Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: habe mir evtl. Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.05.2012, 19:58   #1
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Zugegeben, ich habe einen Anhang einer nicht sauberen Mail geöffnet. Der Text lautete ca. so: "wir freuen uns, dass Sie sich für das upgrade .... entschieden haben.... Die genauen Informationen zur Kündigungsfrist erfahren Sie in den Rechnung im Anhang...".
Die Mail habe ich mittlerweile gelöscht. Ich habe aber schon bedenken, dass ich mir einen Trojaner o. ä. eingefangen habe. Anzeichen dafür kann ich aber (noch) nicht feststellen.
Ich habe gem. der Anleitung auf Eurer Homepage Malwarebytes ausgeführt und auch gem. Punkt 3 defrogger und GMER ausgeführt. Die Ergebnisse sind im Anhang.
Ich wäre sehr dankbar, wenn Ihr mir helfen würdet, mein Notebook zu checken und mir sagt, falls dieses befallen ist, wie ich nun weiter vorgehen muss - ich habe davon gar keine Ahnung.

Vielen Dank für Eurer Engagement,
annascott10
Angehängte Dateien
Dateityp: txt Attach.txt (7,0 KB, 147x aufgerufen)
Dateityp: txt Gmer.txt (1,1 KB, 183x aufgerufen)
Dateityp: txt DDS.txt (17,0 KB, 137x aufgerufen)
Dateityp: txt mbam-log-2012-05-03 (18-41-44).txt (2,7 KB, 155x aufgerufen)

Alt 04.05.2012, 12:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Zitat:
Die Mail habe ich mittlerweile gelöscht.
Ohne den Anhang auszuführen bzw. zu öffnen?
__________________

__________________

Alt 04.05.2012, 19:25   #3
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Doch, ich hatte den erst Anhang geöffnet. Dort war ein Textfile mit dem Hinweis, dass der Anhang gelöscht ist, zu finden.
__________________

Alt 04.05.2012, 20:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.05.2012, 20:03   #5
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Hallo, vielen Dank für die Hilfe bislang. Ich habe nun den Vollscan von Malwarebytes durchgeführt - Logfile ist im Anhang zu finden und auch den Scan mit ESET ausgeführt. Hier das log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b7e3546f2a73cf4cb9e0c8057ad41125
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-05 01:47:13
# local_time=2012-05-05 03:47:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 10599610 173753405 0 0
# compatibility_mode=8192 67108863 100 0 1252 1252 0 0
# scanned=143826
# found=14
# cleaned=0
# scan_time=4956
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL	Win32/Toolbar.MyWebSearch application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\christiane\AppData\Local\Temp\303B098D-BAB0-7891-AF4C-2A1CE172B86D\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\christiane\AppData\Local\Temp\48FC9CBE-BAB0-7891-A2F4-2F5ECE51165B\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\christiane\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\christiane\AppData\Local\Temp\InstallShare6929\bab_setup.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\christiane\AppData\Local\Temp\InstallShare9900\bab_setup.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
${Memory}	Win32/Toolbar.MyWebSearch application	00000000000000000000000000000000	I
         
Was muss ich nun als nächstes tun, um mein Notebook wieder sauber zu bekommen ?

Viele Grüße,
annascott10

Angehängte Dateien
Dateityp: txt mbam-log-2012-05-05 (09-47-18).txt (2,1 KB, 151x aufgerufen)

Alt 11.05.2012, 09:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> habe mir evtl. Trojaner eingefangen

Alt 11.05.2012, 16:56   #7
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Nein, im Startmenü vermisse ich nichts, es sind auch keine leeren Ordner vorhanden. Der PC funktioniert uneingeschränkt, ich kann keine Verzögerungen, Fehler oder sonstiges feststellen.

viele Grüße
annascott10

Alt 11.05.2012, 21:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.05.2012, 08:34   #9
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Hallo, hier das log aus OTL:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.05.2012 08:13:29 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\christiane\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,07% Memory free
4,23 Gb Paging File | 3,46 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 59,20 Gb Free Space | 43,22% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,83 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: christiane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3185368E-4405-4EAA-B2E9-F53797BC1B27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36AA5DFF-6184-4B8E-8D61-E184E754FD46}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{87BC782A-E7B3-4E36-8B6A-21EBD7B9208C}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{89F78D66-9BCD-44AA-93BA-72B2A7BB38F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D4B297F-6160-4DB6-A7AD-7BE8009EAD86}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9006FBE9-2889-48DE-8AA7-C20A1E5C82AA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{93D11A58-A915-4057-AD15-31EA68096765}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C53E0AB7-5F75-42BF-92AC-B385642D1FBE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D6ECF2D3-561E-483B-B2E3-E279AF8852DF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D779662D-5749-41C8-BB41-BE57A43E082D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0070C48F-3B68-4B0B-B5AE-DB48C09ED3DB}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{04078E54-27F3-46A1-87E6-D9C505FBC031}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0578C329-E90A-4C42-BF40-C5F667BA1072}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1D6DD9BB-2424-4EF1-87CE-173B94904982}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{35B5052C-8E3F-4456-8122-BCA5D208A27D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3DFD25B6-C22C-43E4-B772-949F3114E501}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{4BFC8CDC-A410-42C0-85B3-CCDD8D29CB6E}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe | 
"{6A0EE4F3-C568-46DD-A872-1C2D9799A579}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{898C581D-3B50-44F9-871E-FFB277582E3B}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe | 
"{A4A23AF7-27EC-4C11-A762-48B684B1E1CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AC0C4A9F-F28E-4348-BFD1-93721D6C6081}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe | 
"{AF51538F-4ECE-411D-87C9-7A57D55EE61F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B7754E91-B14A-4CE3-BBDF-884B31FD74CF}" = protocol=6 | dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{B82AC289-4DE8-48CF-8E71-8FE37457CE1B}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe | 
"{BC19BD40-1D71-43BA-B134-1736BBFA45C2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{C096CEE5-8801-4957-BC1D-102A95EB1F7F}" = protocol=17 | dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{C15BB5B7-F76F-4BDF-86B9-EBB19EB827BB}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe | 
"{DB374C32-7AF2-45E0-BDEA-1D6A7EB9C101}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe | 
"{EB507D65-E324-4F4F-9FE8-052C984416BB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F44E5F23-387D-4175-BF1D-C2E6C454AA1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FDBD8338-E11C-436B-81F4-84E270AF6329}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"TCP Query User{B4857625-3CD3-4CB8-A8ED-1312A1345AB0}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{7AF09ECC-5617-4DB3-89BA-897D40CB0452}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BCCA33-61E7-5FFD-2661-77E4E09F6960}" = CCC Help German
"{080CA2CA-AF4E-402A-B10F-20A82D9DCCFA}" = WISO Haushaltsbuch 2011
"{0E57595A-1716-772F-7D63-F3C103F1F91F}" = Catalyst Control Center Graphics Previews Vista
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{251FA85A-AA1A-40D7-8110-4AA7797CC96C}" = Brother HL-5240
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{364687E1-D0CC-4B91-B310-6C5ED28C1031}" = Nero 8
"{38BEAE84-C96E-9909-FAB7-09F4965BC1CA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5A53E6-3CBE-44D7-91AD-2E535348484F}" = ccc-Branding
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5CF6F512-2B1E-4293-BE5A-358FFE647E94}" = Catalyst Control Center Graphics Full New
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65B2875E-2D94-E907-C0C6-FB9A1FC2160E}" = Catalyst Control Center Graphics Light
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AAC9EC1-79B8-E67C-0A6C-0DA06048A6EF}" = Catalyst Control Center Graphics Full Existing
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85302BFB-5198-CE39-D87E-813BBA60B497}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975F9216-2EDB-4D81-814D-6D00AC68DC85}" = MP3 Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA095606-7801-BB46-894A-8871BCDBACFB}" = ccc-utility
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFD25854-438C-D36D-6495-4DC03492AFE9}" = Skins
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BBD04134-8CAB-C8FD-2C1C-D099B3FA8BB8}" = Fiat eco:Drive
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5EE9880-8165-B586-CC43-C4E8EA577C96}" = Catalyst Control Center Localization German
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"3D Garten Designer 9_is1" = DATA BECKER 3D Garten Designer 9
"3DJongg" = 3DJongg
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AskTBar Uninstall" = Ask Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BudRedhead" = BudRedhead
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1" = Fiat eco:Drive
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.70
"Freeware.de Toolbar" = Freeware.de Toolbar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotel_is1" = Hotel
"HP-LaserJet 1018" = LaserJet 1018
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lexmark 1300 Series" = Lexmark 1300 Series
"LucasArts' Der Turm von Babel" = LucasArts' Der Turm von Babel
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Megamind" = Megamind
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NeoBall" = NeoBall
"PercussionStudio3" = PercussionStudio3
"PhotoStitch" = Canon Utilities PhotoStitch
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Pivot Stickfigure DB Toolbar" = Pivot Stickfigure DB Toolbar
"ProInst" = Intel(R) PROSet/Wireless Software
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Soccerstars" = Soccerstars
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"SuperSoli" = SuperSoli
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WISO Haushaltsbuch 2011" = WISO Haushaltsbuch 2011
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2012 07:41:42 | Computer Name = notebook | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/21 13:41:42.807]: [00003144]: Unlinking WIA item
 tree  
 
Error - 21.04.2012 07:41:42 | Computer Name = notebook | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/21 13:41:42.807]: [00003144]: Releasing IDrvItemRoot
 interface  
 
Error - 21.04.2012 10:57:24 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.6195, Zeitstempel
 0x4dcddbf3, Ausnahmecode 0xc0000409, Fehleroffset 0x0000bde7,  Prozess-ID 0x9f8, 
Anwendungsstartzeit 01cd1fcf08a2051b.
 
Error - 21.04.2012 14:34:00 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0c0c0c0c,  Prozess-ID 0x8e8, Anwendungsstartzeit
 01cd1fed3afe6fc9.
 
Error - 24.04.2012 03:22:33 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x27132713,  Prozess-ID 0x954, Anwendungsstartzeit
 01cd21ead1f19ebe.
 
Error - 24.04.2012 03:28:04 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul lxdccomc.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x45a50aec, Ausnahmecode 0xc0000005, Fehleroffset 0x65064150,  Prozess-ID 0xcc, Anwendungsstartzeit
 01cd21eacabcd51e.
 
Error - 29.04.2012 14:06:39 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, Ausnahmecode 0xc0000005, Fehleroffset 0x000c463c,  Prozess-ID 0x8e8, 
Anwendungsstartzeit 01cd2632c8058bb6.
 
Error - 01.05.2012 09:32:57 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, Ausnahmecode 0xc0000005, Fehleroffset 0x000c463c,  Prozess-ID 0x8bc, 
Anwendungsstartzeit 01cd279ee28361b0.
 
Error - 01.05.2012 12:42:31 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, Ausnahmecode 0xc0000005, Fehleroffset 0x000c463c,  Prozess-ID 0x940, 
Anwendungsstartzeit 01cd27b9629da2c0.
 
Error - 03.05.2012 13:22:44 | Computer Name = notebook | Source = Perflib | ID = 1010
Description = 
 
[ System Events ]
Error - 11.05.2012 14:48:05 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 11.05.2012 14:48:55 | Computer Name = notebook | Source = DCOM | ID = 10010
Description = 
 
Error - 11.05.2012 14:50:50 | Computer Name = notebook | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.20 deaktiviert, 
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 11.05.2012 14:50:49 | Computer Name = notebook | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = 
 
Error - 11.05.2012 14:50:49 | Computer Name = notebook | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 11.05.2012 14:50:54 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 11.05.2012 14:55:52 | Computer Name = notebook | Source = DCOM | ID = 10010
Description = 
 
Error - 12.05.2012 01:53:45 | Computer Name = notebook | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 12.05.2012 01:53:48 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 12.05.2012 01:53:48 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >
         
--- --- ---


viele Grüße
annascott10

Alt 12.05.2012, 21:18   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Das ist nur Extras-Log, wichtiger wäre das Log OTL.txt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.05.2012, 22:22   #11
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



oh, bitte um Entschuldigung, hier das Log.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.05.2012 08:13:29 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\christiane\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,07% Memory free
4,23 Gb Paging File | 3,46 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 59,20 Gb Free Space | 43,22% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,83 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: christiane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.12 08:09:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\christiane\Desktop\OTL.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.12.08 03:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.04.20 18:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCcUxSys.exe
PRC - [2011.04.20 18:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCtrlCntr.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.11.11 17:20:04 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.01.08 17:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.03.10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.02.13 01:56:38 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.14 10:18:21 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll
MOD - [2012.04.14 10:18:00 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll
MOD - [2012.04.14 10:17:54 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll
MOD - [2012.04.14 10:17:45 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll
MOD - [2012.04.14 10:17:40 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll
MOD - [2012.04.03 10:52:11 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll
MOD - [2012.04.03 10:50:09 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll
MOD - [2012.04.03 10:49:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll
MOD - [2012.03.31 18:32:33 | 000,311,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef962b32a187e01f68119920fd143b62\PresentationFramework.Classic.ni.dll
MOD - [2012.03.31 18:32:03 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll
MOD - [2012.03.31 18:32:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll
MOD - [2012.03.31 18:31:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll
MOD - [2012.03.31 18:31:45 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll
MOD - [2011.12.28 15:47:44 | 000,115,137 | ---- | M] () -- C:\Users\christiane\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
MOD - [2011.12.08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007.03.14 21:54:58 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2012.04.28 21:55:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.01.08 17:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.09.13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.02.13 01:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2006.11.07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.08 17:25:00 | 000,647,242 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.12 07:53:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F80ADBA7-B532-4072-9E70-AA73E2F41250}\MpKsld8a86adc.sys -- (MpKsld8a86adc)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.10.27 03:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.11 17:20:44 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009.04.10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.04.07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.09.13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.03.14 22:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.03.14 22:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006.11.21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.20 21:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.20 21:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.20 21:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.12 01:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.10.30 19:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006.08.17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Programme\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070328
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD}
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Pivot Stickfigure DB Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=466fc1dd0000000000000019d2afcf67
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD}?q={searchTerms}
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {8A6C82A1-F6C9-481a-AAE7-C96444C9A754}:5.1.1
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=466fc1dd0000000000000019d2afcf67&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.28 21:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.14 10:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.29 12:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de [2011.11.12 20:44:13 | 000,000,000 | ---D | M]
 
[2011.03.03 12:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Extensions
[2011.03.03 12:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.03 18:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions
[2011.09.12 15:29:40 | 000,000,000 | ---D | M] (Pivot Stickfigure DB Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2012.05.01 15:41:48 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.04.25 09:29:33 | 000,000,000 | ---D | M] (ST Deutsch FF Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.06.04 20:53:16 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011.11.12 20:44:13 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de
[2011.09.12 19:39:29 | 000,002,390 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\searchplugins\search.xml
[2012.01.04 12:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.24 20:24:06 | 000,120,021 | ---- | M] () (No name found) -- C:\USERS\CHRISTIANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TARGZZK9.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}.XPI
[2011.10.30 22:13:09 | 000,083,513 | ---- | M] () (No name found) -- C:\USERS\CHRISTIANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TARGZZK9.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
[2012.04.28 21:55:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2012.02.29 17:16:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.01 19:57:26 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.29 17:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.29 17:16:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.29 17:16:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.29 17:16:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.29 17:16:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74180B9D-4325-4375-B124-6754C804FE10}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF72832B-A5A7-4B75-BA07-02441BA8F9C5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^w98Eject.lnk - C:\Windows\system\w98eject.exe - (Sigmatel)
MsConfig - StartUpFolder: C:^Users^christiane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - (ATI Technologies Inc.)
MsConfig - StartUpFolder: C:^Users^christiane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= -  File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: lxdcamon - hkey= - key= - C:\Program Files\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
MsConfig - StartUpReg: LXDCCATS - hkey= - key= -  File not found
MsConfig - StartUpReg: lxdcmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= -  File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.12 08:09:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\christiane\Desktop\OTL.exe
[2012.05.05 14:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.05 09:43:59 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012.05.03 18:36:40 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Malwarebytes
[2012.05.03 18:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 18:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 18:36:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.01 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.05.01 19:50:15 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Local\InstallShare
[2012.05.01 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.05.01 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Local\Babylon
[2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Babylon
[2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.04.28 21:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.28 21:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.21 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\christiane\Pictures\Documents\Nero Home
[2012.04.21 16:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 08:09:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\christiane\Desktop\OTL.exe
[2012.05.12 07:52:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 07:52:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 07:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.12 07:52:35 | 2145,849,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.11 16:48:12 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55B7EC2A-7BCD-4545-840D-5D7C2EAA37B6}.job
[2012.05.05 09:44:04 | 000,000,662 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.04 19:50:53 | 000,640,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.04 19:50:53 | 000,606,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.04 19:50:53 | 000,131,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.04 19:50:53 | 000,108,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.03 19:06:22 | 000,000,000 | ---- | M] () -- C:\Users\christiane\defogger_reenable
[2012.05.01 19:57:29 | 000,000,474 | ---- | M] () -- C:\user.js
[2012.04.30 09:19:49 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.21 17:01:33 | 000,001,024 | ---- | M] () -- C:\Users\christiane\.rnd
[2012.04.21 16:52:28 | 000,002,542 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.04.21 16:52:28 | 000,002,422 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2012.04.21 16:09:29 | 000,000,680 | ---- | M] () -- C:\Users\christiane\AppData\Local\d3d9caps.dat
[2012.04.21 16:09:27 | 000,061,952 | ---- | M] () -- C:\Users\christiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.03 19:06:22 | 000,000,000 | ---- | C] () -- C:\Users\christiane\defogger_reenable
[2012.05.03 18:36:35 | 000,000,662 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.03 18:31:18 | 000,000,406 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{55B7EC2A-7BCD-4545-840D-5D7C2EAA37B6}.job
[2012.05.01 19:03:23 | 000,000,474 | ---- | C] () -- C:\user.js
[2012.04.30 09:19:47 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.04.21 16:52:28 | 000,002,542 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.04.21 16:52:28 | 000,002,422 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2012.01.12 19:23:45 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.01.12 18:57:26 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012.01.12 18:54:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.23 19:16:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.23 19:16:06 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.04.09 18:10:35 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2011.01.30 17:31:54 | 000,000,248 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.01.30 17:31:54 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.01.30 17:31:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2011.01.30 17:31:54 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.01.30 17:31:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.30 17:31:40 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd5240.dat
[2010.06.03 09:17:38 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.31 21:57:56 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.05.29 14:56:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.29 14:55:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.05.29 14:55:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
========== LOP Check ==========
 
[2011.12.05 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Amazon
[2012.05.01 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Babylon
[2011.01.01 12:50:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Buhl Data Service GmbH
[2012.01.12 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Canneverbe Limited
[2011.06.23 17:23:08 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1
[2012.01.12 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ControlCenter4
[2010.05.31 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\DonationCoder
[2010.05.29 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\IrfanView
[2008.04.05 21:23:52 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Lexmark Imaging Studio
[2010.05.29 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\local
[2007.05.12 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\MAGIX
[2011.06.23 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PC Suite
[2007.03.31 17:52:18 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PeerNetworking
[2010.11.29 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ProtectDisc
[2011.12.28 10:55:45 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Samsung
[2008.01.06 12:56:20 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\T-Online
[2011.12.28 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Temp
[2011.03.03 12:27:36 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Thunderbird
[2012.05.11 20:55:54 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.11 16:48:12 | 000,000,406 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{55B7EC2A-7BCD-4545-840D-5D7C2EAA37B6}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.14 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Adobe
[2007.05.13 15:12:22 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\AdobeUM
[2011.12.05 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Amazon
[2007.03.30 17:34:58 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ATI
[2012.05.01 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Babylon
[2011.01.30 17:36:47 | 000,000,000 | R--D | M] -- C:\Users\christiane\AppData\Roaming\Brother
[2011.01.01 12:50:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Buhl Data Service GmbH
[2012.01.12 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Canneverbe Limited
[2011.06.23 17:23:08 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1
[2012.01.12 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ControlCenter4
[2010.05.30 12:24:03 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Corel
[2011.02.27 17:36:16 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\CyberLink
[2010.05.31 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\DonationCoder
[2007.03.30 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Google
[2007.03.31 17:22:44 | 000,000,000 | -H-D | M] -- C:\Users\christiane\AppData\Roaming\GTek
[2007.03.30 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Identities
[2012.01.12 18:52:31 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\InstallShield
[2010.06.03 09:44:41 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Intel
[2010.05.29 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\IrfanView
[2008.04.05 21:23:52 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Lexmark Imaging Studio
[2010.05.29 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\local
[2007.03.31 17:23:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Macromedia
[2007.05.12 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\MAGIX
[2012.05.03 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Media Center Programs
[2012.01.14 22:36:10 | 000,000,000 | --SD | M] -- C:\Users\christiane\AppData\Roaming\Microsoft
[2010.05.29 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Mozilla
[2011.11.12 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Nero
[2011.06.23 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PC Suite
[2007.03.31 17:52:18 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PeerNetworking
[2010.11.29 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ProtectDisc
[2007.03.30 20:55:37 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Roxio
[2011.12.28 10:55:45 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Samsung
[2008.01.06 12:56:20 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\T-Online
[2011.12.28 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Temp
[2011.03.03 12:27:36 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Thunderbird
[2010.05.29 20:36:26 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\WinRAR
[2012.04.15 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2008.03.24 19:46:17 | 000,327,437 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\CIP\TransferAgentSetup.exe
[2010.06.03 09:22:51 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{05BCCA33-61E7-5FFD-2661-77E4E09F6960}\ARPPRODUCTICON.exe
[2010.06.03 09:22:49 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{0E57595A-1716-772F-7D63-F3C103F1F91F}\ARPPRODUCTICON.exe
[2010.06.03 09:20:04 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}\ARPPRODUCTICON.exe
[2010.06.03 09:20:04 | 000,009,158 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe
[2010.06.03 09:22:54 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{D5EE9880-8165-B586-CC43-C4E8EA577C96}\ARPPRODUCTICON.exe
[2012.05.01 20:12:02 | 123,071,328 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Windows\Templates\setup_11.0.0.1245.x01_2012_03_02_13_06.exe
[2011.11.02 17:51:52 | 000,928,656 | ---- | M] (Samsung) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.11.02 17:51:56 | 000,278,928 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.10.31 12:23:28 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.10.31 12:23:28 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.10.31 12:23:28 | 000,690,688 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.02 17:51:58 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.10.31 12:23:12 | 000,106,408 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.10.31 12:23:12 | 000,101,288 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.11.02 17:52:04 | 000,131,984 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.11.02 17:52:08 | 003,571,576 | ---- | M] (Freeware) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.02 17:52:10 | 000,391,568 | ---- | M] (ml) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.08 03:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2011.06.23 19:19:13 | 003,707,904 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\christiane\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.03.28 05:14:23 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.03.28 05:14:23 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.03.28 05:14:23 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.04.17 18:47:23 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.04.17 18:47:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\christiane\Desktop\Microsoft Office:Roxio EMC Stream

< End of report >
         
--- --- ---


Grüße,
annascott10

Alt 12.05.2012, 22:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD}
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Pivot Stickfigure DB Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=466fc1dd0000000000000019d2afcf67
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD}?q={searchTerms}
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=466fc1dd0000000000000019d2afcf67&q="
[2012.05.01 15:41:48 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.04.25 09:29:33 | 000,000,000 | ---D | M] (ST Deutsch FF Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.06.04 20:53:16 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011.11.12 20:44:13 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de
[2011.09.12 19:39:29 | 000,002,390 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\searchplugins\search.xml
[2012.05.01 19:57:26 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.05.01 19:57:26 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.29 17:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.05.01 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.05.01 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Local\Babylon
[2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Babylon
[2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2012, 09:15   #13
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Hallo, hier das log:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Programme\Freeware.de\prxtbFree.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ deleted successfully.
C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
File C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ deleted successfully.
C:\Programme\Pivot Stickfigure DB Toolbar\tbhelper.dll moved successfully.
HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: secureLogin@blueimp.net:0.9.7 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=466fc1dd0000000000000019d2afcf67&q=" removed from keyword.URL
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\searchplugin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\modules folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\META-INF folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\defaults folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\chrome folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\searchplugin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\modules folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\META-INF folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\defaults folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\components folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\chrome folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c} folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\skin\classic\rdr folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\skin\classic folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\skin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\zh-CN folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\uk-UA folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\pt-BR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\pl-PL folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\nl-NL folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\ko-KR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\ja-JP folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\it-IT folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\hu-HU folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\hr-HR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\fr-FR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\es-ES folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\en-US folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\de-DE folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\defaults\preferences folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\defaults folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\content\rdr folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\content folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de\chrome\content\skin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de\chrome\content folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de\chrome folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de folder moved successfully.
C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\searchplugins\search.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
File C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
File C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Programme\BAE\BAE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ deleted successfully.
File C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
File C:\Program Files\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
File C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
File C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D81AF43-DE53-48D0-A199-42C2A226B24C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D81AF43-DE53-48D0-A199-42C2A226B24C}\ not found.
File C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
File C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Users\christiane\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\christiane\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\christiane\AppData\Local\Babylon folder moved successfully.
C:\Users\christiane\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: christiane
->Temp folder emptied: 426430120 bytes
->Temporary Internet Files folder emptied: 205803118 bytes
->Java cache emptied: 780766 bytes
->FireFox cache emptied: 271310259 bytes
->Flash cache emptied: 14675 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104221500 bytes
RecycleBin emptied: 9495204667 bytes
 
Total Files Cleaned = 10.017,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: christiane
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05132012_090600

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Danke und viele Grüße,
annascott10

Alt 13.05.2012, 16:43   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2012, 20:09   #15
annascott10
 
habe mir evtl. Trojaner eingefangen - Standard

habe mir evtl. Trojaner eingefangen



Hallo, erst einmal: vielen Dank für die Hilfe bisher...

und hier nun der Report des TDSS-Killers:


Code:
ATTFilter
20:00:13.0601 1400	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
20:00:14.0069 1400	============================================================
20:00:14.0069 1400	Current date / time: 2012/05/13 20:00:14.0069
20:00:14.0069 1400	SystemInfo:
20:00:14.0069 1400	
20:00:14.0069 1400	OS Version: 6.0.6002 ServicePack: 2.0
20:00:14.0069 1400	Product type: Workstation
20:00:14.0069 1400	ComputerName: NOTEBOOK
20:00:14.0069 1400	UserName: christiane
20:00:14.0069 1400	Windows directory: C:\Windows
20:00:14.0069 1400	System windows directory: C:\Windows
20:00:14.0069 1400	Processor architecture: Intel x86
20:00:14.0069 1400	Number of processors: 2
20:00:14.0069 1400	Page size: 0x1000
20:00:14.0069 1400	Boot type: Normal boot
20:00:14.0069 1400	============================================================
20:00:14.0568 1400	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:00:14.0568 1400	============================================================
20:00:14.0568 1400	\Device\Harddisk0\DR0:
20:00:14.0568 1400	MBR partitions:
20:00:14.0568 1400	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
20:00:14.0568 1400	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x111ED800
20:00:14.0599 1400	============================================================
20:00:14.0662 1400	C: <-> \Device\Harddisk0\DR0\Partition1
20:00:14.0709 1400	D: <-> \Device\Harddisk0\DR0\Partition0
20:00:14.0709 1400	============================================================
20:00:14.0709 1400	Initialize success
20:00:14.0709 1400	============================================================
20:01:38.0418 2816	============================================================
20:01:38.0418 2816	Scan started
20:01:38.0418 2816	Mode: Manual; SigCheck; TDLFS; 
20:01:38.0418 2816	============================================================
20:01:39.0073 2816	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
20:01:39.0307 2816	acedrv11 - ok
20:01:39.0385 2816	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:01:39.0401 2816	ACPI - ok
20:01:39.0495 2816	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:39.0510 2816	AdobeARMservice - ok
20:01:39.0588 2816	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:01:39.0619 2816	adp94xx - ok
20:01:39.0682 2816	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:01:39.0697 2816	adpahci - ok
20:01:39.0744 2816	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:01:39.0760 2816	adpu160m - ok
20:01:39.0791 2816	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:01:39.0807 2816	adpu320 - ok
20:01:39.0869 2816	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:01:39.0994 2816	AeLookupSvc - ok
20:01:40.0165 2816	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:01:40.0243 2816	AFD - ok
20:01:40.0306 2816	agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
20:01:40.0306 2816	agp440 - ok
20:01:40.0399 2816	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:01:40.0415 2816	aic78xx - ok
20:01:40.0462 2816	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:01:40.0540 2816	ALG - ok
20:01:40.0571 2816	aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
20:01:40.0587 2816	aliide - ok
20:01:40.0602 2816	amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
20:01:40.0618 2816	amdagp - ok
20:01:40.0633 2816	amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
20:01:40.0633 2816	amdide - ok
20:01:40.0665 2816	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:01:40.0727 2816	AmdK7 - ok
20:01:40.0774 2816	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:01:40.0836 2816	AmdK8 - ok
20:01:40.0883 2816	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:01:40.0914 2816	Appinfo - ok
20:01:40.0977 2816	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:01:40.0992 2816	arc - ok
20:01:41.0055 2816	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:01:41.0070 2816	arcsas - ok
20:01:41.0117 2816	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:41.0148 2816	AsyncMac - ok
20:01:41.0195 2816	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:01:41.0195 2816	atapi - ok
20:01:41.0351 2816	Ati External Event Utility (c74d9a831b523ef5a66f4f13b2ddea2e) C:\Windows\system32\Ati2evxx.exe
20:01:41.0445 2816	Ati External Event Utility - ok
20:01:41.0741 2816	atikmdag        (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
20:01:41.0913 2816	atikmdag - ok
20:01:42.0178 2816	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:01:42.0225 2816	AudioEndpointBuilder - ok
20:01:42.0240 2816	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:01:42.0287 2816	Audiosrv - ok
20:01:42.0427 2816	BBSvc           (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:01:42.0459 2816	BBSvc - ok
20:01:42.0583 2816	bcm4sbxp        (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:01:42.0646 2816	bcm4sbxp - ok
20:01:42.0693 2816	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:01:42.0755 2816	Beep - ok
20:01:42.0895 2816	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:01:42.0989 2816	BFE - ok
20:01:43.0114 2816	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:01:43.0239 2816	BITS - ok
20:01:43.0239 2816	blbdrive - ok
20:01:43.0301 2816	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:01:43.0348 2816	bowser - ok
20:01:43.0410 2816	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:01:43.0473 2816	BrFiltLo - ok
20:01:43.0519 2816	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:01:43.0582 2816	BrFiltUp - ok
20:01:43.0660 2816	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:01:43.0722 2816	Browser - ok
20:01:43.0785 2816	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:01:43.0863 2816	Brserid - ok
20:01:43.0878 2816	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:01:43.0956 2816	BrSerWdm - ok
20:01:43.0972 2816	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:01:44.0019 2816	BrUsbMdm - ok
20:01:44.0034 2816	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:01:44.0112 2816	BrUsbSer - ok
20:01:44.0175 2816	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:01:44.0237 2816	BTHMODEM - ok
20:01:44.0284 2816	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:01:44.0346 2816	cdfs - ok
20:01:44.0424 2816	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:01:44.0518 2816	cdrom - ok
20:01:44.0611 2816	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:01:44.0689 2816	CertPropSvc - ok
20:01:44.0799 2816	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:01:44.0923 2816	circlass - ok
20:01:45.0064 2816	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:01:45.0095 2816	CLFS - ok
20:01:45.0204 2816	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:45.0220 2816	clr_optimization_v2.0.50727_32 - ok
20:01:45.0298 2816	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:45.0329 2816	clr_optimization_v4.0.30319_32 - ok
20:01:45.0360 2816	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:01:45.0423 2816	CmBatt - ok
20:01:45.0485 2816	cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
20:01:45.0501 2816	cmdide - ok
20:01:45.0547 2816	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:01:45.0579 2816	Compbatt - ok
20:01:45.0579 2816	COMSysApp - ok
20:01:45.0610 2816	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:01:45.0625 2816	crcdisk - ok
20:01:45.0657 2816	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:01:45.0766 2816	Crusoe - ok
20:01:45.0875 2816	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:01:45.0953 2816	CryptSvc - ok
20:01:46.0249 2816	DBService       (48297bf3339bc56dd7d7524d7a1740aa) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
20:01:46.0265 2816	DBService ( UnsignedFile.Multi.Generic ) - warning
20:01:46.0265 2816	DBService - detected UnsignedFile.Multi.Generic (1)
20:01:46.0374 2816	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:01:46.0483 2816	DcomLaunch - ok
20:01:46.0546 2816	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:01:46.0624 2816	DfsC - ok
20:01:46.0951 2816	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:01:47.0248 2816	DFSR - ok
20:01:47.0513 2816	dg_ssudbus      (d8522960163fa593694e441194a9a574) C:\Windows\system32\DRIVERS\ssudbus.sys
20:01:47.0529 2816	dg_ssudbus - ok
20:01:47.0622 2816	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:01:47.0700 2816	Dhcp - ok
20:01:47.0747 2816	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:01:47.0778 2816	disk - ok
20:01:47.0934 2816	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:01:47.0965 2816	Dnscache - ok
20:01:47.0997 2816	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:01:48.0028 2816	dot3svc - ok
20:01:48.0075 2816	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:01:48.0153 2816	DPS - ok
20:01:48.0199 2816	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:01:48.0231 2816	drmkaud - ok
20:01:48.0355 2816	DSBrokerService (01d5b95d0a12a916bbdc258629113258) C:\Program Files\DellSupport\brkrsvc.exe
20:01:48.0387 2816	DSBrokerService ( UnsignedFile.Multi.Generic ) - warning
20:01:48.0387 2816	DSBrokerService - detected UnsignedFile.Multi.Generic (1)
20:01:48.0465 2816	DSproct         (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:01:48.0496 2816	DSproct ( UnsignedFile.Multi.Generic ) - warning
20:01:48.0496 2816	DSproct - detected UnsignedFile.Multi.Generic (1)
20:01:48.0527 2816	dsunidrv        (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
20:01:48.0543 2816	dsunidrv ( UnsignedFile.Multi.Generic ) - warning
20:01:48.0543 2816	dsunidrv - detected UnsignedFile.Multi.Generic (1)
20:01:48.0761 2816	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:01:48.0855 2816	DXGKrnl - ok
20:01:48.0948 2816	e1express       (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
20:01:49.0073 2816	e1express - ok
20:01:49.0120 2816	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:01:49.0229 2816	E1G60 - ok
20:01:49.0291 2816	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:01:49.0338 2816	EapHost - ok
20:01:49.0401 2816	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:01:49.0416 2816	Ecache - ok
20:01:49.0479 2816	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:01:49.0525 2816	ehRecvr - ok
20:01:49.0666 2816	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:01:49.0713 2816	ehSched - ok
20:01:49.0759 2816	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:01:49.0791 2816	ehstart - ok
20:01:49.0900 2816	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:01:49.0931 2816	elxstor - ok
20:01:50.0056 2816	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:01:50.0149 2816	EMDMgmt - ok
20:01:50.0227 2816	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:01:50.0290 2816	EventSystem - ok
20:01:50.0461 2816	EvtEng          (f10e7aa8bdf4488e3dfa989b8e7f7c9f) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:01:50.0524 2816	EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:01:50.0524 2816	EvtEng - detected UnsignedFile.Multi.Generic (1)
20:01:50.0649 2816	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:01:50.0727 2816	exfat - ok
20:01:50.0789 2816	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:01:50.0883 2816	fastfat - ok
20:01:50.0929 2816	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:01:51.0007 2816	fdc - ok
20:01:51.0054 2816	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:01:51.0070 2816	fdPHost - ok
20:01:51.0085 2816	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:01:51.0179 2816	FDResPub - ok
20:01:51.0226 2816	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:01:51.0241 2816	FileInfo - ok
20:01:51.0273 2816	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:01:51.0304 2816	Filetrace - ok
20:01:51.0335 2816	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:01:51.0397 2816	flpydisk - ok
20:01:51.0429 2816	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:01:51.0444 2816	FltMgr - ok
20:01:51.0585 2816	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:01:51.0663 2816	FontCache - ok
20:01:51.0850 2816	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:01:51.0865 2816	FontCache3.0.0.0 - ok
20:01:51.0928 2816	FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
20:01:51.0959 2816	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:01:51.0959 2816	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:01:52.0037 2816	FsUsbExService  (d3f9205cc4cb07553f2f9472c767ea87) C:\Windows\system32\FsUsbExService.Exe
20:01:52.0053 2816	FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
20:01:52.0053 2816	FsUsbExService - detected UnsignedFile.Multi.Generic (1)
20:01:52.0131 2816	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:01:52.0193 2816	Fs_Rec - ok
20:01:52.0255 2816	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:01:52.0271 2816	gagp30kx - ok
20:01:52.0380 2816	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:01:52.0474 2816	gpsvc - ok
20:01:52.0614 2816	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:01:52.0677 2816	HdAudAddService - ok
20:01:52.0833 2816	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:01:52.0911 2816	HDAudBus - ok
20:01:52.0989 2816	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:01:53.0082 2816	HidBth - ok
20:01:53.0098 2816	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:01:53.0176 2816	HidIr - ok
20:01:53.0301 2816	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:01:53.0347 2816	hidserv - ok
20:01:53.0379 2816	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:01:53.0425 2816	HidUsb - ok
20:01:53.0503 2816	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:01:53.0566 2816	hkmsvc - ok
20:01:53.0613 2816	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:01:53.0628 2816	HpCISSs - ok
20:01:53.0753 2816	HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:01:53.0893 2816	HSF_DPV - ok
20:01:53.0971 2816	HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:01:54.0018 2816	HSXHWAZL - ok
20:01:54.0159 2816	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:01:54.0268 2816	HTTP - ok
20:01:54.0315 2816	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:01:54.0330 2816	i2omp - ok
20:01:54.0408 2816	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:01:54.0439 2816	i8042prt - ok
20:01:54.0549 2816	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:01:54.0564 2816	iaStorV - ok
20:01:54.0736 2816	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:01:54.0767 2816	IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:01:54.0767 2816	IDriverT - detected UnsignedFile.Multi.Generic (1)
20:01:55.0079 2816	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:01:55.0141 2816	idsvc - ok
20:01:55.0235 2816	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:01:55.0251 2816	iirsp - ok
20:01:55.0329 2816	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:01:55.0422 2816	IKEEXT - ok
20:01:55.0516 2816	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:01:55.0547 2816	intelide - ok
20:01:55.0547 2816	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:01:55.0594 2816	intelppm - ok
20:01:55.0719 2816	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:01:55.0812 2816	IPBusEnum - ok
20:01:55.0890 2816	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:55.0937 2816	IpFilterDriver - ok
20:01:55.0999 2816	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:01:56.0093 2816	iphlpsvc - ok
20:01:56.0093 2816	IpInIp - ok
20:01:56.0171 2816	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:01:56.0265 2816	IPMIDRV - ok
20:01:56.0405 2816	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:01:56.0483 2816	IPNAT - ok
20:01:56.0545 2816	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:01:56.0608 2816	IRENUM - ok
20:01:56.0639 2816	isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
20:01:56.0655 2816	isapnp - ok
20:01:56.0717 2816	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:01:56.0733 2816	iScsiPrt - ok
20:01:56.0811 2816	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:01:56.0826 2816	iteatapi - ok
20:01:56.0857 2816	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:01:56.0857 2816	iteraid - ok
20:01:56.0904 2816	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:01:56.0920 2816	kbdclass - ok
20:01:56.0935 2816	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:01:56.0982 2816	kbdhid - ok
20:01:57.0013 2816	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:01:57.0076 2816	KeyIso - ok
20:01:57.0123 2816	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:01:57.0154 2816	KSecDD - ok
20:01:57.0216 2816	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:01:57.0294 2816	KtmRm - ok
20:01:57.0341 2816	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:01:57.0403 2816	LanmanServer - ok
20:01:57.0466 2816	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:01:57.0513 2816	LanmanWorkstation - ok
20:01:57.0575 2816	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:01:57.0637 2816	lltdio - ok
20:01:57.0684 2816	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:01:57.0731 2816	lltdsvc - ok
20:01:57.0778 2816	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:01:57.0871 2816	lmhosts - ok
20:01:58.0012 2816	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:01:58.0027 2816	LSI_FC - ok
20:01:58.0043 2816	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:01:58.0059 2816	LSI_SAS - ok
20:01:58.0121 2816	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:01:58.0137 2816	LSI_SCSI - ok
20:01:58.0168 2816	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:01:58.0215 2816	luafv - ok
20:01:58.0230 2816	lxdc_device - ok
20:01:58.0308 2816	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:01:58.0355 2816	Mcx2Svc - ok
20:01:58.0386 2816	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:01:58.0433 2816	mdmxsdk - ok
20:01:58.0449 2816	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:01:58.0464 2816	megasas - ok
20:01:58.0527 2816	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:01:58.0573 2816	MMCSS - ok
20:01:58.0605 2816	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:01:58.0636 2816	Modem - ok
20:01:58.0651 2816	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:01:58.0698 2816	monitor - ok
20:01:58.0745 2816	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:01:58.0761 2816	mouclass - ok
20:01:58.0792 2816	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:01:58.0839 2816	mouhid - ok
20:01:58.0870 2816	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:01:58.0885 2816	MountMgr - ok
20:01:58.0979 2816	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:01:58.0995 2816	MozillaMaintenance - ok
20:01:59.0073 2816	MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
20:01:59.0104 2816	MpFilter - ok
20:01:59.0182 2816	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:01:59.0197 2816	mpio - ok
20:01:59.0447 2816	MpKslb963e87b   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AB8369A-A122-47DF-8C58-1A616094F8C6}\MpKslb963e87b.sys
20:01:59.0463 2816	MpKslb963e87b - ok
20:01:59.0634 2816	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:01:59.0681 2816	mpsdrv - ok
20:01:59.0790 2816	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:01:59.0853 2816	MpsSvc - ok
20:01:59.0931 2816	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:01:59.0946 2816	Mraid35x - ok
20:01:59.0977 2816	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:02:00.0024 2816	MRxDAV - ok
20:02:00.0087 2816	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:02:00.0165 2816	mrxsmb - ok
20:02:00.0227 2816	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:02:00.0274 2816	mrxsmb10 - ok
20:02:00.0289 2816	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:02:00.0305 2816	mrxsmb20 - ok
20:02:00.0367 2816	msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
20:02:00.0383 2816	msahci - ok
20:02:00.0414 2816	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:02:00.0445 2816	msdsm - ok
20:02:00.0555 2816	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:02:00.0617 2816	MSDTC - ok
20:02:00.0648 2816	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:02:00.0711 2816	Msfs - ok
20:02:00.0789 2816	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:02:00.0804 2816	msisadrv - ok
20:02:00.0835 2816	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:02:00.0882 2816	MSiSCSI - ok
20:02:00.0882 2816	msiserver - ok
20:02:00.0929 2816	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:02:00.0991 2816	MSKSSRV - ok
20:02:01.0116 2816	MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:02:01.0132 2816	MsMpSvc - ok
20:02:01.0163 2816	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:02:01.0225 2816	MSPCLOCK - ok
20:02:01.0241 2816	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:02:01.0335 2816	MSPQM - ok
20:02:01.0397 2816	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:02:01.0428 2816	MsRPC - ok
20:02:01.0459 2816	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:02:01.0475 2816	mssmbios - ok
20:02:01.0522 2816	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:02:01.0584 2816	MSTEE - ok
20:02:01.0584 2816	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:02:01.0615 2816	Mup - ok
20:02:01.0678 2816	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:02:01.0756 2816	napagent - ok
20:02:01.0787 2816	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:02:01.0849 2816	NativeWifiP - ok
20:02:01.0943 2816	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:02:02.0037 2816	NDIS - ok
20:02:02.0083 2816	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:02:02.0115 2816	NdisTapi - ok
20:02:02.0130 2816	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:02:02.0208 2816	Ndisuio - ok
20:02:02.0286 2816	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:02:02.0333 2816	NdisWan - ok
20:02:02.0364 2816	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:02:02.0442 2816	NDProxy - ok
20:02:02.0848 2816	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:02:02.0926 2816	Nero BackItUp Scheduler 3 - ok
20:02:02.0973 2816	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:02:03.0051 2816	NetBIOS - ok
20:02:03.0113 2816	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:02:03.0160 2816	netbt - ok
20:02:03.0191 2816	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:02:03.0222 2816	Netlogon - ok
20:02:03.0363 2816	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:02:03.0425 2816	Netman - ok
20:02:03.0503 2816	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:02:03.0581 2816	netprofm - ok
20:02:03.0893 2816	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:03.0909 2816	NetTcpPortSharing - ok
20:02:04.0283 2816	NETw3v32        (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:02:04.0439 2816	NETw3v32 - ok
20:02:04.0938 2816	NETw4v32        (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:02:05.0110 2816	NETw4v32 - ok
20:02:05.0297 2816	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:02:05.0313 2816	nfrd960 - ok
20:02:05.0391 2816	NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:02:05.0406 2816	NisDrv - ok
20:02:05.0515 2816	NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:02:05.0531 2816	NisSrv - ok
20:02:05.0593 2816	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:02:05.0656 2816	NlaSvc - ok
20:02:05.0937 2816	NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:02:06.0015 2816	NMIndexingService - ok
20:02:06.0077 2816	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:02:06.0155 2816	Npfs - ok
20:02:06.0186 2816	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:02:06.0249 2816	nsi - ok
20:02:06.0264 2816	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:02:06.0311 2816	nsiproxy - ok
20:02:06.0529 2816	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:02:06.0623 2816	Ntfs - ok
20:02:06.0701 2816	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:02:06.0748 2816	ntrigdigi - ok
20:02:06.0810 2816	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:02:06.0841 2816	Null - ok
20:02:06.0935 2816	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:02:06.0951 2816	nvraid - ok
20:02:06.0966 2816	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:02:06.0982 2816	nvstor - ok
20:02:07.0044 2816	nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
20:02:07.0060 2816	nv_agp - ok
20:02:07.0060 2816	NwlnkFlt - ok
20:02:07.0075 2816	NwlnkFwd - ok
20:02:07.0294 2816	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:02:07.0325 2816	odserv - ok
20:02:07.0387 2816	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:02:07.0434 2816	ohci1394 - ok
20:02:07.0512 2816	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:02:07.0528 2816	ose - ok
20:02:07.0606 2816	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:07.0746 2816	p2pimsvc - ok
20:02:07.0762 2816	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:07.0840 2816	p2psvc - ok
20:02:07.0902 2816	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:02:07.0996 2816	Parport - ok
20:02:08.0058 2816	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:02:08.0074 2816	partmgr - ok
20:02:08.0105 2816	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:02:08.0199 2816	Parvdm - ok
20:02:08.0230 2816	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:02:08.0292 2816	PcaSvc - ok
20:02:08.0386 2816	pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:02:08.0448 2816	pccsmcfd - ok
20:02:08.0511 2816	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:02:08.0542 2816	pci - ok
20:02:08.0557 2816	pciide          (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\DRIVERS\pciide.sys
20:02:08.0573 2816	pciide - ok
20:02:08.0604 2816	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:02:08.0620 2816	pcmcia - ok
20:02:08.0745 2816	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:02:08.0838 2816	PEAUTH - ok
20:02:09.0119 2816	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:02:09.0228 2816	pla - ok
20:02:09.0447 2816	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
20:02:09.0493 2816	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:02:09.0493 2816	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:02:09.0556 2816	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:02:09.0603 2816	PlugPlay - ok
20:02:09.0727 2816	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:09.0790 2816	PNRPAutoReg - ok
20:02:09.0805 2816	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:09.0868 2816	PNRPsvc - ok
20:02:09.0961 2816	Point32         (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
20:02:09.0977 2816	Point32 - ok
20:02:10.0117 2816	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:02:10.0211 2816	PolicyAgent - ok
20:02:10.0305 2816	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:02:10.0383 2816	PptpMiniport - ok
20:02:10.0507 2816	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:02:10.0585 2816	Processor - ok
20:02:10.0679 2816	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:02:10.0741 2816	ProfSvc - ok
20:02:10.0804 2816	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:02:10.0835 2816	ProtectedStorage - ok
20:02:10.0882 2816	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:02:10.0929 2816	PSched - ok
20:02:11.0163 2816	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:02:11.0287 2816	ql2300 - ok
20:02:11.0365 2816	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:02:11.0397 2816	ql40xx - ok
20:02:11.0475 2816	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:02:11.0537 2816	QWAVE - ok
20:02:11.0631 2816	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:02:11.0693 2816	QWAVEdrv - ok
20:02:12.0005 2816	R300            (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
20:02:12.0114 2816	R300 - ok
20:02:12.0348 2816	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:02:12.0395 2816	RasAcd - ok
20:02:12.0426 2816	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:02:12.0504 2816	RasAuto - ok
20:02:12.0567 2816	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:02:12.0629 2816	Rasl2tp - ok
20:02:12.0707 2816	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:02:12.0738 2816	RasMan - ok
20:02:12.0894 2816	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:02:12.0910 2816	RasPppoe - ok
20:02:12.0925 2816	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:02:12.0941 2816	RasSstp - ok
20:02:12.0972 2816	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:02:13.0003 2816	rdbss - ok
20:02:13.0113 2816	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:02:13.0175 2816	RDPCDD - ok
20:02:13.0269 2816	rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
20:02:13.0300 2816	rdpdr - ok
20:02:13.0331 2816	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:02:13.0393 2816	RDPENCDD - ok
20:02:13.0456 2816	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:02:13.0487 2816	RDPWD - ok
20:02:13.0752 2816	RegSrvc         (7274bd434b6165baa382bdd87f6ca4ce) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:02:13.0799 2816	RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:02:13.0799 2816	RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:02:13.0861 2816	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:02:13.0955 2816	RemoteAccess - ok
20:02:14.0017 2816	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:02:14.0049 2816	RemoteRegistry - ok
20:02:14.0080 2816	rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:02:14.0095 2816	rimmptsk - ok
20:02:14.0127 2816	rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:02:14.0189 2816	rimsptsk - ok
20:02:14.0220 2816	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:02:14.0314 2816	rismxdp - ok
20:02:14.0345 2816	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:02:14.0376 2816	RpcLocator - ok
20:02:14.0485 2816	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:02:14.0579 2816	RpcSs - ok
20:02:14.0641 2816	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:02:14.0719 2816	rspndr - ok
20:02:14.0797 2816	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:02:14.0844 2816	SamSs - ok
20:02:14.0938 2816	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:02:14.0969 2816	sbp2port - ok
20:02:15.0031 2816	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:02:15.0094 2816	SCardSvr - ok
20:02:15.0203 2816	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:02:15.0312 2816	Schedule - ok
20:02:15.0406 2816	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:02:15.0437 2816	SCPolicySvc - ok
20:02:15.0499 2816	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:02:15.0546 2816	sdbus - ok
20:02:15.0702 2816	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:02:15.0749 2816	SDRSVC - ok
20:02:15.0967 2816	SeaPort         (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:02:15.0999 2816	SeaPort - ok
20:02:16.0030 2816	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:02:16.0108 2816	secdrv - ok
20:02:16.0139 2816	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:02:16.0201 2816	seclogon - ok
20:02:16.0342 2816	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:02:16.0404 2816	SENS - ok
20:02:16.0404 2816	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:02:16.0467 2816	Serenum - ok
20:02:16.0513 2816	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:02:16.0576 2816	Serial - ok
20:02:16.0654 2816	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:02:16.0669 2816	sermouse - ok
20:02:16.0794 2816	ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:02:16.0872 2816	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:02:16.0872 2816	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:02:16.0919 2816	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:02:16.0981 2816	SessionEnv - ok
20:02:17.0059 2816	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:02:17.0106 2816	sffdisk - ok
20:02:17.0169 2816	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:02:17.0262 2816	sffp_mmc - ok
20:02:17.0309 2816	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:02:17.0340 2816	sffp_sd - ok
20:02:17.0340 2816	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:02:17.0418 2816	sfloppy - ok
20:02:17.0481 2816	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:02:17.0512 2816	SharedAccess - ok
20:02:17.0621 2816	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:02:17.0652 2816	ShellHWDetection - ok
20:02:17.0683 2816	sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
20:02:17.0699 2816	sisagp - ok
20:02:17.0715 2816	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:02:17.0730 2816	SiSRaid2 - ok
20:02:17.0746 2816	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:02:17.0761 2816	SiSRaid4 - ok
20:02:18.0183 2816	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:02:18.0573 2816	slsvc - ok
20:02:18.0947 2816	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:02:19.0025 2816	SLUINotify - ok
20:02:19.0072 2816	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:02:19.0134 2816	Smb - ok
20:02:19.0197 2816	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:02:19.0228 2816	SNMPTRAP - ok
20:02:19.0259 2816	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:02:19.0290 2816	spldr - ok
20:02:19.0415 2816	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:02:19.0446 2816	Spooler - ok
20:02:19.0524 2816	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:02:19.0571 2816	srv - ok
20:02:19.0633 2816	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:02:19.0680 2816	srv2 - ok
20:02:19.0711 2816	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:02:19.0758 2816	srvnet - ok
20:02:19.0789 2816	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:02:19.0883 2816	SSDPSRV - ok
20:02:19.0945 2816	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:02:19.0992 2816	SstpSvc - ok
20:02:20.0055 2816	ssudmdm         (1b4052f016ba5e087689aba536a0a927) C:\Windows\system32\DRIVERS\ssudmdm.sys
20:02:20.0070 2816	ssudmdm - ok
20:02:20.0133 2816	STacSV          (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
20:02:20.0195 2816	STacSV - ok
20:02:20.0257 2816	STHDA           (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
20:02:20.0320 2816	STHDA - ok
20:02:20.0367 2816	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
20:02:20.0429 2816	StillCam - ok
20:02:20.0554 2816	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:02:20.0616 2816	stisvc - ok
20:02:20.0694 2816	stllssvr - ok
20:02:20.0741 2816	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:02:20.0772 2816	swenum - ok
20:02:20.0850 2816	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:02:20.0928 2816	swprv - ok
20:02:21.0037 2816	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:02:21.0053 2816	Symc8xx - ok
20:02:21.0084 2816	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:02:21.0100 2816	Sym_hi - ok
20:02:21.0131 2816	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:02:21.0147 2816	Sym_u3 - ok
20:02:21.0193 2816	SynTP           (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
20:02:21.0225 2816	SynTP - ok
20:02:21.0287 2816	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:02:21.0365 2816	SysMain - ok
20:02:21.0412 2816	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:02:21.0443 2816	TabletInputService - ok
20:02:21.0615 2816	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:02:21.0677 2816	TapiSrv - ok
20:02:21.0739 2816	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:02:21.0786 2816	TBS - ok
20:02:21.0958 2816	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
20:02:22.0051 2816	Tcpip - ok
20:02:22.0067 2816	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
20:02:22.0176 2816	Tcpip6 - ok
20:02:22.0223 2816	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
20:02:22.0285 2816	tcpipreg - ok
20:02:22.0410 2816	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:02:22.0457 2816	TDPIPE - ok
20:02:22.0504 2816	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:02:22.0551 2816	TDTCP - ok
20:02:22.0597 2816	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:02:22.0629 2816	tdx - ok
20:02:22.0707 2816	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:02:22.0722 2816	TermDD - ok
20:02:22.0800 2816	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:02:22.0894 2816	TermService - ok
20:02:22.0956 2816	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:02:22.0987 2816	Themes - ok
20:02:23.0019 2816	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:02:23.0065 2816	THREADORDER - ok
20:02:23.0190 2816	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:02:23.0268 2816	TrkWks - ok
20:02:23.0346 2816	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:02:23.0409 2816	TrustedInstaller - ok
20:02:23.0440 2816	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:23.0487 2816	tssecsrv - ok
20:02:23.0518 2816	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:02:23.0565 2816	tunmp - ok
20:02:23.0627 2816	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:02:23.0643 2816	tunnel - ok
20:02:23.0689 2816	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:02:23.0721 2816	uagp35 - ok
20:02:23.0814 2816	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:02:23.0861 2816	udfs - ok
20:02:23.0986 2816	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:02:24.0017 2816	UI0Detect - ok
20:02:24.0033 2816	uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
20:02:24.0048 2816	uliagpkx - ok
20:02:24.0079 2816	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:02:24.0111 2816	uliahci - ok
20:02:24.0126 2816	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:02:24.0142 2816	UlSata - ok
20:02:24.0204 2816	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:02:24.0220 2816	ulsata2 - ok
20:02:24.0251 2816	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:02:24.0282 2816	umbus - ok
20:02:24.0345 2816	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:02:24.0423 2816	upnphost - ok
20:02:24.0657 2816	UPnPService     (2f791a77655e6f61a21482f200c3864d) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:02:24.0719 2816	UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:02:24.0719 2816	UPnPService - detected UnsignedFile.Multi.Generic (1)
20:02:24.0813 2816	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:24.0844 2816	usbccgp - ok
20:02:24.0922 2816	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:02:25.0031 2816	usbcir - ok
20:02:25.0062 2816	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:02:25.0093 2816	usbehci - ok
20:02:25.0156 2816	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:02:25.0218 2816	usbhub - ok
20:02:25.0249 2816	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:02:25.0374 2816	usbohci - ok
20:02:25.0437 2816	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:02:25.0483 2816	usbprint - ok
20:02:25.0546 2816	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:02:25.0577 2816	USBSTOR - ok
20:02:25.0655 2816	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:02:25.0671 2816	usbuhci - ok
20:02:25.0749 2816	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:02:25.0795 2816	UxSms - ok
20:02:25.0858 2816	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:02:25.0967 2816	vds - ok
20:02:26.0014 2816	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:26.0076 2816	vga - ok
20:02:26.0123 2816	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:02:26.0170 2816	VgaSave - ok
20:02:26.0201 2816	viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
20:02:26.0217 2816	viaagp - ok
20:02:26.0248 2816	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:02:26.0295 2816	ViaC7 - ok
20:02:26.0341 2816	viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
20:02:26.0357 2816	viaide - ok
20:02:26.0404 2816	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:02:26.0404 2816	volmgr - ok
20:02:26.0482 2816	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:02:26.0497 2816	volmgrx - ok
20:02:26.0544 2816	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:02:26.0560 2816	volsnap - ok
20:02:26.0591 2816	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:02:26.0607 2816	vsmraid - ok
20:02:26.0794 2816	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:02:26.0903 2816	VSS - ok
20:02:26.0950 2816	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:02:27.0012 2816	W32Time - ok
20:02:27.0121 2816	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:02:27.0215 2816	WacomPen - ok
20:02:27.0340 2816	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:02:27.0387 2816	Wanarp - ok
20:02:27.0387 2816	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:02:27.0418 2816	Wanarpv6 - ok
20:02:27.0527 2816	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:02:27.0621 2816	wcncsvc - ok
20:02:27.0761 2816	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:02:27.0808 2816	WcsPlugInService - ok
20:02:27.0870 2816	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:02:27.0886 2816	Wd - ok
20:02:27.0948 2816	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:02:27.0979 2816	Wdf01000 - ok
20:02:28.0042 2816	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:02:28.0120 2816	WdiServiceHost - ok
20:02:28.0120 2816	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:02:28.0151 2816	WdiSystemHost - ok
20:02:28.0229 2816	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:02:28.0260 2816	WebClient - ok
20:02:28.0291 2816	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:02:28.0323 2816	Wecsvc - ok
20:02:28.0385 2816	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:02:28.0416 2816	wercplsupport - ok
20:02:28.0463 2816	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:02:28.0494 2816	WerSvc - ok
20:02:28.0603 2816	winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:02:28.0697 2816	winachsf - ok
20:02:28.0822 2816	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:02:28.0853 2816	WinDefend - ok
20:02:28.0853 2816	WinHttpAutoProxySvc - ok
20:02:28.0962 2816	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:02:28.0978 2816	Winmgmt - ok
20:02:29.0243 2816	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:02:29.0368 2816	WinRM - ok
20:02:29.0524 2816	WinUSB          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
20:02:29.0571 2816	WinUSB - ok
20:02:29.0649 2816	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:02:29.0742 2816	Wlansvc - ok
20:02:29.0883 2816	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:02:29.0929 2816	WmiAcpi - ok
20:02:30.0007 2816	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:02:30.0054 2816	wmiApSrv - ok
20:02:30.0335 2816	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:02:30.0475 2816	WMPNetworkSvc - ok
20:02:30.0538 2816	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:02:30.0600 2816	WPCSvc - ok
20:02:30.0756 2816	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:02:30.0787 2816	WPDBusEnum - ok
20:02:30.0975 2816	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:02:31.0006 2816	WpdUsb - ok
20:02:31.0333 2816	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:02:31.0411 2816	WPFFontCache_v0400 - ok
20:02:31.0489 2816	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:02:31.0552 2816	ws2ifsl - ok
20:02:31.0630 2816	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:02:31.0661 2816	wscsvc - ok
20:02:31.0661 2816	WSearch - ok
20:02:31.0957 2816	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:02:32.0098 2816	wuauserv - ok
20:02:32.0285 2816	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:02:32.0332 2816	WUDFRd - ok
20:02:32.0535 2816	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:02:32.0597 2816	wudfsvc - ok
20:02:32.0628 2816	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:02:32.0675 2816	XAudio - ok
20:02:32.0737 2816	XAudioService   (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
20:02:32.0769 2816	XAudioService - ok
20:02:32.0800 2816	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:02:33.0096 2816	\Device\Harddisk0\DR0 - ok
20:02:33.0127 2816	Boot (0x1200)   (99282695dd965eb622a5b3a63e83e954) \Device\Harddisk0\DR0\Partition0
20:02:33.0127 2816	\Device\Harddisk0\DR0\Partition0 - ok
20:02:33.0127 2816	Boot (0x1200)   (3afe329dacc3b6eabad337e8dd88e6d0) \Device\Harddisk0\DR0\Partition1
20:02:33.0143 2816	\Device\Harddisk0\DR0\Partition1 - ok
20:02:33.0143 2816	============================================================
20:02:33.0143 2816	Scan finished
20:02:33.0143 2816	============================================================
20:02:33.0159 1680	Detected object count: 12
20:02:33.0159 1680	Actual detected object count: 12
20:04:16.0181 1680	DBService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0181 1680	DBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0181 1680	DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0181 1680	DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0197 1680	DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680	DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0197 1680	dsunidrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680	dsunidrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0197 1680	EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680	EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0197 1680	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0197 1680	FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680	FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0197 1680	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0212 1680	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0212 1680	RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680	RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0212 1680	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:04:16.0212 1680	UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680	UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
viele Grüße,
annascott10

Antwort

Themen zu habe mir evtl. Trojaner eingefangen
anhang, anleitung, ausgeführt, befallen, checken, eingefangen, entschieden, ergebnisse, gefangen, gen, gmer, homepage, informationen, mail, malwarebytes, notebook, rechnung, stelle, troja, trojaner, upgrade, vorgehen, würde, würdet, zeichen



Ähnliche Themen: habe mir evtl. Trojaner eingefangen


  1. Anhang vermeintlicher Mahnungsmail geöffnet und evtl. Trojaner eingefangen - was nun?
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (14)
  2. Evtl. Virus oder Trojaner eingefangen
    Log-Analyse und Auswertung - 04.02.2013 (24)
  3. Habe mir den GUV / BSI Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (13)
  4. Habe mir den GVU Trojaner eingefangen :(
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (2)
  5. Habe mir den 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 31.03.2012 (16)
  6. Habe ich mir einen Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (14)
  7. Evtl. Virus eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (0)
  8. Evtl Virus eingefangen
    Log-Analyse und Auswertung - 16.03.2011 (6)
  9. Internet Brouser funktioniert nicht mehr, habe evtl. Trojaner TR/Crypt.IR.41, HTML
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (19)
  10. Evtl virus eingefangen?
    Log-Analyse und Auswertung - 06.06.2010 (2)
  11. Habe mir evtl ein Trojaner eingefangen
    Log-Analyse und Auswertung - 06.01.2010 (1)
  12. Evtl Virus eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2009 (19)
  13. Habe Beschwerden durch evtl. Viren etc.
    Plagegeister aller Art und deren Bekämpfung - 15.10.2008 (21)
  14. Habe evtl Trojaner
    Log-Analyse und Auswertung - 15.09.2008 (1)
  15. Habe mir einen trojaner eingefangen!
    Mülltonne - 07.01.2008 (0)
  16. Habe mir nen Trojaner eingefangen! HJT
    Log-Analyse und Auswertung - 10.06.2007 (8)
  17. Trojaner eingefangen (evtl. zlob / ruin)
    Plagegeister aller Art und deren Bekämpfung - 12.08.2006 (7)

Zum Thema habe mir evtl. Trojaner eingefangen - Zugegeben, ich habe einen Anhang einer nicht sauberen Mail geöffnet. Der Text lautete ca. so: "wir freuen uns, dass Sie sich für das upgrade .... entschieden haben.... Die genauen Informationen - habe mir evtl. Trojaner eingefangen...
Archiv
Du betrachtest: habe mir evtl. Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.