Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: spam-mails von hotmail-account verschickt --> trojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.06.2012, 15:08   #1
marilu
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Liebes Forum,
mit Schrecken musste ich heut morgen feststellen, dass von meinem Hotmail-Account Spam-Mails verschickt wurden; und zwar an mein gesamtes Adressbuch (inkl. an mich selbst). In dieser Mail war lediglich ein Link enthalten.

Da ich nicht in Internet-Cafes verkehre und auch sonst niemand Einsicht in meine Zugangsdaten hat, gehe ich davon aus, dass es sich um irgendeine Art von schädlicher/böswilliger Software handeln muss, die sich auf meinem Laptop eingeschlichen haben muss.

Leider zeigt mein Virenscanner (Avira AntiVir) keinen Fund an; ein Quickscan mit Malwarebytes war ebenfalls erfolglos. Ich habe mich an die Regeln des Forums gehalten und die empfohlenen Programme durchlaufen lassen, hier also die logfiles. (OTL generierte komischerweise nur eine .txt-Datei; keine Ahnung was ich falsch gemacht habe)

Für eure Hilfe bin euch jetzt schon sehr dankbar. Ich denke, es wird sinnvoll sein sämtliche Passwörter zu erneuern; wohl aber erst nach Bereinigung, oder?

EDIT: Mein Freund hat zuvor die host-Datei (?) mittels Microsoft Fix It zurückgesetzt, weil er meint, dass sich viele Viren darüber Zugang zum PC verschaffen.

OTL.txt Logfile

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.06.2012 15:41:40 - Run 3
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Marilena\Desktop\neu
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 64,62% Memory free
7,73 Gb Paging File | 6,12 Gb Available in Paging File | 79,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,56 Gb Total Space | 380,11 Gb Free Space | 83,99% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 92,53 Mb Free Space | 93,44% Space Free | Partition Type: FAT32
 
Computer Name: MARILENA-PC | User Name: Marilena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 14:42:14 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marilena\Desktop\neu\OTL.exe
PRC - [2012.05.09 22:09:56 | 000,653,776 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.05.09 22:09:18 | 000,535,504 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.23 11:28:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.23 08:59:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.09 22:09:18 | 000,535,504 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 21:56:23 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.05.09 21:55:11 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {37FFFC4D-CB7D-4423-81EF-B0D09905A266}
IE:64bit: - HKLM\..\SearchScopes\{37FFFC4D-CB7D-4423-81EF-B0D09905A266}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {37FFFC4D-CB7D-4423-81EF-B0D09905A266}
IE - HKLM\..\SearchScopes\{37FFFC4D-CB7D-4423-81EF-B0D09905A266}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\..\SearchScopes,DefaultScope = {37FFFC4D-CB7D-4423-81EF-B0D09905A266}
IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\..\SearchScopes\{37FFFC4D-CB7D-4423-81EF-B0D09905A266}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.21 15:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.30 20:30:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 11:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 12:34:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.21 15:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 11:28:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 12:34:42 | 000,000,000 | ---D | M]
 
[2010.07.27 20:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marilena\AppData\Roaming\mozilla\Extensions
[2012.05.02 18:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marilena\AppData\Roaming\mozilla\Firefox\Profiles\agviln8i.default\extensions
[2012.06.23 11:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.30 20:30:11 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.01.05 18:19:12 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MARILENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGVILN8I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.23 11:28:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.15 11:15:10 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.23 11:28:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 11:28:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 11:28:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 11:28:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 11:28:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 11:28:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ECC26FA-91D3-4EC5-A74C-5DFB09C3A819}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AF03A6-DB89-41C9-87AB-89F877CB23C7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 14:39:59 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\neu
[2012.06.23 10:34:43 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\Macromedia
[2012.06.12 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Mama 50. Geburtstag - Kopie
[2012.06.09 19:26:42 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Mama 50. Geburtstag
[2012.06.09 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Geburtstag 2011
[2012.06.09 18:37:14 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Weihnachten 2011
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 15:37:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 15:37:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 15:37:06 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.28 15:37:06 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.28 15:37:06 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.28 15:37:06 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.28 15:37:06 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.28 15:29:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 15:29:35 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 14:59:38 | 000,000,000 | ---- | M] () -- C:\Users\Marilena\defogger_reenable
[2012.06.28 14:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.16 14:06:00 | 000,387,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 16:43:42 | 000,000,871 | ---- | M] () -- C:\Users\Marilena\.recently-used.xbel
[2012.06.09 18:51:06 | 002,602,152 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4198.JPG
[2012.06.09 18:44:58 | 002,650,712 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4153.JPG
[2012.06.09 18:44:52 | 002,620,261 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4152.JPG
[2012.06.09 18:44:44 | 002,371,838 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4151.JPG
[2012.06.09 18:44:38 | 002,573,909 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4150.JPG
[2012.06.09 18:44:34 | 002,354,060 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4149.JPG
[2012.06.09 18:44:28 | 002,511,145 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4148.JPG
[2012.06.05 18:51:48 | 000,071,202 | ---- | M] () -- C:\Users\Marilena\Desktop\origami-pink.jpg
 
========== Files Created - No Company Name ==========
 
[2012.06.28 14:59:38 | 000,000,000 | ---- | C] () -- C:\Users\Marilena\defogger_reenable
[2012.06.12 16:43:42 | 000,000,871 | ---- | C] () -- C:\Users\Marilena\.recently-used.xbel
[2012.06.09 18:51:53 | 002,650,712 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4153.JPG
[2012.06.09 18:51:53 | 002,620,261 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4152.JPG
[2012.06.09 18:51:53 | 002,573,909 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4150.JPG
[2012.06.09 18:51:53 | 002,511,145 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4148.JPG
[2012.06.09 18:51:53 | 002,371,838 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4151.JPG
[2012.06.09 18:51:53 | 002,354,060 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4149.JPG
[2012.06.09 18:51:50 | 002,636,956 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4211.JPG
[2012.06.09 18:51:48 | 002,318,119 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4210.JPG
[2012.06.09 18:51:46 | 002,596,602 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4209.JPG
[2012.06.09 18:51:44 | 002,816,319 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4208.JPG
[2012.06.09 18:51:41 | 002,677,623 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4207.JPG
[2012.06.09 18:51:39 | 002,636,246 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4206.JPG
[2012.06.09 18:51:37 | 002,492,510 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4205.JPG
[2012.06.09 18:51:35 | 002,522,287 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4204.JPG
[2012.06.09 18:51:32 | 002,638,864 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4203.JPG
[2012.06.09 18:51:30 | 002,639,962 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4202.JPG
[2012.06.09 18:51:28 | 002,602,152 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4198.JPG
[2012.06.09 18:51:28 | 002,525,664 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4199.JPG
[2012.06.09 18:51:28 | 002,509,771 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4201.JPG
[2012.06.09 18:51:28 | 002,497,055 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4200.JPG
[2012.06.09 18:51:28 | 002,212,468 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4197.JPG
[2012.06.05 18:51:47 | 000,071,202 | ---- | C] () -- C:\Users\Marilena\Desktop\origami-pink.jpg
[2011.02.07 10:20:41 | 000,001,854 | ---- | C] () -- C:\Users\Marilena\AppData\Roaming\GhostObjGAFix.xml
[2010.10.21 15:38:26 | 000,180,908 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010.10.21 15:38:26 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010.07.27 19:47:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.05.31 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\Dropbox
[2012.06.12 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\gtk-2.0
[2011.03.29 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\ICQ
[2010.07.27 19:47:27 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\_MDLogs
[2012.05.13 18:27:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von marilu (28.06.2012 um 15:15 Uhr)

Alt 30.06.2012, 03:58   #2
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 30.06.2012, 10:24   #3
marilu
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



hab den tdsskiller durchlaufen lassen, hier die ergebnisse

Code:
ATTFilter
11:20:39.0368 0796	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
11:20:39.0462 0796	============================================================
11:20:39.0462 0796	Current date / time: 2012/06/30 11:20:39.0462
11:20:39.0462 0796	SystemInfo:
11:20:39.0462 0796	
11:20:39.0462 0796	OS Version: 6.1.7601 ServicePack: 1.0
11:20:39.0462 0796	Product type: Workstation
11:20:39.0462 0796	ComputerName: MARILENA-PC
11:20:39.0462 0796	UserName: Marilena
11:20:39.0462 0796	Windows directory: C:\Windows
11:20:39.0462 0796	System windows directory: C:\Windows
11:20:39.0462 0796	Running under WOW64
11:20:39.0462 0796	Processor architecture: Intel x64
11:20:39.0462 0796	Number of processors: 4
11:20:39.0462 0796	Page size: 0x1000
11:20:39.0462 0796	Boot type: Normal boot
11:20:39.0462 0796	============================================================
11:20:40.0039 0796	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:20:40.0054 0796	============================================================
11:20:40.0054 0796	\Device\Harddisk0\DR0:
11:20:40.0054 0796	MBR partitions:
11:20:40.0054 0796	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:20:40.0054 0796	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3891F000
11:20:40.0054 0796	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38983000, BlocksNum 0x19CF000
11:20:40.0054 0796	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
11:20:40.0054 0796	============================================================
11:20:40.0070 0796	C: <-> \Device\Harddisk0\DR0\Partition1
11:20:40.0117 0796	D: <-> \Device\Harddisk0\DR0\Partition2
11:20:40.0117 0796	E: <-> \Device\Harddisk0\DR0\Partition3
11:20:40.0117 0796	============================================================
11:20:40.0117 0796	Initialize success
11:20:40.0117 0796	============================================================
11:20:47.0589 3664	============================================================
11:20:47.0589 3664	Scan started
11:20:47.0589 3664	Mode: Manual; 
11:20:47.0589 3664	============================================================
11:20:48.0806 3664	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:20:48.0837 3664	1394ohci - ok
11:20:48.0868 3664	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:20:48.0884 3664	ACPI - ok
11:20:48.0900 3664	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:20:48.0900 3664	AcpiPmi - ok
11:20:48.0946 3664	acsock          (e5568164c070a4988bd79c896920b3c6) C:\Windows\system32\DRIVERS\acsock64.sys
11:20:48.0962 3664	acsock - ok
11:20:49.0071 3664	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:20:49.0071 3664	AdobeARMservice - ok
11:20:49.0274 3664	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:49.0290 3664	AdobeFlashPlayerUpdateSvc - ok
11:20:49.0352 3664	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:20:49.0399 3664	adp94xx - ok
11:20:49.0446 3664	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:20:49.0461 3664	adpahci - ok
11:20:49.0492 3664	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:20:49.0524 3664	adpu320 - ok
11:20:49.0539 3664	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:20:49.0539 3664	AeLookupSvc - ok
11:20:49.0633 3664	AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:20:49.0633 3664	AERTFilters - ok
11:20:49.0695 3664	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:20:49.0726 3664	AFD - ok
11:20:49.0820 3664	AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
11:20:49.0898 3664	AgereSoftModem - ok
11:20:49.0929 3664	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:20:49.0929 3664	agp440 - ok
11:20:49.0960 3664	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:20:49.0960 3664	ALG - ok
11:20:49.0992 3664	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:20:49.0992 3664	aliide - ok
11:20:50.0038 3664	AMD External Events Utility (1d317ea326423ff7630cf1da3bd46a1c) C:\Windows\system32\atiesrxx.exe
11:20:50.0038 3664	AMD External Events Utility - ok
11:20:50.0054 3664	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:20:50.0054 3664	amdide - ok
11:20:50.0085 3664	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:20:50.0085 3664	AmdK8 - ok
11:20:50.0101 3664	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:20:50.0116 3664	AmdPPM - ok
11:20:50.0132 3664	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:20:50.0148 3664	amdsata - ok
11:20:50.0163 3664	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:20:50.0179 3664	amdsbs - ok
11:20:50.0194 3664	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:20:50.0210 3664	amdxata - ok
11:20:50.0288 3664	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:20:50.0288 3664	AntiVirSchedulerService - ok
11:20:50.0335 3664	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:20:50.0335 3664	AntiVirService - ok
11:20:50.0382 3664	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:20:50.0382 3664	AppID - ok
11:20:50.0413 3664	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:20:50.0413 3664	AppIDSvc - ok
11:20:50.0444 3664	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:20:50.0444 3664	Appinfo - ok
11:20:50.0522 3664	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:20:50.0522 3664	Apple Mobile Device - ok
11:20:50.0553 3664	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:20:50.0569 3664	arc - ok
11:20:50.0600 3664	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:20:50.0631 3664	arcsas - ok
11:20:50.0647 3664	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:50.0662 3664	AsyncMac - ok
11:20:50.0694 3664	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:20:50.0694 3664	atapi - ok
11:20:50.0818 3664	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
11:20:50.0881 3664	athr - ok
11:20:51.0037 3664	AtiHdmiService  (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
11:20:51.0052 3664	AtiHdmiService - ok
11:20:51.0442 3664	atikmdag        (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
11:20:51.0614 3664	atikmdag - ok
11:20:51.0786 3664	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:51.0801 3664	AudioEndpointBuilder - ok
11:20:51.0817 3664	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:51.0817 3664	AudioSrv - ok
11:20:51.0910 3664	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
11:20:51.0926 3664	avgntflt - ok
11:20:51.0957 3664	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
11:20:51.0973 3664	avipbb - ok
11:20:51.0988 3664	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:20:52.0004 3664	avkmgr - ok
11:20:52.0035 3664	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:20:52.0051 3664	AxInstSV - ok
11:20:52.0113 3664	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:20:52.0160 3664	b06bdrv - ok
11:20:52.0207 3664	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:52.0222 3664	b57nd60a - ok
11:20:52.0347 3664	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:20:52.0347 3664	BBSvc - ok
11:20:52.0394 3664	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:20:52.0394 3664	BBUpdate - ok
11:20:52.0441 3664	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:20:52.0456 3664	BDESVC - ok
11:20:52.0456 3664	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:20:52.0472 3664	Beep - ok
11:20:52.0550 3664	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:20:52.0581 3664	BFE - ok
11:20:52.0659 3664	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:20:52.0675 3664	BITS - ok
11:20:52.0737 3664	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:20:52.0737 3664	blbdrive - ok
11:20:52.0846 3664	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:52.0846 3664	Bonjour Service - ok
11:20:52.0862 3664	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:20:52.0878 3664	bowser - ok
11:20:52.0909 3664	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:20:52.0909 3664	BrFiltLo - ok
11:20:52.0924 3664	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:20:52.0924 3664	BrFiltUp - ok
11:20:52.0971 3664	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:20:52.0971 3664	Browser - ok
11:20:53.0018 3664	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:20:53.0034 3664	Brserid - ok
11:20:53.0080 3664	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:53.0080 3664	BrSerWdm - ok
11:20:53.0112 3664	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:53.0112 3664	BrUsbMdm - ok
11:20:53.0127 3664	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:53.0127 3664	BrUsbSer - ok
11:20:53.0158 3664	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:20:53.0174 3664	BTHMODEM - ok
11:20:53.0205 3664	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:20:53.0221 3664	bthserv - ok
11:20:53.0252 3664	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:20:53.0252 3664	cdfs - ok
11:20:53.0299 3664	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:20:53.0314 3664	cdrom - ok
11:20:53.0361 3664	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:20:53.0361 3664	CertPropSvc - ok
11:20:53.0377 3664	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:20:53.0392 3664	circlass - ok
11:20:53.0439 3664	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:20:53.0455 3664	CLFS - ok
11:20:53.0517 3664	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:53.0533 3664	clr_optimization_v2.0.50727_32 - ok
11:20:53.0580 3664	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:20:53.0595 3664	clr_optimization_v2.0.50727_64 - ok
11:20:53.0658 3664	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:53.0658 3664	clr_optimization_v4.0.30319_32 - ok
11:20:53.0704 3664	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:20:53.0704 3664	clr_optimization_v4.0.30319_64 - ok
11:20:53.0736 3664	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:20:53.0736 3664	CmBatt - ok
11:20:53.0767 3664	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:20:53.0767 3664	cmdide - ok
11:20:53.0829 3664	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:20:53.0876 3664	CNG - ok
11:20:53.0970 3664	Com4QLBEx       (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:20:53.0970 3664	Com4QLBEx - ok
11:20:54.0001 3664	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:20:54.0016 3664	Compbatt - ok
11:20:54.0048 3664	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:20:54.0063 3664	CompositeBus - ok
11:20:54.0079 3664	COMSysApp - ok
11:20:54.0094 3664	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:20:54.0094 3664	crcdisk - ok
11:20:54.0141 3664	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:20:54.0141 3664	CryptSvc - ok
11:20:54.0204 3664	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:20:54.0219 3664	DcomLaunch - ok
11:20:54.0266 3664	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:20:54.0282 3664	defragsvc - ok
11:20:54.0313 3664	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:20:54.0328 3664	DfsC - ok
11:20:54.0360 3664	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:20:54.0360 3664	Dhcp - ok
11:20:54.0391 3664	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:20:54.0391 3664	discache - ok
11:20:54.0406 3664	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:20:54.0422 3664	Disk - ok
11:20:54.0453 3664	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:20:54.0453 3664	Dnscache - ok
11:20:54.0500 3664	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:20:54.0531 3664	dot3svc - ok
11:20:54.0578 3664	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:20:54.0578 3664	Dot4 - ok
11:20:54.0625 3664	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:20:54.0625 3664	Dot4Print - ok
11:20:54.0656 3664	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:20:54.0656 3664	dot4usb - ok
11:20:54.0672 3664	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:20:54.0672 3664	DPS - ok
11:20:54.0703 3664	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:20:54.0703 3664	drmkaud - ok
11:20:54.0796 3664	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:20:54.0843 3664	DXGKrnl - ok
11:20:54.0890 3664	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:20:54.0890 3664	EapHost - ok
11:20:55.0124 3664	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:20:55.0233 3664	ebdrv - ok
11:20:55.0342 3664	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:20:55.0342 3664	EFS - ok
11:20:55.0436 3664	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:20:55.0483 3664	ehRecvr - ok
11:20:55.0514 3664	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:20:55.0530 3664	ehSched - ok
11:20:55.0608 3664	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:20:55.0639 3664	elxstor - ok
11:20:55.0717 3664	EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
11:20:55.0717 3664	EPSON_PM_RPCV4_01 - ok
11:20:55.0748 3664	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:20:55.0748 3664	ErrDev - ok
11:20:55.0810 3664	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:20:55.0826 3664	EventSystem - ok
11:20:55.0857 3664	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:20:55.0888 3664	exfat - ok
11:20:55.0904 3664	ezSharedSvc - ok
11:20:55.0935 3664	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:20:55.0951 3664	fastfat - ok
11:20:56.0029 3664	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:20:56.0044 3664	Fax - ok
11:20:56.0091 3664	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:20:56.0091 3664	fdc - ok
11:20:56.0107 3664	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:20:56.0107 3664	fdPHost - ok
11:20:56.0122 3664	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:20:56.0138 3664	FDResPub - ok
11:20:56.0154 3664	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:20:56.0169 3664	FileInfo - ok
11:20:56.0169 3664	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:20:56.0185 3664	Filetrace - ok
11:20:56.0216 3664	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:20:56.0216 3664	flpydisk - ok
11:20:56.0247 3664	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:20:56.0278 3664	FltMgr - ok
11:20:56.0356 3664	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:20:56.0403 3664	FontCache - ok
11:20:56.0450 3664	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:20:56.0466 3664	FontCache3.0.0.0 - ok
11:20:56.0497 3664	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:20:56.0512 3664	FsDepends - ok
11:20:56.0544 3664	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:20:56.0559 3664	Fs_Rec - ok
11:20:56.0622 3664	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:20:56.0637 3664	fvevol - ok
11:20:56.0668 3664	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:20:56.0668 3664	gagp30kx - ok
11:20:56.0700 3664	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:20:56.0700 3664	GEARAspiWDM - ok
11:20:56.0778 3664	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:20:56.0809 3664	gpsvc - ok
11:20:56.0840 3664	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:20:56.0840 3664	hcw85cir - ok
11:20:56.0887 3664	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:20:56.0918 3664	HdAudAddService - ok
11:20:56.0949 3664	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:20:56.0949 3664	HDAudBus - ok
11:20:56.0980 3664	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:20:56.0996 3664	HECIx64 - ok
11:20:57.0012 3664	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:20:57.0012 3664	HidBatt - ok
11:20:57.0043 3664	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:20:57.0058 3664	HidBth - ok
11:20:57.0090 3664	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:20:57.0090 3664	HidIr - ok
11:20:57.0121 3664	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:20:57.0121 3664	hidserv - ok
11:20:57.0152 3664	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:20:57.0168 3664	HidUsb - ok
11:20:57.0261 3664	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:20:57.0261 3664	hkmsvc - ok
11:20:57.0292 3664	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:20:57.0308 3664	HomeGroupListener - ok
11:20:57.0339 3664	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:20:57.0339 3664	HomeGroupProvider - ok
11:20:57.0433 3664	HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:20:57.0433 3664	HP Support Assistant Service - ok
11:20:57.0480 3664	HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:20:57.0480 3664	HPDrvMntSvc.exe - ok
11:20:57.0604 3664	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:20:57.0604 3664	hpqcxs08 - ok
11:20:57.0667 3664	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:20:57.0667 3664	hpqddsvc - ok
11:20:57.0714 3664	HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:20:57.0714 3664	HpqKbFiltr - ok
11:20:57.0807 3664	hpqwmiex        (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:20:57.0823 3664	hpqwmiex - ok
11:20:57.0870 3664	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:20:57.0885 3664	HpSAMD - ok
11:20:57.0948 3664	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:20:57.0979 3664	HTTP - ok
11:20:58.0010 3664	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:20:58.0010 3664	hwpolicy - ok
11:20:58.0057 3664	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:20:58.0072 3664	i8042prt - ok
11:20:58.0104 3664	iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
11:20:58.0104 3664	iaStor - ok
11:20:58.0166 3664	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:20:58.0197 3664	iaStorV - ok
11:20:58.0338 3664	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:20:58.0447 3664	idsvc - ok
11:20:58.0852 3664	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:20:59.0024 3664	igfx - ok
11:20:59.0180 3664	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:20:59.0180 3664	iirsp - ok
11:20:59.0258 3664	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:20:59.0274 3664	IKEEXT - ok
11:20:59.0430 3664	IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
11:20:59.0539 3664	IntcAzAudAddService - ok
11:20:59.0617 3664	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:20:59.0632 3664	intelide - ok
11:20:59.0664 3664	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:20:59.0664 3664	intelppm - ok
11:20:59.0695 3664	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:20:59.0710 3664	IPBusEnum - ok
11:20:59.0726 3664	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:20:59.0742 3664	IpFilterDriver - ok
11:20:59.0788 3664	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:20:59.0804 3664	iphlpsvc - ok
11:20:59.0835 3664	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:20:59.0851 3664	IPMIDRV - ok
11:20:59.0882 3664	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:20:59.0898 3664	IPNAT - ok
11:21:00.0007 3664	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:21:00.0038 3664	iPod Service - ok
11:21:00.0054 3664	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:21:00.0069 3664	IRENUM - ok
11:21:00.0085 3664	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:21:00.0085 3664	isapnp - ok
11:21:00.0116 3664	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:21:00.0147 3664	iScsiPrt - ok
11:21:00.0163 3664	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:21:00.0178 3664	kbdclass - ok
11:21:00.0194 3664	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:21:00.0210 3664	kbdhid - ok
11:21:00.0241 3664	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:00.0241 3664	KeyIso - ok
11:21:00.0256 3664	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:21:00.0272 3664	KSecDD - ok
11:21:00.0288 3664	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:21:00.0303 3664	KSecPkg - ok
11:21:00.0319 3664	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:21:00.0334 3664	ksthunk - ok
11:21:00.0366 3664	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:21:00.0397 3664	KtmRm - ok
11:21:00.0444 3664	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:21:00.0444 3664	LanmanServer - ok
11:21:00.0475 3664	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:21:00.0475 3664	LanmanWorkstation - ok
11:21:00.0568 3664	LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:21:00.0568 3664	LightScribeService - ok
11:21:00.0615 3664	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:21:00.0615 3664	lltdio - ok
11:21:00.0662 3664	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:21:00.0693 3664	lltdsvc - ok
11:21:00.0693 3664	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:21:00.0709 3664	lmhosts - ok
11:21:00.0787 3664	LMS             (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:21:00.0787 3664	LMS - ok
11:21:00.0834 3664	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:21:00.0834 3664	LSI_FC - ok
11:21:00.0865 3664	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:21:00.0880 3664	LSI_SAS - ok
11:21:00.0912 3664	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:21:00.0912 3664	LSI_SAS2 - ok
11:21:00.0943 3664	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:21:00.0958 3664	LSI_SCSI - ok
11:21:01.0005 3664	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:21:01.0005 3664	luafv - ok
11:21:01.0052 3664	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:21:01.0052 3664	MBAMProtector - ok
11:21:01.0161 3664	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:21:01.0161 3664	MBAMService - ok
11:21:01.0192 3664	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:21:01.0208 3664	Mcx2Svc - ok
11:21:01.0239 3664	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:21:01.0239 3664	megasas - ok
11:21:01.0286 3664	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:21:01.0302 3664	MegaSR - ok
11:21:01.0333 3664	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:21:01.0333 3664	MMCSS - ok
11:21:01.0348 3664	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:21:01.0364 3664	Modem - ok
11:21:01.0380 3664	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:21:01.0380 3664	monitor - ok
11:21:01.0411 3664	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:21:01.0426 3664	mouclass - ok
11:21:01.0442 3664	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:21:01.0458 3664	mouhid - ok
11:21:01.0489 3664	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:21:01.0489 3664	mountmgr - ok
11:21:01.0582 3664	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:21:01.0598 3664	MozillaMaintenance - ok
11:21:01.0614 3664	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:21:01.0645 3664	mpio - ok
11:21:01.0676 3664	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:21:01.0676 3664	mpsdrv - ok
11:21:01.0754 3664	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:21:01.0801 3664	MpsSvc - ok
11:21:01.0832 3664	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:21:01.0848 3664	MRxDAV - ok
11:21:01.0894 3664	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:21:01.0910 3664	mrxsmb - ok
11:21:01.0957 3664	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:21:02.0004 3664	mrxsmb10 - ok
11:21:02.0019 3664	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:21:02.0050 3664	mrxsmb20 - ok
11:21:02.0066 3664	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:21:02.0082 3664	msahci - ok
11:21:02.0097 3664	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:21:02.0113 3664	msdsm - ok
11:21:02.0144 3664	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:21:02.0160 3664	MSDTC - ok
11:21:02.0191 3664	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:21:02.0206 3664	Msfs - ok
11:21:02.0222 3664	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:21:02.0222 3664	mshidkmdf - ok
11:21:02.0238 3664	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:21:02.0238 3664	msisadrv - ok
11:21:02.0269 3664	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:21:02.0300 3664	MSiSCSI - ok
11:21:02.0300 3664	msiserver - ok
11:21:02.0331 3664	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:21:02.0347 3664	MSKSSRV - ok
11:21:02.0378 3664	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:21:02.0378 3664	MSPCLOCK - ok
11:21:02.0394 3664	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:21:02.0394 3664	MSPQM - ok
11:21:02.0440 3664	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:21:02.0472 3664	MsRPC - ok
11:21:02.0487 3664	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:21:02.0487 3664	mssmbios - ok
11:21:02.0503 3664	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:21:02.0503 3664	MSTEE - ok
11:21:02.0534 3664	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:21:02.0534 3664	MTConfig - ok
11:21:02.0550 3664	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:21:02.0550 3664	Mup - ok
11:21:02.0596 3664	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:21:02.0612 3664	napagent - ok
11:21:02.0659 3664	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:21:02.0690 3664	NativeWifiP - ok
11:21:02.0768 3664	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:21:02.0784 3664	NDIS - ok
11:21:02.0799 3664	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:21:02.0815 3664	NdisCap - ok
11:21:02.0830 3664	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:21:02.0846 3664	NdisTapi - ok
11:21:02.0862 3664	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:21:02.0877 3664	Ndisuio - ok
11:21:02.0908 3664	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:21:02.0924 3664	NdisWan - ok
11:21:02.0955 3664	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:21:02.0971 3664	NDProxy - ok
11:21:03.0033 3664	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
11:21:03.0033 3664	Net Driver HPZ12 - ok
11:21:03.0049 3664	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:21:03.0064 3664	NetBIOS - ok
11:21:03.0096 3664	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:21:03.0111 3664	NetBT - ok
11:21:03.0142 3664	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:03.0158 3664	Netlogon - ok
11:21:03.0205 3664	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:21:03.0220 3664	Netman - ok
11:21:03.0267 3664	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:21:03.0298 3664	netprofm - ok
11:21:03.0376 3664	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:03.0392 3664	NetTcpPortSharing - ok
11:21:03.0844 3664	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:21:03.0985 3664	netw5v64 - ok
11:21:04.0078 3664	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:21:04.0094 3664	nfrd960 - ok
11:21:04.0141 3664	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:21:04.0156 3664	NlaSvc - ok
11:21:04.0172 3664	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:21:04.0172 3664	Npfs - ok
11:21:04.0203 3664	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:21:04.0203 3664	nsi - ok
11:21:04.0219 3664	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:21:04.0219 3664	nsiproxy - ok
11:21:04.0328 3664	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:21:04.0422 3664	Ntfs - ok
11:21:04.0500 3664	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:21:04.0515 3664	Null - ok
11:21:04.0546 3664	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:21:04.0562 3664	nvraid - ok
11:21:04.0593 3664	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:21:04.0624 3664	nvstor - ok
11:21:04.0656 3664	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:21:04.0671 3664	nv_agp - ok
11:21:04.0687 3664	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:21:04.0702 3664	ohci1394 - ok
11:21:04.0780 3664	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:04.0796 3664	ose - ok
11:21:05.0170 3664	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:21:05.0202 3664	osppsvc - ok
11:21:05.0358 3664	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:21:05.0373 3664	p2pimsvc - ok
11:21:05.0420 3664	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:21:05.0436 3664	p2psvc - ok
11:21:05.0467 3664	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:21:05.0482 3664	Parport - ok
11:21:05.0498 3664	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:21:05.0514 3664	partmgr - ok
11:21:05.0529 3664	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:21:05.0529 3664	PcaSvc - ok
11:21:05.0576 3664	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:21:05.0576 3664	pci - ok
11:21:05.0592 3664	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:21:05.0607 3664	pciide - ok
11:21:05.0638 3664	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:21:05.0670 3664	pcmcia - ok
11:21:05.0701 3664	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:21:05.0716 3664	pcw - ok
11:21:05.0779 3664	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:21:05.0841 3664	PEAUTH - ok
11:21:05.0919 3664	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:21:05.0935 3664	PerfHost - ok
11:21:06.0060 3664	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:21:06.0122 3664	pla - ok
11:21:06.0169 3664	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:21:06.0184 3664	PlugPlay - ok
11:21:06.0231 3664	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
11:21:06.0231 3664	Pml Driver HPZ12 - ok
11:21:06.0262 3664	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:21:06.0262 3664	PNRPAutoReg - ok
11:21:06.0294 3664	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:21:06.0309 3664	PNRPsvc - ok
11:21:06.0340 3664	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:21:06.0387 3664	PolicyAgent - ok
11:21:06.0418 3664	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:21:06.0418 3664	Power - ok
11:21:06.0481 3664	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:21:06.0496 3664	PptpMiniport - ok
11:21:06.0528 3664	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:21:06.0528 3664	Processor - ok
11:21:06.0559 3664	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:21:06.0574 3664	ProfSvc - ok
11:21:06.0606 3664	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:06.0606 3664	ProtectedStorage - ok
11:21:06.0637 3664	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:21:06.0652 3664	Psched - ok
11:21:06.0777 3664	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:21:06.0824 3664	ql2300 - ok
11:21:06.0918 3664	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:21:06.0933 3664	ql40xx - ok
11:21:06.0980 3664	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:21:06.0996 3664	QWAVE - ok
11:21:07.0027 3664	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:21:07.0027 3664	QWAVEdrv - ok
11:21:07.0042 3664	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:21:07.0042 3664	RasAcd - ok
11:21:07.0074 3664	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:21:07.0074 3664	RasAgileVpn - ok
11:21:07.0089 3664	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:21:07.0105 3664	RasAuto - ok
11:21:07.0136 3664	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:21:07.0167 3664	Rasl2tp - ok
11:21:07.0198 3664	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:21:07.0214 3664	RasMan - ok
11:21:07.0245 3664	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:21:07.0245 3664	RasPppoe - ok
11:21:07.0276 3664	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:21:07.0292 3664	RasSstp - ok
11:21:07.0323 3664	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:21:07.0370 3664	rdbss - ok
11:21:07.0401 3664	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:21:07.0401 3664	rdpbus - ok
11:21:07.0417 3664	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:21:07.0417 3664	RDPCDD - ok
11:21:07.0448 3664	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:21:07.0448 3664	RDPENCDD - ok
11:21:07.0464 3664	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:21:07.0464 3664	RDPREFMP - ok
11:21:07.0495 3664	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:21:07.0510 3664	RDPWD - ok
11:21:07.0557 3664	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:21:07.0588 3664	rdyboost - ok
11:21:07.0620 3664	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:21:07.0620 3664	RemoteAccess - ok
11:21:07.0651 3664	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:21:07.0682 3664	RemoteRegistry - ok
11:21:07.0776 3664	RichVideo       (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
11:21:07.0791 3664	RichVideo - ok
11:21:07.0807 3664	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:21:07.0822 3664	RpcEptMapper - ok
11:21:07.0822 3664	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:21:07.0822 3664	RpcLocator - ok
11:21:07.0885 3664	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:21:07.0885 3664	RpcSs - ok
11:21:07.0947 3664	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:21:07.0947 3664	rspndr - ok
11:21:07.0994 3664	RSUSBSTOR       (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
11:21:08.0010 3664	RSUSBSTOR - ok
11:21:08.0072 3664	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:21:08.0103 3664	RTL8167 - ok
11:21:08.0134 3664	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:08.0134 3664	SamSs - ok
11:21:08.0166 3664	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:21:08.0181 3664	sbp2port - ok
11:21:08.0212 3664	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:21:08.0244 3664	SCardSvr - ok
11:21:08.0275 3664	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:21:08.0275 3664	scfilter - ok
11:21:08.0353 3664	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:21:08.0384 3664	Schedule - ok
11:21:08.0400 3664	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:21:08.0400 3664	SCPolicySvc - ok
11:21:08.0446 3664	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:21:08.0446 3664	sdbus - ok
11:21:08.0478 3664	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:21:08.0478 3664	SDRSVC - ok
11:21:08.0509 3664	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:21:08.0524 3664	secdrv - ok
11:21:08.0540 3664	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:21:08.0556 3664	seclogon - ok
11:21:08.0587 3664	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:21:08.0587 3664	SENS - ok
11:21:08.0587 3664	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:21:08.0602 3664	SensrSvc - ok
11:21:08.0634 3664	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:21:08.0634 3664	Serenum - ok
11:21:08.0649 3664	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:21:08.0665 3664	Serial - ok
11:21:08.0680 3664	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:21:08.0696 3664	sermouse - ok
11:21:08.0743 3664	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:21:08.0758 3664	SessionEnv - ok
11:21:08.0774 3664	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:21:08.0774 3664	sffdisk - ok
11:21:08.0790 3664	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:21:08.0790 3664	sffp_mmc - ok
11:21:08.0805 3664	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:21:08.0805 3664	sffp_sd - ok
11:21:08.0836 3664	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:21:08.0836 3664	sfloppy - ok
11:21:08.0868 3664	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:21:08.0899 3664	SharedAccess - ok
11:21:08.0946 3664	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:21:08.0946 3664	ShellHWDetection - ok
11:21:08.0977 3664	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:21:08.0992 3664	SiSRaid2 - ok
11:21:09.0008 3664	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:21:09.0008 3664	SiSRaid4 - ok
11:21:09.0039 3664	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:21:09.0055 3664	Smb - ok
11:21:09.0086 3664	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:21:09.0086 3664	SNMPTRAP - ok
11:21:09.0102 3664	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:21:09.0102 3664	spldr - ok
11:21:09.0148 3664	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:21:09.0180 3664	Spooler - ok
11:21:09.0414 3664	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:21:09.0492 3664	sppsvc - ok
11:21:09.0585 3664	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:21:09.0601 3664	sppuinotify - ok
11:21:09.0679 3664	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:21:09.0710 3664	srv - ok
11:21:09.0757 3664	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:21:09.0788 3664	srv2 - ok
11:21:09.0819 3664	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:21:09.0850 3664	SrvHsfHDA - ok
11:21:09.0944 3664	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:21:10.0038 3664	SrvHsfV92 - ok
11:21:10.0178 3664	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:21:10.0240 3664	SrvHsfWinac - ok
11:21:10.0272 3664	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:21:10.0287 3664	srvnet - ok
11:21:10.0334 3664	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:21:10.0350 3664	SSDPSRV - ok
11:21:10.0365 3664	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:21:10.0381 3664	SstpSvc - ok
11:21:10.0396 3664	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:21:10.0412 3664	stexstor - ok
11:21:10.0459 3664	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:21:10.0490 3664	stisvc - ok
11:21:10.0521 3664	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:21:10.0521 3664	swenum - ok
11:21:10.0568 3664	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:21:10.0599 3664	swprv - ok
11:21:10.0662 3664	SynTP           (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
11:21:10.0693 3664	SynTP - ok
11:21:10.0818 3664	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:21:10.0880 3664	SysMain - ok
11:21:10.0974 3664	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:21:11.0005 3664	TabletInputService - ok
11:21:11.0020 3664	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:21:11.0052 3664	TapiSrv - ok
11:21:11.0083 3664	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:21:11.0083 3664	TBS - ok
11:21:11.0254 3664	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:21:11.0364 3664	Tcpip - ok
11:21:11.0582 3664	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:21:11.0598 3664	TCPIP6 - ok
11:21:11.0676 3664	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:21:11.0691 3664	tcpipreg - ok
11:21:11.0722 3664	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:21:11.0722 3664	TDPIPE - ok
11:21:11.0754 3664	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:21:11.0769 3664	TDTCP - ok
11:21:11.0785 3664	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:21:11.0800 3664	tdx - ok
11:21:11.0832 3664	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:21:11.0847 3664	TermDD - ok
11:21:11.0894 3664	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:21:11.0925 3664	TermService - ok
11:21:11.0941 3664	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:21:11.0956 3664	Themes - ok
11:21:11.0972 3664	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:21:11.0988 3664	THREADORDER - ok
11:21:12.0019 3664	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:21:12.0019 3664	TrkWks - ok
11:21:12.0066 3664	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:21:12.0081 3664	TrustedInstaller - ok
11:21:12.0097 3664	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:21:12.0112 3664	tssecsrv - ok
11:21:12.0144 3664	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:21:12.0159 3664	TsUsbFlt - ok
11:21:12.0206 3664	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:21:12.0222 3664	tunnel - ok
11:21:12.0237 3664	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:21:12.0253 3664	uagp35 - ok
11:21:12.0284 3664	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:21:12.0315 3664	udfs - ok
11:21:12.0331 3664	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:21:12.0331 3664	UI0Detect - ok
11:21:12.0378 3664	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:21:12.0393 3664	uliagpkx - ok
11:21:12.0424 3664	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:21:12.0440 3664	umbus - ok
11:21:12.0456 3664	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:21:12.0471 3664	UmPass - ok
11:21:12.0658 3664	UNS             (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:21:12.0721 3664	UNS - ok
11:21:12.0830 3664	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:21:12.0861 3664	upnphost - ok
11:21:12.0939 3664	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:21:12.0955 3664	usbaudio - ok
11:21:12.0986 3664	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:21:12.0986 3664	usbccgp - ok
11:21:13.0017 3664	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:21:13.0033 3664	usbcir - ok
11:21:13.0048 3664	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:21:13.0048 3664	usbehci - ok
11:21:13.0095 3664	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:21:13.0126 3664	usbhub - ok
11:21:13.0126 3664	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:21:13.0142 3664	usbohci - ok
11:21:13.0173 3664	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:21:13.0173 3664	usbprint - ok
11:21:13.0204 3664	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:21:13.0204 3664	usbscan - ok
11:21:13.0220 3664	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:21:13.0220 3664	USBSTOR - ok
11:21:13.0236 3664	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:21:13.0236 3664	usbuhci - ok
11:21:13.0314 3664	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:21:13.0329 3664	usbvideo - ok
11:21:13.0360 3664	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:21:13.0360 3664	UxSms - ok
11:21:13.0392 3664	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:13.0392 3664	VaultSvc - ok
11:21:13.0423 3664	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:21:13.0438 3664	vdrvroot - ok
11:21:13.0485 3664	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:21:13.0501 3664	vds - ok
11:21:13.0532 3664	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:21:13.0548 3664	vga - ok
11:21:13.0548 3664	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:21:13.0563 3664	VgaSave - ok
11:21:13.0579 3664	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:21:13.0610 3664	vhdmp - ok
11:21:13.0626 3664	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:21:13.0626 3664	viaide - ok
11:21:13.0657 3664	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:21:13.0657 3664	volmgr - ok
11:21:13.0704 3664	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:21:13.0719 3664	volmgrx - ok
11:21:13.0766 3664	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:21:13.0782 3664	volsnap - ok
11:21:13.0891 3664	vpnagent        (c8e2180caa7d1fb8c6aa202e0f302a7f) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:21:13.0891 3664	vpnagent - ok
11:21:13.0938 3664	vpnva           (a8d4fed106b4bd337df3da20ba44e18e) C:\Windows\system32\DRIVERS\vpnva64.sys
11:21:13.0938 3664	vpnva - ok
11:21:13.0984 3664	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:21:14.0000 3664	vsmraid - ok
11:21:14.0109 3664	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:21:14.0172 3664	VSS - ok
11:21:14.0281 3664	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:21:14.0296 3664	vwifibus - ok
11:21:14.0328 3664	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:21:14.0328 3664	vwififlt - ok
11:21:14.0390 3664	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:21:14.0406 3664	W32Time - ok
11:21:14.0421 3664	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:21:14.0437 3664	WacomPen - ok
11:21:14.0468 3664	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:14.0468 3664	WANARP - ok
11:21:14.0484 3664	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:14.0499 3664	Wanarpv6 - ok
11:21:14.0608 3664	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:21:14.0686 3664	WatAdminSvc - ok
11:21:14.0796 3664	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:21:14.0874 3664	wbengine - ok
11:21:14.0967 3664	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:21:14.0998 3664	WbioSrvc - ok
11:21:15.0045 3664	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:21:15.0061 3664	wcncsvc - ok
11:21:15.0092 3664	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:21:15.0092 3664	WcsPlugInService - ok
11:21:15.0123 3664	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:21:15.0139 3664	Wd - ok
11:21:15.0201 3664	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:21:15.0264 3664	Wdf01000 - ok
11:21:15.0279 3664	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:15.0295 3664	WdiServiceHost - ok
11:21:15.0295 3664	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:15.0310 3664	WdiSystemHost - ok
11:21:15.0342 3664	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:21:15.0373 3664	WebClient - ok
11:21:15.0404 3664	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:21:15.0404 3664	Wecsvc - ok
11:21:15.0420 3664	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:21:15.0420 3664	wercplsupport - ok
11:21:15.0451 3664	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:21:15.0451 3664	WerSvc - ok
11:21:15.0498 3664	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:21:15.0498 3664	WfpLwf - ok
11:21:15.0513 3664	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:21:15.0529 3664	WIMMount - ok
11:21:15.0560 3664	WinDefend - ok
11:21:15.0560 3664	WinHttpAutoProxySvc - ok
11:21:15.0638 3664	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:21:15.0669 3664	Winmgmt - ok
11:21:15.0810 3664	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:21:15.0856 3664	WinRM - ok
11:21:15.0966 3664	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:21:15.0981 3664	WinUsb - ok
11:21:16.0059 3664	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:21:16.0090 3664	Wlansvc - ok
11:21:16.0106 3664	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:21:16.0106 3664	WmiAcpi - ok
11:21:16.0153 3664	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:21:16.0168 3664	wmiApSrv - ok
11:21:16.0215 3664	WMPNetworkSvc - ok
11:21:16.0231 3664	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:21:16.0246 3664	WPCSvc - ok
11:21:16.0278 3664	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:21:16.0278 3664	WPDBusEnum - ok
11:21:16.0356 3664	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:21:16.0356 3664	ws2ifsl - ok
11:21:16.0387 3664	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:21:16.0387 3664	wscsvc - ok
11:21:16.0387 3664	WSearch - ok
11:21:16.0574 3664	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:21:16.0636 3664	wuauserv - ok
11:21:16.0761 3664	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:21:16.0761 3664	WudfPf - ok
11:21:16.0792 3664	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:16.0792 3664	WUDFRd - ok
11:21:16.0824 3664	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:21:16.0824 3664	wudfsvc - ok
11:21:16.0839 3664	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:21:16.0870 3664	WwanSvc - ok
11:21:16.0917 3664	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:21:16.0948 3664	yukonw7 - ok
11:21:16.0980 3664	MBR (0x1B8)     (b2bc056a88831c6fb1a57d77ca198b98) \Device\Harddisk0\DR0
11:21:17.0229 3664	\Device\Harddisk0\DR0 - ok
11:21:17.0229 3664	Boot (0x1200)   (a16a2d2ff3ef90c3c0102bacdac6f4a0) \Device\Harddisk0\DR0\Partition0
11:21:17.0245 3664	\Device\Harddisk0\DR0\Partition0 - ok
11:21:17.0245 3664	Boot (0x1200)   (4f54a81151f6198757b077ead464991a) \Device\Harddisk0\DR0\Partition1
11:21:17.0260 3664	\Device\Harddisk0\DR0\Partition1 - ok
11:21:17.0276 3664	Boot (0x1200)   (26386718e41c7f19eb1a31c6ef2c9832) \Device\Harddisk0\DR0\Partition2
11:21:17.0292 3664	\Device\Harddisk0\DR0\Partition2 - ok
11:21:17.0292 3664	Boot (0x1200)   (6f714e65f28936d11ab1f5127aa5f3c1) \Device\Harddisk0\DR0\Partition3
11:21:17.0292 3664	\Device\Harddisk0\DR0\Partition3 - ok
11:21:17.0292 3664	============================================================
11:21:17.0292 3664	Scan finished
11:21:17.0292 3664	============================================================
11:21:17.0323 4540	Detected object count: 0
11:21:17.0323 4540	Actual detected object count: 0
         
__________________

Alt 30.06.2012, 13:05   #4
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 30.06.2012, 14:45   #5
marilu
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



hab die datei runtergeladen. allerdings gibt es probleme.
beim ersten mal ausführen, wurde ich nach dem avast standard gefragt; ich habe bestätigt. dann lief das programm etwa 2 minuten bis die meldung kam, dass das programm aufgrund eines unerwarteten ereignisses blabla geschlossen werden muss.
beim zweiten versuch, wurde nicht mehr nach dem avast-dingens gefragt (ich nehm mal an, weil das zuvor erfolgreich verlief); auch beim zweiten durchgang lief das programm etwa 2 minuten. dann ging allerdings gar nichts mehr - keine absturzmeldung - nichts. ich konnte weder die maus bewegen noch den task-manager via strg+alt+enf öffnen.
nach dem neustart habe ich den dritten versuch im abgesicherten modus gestartet. auch hier hängt sich das programm auf.
den vierten und letzten versuch habe ich wieder im normalen modus gemacht und auch er führte nicht zum erfolg. kurz bevor erneut die fehlermeldung kam, hab ich einen screenshot gemacht, vielleicht hilft der ja bei der lösung des problems.

avira antivir habe ich bei jedem versuch ausgeschaltet. die firewall hat sich überhaupt nicht bemerkbar gemacht. komplett ausschalten wollte ich sie aber nicht.

Das Programm hängt sich übrigens immer auf, wenn es folgendes Verzeichnis scannt C:\Windows\assembly\GAC_MSIL\... (die unterordner variieren allerdings)

Miniaturansicht angehängter Grafiken
spam-mails von hotmail-account verschickt --&gt; trojaner?-screenshot_aswmbr.jpg  

Alt 01.07.2012, 17:43   #6
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> spam-mails von hotmail-account verschickt --> trojaner?

Alt 01.07.2012, 18:25   #7
marilu
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



hier der combofix-scan
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-01.03 - Marilena 01.07.2012  19:06:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3958.2475 [GMT 2:00]
ausgeführt von:: c:\users\Marilena\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marilena\4.0
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-01 bis 2012-07-01  ))))))))))))))))))))))))))))))
.
.
2012-06-29 08:22 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DAD13AD-8E8F-45D4-9427-9ECAEF97C105}\mpengine.dll
2012-06-28 13:46 . 2012-06-28 13:46	--------	d-----w-	c:\users\Marilena\AppData\Roaming\Malwarebytes
2012-06-28 13:46 . 2012-06-28 13:46	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-23 09:28 . 2012-06-23 09:28	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 09:28 . 2012-06-23 09:28	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 08:34 . 2012-06-23 08:34	--------	d-----w-	c:\users\Marilena\AppData\Local\Macromedia
2012-06-21 16:13 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 16:13 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 16:13 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 16:13 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 16:12 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 16:12 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 16:12 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 16:12 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 16:12 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-07 22:12 . 2012-06-07 22:12	10744	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-06-07 22:12 . 2012-06-07 22:12	33784	----a-w-	c:\windows\SysWow64\vpnevents.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 06:59 . 2012-04-01 05:26	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 06:59 . 2011-11-13 22:04	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 21:55 . 2011-09-09 15:59	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-05-09 19:56 . 2010-05-06 01:46	27048	----a-w-	c:\windows\system32\drivers\vpnva64.sys
2012-05-09 10:21 . 2012-05-18 08:45	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2010-07-27 16:54	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-02 13:24 . 2012-05-14 18:37	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-04-27 08:20 . 2012-05-14 18:37	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-05-14 18:37	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-06-02 24264488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 672760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 535544]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-23 172032]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Marilena\AppData\Roaming\Mozilla\Firefox\Profiles\agviln8i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.type - 2
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-01  19:18:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-01 17:18
.
Vor Suchlauf: 7 Verzeichnis(se), 407.293.992.960 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 407.070.658.560 Bytes frei
.
- - End Of File - - 1F035F9257C16293B97F534EA2AE43BF
         
--- --- ---

Alt 02.07.2012, 10:21   #8
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Macht der Rechner sonst irgendwelche Probleme ? Die Logfiles sehen OK aus.


Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 02.07.2012, 10:47   #9
marilu
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



mir ist nichts großartiges aufgefallen. nur firefox macht seit geraumer zeit probleme, hängt sich desöfteren auf, braucht manchmal ungewöhnlich lange um seiten zu laden, etc.

wenn wir mit dieser sache hier durch sind würd ich wahrscheinlich aber eh auf chrome umsteigen. wird ja hier im forum dem mozilla oft vorgezogen, so wie ich das hier rauslesen kann.

zur sache mit dem farbar recovery scan. mir steht leider nur der "infizierte" pc zur verfügung. kann ich das tool trotzdem ganz normal mit firefox runterladen und dabei direkt auf den angeschlossenen usb-stick speichern oder führt das zu problemen?

------------------------------------------------------------------------------------

hab mir die datei heute von nem pc in der uni gezogen. ich denke, das ist der sicherste zu dem ich zugang habe (die it-leuten sollten das doch auf die reihe kriegen, hoff ich

jedenfalls hab ich das tool nun durchlaufen lassen: hier der scan

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 02-07-2012 20:20:47
Running from H:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [5977600 2009-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2009-10-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-01-23] (Sun Microsystems, Inc.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [672760 2012-06-07] (Cisco Systems, Inc.)
HKU\Marilena\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [24264488 2009-06-02] (Skype Technologies S.A.)
HKU\Marilena\...\Policies\system: [DisableLockWorkstation] 0
HKU\Marilena\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-01] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
2 ezSharedSvc; C:\Windows\SysWow64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [535544 2012-06-07] (Cisco Systems, Inc.)

========================== Drivers (Whitelisted) =============

3 acsock; C:\Windows\System32\DRIVERS\acsock64.sys [107432 2012-06-07] (Cisco Systems, Inc.)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
4 eabfiltr;  [x]

========================== NetSvcs (Whitelisted) ===========

NETSVCx32: ezSharedSvc -> C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

============ One Month Created Files and Folders ==============

2012-07-01 09:18 - 2012-07-01 09:18 - 00019158 ____A C:\ComboFix.txt
2012-07-01 09:05 - 2012-07-01 09:18 - 00000000 ____D C:\Qoobox
2012-07-01 09:05 - 2012-07-01 09:17 - 00000000 ____D C:\Windows\erdnt
2012-07-01 09:05 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-01 09:05 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-01 09:05 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-01 08:57 - 2012-07-01 08:57 - 04568829 ____R (Swearware) C:\Users\Marilena\Downloads\ComboFix.exe
2012-07-01 02:09 - 2012-07-01 02:09 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-07-01 02:09 - 2012-05-09 02:18 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-01 02:09 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-01 02:09 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-30 05:27 - 2012-06-30 05:27 - 295055855 ____A C:\Windows\MEMORY.DMP
2012-06-30 05:27 - 2012-06-30 05:27 - 00270832 ____A C:\Windows\Minidump\063012-19141-01.dmp
2012-06-28 05:46 - 2012-06-28 05:46 - 00000000 ____D C:\Users\Marilena\AppData\Roaming\Malwarebytes
2012-06-28 05:46 - 2012-06-28 05:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-28 05:19 - 2012-06-28 05:19 - 00000000 ____A C:\Users\Marilena\Desktop\infos.txt
2012-06-28 04:59 - 2012-06-28 04:59 - 00000000 ____A C:\Users\Marilena\defogger_reenable
2012-06-28 04:39 - 2012-07-01 09:21 - 00000000 ____D C:\Users\Marilena\Desktop\neu
2012-06-23 00:34 - 2012-06-23 00:34 - 00000000 ____D C:\Users\Marilena\AppData\Local\Macromedia
2012-06-21 08:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 08:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 08:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 08:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 08:12 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 08:12 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 08:12 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 08:12 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 08:12 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 00:58 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 00:58 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 00:58 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 00:58 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 00:58 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 00:58 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 00:58 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 00:58 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 00:58 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 00:58 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 00:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 00:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 00:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 00:58 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 00:58 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 00:58 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 00:58 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 00:58 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 00:58 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 00:58 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 00:58 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 00:58 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 00:58 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 00:58 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 07:26 - 2012-06-12 07:26 - 00000000 ____A C:\Users\Marilena\Desktop\NICHT VERZAGEN, LUKAS FRAGEN!.txt
2012-06-12 06:43 - 2012-06-12 06:43 - 00000871 ____A C:\Users\Marilena\.recently-used.xbel
2012-06-12 06:31 - 2012-06-12 07:26 - 00000000 ____D C:\Users\Marilena\Desktop\Mama 50. Geburtstag - Kopie
2012-06-09 09:26 - 2012-06-12 12:10 - 00000000 ____D C:\Users\Marilena\Desktop\Mama 50. Geburtstag
2012-06-09 08:37 - 2012-06-09 08:56 - 00000000 ____D C:\Users\Marilena\Desktop\Weihnachten 2011
2012-06-09 08:37 - 2012-06-09 08:55 - 00000000 ____D C:\Users\Marilena\Desktop\Geburtstag 2011
2012-06-07 14:12 - 2012-06-07 14:12 - 00033784 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll
2012-06-07 14:12 - 2012-06-07 14:12 - 00010744 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll


============ 3 Months Modified Files ========================

2012-07-02 10:16 - 2012-03-31 22:46 - 01702999 ____A C:\Windows\WindowsUpdate.log
2012-07-02 09:59 - 2012-03-31 21:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-02 06:19 - 2010-01-23 14:31 - 00654166 ____A C:\Windows\System32\perfh007.dat
2012-07-02 06:19 - 2010-01-23 14:31 - 00130006 ____A C:\Windows\System32\perfc007.dat
2012-07-02 06:19 - 2009-07-13 21:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 00:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 00:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 00:41 - 2012-04-01 02:42 - 00008904 ____A C:\Windows\setupact.log
2012-07-02 00:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-01 09:18 - 2012-07-01 09:18 - 00019158 ____A C:\ComboFix.txt
2012-07-01 09:13 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-01 09:12 - 2012-05-13 01:43 - 00089984 ____A C:\Windows\PFRO.log
2012-07-01 08:57 - 2012-07-01 08:57 - 04568829 ____R (Swearware) C:\Users\Marilena\Downloads\ComboFix.exe
2012-07-01 02:09 - 2012-07-01 02:09 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-06-30 07:58 - 2011-11-12 03:20 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-30 07:58 - 2010-07-27 09:55 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-30 05:27 - 2012-06-30 05:27 - 295055855 ____A C:\Windows\MEMORY.DMP
2012-06-30 05:27 - 2012-06-30 05:27 - 00270832 ____A C:\Windows\Minidump\063012-19141-01.dmp
2012-06-28 05:19 - 2012-06-28 05:19 - 00000000 ____A C:\Users\Marilena\Desktop\infos.txt
2012-06-28 04:59 - 2012-06-28 04:59 - 00000000 ____A C:\Users\Marilena\defogger_reenable
2012-06-22 22:59 - 2012-03-31 21:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-22 22:59 - 2011-11-13 14:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 04:06 - 2009-07-13 20:45 - 00387728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 02:57 - 2010-07-28 06:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 11:04 - 2010-07-29 02:43 - 00750080 __ASH C:\Users\Marilena\Desktop\Thumbs.db
2012-06-12 07:26 - 2012-06-12 07:26 - 00000000 ____A C:\Users\Marilena\Desktop\NICHT VERZAGEN, LUKAS FRAGEN!.txt
2012-06-12 06:43 - 2012-06-12 06:43 - 00000871 ____A C:\Users\Marilena\.recently-used.xbel
2012-06-07 14:12 - 2012-06-07 14:12 - 00033784 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll
2012-06-07 14:12 - 2012-06-07 14:12 - 00010744 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll
2012-06-07 13:55 - 2011-09-09 07:59 - 00107432 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock64.sys
2012-06-02 14:19 - 2012-06-21 08:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 08:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 08:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-21 08:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 08:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 07:27 - 2012-05-17 04:59 - 05368074 ____A C:\Users\Marilena\Documents\Gerome_Das maurische Bad.pptx
2012-05-14 20:01 - 2012-06-14 00:58 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-14 00:58 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-14 00:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-14 00:58 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-14 00:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 10:22 - 2012-05-14 10:20 - 99308192 ____A C:\Users\Marilena\Downloads\avira_free_antivirus_de.exe
2012-05-14 09:12 - 2012-05-14 09:12 - 02072385 ____A C:\Users\Marilena\Downloads\Die Toilette der Esther_Chasseriau.jpeg
2012-05-13 08:27 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-09 11:56 - 2010-05-05 17:46 - 00027048 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\vpnva64.sys
2012-05-09 02:21 - 2012-05-18 00:45 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-09 02:21 - 2010-07-27 08:54 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-09 02:18 - 2012-07-01 02:09 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-09 02:17 - 2012-07-01 02:09 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-09 02:17 - 2012-07-01 02:09 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-04 03:06 - 2012-06-14 00:58 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 00:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 00:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 05:24 - 2012-05-14 10:37 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-04-30 21:40 - 2012-06-14 00:58 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-14 00:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 00:20 - 2012-05-14 10:37 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-04-25 21:41 - 2012-06-14 00:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 00:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 00:58 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 14:32 - 2012-05-14 10:37 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-04-23 21:37 - 2012-06-14 00:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 00:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 00:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-14 00:58 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-14 00:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-14 00:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-14 00:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 10:56 - 2012-04-18 10:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 10:56 - 2012-04-18 10:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-16 21:31 - 2012-06-14 00:58 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-14 00:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 04:31 - 2012-06-14 00:58 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 00:58 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 18%
Total physical RAM: 3957.86 MB
Available physical RAM: 3237.45 MB
Total Pagefile: 3956.01 MB
Available Pagefile: 3227.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:452.56 GB) (Free:379.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.15 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online         1913 MB      0 B         
  Disk 2    No Media           0 B      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            452 GB   200 MB
  Partition 3    Primary             12 GB   452 GB
  Partition 4    Primary            103 MB   465 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Healthy            

==================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    452 GB  Healthy            

==================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   RECOVERY     NTFS   Partition     12 GB  Healthy            

==================================================================================

Disk: 0
Partition 4
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   HP_TOOLS     FAT32  Partition    103 MB  Healthy            

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1912 MB   252 KB

==================================================================================

Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                FAT    Removable   1912 MB  Healthy            

==================================================================================

==========================================================

Last Boot: 2012-06-29 04:15

======================= End Of Log ==========================
         

Alt 03.07.2012, 06:57   #10
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Auch sauber.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.07.2012, 12:36   #11
marilu
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9046a13582326541892daad5a4052caa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 11:32:25
# local_time=2012-07-03 01:32:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 4289968 4289968 0 0
# compatibility_mode=5893 16776574 100 94 326602 92940449 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=208084
# found=0
# cleaned=0
# scan_time=4545
         

Alt 03.07.2012, 15:02   #12
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Ändere mal deine Zugangspasswörter. Mit abc als Passwort kommt man heute nicht weit
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.07.2012, 15:18   #13
marilu
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



werd ich machen hatte bisher ein 9-stelliges passwort (6 buchstaben / 3 ziffern) ist das noch zu kurz bzw. zu unsicher?

heißt das im umkehrschluss, dass mein laptop sauber ist und nichts durch irgendwelche mails auf meinen rechner geladen wurde?

schon mal vielen dank für deine hilfe.

Alt 03.07.2012, 19:55   #14
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Sollte eigentlich reichen.

Ich seh da keine Malware aber behalte das mal im Auge und berichte. Ich halte das Thema noch ne Woche in den Abos
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.07.2012, 11:44   #15
Larusso
/// Selecta Jahrusso
 
spam-mails von hotmail-account verschickt --> trojaner? - Standard

spam-mails von hotmail-account verschickt --> trojaner?



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu spam-mails von hotmail-account verschickt --> trojaner?
adobe, antivir, application/pdf, application/pdf:, autorun, avira, bho, bingbar, bonjour, desktop, document, error, explorer, firefox, firefox 13.0.1, flash player, format, hackangriff, helper, home, hotmail, mail-account, mailadresse, microsoft fix it, mozilla, object, realtek, registry, scan, searchscopes, senden, software, tracker, trojaner, trojaner?, viele viren, windows



Ähnliche Themen: spam-mails von hotmail-account verschickt --> trojaner?


  1. E-mail: SPAM Mails von web.de Account verschickt
    Log-Analyse und Auswertung - 18.10.2015 (6)
  2. Hotmail-Account verschickt Spam an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (7)
  3. Hotmail Konto verschickt autmoatisch Spam Mails
    Log-Analyse und Auswertung - 27.05.2014 (13)
  4. GMX Account verschickt Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.02.2014 (11)
  5. Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte
    Log-Analyse und Auswertung - 29.04.2013 (13)
  6. Mein Account verschickt Spam-Mails....
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (7)
  7. Hotmail Account gehackt und verschickt automatisch Mails
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (22)
  8. GMX Account verschickt Spam-Mails
    Überwachung, Datenschutz und Spam - 10.08.2012 (102)
  9. Trojaner / Malware ? Mail Account hat Spam Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (30)
  10. E-Mail Account verschickt (SPAM) Mails
    Log-Analyse und Auswertung - 26.06.2012 (36)
  11. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  12. Hotmail-Account hat selbständig Spam verschickt (2xmal)
    Log-Analyse und Auswertung - 13.04.2012 (1)
  13. Freemail-Account verschickt ebenfalls Spam-mails
    Log-Analyse und Auswertung - 11.01.2012 (19)
  14. MSN - Hotmail verschickt von alleine Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (1)
  15. Hotmail verschickt automatisch Spam mails
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  16. Hotmail verschickt Spam-Mails
    Überwachung, Datenschutz und Spam - 16.08.2011 (1)
  17. Hotmail Account verschickt automatisch Spam Mails!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (7)

Zum Thema spam-mails von hotmail-account verschickt --> trojaner? - Liebes Forum, mit Schrecken musste ich heut morgen feststellen, dass von meinem Hotmail-Account Spam-Mails verschickt wurden; und zwar an mein gesamtes Adressbuch (inkl. an mich selbst). In dieser Mail war - spam-mails von hotmail-account verschickt --> trojaner?...
Archiv
Du betrachtest: spam-mails von hotmail-account verschickt --> trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.