23.0655 5820  atapi - ok
22:29:23.0674 5820  [ C822C615B2F693EF4E5B355432976A81 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
22:29:23.0684 5820  AtiHdmiService - ok
22:29:23.0740 5820  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
22:29:23.0808 5820  AtiPcie - ok
22:29:23.0911 5820  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:29:24.0019 5820  AudioEndpointBuilder - ok
22:29:24.0028 5820  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:29:24.0054 5820  Audiosrv - ok
22:29:24.0083 5820  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:29:24.0143 5820  AxInstSV - ok
22:29:24.0175 5820  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:29:24.0232 5820  b06bdrv - ok
22:29:24.0260 5820  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:29:24.0296 5820  b57nd60x - ok
22:29:24.0329 5820  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:29:24.0381 5820  BDESVC - ok
22:29:24.0398 5820  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:29:24.0437 5820  Beep - ok
22:29:24.0466 5820  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
22:29:24.0506 5820  BFE - ok
22:29:24.0537 5820  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
22:29:24.0576 5820  BITS - ok
22:29:24.0596 5820  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:29:24.0608 5820  blbdrive - ok
22:29:24.0647 5820  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:29:24.0691 5820  bowser - ok
22:29:24.0713 5820  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:29:24.0786 5820  BrFiltLo - ok
22:29:24.0799 5820  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:29:24.0828 5820  BrFiltUp - ok
22:29:24.0858 5820  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
22:29:24.0901 5820  Browser - ok
22:29:25.0053 5820  [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
22:29:25.0117 5820  BrowserProtect - ok
22:29:25.0139 5820  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:29:25.0186 5820  Brserid - ok
22:29:25.0204 5820  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:29:25.0244 5820  BrSerWdm - ok
22:29:25.0260 5820  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:29:25.0282 5820  BrUsbMdm - ok
22:29:25.0311 5820  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:29:25.0322 5820  BrUsbSer - ok
22:29:25.0336 5820  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:29:25.0359 5820  BTHMODEM - ok
22:29:25.0378 5820  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
22:29:25.0401 5820  bthserv - ok
22:29:25.0414 5820  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:29:25.0437 5820  cdfs - ok
22:29:25.0453 5820  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:29:25.0465 5820  cdrom - ok
22:29:25.0492 5820  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:29:25.0555 5820  CertPropSvc - ok
22:29:25.0561 5820  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:29:25.0575 5820  circlass - ok
22:29:25.0594 5820  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:29:25.0608 5820  CLFS - ok
22:29:25.0652 5820  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:29:25.0663 5820  clr_optimization_v2.0.50727_32 - ok
22:29:25.0755 5820  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:29:25.0783 5820  clr_optimization_v4.0.30319_32 - ok
22:29:25.0789 5820  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:29:25.0819 5820  CmBatt - ok
22:29:25.0848 5820  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:29:25.0867 5820  cmdide - ok
22:29:25.0915 5820  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:29:25.0959 5820  CNG - ok
22:29:25.0972 5820  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:29:25.0983 5820  Compbatt - ok
22:29:26.0008 5820  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:29:26.0021 5820  CompositeBus - ok
22:29:26.0026 5820  COMSysApp - ok
22:29:26.0039 5820  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:29:26.0050 5820  crcdisk - ok
22:29:26.0081 5820  [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe
22:29:26.0101 5820  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
22:29:26.0101 5820  Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
22:29:26.0140 5820  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:29:26.0184 5820  CryptSvc - ok
22:29:26.0229 5820  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:29:26.0292 5820  DcomLaunch - ok
22:29:26.0329 5820  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:29:26.0364 5820  defragsvc - ok
22:29:26.0406 5820  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:29:26.0444 5820  DfsC - ok
22:29:26.0470 5820  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:29:26.0494 5820  Dhcp - ok
22:29:26.0531 5820  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:29:26.0582 5820  discache - ok
22:29:26.0593 5820  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:29:26.0604 5820  Disk - ok
22:29:26.0673 5820  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:29:26.0735 5820  Dnscache - ok
22:29:26.0776 5820  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:29:26.0858 5820  dot3svc - ok
22:29:26.0888 5820  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
22:29:26.0952 5820  DPS - ok
22:29:26.0969 5820  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:29:26.0994 5820  drmkaud - ok
22:29:27.0046 5820  [ C0C7CECCB6C85994C2BC92D58E52D3F2 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:29:27.0075 5820  dtsoftbus01 - ok
22:29:27.0125 5820  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:29:27.0159 5820  DXGKrnl - ok
22:29:27.0187 5820  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
22:29:27.0211 5820  EapHost - ok
22:29:27.0298 5820  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:29:27.0415 5820  ebdrv - ok
22:29:27.0444 5820  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
22:29:27.0482 5820  EFS - ok
22:29:27.0525 5820  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:29:27.0577 5820  ehRecvr - ok
22:29:27.0595 5820  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
22:29:27.0619 5820  ehSched - ok
22:29:27.0641 5820  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:29:27.0664 5820  elxstor - ok
22:29:27.0696 5820  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:29:27.0726 5820  ErrDev - ok
22:29:27.0810 5820  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
22:29:27.0894 5820  EventSystem - ok
22:29:27.0923 5820  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
22:29:27.0979 5820  exfat - ok
22:29:28.0023 5820  Fabs - ok
22:29:28.0037 5820  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:29:28.0066 5820  fastfat - ok
22:29:28.0111 5820  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
22:29:28.0149 5820  Fax - ok
22:29:28.0179 5820  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:29:28.0190 5820  fdc - ok
22:29:28.0200 5820  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:29:28.0238 5820  fdPHost - ok
22:29:28.0260 5820  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:29:28.0284 5820  FDResPub - ok
22:29:28.0299 5820  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:29:28.0310 5820  FileInfo - ok
22:29:28.0323 5820  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:29:28.0347 5820  Filetrace - ok
22:29:28.0421 5820  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:29:28.0466 5820  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
22:29:28.0466 5820  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
22:29:28.0483 5820  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:29:28.0508 5820  flpydisk - ok
22:29:28.0531 5820  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:29:28.0545 5820  FltMgr - ok
22:29:28.0574 5820  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
22:29:28.0610 5820  FontCache - ok
22:29:28.0645 5820  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:29:28.0655 5820  FontCache3.0.0.0 - ok
22:29:28.0660 5820  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:29:28.0671 5820  FsDepends - ok
22:29:28.0698 5820  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:29:28.0709 5820  Fs_Rec - ok
22:29:28.0750 5820  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:29:28.0785 5820  fvevol - ok
22:29:28.0808 5820  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:29:28.0823 5820  gagp30kx - ok
22:29:28.0859 5820  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:29:28.0895 5820  gpsvc - ok
22:29:28.0952 5820  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:29:28.0982 5820  gupdate - ok
22:29:29.0030 5820  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:29:29.0058 5820  gupdatem - ok
22:29:29.0093 5820  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:29:29.0127 5820  gusvc - ok
22:29:29.0149 5820  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:29:29.0198 5820  hcw85cir - ok
22:29:29.0220 5820  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:29:29.0247 5820  HdAudAddService - ok
22:29:29.0269 5820  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:29:29.0315 5820  HDAudBus - ok
22:29:29.0348 5820  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:29:29.0375 5820  HidBatt - ok
22:29:29.0390 5820  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:29:29.0408 5820  HidBth - ok
22:29:29.0426 5820  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:29:29.0442 5820  HidIr - ok
22:29:29.0463 5820  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
22:29:29.0508 5820  hidserv - ok
22:29:29.0525 5820  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:29:29.0541 5820  HidUsb - ok
22:29:29.0570 5820  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:29:29.0600 5820  hkmsvc - ok
22:29:29.0636 5820  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:29:29.0692 5820  HomeGroupListener - ok
22:29:29.0732 5820  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:29:29.0771 5820  HomeGroupProvider - ok
22:29:29.0809 5820  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:29:29.0824 5820  HpSAMD - ok
22:29:29.0881 5820  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:29:29.0934 5820  HTTP - ok
22:29:29.0953 5820  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:29:29.0971 5820  hwpolicy - ok
22:29:30.0007 5820  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:29:30.0038 5820  i8042prt - ok
22:29:30.0075 5820  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:29:30.0095 5820  iaStorV - ok
22:29:30.0166 5820  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:29:30.0223 5820  idsvc - ok
22:29:30.0236 5820  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:29:30.0247 5820  iirsp - ok
22:29:30.0270 5820  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:29:30.0310 5820  IKEEXT - ok
22:29:30.0388 5820  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:29:30.0466 5820  IntcAzAudAddService - ok
22:29:30.0482 5820  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:29:30.0493 5820  intelide - ok
22:29:30.0506 5820  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:29:30.0518 5820  intelppm - ok
22:29:30.0535 5820  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:29:30.0559 5820  IPBusEnum - ok
22:29:30.0570 5820  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:29:30.0593 5820  IpFilterDriver - ok
22:29:30.0630 5820  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:29:30.0693 5820  iphlpsvc - ok
22:29:30.0715 5820  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:29:30.0749 5820  IPMIDRV - ok
22:29:30.0773 5820  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:29:30.0805 5820  IPNAT - ok
22:29:30.0818 5820  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:29:30.0900 5820  IRENUM - ok
22:29:30.0936 5820  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:29:30.0967 5820  isapnp - ok
22:29:30.0981 5820  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:29:30.0999 5820  iScsiPrt - ok
22:29:31.0043 5820  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:29:31.0054 5820  kbdclass - ok
22:29:31.0066 5820  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:29:31.0078 5820  kbdhid - ok
22:29:31.0088 5820  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
22:29:31.0100 5820  KeyIso - ok
22:29:31.0152 5820  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:29:31.0180 5820  KSecDD - ok
22:29:31.0203 5820  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:29:31.0220 5820  KSecPkg - ok
22:29:31.0245 5820  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:29:31.0275 5820  KtmRm - ok
22:29:31.0320 5820  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:29:31.0360 5820  LanmanServer - ok
22:29:31.0385 5820  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:29:31.0422 5820  LanmanWorkstation - ok
22:29:31.0456 5820  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:29:31.0479 5820  lltdio - ok
22:29:31.0504 5820  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:29:31.0539 5820  lltdsvc - ok
22:29:31.0554 5820  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:29:31.0592 5820  lmhosts - ok
22:29:31.0613 5820  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:29:31.0626 5820  LSI_FC - ok
22:29:31.0636 5820  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:29:31.0648 5820  LSI_SAS - ok
22:29:31.0662 5820  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:29:31.0712 5820  LSI_SAS2 - ok
22:29:31.0727 5820  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:29:31.0743 5820  LSI_SCSI - ok
22:29:31.0755 5820  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
22:29:31.0792 5820  luafv - ok
22:29:31.0851 5820  [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
22:29:31.0867 5820  LVRS - ok
22:29:31.0990 5820  [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
22:29:32.0137 5820  LVUVC - ok
22:29:32.0204 5820  [ B7CA8CC3F978201856B6AB82F40953C3 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:29:32.0228 5820  MBAMProtector - ok
22:29:32.0279 5820  [ DE199F3AA9C541A349AF95A5C72A71AF ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:29:32.0296 5820  MBAMService - ok
22:29:32.0359 5820  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
22:29:32.0385 5820  McComponentHostService - ok
22:29:32.0409 5820  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:29:32.0440 5820  Mcx2Svc - ok
22:29:32.0461 5820  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:29:32.0476 5820  megasas - ok
22:29:32.0495 5820  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:29:32.0514 5820  MegaSR - ok
22:29:32.0533 5820  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
22:29:32.0557 5820  MMCSS - ok
22:29:32.0568 5820  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
22:29:32.0605 5820  Modem - ok
22:29:32.0643 5820  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:29:32.0686 5820  monitor - ok
22:29:32.0718 5820  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:29:32.0751 5820  mouclass - ok
22:29:32.0781 5820  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:29:32.0801 5820  mouhid - ok
22:29:32.0833 5820  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:29:32.0853 5820  mountmgr - ok
22:29:32.0870 5820  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:29:32.0882 5820  mpio - ok
22:29:32.0902 5820  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:29:32.0924 5820  mpsdrv - ok
22:29:32.0955 5820  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:29:33.0000 5820  MpsSvc - ok
22:29:33.0020 5820  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:29:33.0034 5820  MRxDAV - ok
22:29:33.0082 5820  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:29:33.0155 5820  mrxsmb - ok
22:29:33.0195 5820  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:29:33.0225 5820  mrxsmb10 - ok
22:29:33.0242 5820  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:29:33.0262 5820  mrxsmb20 - ok
22:29:33.0281 5820  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:29:33.0292 5820  msahci - ok
22:29:33.0318 5820  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:29:33.0330 5820  msdsm - ok
22:29:33.0351 5820  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
22:29:33.0382 5820  MSDTC - ok
22:29:33.0402 5820  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:29:33.0425 5820  Msfs - ok
22:29:33.0436 5820  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:29:33.0470 5820  mshidkmdf - ok
22:29:33.0491 5820  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:29:33.0502 5820  msisadrv - ok
22:29:33.0526 5820  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:29:33.0549 5820  MSiSCSI - ok
22:29:33.0553 5820  msiserver - ok
22:29:33.0582 5820  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:29:33.0644 5820  MSKSSRV - ok
22:29:33.0682 5820  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:29:33.0704 5820  MSPCLOCK - ok
22:29:33.0716 5820  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:29:33.0739 5820  MSPQM - ok
22:29:33.0755 5820  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:29:33.0768 5820  MsRPC - ok
22:29:33.0783 5820  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:29:33.0794 5820  mssmbios - ok
22:29:33.0806 5820  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:29:33.0828 5820  MSTEE - ok
22:29:33.0843 5820  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:29:33.0855 5820  MTConfig - ok
22:29:33.0874 5820  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:29:33.0885 5820  Mup - ok
22:29:33.0903 5820  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
22:29:33.0940 5820  napagent - ok
22:29:33.0959 5820  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:29:33.0994 5820  NativeWifiP - ok
22:29:34.0047 5820  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:29:34.0085 5820  NDIS - ok
22:29:34.0103 5820  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:29:34.0156 5820  NdisCap - ok
22:29:34.0177 5820  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:29:34.0199 5820  NdisTapi - ok
22:29:34.0233 5820  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:29:34.0299 5820  Ndisuio - ok
22:29:34.0339 5820  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:29:34.0400 5820  NdisWan - ok
22:29:34.0427 5820  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:29:34.0456 5820  NDProxy - ok
22:29:34.0474 5820  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:29:34.0520 5820  NetBIOS - ok
22:29:34.0570 5820  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:29:34.0630 5820  NetBT - ok
22:29:34.0634 5820  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
22:29:34.0646 5820  Netlogon - ok
22:29:34.0666 5820  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:29:34.0692 5820  Netman - ok
22:29:34.0710 5820  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:29:34.0737 5820  netprofm - ok
22:29:34.0761 5820  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:29:34.0772 5820  NetTcpPortSharing - ok
22:29:34.0790 5820  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:29:34.0802 5820  nfrd960 - ok
22:29:34.0814 5820  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:29:34.0828 5820  NlaSvc - ok
22:29:34.0851 5820  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:29:34.0910 5820  Npfs - ok
22:29:34.0926 5820  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
22:29:34.0958 5820  nsi - ok
22:29:34.0969 5820  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:29:35.0008 5820  nsiproxy - ok
22:29:35.0073 5820  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:29:35.0146 5820  Ntfs - ok
22:29:35.0159 5820  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:29:35.0200 5820  Null - ok
22:29:35.0231 5820  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:29:35.0243 5820  nvraid - ok
22:29:35.0261 5820  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:29:35.0274 5820  nvstor - ok
22:29:35.0300 5820  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:29:35.0313 5820  nv_agp - ok
22:29:35.0362 5820  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:29:35.0395 5820  odserv - ok
22:29:35.0434 5820  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:29:35.0466 5820  ohci1394 - ok
22:29:35.0493 5820  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:29:35.0508 5820  ose - ok
22:29:35.0535 5820  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:29:35.0576 5820  p2pimsvc - ok
22:29:35.0607 5820  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:29:35.0624 5820  p2psvc - ok
22:29:35.0641 5820  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:29:35.0666 5820  Parport - ok
22:29:35.0691 5820  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:29:35.0702 5820  partmgr - ok
22:29:35.0718 5820  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:29:35.0737 5820  Parvdm - ok
22:29:35.0753 5820  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:29:35.0788 5820  PcaSvc - ok
22:29:35.0819 5820  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
22:29:35.0831 5820  pci - ok
22:29:35.0850 5820  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
22:29:35.0862 5820  pciide - ok
22:29:35.0875 5820  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:29:35.0889 5820  pcmcia - ok
22:29:35.0902 5820  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
22:29:35.0913 5820  pcw - ok
22:29:35.0931 5820  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:29:35.0961 5820  PEAUTH - ok
22:29:36.0048 5820  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
22:29:36.0117 5820  pla - ok
22:29:36.0151 5820  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:29:36.0174 5820  PlugPlay - ok
22:29:36.0280 5820  [ 80E85394D8CD7F84340B1C6F4B9D698F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
22:29:36.0324 5820  PMBDeviceInfoProvider - ok
22:29:36.0347 5820  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:29:36.0391 5820  PNRPAutoReg - ok
22:29:36.0401 5820  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:29:36.0420 5820  PNRPsvc - ok
22:29:36.0438 5820  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:29:36.0464 5820  PolicyAgent - ok
22:29:36.0503 5820  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
22:29:36.0527 5820  Power - ok
22:29:36.0540 5820  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:29:36.0563 5820  PptpMiniport - ok
22:29:36.0579 5820  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:29:36.0600 5820  Processor - ok
22:29:36.0626 5820  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
22:29:36.0656 5820  ProfSvc - ok
22:29:36.0667 5820  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:29:36.0678 5820  ProtectedStorage - ok
22:29:36.0693 5820  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:29:36.0726 5820  Psched - ok
22:29:36.0778 5820  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:29:36.0790 5820  PSI_SVC_2 - ok
22:29:36.0824 5820  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:29:36.0858 5820  ql2300 - ok
22:29:36.0889 5820  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:29:36.0938 5820  ql40xx - ok
22:29:36.0964 5820  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
22:29:36.0996 5820  QWAVE - ok
22:29:37.0017 5820  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:29:37.0048 5820  QWAVEdrv - ok
22:29:37.0066 5820  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:29:37.0129 5820  RasAcd - ok
22:29:37.0156 5820  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:29:37.0195 5820  RasAgileVpn - ok
22:29:37.0215 5820  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
22:29:37.0241 5820  RasAuto - ok
22:29:37.0259 5820  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:29:37.0283 5820  Rasl2tp - ok
22:29:37.0308 5820  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
22:29:37.0333 5820  RasMan - ok
22:29:37.0346 5820  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:29:37.0384 5820  RasPppoe - ok
22:29:37.0389 5820  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:29:37.0412 5820  RasSstp - ok
22:29:37.0454 5820  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:29:37.0497 5820  rdbss - ok
22:29:37.0515 5820  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:29:37.0536 5820  rdpbus - ok
22:29:37.0564 5820  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:29:37.0599 5820  RDPCDD - ok
22:29:37.0621 5820  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:29:37.0641 5820  RDPENCDD - ok
22:29:37.0659 5820  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:29:37.0680 5820  RDPREFMP - ok
22:29:37.0713 5820  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:29:37.0760 5820  RDPWD - ok
22:29:37.0852 5820  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:29:37.0949 5820  rdyboost - ok
22:29:37.0980 5820  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:29:38.0019 5820  RemoteAccess - ok
22:29:38.0032 5820  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:29:38.0058 5820  RemoteRegistry - ok
22:29:38.0141 5820  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
22:29:38.0171 5820  RichVideo - ok
22:29:38.0186 5820  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:29:38.0220 5820  RpcEptMapper - ok
22:29:38.0236 5820  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:29:38.0260 5820  RpcLocator - ok
22:29:38.0281 5820  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
22:29:38.0307 5820  RpcSs - ok
22:29:38.0336 5820  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:29:38.0360 5820  rspndr - ok
22:29:38.0391 5820  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
22:29:38.0432 5820  RTL8167 - ok
22:29:38.0465 5820  [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
22:29:38.0490 5820  RTL8192su - ok
22:29:38.0500 5820  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
22:29:38.0512 5820  SamSs - ok
22:29:38.0544 5820  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:29:38.0556 5820  sbp2port - ok
22:29:38.0577 5820  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:29:38.0618 5820  SCardSvr - ok
22:29:38.0640 5820  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:29:38.0661 5820  scfilter - ok
22:29:38.0685 5820  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
22:29:38.0736 5820  Schedule - ok
22:29:38.0769 5820  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:29:38.0791 5820  SCPolicySvc - ok
22:29:38.0838 5820  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:29:38.0905 5820  SDRSVC - ok
22:29:38.0948 5820  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:29:38.0979 5820  SeaPort - ok
22:29:38.0991 5820  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:29:39.0017 5820  secdrv - ok
22:29:39.0030 5820  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:29:39.0055 5820  seclogon - ok
22:29:39.0067 5820  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
22:29:39.0092 5820  SENS - ok
22:29:39.0098 5820  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:29:39.0120 5820  SensrSvc - ok
22:29:39.0136 5820  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:29:39.0180 5820  Serenum - ok
22:29:39.0210 5820  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:29:39.0226 5820  Serial - ok
22:29:39.0244 5820  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:29:39.0273 5820  sermouse - ok
22:29:39.0304 5820  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:29:39.0395 5820  SessionEnv - ok
22:29:39.0428 5820  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:29:39.0477 5820  sffdisk - ok
22:29:39.0495 5820  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:29:39.0509 5820  sffp_mmc - ok
22:29:39.0521 5820  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:29:39.0535 5820  sffp_sd - ok
22:29:39.0564 5820  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:29:39.0579 5820  sfloppy - ok
22:29:39.0604 5820  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:29:39.0639 5820  SharedAccess - ok
22:29:39.0656 5820  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:29:39.0682 5820  ShellHWDetection - ok
22:29:39.0692 5820  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:29:39.0703 5820  sisagp - ok
22:29:39.0716 5820  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:29:39.0727 5820  SiSRaid2 - ok
22:29:39.0757 5820  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:29:39.0769 5820  SiSRaid4 - ok
22:29:39.0782 5820  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:29:39.0806 5820  Smb - ok
22:29:39.0828 5820  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:29:39.0841 5820  SNMPTRAP - ok
22:29:39.0846 5820  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:29:39.0857 5820  spldr - ok
22:29:39.0883 5820  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
22:29:39.0909 5820  Spooler - ok
22:29:39.0967 5820  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:29:40.0090 5820  sppsvc - ok
22:29:40.0182 5820  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:29:40.0248 5820  sppuinotify - ok
22:29:40.0392 5820  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:29:40.0446 5820  srv - ok
22:29:40.0478 5820  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:29:40.0503 5820  srv2 - ok
22:29:40.0533 5820  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:29:40.0554 5820  srvnet - ok
22:29:40.0570 5820  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:29:40.0596 5820  SSDPSRV - ok
22:29:40.0615 5820  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:29:40.0638 5820  SstpSvc - ok
22:29:40.0652 5820  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:29:40.0662 5820  stexstor - ok
22:29:40.0682 5820  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:29:40.0705 5820  StiSvc - ok
22:29:40.0741 5820  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:29:40.0764 5820  swenum - ok
22:29:40.0785 5820  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
22:29:40.0823 5820  swprv - ok
22:29:40.0885 5820  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
22:29:40.0925 5820  SysMain - ok
22:29:40.0942 5820  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:29:40.0973 5820  TabletInputService - ok
22:29:40.0997 5820  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:29:41.0023 5820  TapiSrv - ok
22:29:41.0043 5820  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
22:29:41.0076 5820  TBS - ok
22:29:41.0152 5820  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:29:41.0207 5820  Tcpip - ok
22:29:41.0226 5820  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:29:41.0253 5820  TCPIP6 - ok
22:29:41.0280 5820  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:29:41.0290 5820  tcpipreg - ok
22:29:41.0331 5820  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:29:41.0373 5820  TDPIPE - ok
22:29:41.0388 5820  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:29:41.0412 5820  TDTCP - ok
22:29:41.0432 5820  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:29:41.0476 5820  tdx - ok
22:29:41.0501 5820  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:29:41.0513 5820  TermDD - ok
22:29:41.0560 5820  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
22:29:41.0588 5820  TermService - ok
22:29:41.0603 5820  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:29:41.0618 5820  Themes - ok
22:29:41.0632 5820  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:29:41.0656 5820  THREADORDER - ok
22:29:41.0672 5820  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:29:41.0715 5820  TrkWks - ok
22:29:41.0756 5820  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:29:41.0780 5820  TrustedInstaller - ok
22:29:41.0800 5820  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:29:41.0833 5820  tssecsrv - ok
22:29:41.0881 5820  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:29:41.0940 5820  TsUsbFlt - ok
22:29:42.0013 5820  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:29:42.0073 5820  tunnel - ok
22:29:42.0092 5820  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:29:42.0103 5820  uagp35 - ok
22:29:42.0119 5820  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:29:42.0159 5820  udfs - ok
22:29:42.0184 5820  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:29:42.0197 5820  UI0Detect - ok
22:29:42.0226 5820  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:29:42.0238 5820  uliagpkx - ok
22:29:42.0264 5820  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
22:29:42.0275 5820  umbus - ok
22:29:42.0296 5820  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:29:42.0306 5820  UmPass - ok
22:29:42.0391 5820  [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:29:42.0430 5820  UMVPFSrv - ok
22:29:42.0459 5820  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:29:42.0485 5820  upnphost - ok
22:29:42.0516 5820  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:29:42.0530 5820  usbaudio - ok
22:29:42.0553 5820  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:29:42.0573 5820  usbccgp - ok
22:29:42.0604 5820  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:29:42.0656 5820  usbcir - ok
22:29:42.0690 5820  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:29:42.0714 5820  usbehci - ok
22:29:42.0731 5820  [ E5B14557793164DB879EE56F5B59C3E2 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:29:42.0743 5820  usbfilter - ok
22:29:42.0766 5820  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:29:42.0784 5820  usbhub - ok
22:29:42.0800 5820  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:29:42.0815 5820  usbohci - ok
22:29:42.0833 5820  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:29:42.0849 5820  usbprint - ok
22:29:42.0859 5820  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:29:42.0875 5820  USBSTOR - ok
22:29:42.0895 5820  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:29:42.0909 5820  usbuhci - ok
22:29:42.0915 5820  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
22:29:42.0943 5820  UxSms - ok
22:29:42.0948 5820  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
22:29:42.0959 5820  VaultSvc - ok
22:29:42.0992 5820  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:29:43.0023 5820  vdrvroot - ok
22:29:43.0059 5820  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
22:29:43.0097 5820  vds - ok
22:29:43.0114 5820  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:29:43.0140 5820  vga - ok
22:29:43.0146 5820  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:29:43.0176 5820  VgaSave - ok
22:29:43.0190 5820  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:29:43.0203 5820  vhdmp - ok
22:29:43.0218 5820  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:29:43.0229 5820  viaagp - ok
22:29:43.0247 5820  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:29:43.0260 5820  ViaC7 - ok
22:29:43.0277 5820  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
22:29:43.0288 5820  viaide - ok
22:29:43.0305 5820  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:29:43.0317 5820  volmgr - ok
22:29:43.0337 5820  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:29:43.0352 5820  volmgrx - ok
22:29:43.0371 5820  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:29:43.0386 5820  volsnap - ok
22:29:43.0390 5820  vpnva - ok
22:29:43.0460 5820  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:29:43.0498 5820  vsmraid - ok
22:29:43.0564 5820  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
22:29:43.0646 5820  VSS - ok
22:29:43.0662 5820  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:29:43.0675 5820  vwifibus - ok
22:29:43.0705 5820  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:29:43.0730 5820  vwififlt - ok
22:29:43.0750 5820  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:29:43.0764 5820  vwifimp - ok
22:29:43.0782 5820  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
22:29:43.0823 5820  W32Time - ok
22:29:43.0845 5820  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:29:43.0856 5820  WacomPen - ok
22:29:43.0888 5820  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:29:43.0910 5820  WANARP - ok
22:29:43.0913 5820  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:29:43.0935 5820  Wanarpv6 - ok
22:29:43.0978 5820  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:29:44.0013 5820  WatAdminSvc - ok
22:29:44.0044 5820  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
22:29:44.0087 5820  wbengine - ok
22:29:44.0115 5820  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:29:44.0132 5820  WbioSrvc - ok
22:29:44.0164 5820  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:29:44.0205 5820  wcncsvc - ok
22:29:44.0222 5820  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:29:44.0253 5820  WcsPlugInService - ok
22:29:44.0269 5820  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:29:44.0283 5820  Wd - ok
22:29:44.0330 5820  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:29:44.0374 5820  Wdf01000 - ok
22:29:44.0393 5820  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:29:44.0431 5820  WdiServiceHost - ok
22:29:44.0434 5820  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:29:44.0449 5820  WdiSystemHost - ok
22:29:44.0480 5820  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
22:29:44.0497 5820  WebClient - ok
22:29:44.0522 5820  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:29:44.0567 5820  Wecsvc - ok
22:29:44.0583 5820  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:29:44.0606 5820  wercplsupport - ok
22:29:44.0621 5820  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:29:44.0684 5820  WerSvc - ok
22:29:44.0689 5820  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:29:44.0724 5820  WfpLwf - ok
22:29:44.0747 5820  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:29:44.0758 5820  WIMMount - ok
22:29:44.0794 5820  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:29:44.0837 5820  WinDefend - ok
22:29:44.0844 5820  WinHttpAutoProxySvc - ok
22:29:44.0883 5820  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:29:44.0951 5820  Winmgmt - ok
22:29:44.0976 5820  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:29:45.0010 5820  WinRM - ok
22:29:45.0053 5820  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:29:45.0096 5820  WinUsb - ok
22:29:45.0150 5820  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:29:45.0184 5820  Wlansvc - ok
22:29:45.0249 5820  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:29:45.0322 5820  wlidsvc - ok
22:29:45.0348 5820  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:29:45.0360 5820  WmiAcpi - ok
22:29:45.0390 5820  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:29:45.0474 5820  wmiApSrv - ok
22:29:45.0526 5820  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:29:45.0562 5820  WMPNetworkSvc - ok
22:29:45.0576 5820  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:29:45.0597 5820  WPCSvc - ok
22:29:45.0626 5820  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:29:45.0654 5820  WPDBusEnum - ok
22:29:45.0684 5820  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:29:45.0738 5820  ws2ifsl - ok
22:29:45.0754 5820  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:29:45.0776 5820  wscsvc - ok
22:29:45.0793 5820  WSearch - ok
22:29:45.0871 5820  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:29:45.0908 5820  wuauserv - ok
22:29:45.0943 5820  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:29:45.0967 5820  WudfPf - ok
22:29:45.0982 5820  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:29:45.0994 5820  WUDFRd - ok
22:29:46.0022 5820  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:29:46.0036 5820  wudfsvc - ok
22:29:46.0069 5820  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:29:46.0095 5820  WwanSvc - ok
22:29:46.0104 5820  ================ Scan global ===============================
22:29:46.0162 5820  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:29:46.0201 5820  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:29:46.0221 5820  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:29:46.0251 5820  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:29:46.0263 5820  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:29:46.0269 5820  [Global] - ok
22:29:46.0270 5820  ================ Scan MBR ==================================
22:29:46.0290 5820  [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
22:29:48.0860 5820  \Device\Harddisk0\DR0 - ok
22:29:48.0861 5820  ================ Scan VBR ==================================
22:29:48.0868 5820  [ 32213BCBA93B809A1808509A555B0EDC ] \Device\Harddisk0\DR0\Partition1
22:29:48.0871 5820  \Device\Harddisk0\DR0\Partition1 - ok
22:29:48.0919 5820  [ 05F5397D59081E894D3F02B65DB12CD3 ] \Device\Harddisk0\DR0\Partition2
22:29:48.0922 5820  \Device\Harddisk0\DR0\Partition2 - ok
22:29:48.0955 5820  [ 9C1B2BEF937F4DDA48D5CF1862A9EC26 ] \Device\Harddisk0\DR0\Partition3
22:29:48.0959 5820  \Device\Harddisk0\DR0\Partition3 - ok
22:29:48.0960 5820  ============================================================
22:29:48.0960 5820  Scan finished
22:29:48.0960 5820  ============================================================
22:29:48.0986 1888  Detected object count: 2
22:29:48.0986 1888  Actual detected object count: 2
22:30:21.0397 1888  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:21.0397 1888  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:30:21.0398 1888  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:21.0398 1888  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:30:35.0985 3536  Deinitialize success

markusg · 23.05.2013, 21:38

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

xandl · 23.05.2013, 22:18

hallo,

sieht so aus als hätte combofix sich aufgehängt.
es läuft seit ca. 30 min und seit einer viertelstunde sieht man nur "lösche ordner" + pfad..

soll ich weiterhin warten oder kann es sein, dass es hier ein problem gibt?

markusg · 24.05.2013, 11:57

hi dann brichs mal ab, und dann gehe in den abgesicherten modus, bei Neustart mit f8 zu erreichen, dann in deinem Konto anmelden und cf erneut starten.

xandl · 26.05.2013, 18:20

ich habe combofix damals die ganze nacht noch laufen lassen und als ich wieder auf den pc geschaut habe, war der computer neu gestartet und läuft seit dem ok.
aber es wurde keine combofix datei auf dem desktop oder c laufwerk angelegt.

muss ich combofix jetzt noch einmal neu drüber laufen lassen, oder ist die sache jetzt erledigt?

markusg · 28.05.2013, 09:25

evtl. auf c: log. oder combofix.txt könnte auch im Ordner qoobox liegen

28.05.2013, 09:25	#10
markusg /// Malware-holic	Polizeitrojaner Windows 7 evtl. auf c: log. oder combofix.txt könnte auch im Ordner qoobox liegen __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Polizeitrojaner Windows 7

Plagegeister aller Art und deren Bekämpfung: Polizeitrojaner Windows 7