Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: WEB.DE wird permanent innerhalb weniger Minuten gehackt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.07.2012, 21:55   #1
samoht0403
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



Hallo zusammen,

mein WEB.DE Account wird permanent innerhalb weniger Minuten gehackt. Danach bekomme ich immer "Mail Delivery" - Mails, weil der Empfänger unbekannt ist.

Weder Norton noch Avira haben etwas gefunden. Ich benutze mehrere Rechner, ich weiß nicht auf welchem Rechner das Problem liegt. iphone und ipad schließe ich mal als Quelle aus (oder ist das nicht gerechtfertigt?).

Ich fange jetzt mal mit dem ersten Rechner an:
Defogger läuft nicht durch:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:28 on 09/07/2012 (Sarah)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.07.2012 22:33:37 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,21% Memory free
8,00 Gb Paging File | 6,06 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 353,70 Gb Free Space | 75,96% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.09 22:33:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2012.06.23 15:43:12 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.06.21 12:35:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.09.01 11:38:56 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011.09.01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011.08.04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011.08.04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.05.26 07:05:01 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.01.15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.11.07 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.23 15:43:12 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.21 12:35:18 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.11.07 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.23 15:43:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.21 12:35:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011.09.01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.07 17:49:10 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.08.29 16:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.17 21:15:02 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.03.29 08:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.03.29 08:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012.03.29 00:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.03.29 00:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.03.29 00:28:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2012.03.29 00:06:26 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.29 16:44:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011.07.06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.26 10:57:00 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2008.09.26 10:56:00 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.09.26 10:56:00 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.09.26 10:55:00 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2007.05.03 09:11:46 | 000,244,736 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MRVW13C.sys -- (MRV6X64P)
DRV:64bit: - [2007.03.30 18:19:40 | 000,051,200 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2007.03.01 17:53:40 | 000,087,808 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2007.02.22 20:55:54 | 000,143,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.07.09 19:52:20 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120709.003\ex64.sys -- (NAVEX15)
DRV - [2012.07.09 19:52:20 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120709.003\eng64.sys -- (NAVENG)
DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.06.14 20:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120705.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.05.31 09:01:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.05.31 09:01:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=119998&babsrc=HP_ss&mntrId=781ddecc00000000000090e6ba46ac56
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 12 51 A9 BA AC CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101008155724\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=781ddecc00000000000090e6ba46ac56
IE - HKCU\..\SearchScopes\{27ED2856-4ABE-4918-B5E6-99D4E05FC34F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=119998&babsrc=adbartrp&mntrId=781ddecc00000000000090e6ba46ac56&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.20 13:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011.10.21 18:16:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012.05.18 08:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012.07.09 17:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 12:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 16:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.28 16:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 12:35:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 16:06:59 | 000,000,000 | ---D | M]
 
[2010.02.14 10:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2010.02.14 10:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.04 11:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\wqta5u4n.default\extensions
[2010.04.28 22:44:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\wqta5u4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.09 15:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.11 13:19:30 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQTA5U4N.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.06.21 12:35:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.21 12:35:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.28 15:15:21 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.21 12:35:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 12:35:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 12:35:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 12:35:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 12:35:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101008155724\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pampers Pregnancy Widget.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1450186B-CDAE-4EAC-A3FE-5E9968619C69}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59A2AF38-BDDB-464C-9686-EABB3234ED96}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c0034554-49ff-11df-a9ca-90e6ba46bc04}\Shell - "" = AutoRun
O33 - MountPoints2\{c0034554-49ff-11df-a9ca-90e6ba46bc04}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Sigel
[2012.07.04 19:37:23 | 000,374,272 | ---- | C] (Herd Software Entwicklung/ Ketteler Str. 35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) -- C:\Windows\SysWow64\Dav3_32.dll
[2012.07.04 19:37:23 | 000,143,360 | ---- | C] (Herd Software Entwicklung/ Ketteler Str.35/ D-68642 Bürstadt/ hxxp://www.herdsoft.com/ eMail:info@herdsoft.com/ Telefon:+49-6206-707775/ Telefax:+49-6206-707776) -- C:\Windows\SysWow64\leon3_32.dll
[2012.07.04 19:37:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sigel
[2012.07.04 19:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigel
[2012.07.04 19:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigel
[2012.06.25 10:53:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.06.23 21:30:06 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Macromedia
[2012.06.22 12:01:35 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\My Curse
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.09 22:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.09 22:27:49 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2012.07.09 22:27:08 | 000,050,477 | ---- | M] () -- C:\Users\Sarah\Desktop\Defogger.exe
[2012.07.09 17:39:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 17:39:32 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 17:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 17:31:59 | 3220,471,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.08 19:24:57 | 000,000,600 | ---- | M] () -- C:\Users\Sarah\AppData\Local\PUTTY.RND
[2012.07.04 19:37:56 | 000,016,386 | ---- | M] () -- C:\Windows\SysWow64\sigas207.dll
[2012.07.04 19:37:23 | 000,001,142 | ---- | M] () -- C:\Users\Sarah\Desktop\GastroDesigner plus Demo.lnk
[2012.06.26 12:56:24 | 000,181,982 | ---- | M] () -- C:\Users\Sarah\Desktop\Ligamannschaft.jpg
[2012.06.25 10:53:07 | 000,000,318 | ---- | M] () -- C:\Users\Sarah\Desktop\Curse Client.appref-ms
[2012.06.24 20:12:29 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2012.06.24 20:12:29 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
[2012.06.24 20:12:26 | 000,328,526 | ---- | M] () -- C:\Users\Sarah\Desktop\illusion-clean-style-2990.jpg
[2012.06.22 23:01:15 | 000,001,469 | ---- | M] () -- C:\Users\Sarah\Desktop\flagge-griechenland.gif
[2012.06.14 13:10:53 | 000,380,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 23:14:53 | 001,533,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 23:14:53 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 23:14:53 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 23:14:53 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 23:14:53 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 16:22:55 | 000,026,063 | ---- | M] () -- C:\Users\Sarah\Desktop\Party1.jpg
[2012.06.13 16:19:07 | 000,047,710 | ---- | M] () -- C:\Users\Sarah\Desktop\party.gif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 22:27:49 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2012.07.09 22:27:05 | 000,050,477 | ---- | C] () -- C:\Users\Sarah\Desktop\Defogger.exe
[2012.07.04 19:37:56 | 000,016,386 | ---- | C] () -- C:\Windows\SysWow64\sigas207.dll
[2012.07.04 19:37:23 | 000,001,142 | ---- | C] () -- C:\Users\Sarah\Desktop\GastroDesigner plus Demo.lnk
[2012.06.26 12:56:23 | 000,181,982 | ---- | C] () -- C:\Users\Sarah\Desktop\Ligamannschaft.jpg
[2012.06.25 10:53:07 | 000,000,318 | ---- | C] () -- C:\Users\Sarah\Desktop\Curse Client.appref-ms
[2012.06.24 20:12:25 | 000,328,526 | ---- | C] () -- C:\Users\Sarah\Desktop\illusion-clean-style-2990.jpg
[2012.06.22 23:01:14 | 000,001,469 | ---- | C] () -- C:\Users\Sarah\Desktop\flagge-griechenland.gif
[2012.06.13 16:22:55 | 000,026,063 | ---- | C] () -- C:\Users\Sarah\Desktop\Party1.jpg
[2012.06.13 16:19:06 | 000,047,710 | ---- | C] () -- C:\Users\Sarah\Desktop\party.gif
[2012.02.23 22:11:27 | 000,003,584 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.21 18:16:19 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.10.11 19:36:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\Chkv3_32.dll
[2011.08.24 09:51:34 | 000,001,099 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\ShiftN.ini
[2011.08.18 20:18:13 | 000,049,873 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\UserTile.png
[2011.06.15 20:23:50 | 000,001,940 | ---- | C] () -- C:\Users\Sarah\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.02.10 18:34:51 | 000,000,600 | ---- | C] () -- C:\Users\Sarah\AppData\Local\PUTTY.RND
[2010.02.13 17:44:18 | 000,000,760 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\setup_ldm.iss
 
========== LOP Check ==========
 
[2012.02.28 15:15:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
[2010.12.12 20:50:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\becker
[2012.04.06 11:05:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Canon
[2010.11.22 22:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\CD-LabelPrint
[2012.07.09 18:23:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox
[2011.12.02 23:42:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Foxit Software
[2010.02.26 12:48:21 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ
[2010.02.13 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2011.08.20 13:41:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\MAGIX
[2012.07.04 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Sigel
[2010.02.14 10:22:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird
[2011.08.20 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Tific
[2010.04.18 19:00:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TS3Client
[2012.05.16 19:22:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---


OTL Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.07.2012 22:33:37 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,21% Memory free
8,00 Gb Paging File | 6,06 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 353,70 Gb Free Space | 75,96% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0047CEB0-4F64-4A4F-AF99-1248FEC0618C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{08BC8460-8245-433F-8945-77EDFE3953E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{12094905-386E-4032-82F4-02E21E8C0A7A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{177F7C08-9081-4164-9218-A91E0BA39960}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1EF5B9B4-9248-4FF5-93F7-32D060EBC6B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2FD3E88F-88FC-4751-87E2-FDD24EA6F318}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5075AAEF-C1FB-4BD6-B7DB-830DE6046F95}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{5348F6A2-0B82-4728-B7B4-9B9AB8D44760}" = lport=138 | protocol=17 | dir=in | app=system | 
"{573898C8-D276-4886-8BD3-1689ED45ABCE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7ABA3BD7-EBF2-4417-930A-0F0646FAAD76}" = rport=137 | protocol=17 | dir=out | app=system | 
"{859F58A8-1EA1-4512-8C04-2A3B2900E27D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85E65165-90CB-487B-9592-4B61EDAF43B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A1EE3A6-7362-4C2A-8709-D12BD87B4CE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93907D6B-2B4D-4FD6-8097-9E3C2270D24C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A921E1E2-EBFD-425D-8993-F652DC42CA4B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AD2ED41B-0C68-457B-8010-180AB1FE5125}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7493B30-9564-48EF-AE81-8DE6157CB9A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B74B3A7D-0765-4BB2-B6C3-9E9B47030277}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BBBFDEC8-6649-484E-BE35-D4CE921A1CF2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D05C191E-E675-4B2C-A373-175B64F750C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D0FBEF15-DEC5-4E71-9E6B-A5034D403843}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D58C7CD3-5BDE-44EE-B18D-3A15A70BEB40}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{E6FE34E3-D042-4464-9433-5CA884BC1E1A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F6DBEAC6-F5EA-45AC-B365-6CA845C90978}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F775EF-0516-4921-81FE-B9325A523A92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0F745980-7830-45C0-83C9-853608AAAFF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{109B6929-D2A0-4B5E-8A4A-DD813F28D630}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1BD85400-6091-4593-93FF-528C9677529A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2AE8CBD8-F927-4E24-B93E-A195111DCAE2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35564C65-164B-48FF-AFE3-178352A654D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3571AD4A-6A3E-4355-92E3-998F6EA87684}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A7E6770-985A-48E9-93C9-DBEFAFFC4998}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5B38B02F-0B1C-487C-A3B7-B3FE0F8F1D38}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5D10DD0F-53F0-47C6-8792-E0D279C4BFFA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6D657D7A-DD03-4F05-95BE-EAF8173760DF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6DB6C977-8CE6-4D24-BB3F-B29EDF353EF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{72C73EA0-63EC-47C2-B415-7AB3C1771237}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{74CAEDB6-2877-4849-9E4F-4E7440367D16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A2FD5F2-CAD7-412E-938A-275AE2FBDDB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{89BFB2BB-6B18-42BD-9683-F9BDC2C2BEE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F8D25BF-B3A5-4B34-ABA1-1D2B2232E1B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{97F9A01B-0CBE-47DF-A1D7-A3AE42660618}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AF6A08A7-EE13-4643-8D65-BEDD8B150D62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B5BB01CA-9A77-49C3-A199-20DEC6B38ADC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C39C45B7-D834-4BC5-BF40-DD658FFC564F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1FB03EA-CD35-4A87-A5E3-39BC7ED7B9ED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FBC5E64F-5CE2-4BF2-9F1A-E556F6A93808}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{310E4313-30C4-46B1-8AE2-D82D862ED365}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
"TCP Query User{3A5241E3-3629-4600-91CF-E9720BA073D2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{5B22217E-5685-472C-B060-E7B463D591D3}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{81DD50C9-DEC8-4364-8046-CF75FE372554}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"TCP Query User{BA75F9A6-258A-4807-B21C-C15B9C9AA6AA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{0A00A625-4B5F-4147-8731-963A02CD0A40}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"UDP Query User{3FDCD0CA-6EE1-44FF-BAF8-2AA2C2028488}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{73C0EB54-90B4-4FC2-864B-D96346730230}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
"UDP Query User{930B6CF3-396B-4FC2-952E-CD837733D278}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{BA07511A-E4BA-49C5-B936-A398D4B74BC2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{39AD21D1-93E3-4E10-9635-DFDD2EDB5BA3}" = MAGIX Screenshare
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{516C52F1-F593-49C2-BA32-7CA91009F300}" = MAGIX Foto & Grafik Designer 7
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f392fd7e-fb7d-4b2b-8876-3c2c3a49aeaf}" = Nero 9
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"Browser Defender_is1" = Browser Defender 3.0
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Content Manager 2" = Content Manager 2
"Digital Editions" = Adobe Digital Editions
"dlancockpit" = devolo dLAN Cockpit
"dm-Fotowelt" = dm-Fotowelt
"Dungeon Keeper II" = Dungeon Keeper 2
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Foxit Reader_is1" = Foxit Reader 5.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"MAGIX_MSI_Foto_Grafik_Designer_7" = MAGIX Foto & Grafik Designer 7
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"N360" = Norton 360
"OnlineFotoservice" = OnlineFotoservice
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Sigel GastroDesigner plus Demo" = Sigel GastroDesigner plus Demo
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
"FoxTab Video Converter" = FoxTab Video Converter
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2011 04:27:05 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.11.2011 04:00:56 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 21.11.2011 04:01:10 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 21.11.2011 04:01:11 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 22.11.2011 03:45:23 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 22.11.2011 03:45:37 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22.11.2011 03:45:37 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 23.11.2011 02:26:05 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 23.11.2011 02:26:24 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 23.11.2011 02:26:25 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ OSession Events ]
Error - 18.03.2012 06:34:15 | Computer Name = Sarah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.07.2012 04:29:02 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 05.07.2012 04:30:04 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 06.07.2012 01:23:44 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 06.07.2012 01:24:46 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 06.07.2012 04:43:52 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 06.07.2012 04:44:54 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 08.07.2012 05:05:25 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 08.07.2012 05:06:27 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 09.07.2012 11:32:23 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Bluetooth Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 09.07.2012 11:33:24 | Computer Name = Sarah-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---


Vorab schon mal herzlichen Dank

Alt 10.07.2012, 10:40   #2
markusg
/// Malware-holic
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 10.07.2012, 11:04   #3
samoht0403
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



Hallo, vielen Dank für die prompte Antwort.
Habe gerade noch Malwarebytes Anti Malware laufen lassen und folgendes erhalten:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

10.07.2012 11:37:58
mbam-log-2012-07-10 (11-37-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207969
Laufzeit: 2 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Sarah\Downloads\SoftonicDownloader_fuer_free-m4a-to-mp3-converter.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\Downloads\VideoConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sarah\Downloads\VideoToMp3Setup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Werde jetzt aber direkt Combofix starten wie du mir enpfohlen hast. Vielen Dank für deine prompte Hilfe. Ich poste die Logfile sobald Combofix fertig ist!

So hier nun der Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-10.01 - Sarah 10.07.2012  12:34:25.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2695 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-10 bis 2012-07-10  ))))))))))))))))))))))))))))))
.
.
2012-07-10 09:37 . 2012-07-10 09:37	--------	d-----w-	c:\users\Sarah\AppData\Roaming\Malwarebytes
2012-07-10 09:36 . 2012-07-10 09:37	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-10 09:36 . 2012-07-10 09:36	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-10 09:36 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-04 17:37 . 2012-07-04 17:37	16386	----a-w-	c:\windows\SysWow64\sigas207.dll
2012-07-04 17:37 . 2012-07-04 17:37	--------	d-----w-	c:\users\Sarah\AppData\Roaming\Sigel
2012-07-04 17:37 . 2003-06-25 09:17	374272	----a-w-	c:\windows\SysWow64\Dav3_32.dll
2012-07-04 17:37 . 2003-06-24 11:35	143360	----a-w-	c:\windows\SysWow64\leon3_32.dll
2012-07-04 17:37 . 2012-07-04 17:37	--------	d-----w-	c:\program files (x86)\Sigel
2012-06-24 14:58 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-24 14:58 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-24 14:58 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-24 14:58 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-24 14:57 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-24 14:57 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-24 14:57 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-24 14:57 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-24 14:57 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-23 19:30 . 2012-06-23 19:30	--------	d-----w-	c:\users\Sarah\AppData\Local\Macromedia
2012-06-21 10:35 . 2012-06-21 10:35	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 10:35 . 2012-06-21 10:35	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 05:29 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 05:29 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 05:29 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 05:29 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-13 05:29 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-13 05:29 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:43 . 2012-05-24 11:05	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 13:43 . 2011-07-13 05:43	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Update 3400C"="c:\sj652\hpupdate.exe" [2002-02-01 32768]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-26 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-09-01 247760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-14 0]
Dropbox.lnk - c:\users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Pampers Pregnancy Widget.lnk - c:\users\Sarah\AppData\Local\Temp\Temp1_PGPregnancyWidget_Win_de_DE.zip\PampersPregnancyWidget.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-13 1200144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys [2007-05-03 244736]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-09-01 337872]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 236544]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=119998&babsrc=HP_ss&mntrId=781ddecc00000000000090e6ba46ac56
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\wqta5u4n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=119998&babsrc=adbartrp&mntrId=781ddecc00000000000090e6ba46ac56&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119998
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 781ddecc00000000000090e6ba46ac56
FF - user.js: extensions.BabylonToolbar_i.hardId - 781ddecc00000000000090e6ba46ac56
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15398
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Dungeon Keeper II - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-10  12:48:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-10 10:48
.
Vor Suchlauf: 11 Verzeichnis(se), 384.193.937.408 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 384.121.044.992 Bytes frei
.
- - End Of File - - 19E5EF89D9BC7B90F6310AE993D11D07
         
--- --- ---
__________________

Alt 12.07.2012, 17:56   #4
markusg
/// Malware-holic
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.07.2012, 13:16   #5
samoht0403
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



Hallo, hier der Log:

Code:
ATTFilter
14:10:41.0836 1380	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
14:10:42.0846 1380	============================================================
14:10:42.0846 1380	Current date / time: 2012/07/13 14:10:42.0846
14:10:42.0846 1380	SystemInfo:
14:10:42.0846 1380	
14:10:42.0846 1380	OS Version: 6.1.7601 ServicePack: 1.0
14:10:42.0846 1380	Product type: Workstation
14:10:42.0847 1380	ComputerName: SARAH-PC
14:10:42.0847 1380	UserName: Sarah
14:10:42.0847 1380	Windows directory: C:\Windows
14:10:42.0847 1380	System windows directory: C:\Windows
14:10:42.0847 1380	Running under WOW64
14:10:42.0847 1380	Processor architecture: Intel x64
14:10:42.0847 1380	Number of processors: 2
14:10:42.0847 1380	Page size: 0x1000
14:10:42.0847 1380	Boot type: Normal boot
14:10:42.0847 1380	============================================================
14:10:44.0180 1380	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:10:44.0305 1380	============================================================
14:10:44.0305 1380	\Device\Harddisk0\DR0:
14:10:44.0305 1380	MBR partitions:
14:10:44.0305 1380	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:10:44.0305 1380	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
14:10:44.0305 1380	============================================================
14:10:44.0338 1380	C: <-> \Device\Harddisk0\DR0\Partition1
14:10:44.0338 1380	============================================================
14:10:44.0338 1380	Initialize success
14:10:44.0338 1380	============================================================
14:11:16.0403 2124	============================================================
14:11:16.0403 2124	Scan started
14:11:16.0403 2124	Mode: Manual; SigCheck; TDLFS; 
14:11:16.0403 2124	============================================================
14:11:17.0021 2124	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:11:17.0136 2124	1394ohci - ok
14:11:17.0190 2124	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:11:17.0206 2124	ACPI - ok
14:11:17.0237 2124	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:11:17.0291 2124	AcpiPmi - ok
14:11:17.0425 2124	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:17.0436 2124	AdobeFlashPlayerUpdateSvc - ok
14:11:17.0510 2124	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:11:17.0530 2124	adp94xx - ok
14:11:17.0562 2124	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:11:17.0579 2124	adpahci - ok
14:11:17.0605 2124	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:11:17.0619 2124	adpu320 - ok
14:11:17.0648 2124	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:11:17.0766 2124	AeLookupSvc - ok
14:11:17.0880 2124	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:11:17.0937 2124	AFD - ok
14:11:17.0974 2124	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:11:17.0986 2124	agp440 - ok
14:11:18.0013 2124	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:11:18.0080 2124	ALG - ok
14:11:18.0102 2124	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:11:18.0114 2124	aliide - ok
14:11:18.0130 2124	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:11:18.0141 2124	amdide - ok
14:11:18.0168 2124	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:11:18.0238 2124	AmdK8 - ok
14:11:18.0258 2124	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:11:18.0304 2124	AmdPPM - ok
14:11:18.0338 2124	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:11:18.0351 2124	amdsata - ok
14:11:18.0370 2124	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:11:18.0384 2124	amdsbs - ok
14:11:18.0396 2124	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:11:18.0407 2124	amdxata - ok
14:11:18.0452 2124	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:11:18.0578 2124	AppID - ok
14:11:18.0602 2124	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:11:18.0655 2124	AppIDSvc - ok
14:11:18.0712 2124	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:11:18.0764 2124	Appinfo - ok
14:11:18.0904 2124	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:11:18.0914 2124	Apple Mobile Device - ok
14:11:18.0964 2124	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:11:18.0977 2124	arc - ok
14:11:18.0996 2124	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:11:19.0008 2124	arcsas - ok
14:11:19.0038 2124	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:19.0096 2124	AsyncMac - ok
14:11:19.0134 2124	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:11:19.0144 2124	atapi - ok
14:11:19.0215 2124	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:19.0281 2124	AudioEndpointBuilder - ok
14:11:19.0288 2124	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:11:19.0323 2124	AudioSrv - ok
14:11:19.0377 2124	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:11:19.0440 2124	AxInstSV - ok
14:11:19.0500 2124	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:11:19.0572 2124	b06bdrv - ok
14:11:19.0623 2124	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:11:19.0679 2124	b57nd60a - ok
14:11:19.0717 2124	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:11:19.0766 2124	BDESVC - ok
14:11:19.0776 2124	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:11:19.0834 2124	Beep - ok
14:11:19.0913 2124	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:11:19.0961 2124	BFE - ok
14:11:20.0182 2124	BHDrvx64        (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
14:11:20.0223 2124	BHDrvx64 - ok
14:11:20.0343 2124	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:11:20.0410 2124	BITS - ok
14:11:20.0461 2124	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:11:20.0485 2124	blbdrive - ok
14:11:20.0615 2124	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:11:20.0629 2124	Bonjour Service - ok
14:11:20.0669 2124	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:11:20.0721 2124	bowser - ok
14:11:20.0742 2124	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:11:20.0832 2124	BrFiltLo - ok
14:11:20.0843 2124	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:11:20.0857 2124	BrFiltUp - ok
14:11:20.0898 2124	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:11:20.0942 2124	BridgeMP - ok
14:11:20.0985 2124	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:11:21.0016 2124	Browser - ok
14:11:21.0117 2124	Browser Defender Update Service (c6b40dbc558a6cec5832c34a1854aa2a) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
14:11:21.0130 2124	Browser Defender Update Service - ok
14:11:21.0159 2124	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:11:21.0232 2124	Brserid - ok
14:11:21.0251 2124	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:11:21.0284 2124	BrSerWdm - ok
14:11:21.0305 2124	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:11:21.0345 2124	BrUsbMdm - ok
14:11:21.0367 2124	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:11:21.0398 2124	BrUsbSer - ok
14:11:21.0420 2124	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:11:21.0453 2124	BTHMODEM - ok
14:11:21.0552 2124	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:11:21.0630 2124	BTHPORT - ok
14:11:21.0656 2124	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:11:21.0702 2124	bthserv - ok
14:11:21.0728 2124	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:11:21.0756 2124	BTHUSB - ok
14:11:21.0783 2124	catchme - ok
14:11:21.0830 2124	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:11:21.0876 2124	cdfs - ok
14:11:21.0939 2124	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:11:21.0953 2124	cdrom - ok
14:11:21.0998 2124	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:22.0047 2124	CertPropSvc - ok
14:11:22.0078 2124	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:11:22.0092 2124	circlass - ok
14:11:22.0132 2124	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:11:22.0148 2124	CLFS - ok
14:11:22.0205 2124	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:22.0217 2124	clr_optimization_v2.0.50727_32 - ok
14:11:22.0255 2124	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:11:22.0266 2124	clr_optimization_v2.0.50727_64 - ok
14:11:22.0336 2124	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:22.0348 2124	clr_optimization_v4.0.30319_32 - ok
14:11:22.0391 2124	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:11:22.0402 2124	clr_optimization_v4.0.30319_64 - ok
14:11:22.0435 2124	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:22.0466 2124	CmBatt - ok
14:11:22.0512 2124	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:11:22.0524 2124	cmdide - ok
14:11:22.0577 2124	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:11:22.0601 2124	CNG - ok
14:11:22.0620 2124	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:11:22.0632 2124	Compbatt - ok
14:11:22.0665 2124	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:11:22.0703 2124	CompositeBus - ok
14:11:22.0725 2124	COMSysApp - ok
14:11:22.0746 2124	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:11:22.0757 2124	crcdisk - ok
14:11:22.0802 2124	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:11:22.0850 2124	CryptSvc - ok
14:11:22.0929 2124	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:22.0983 2124	DcomLaunch - ok
14:11:23.0036 2124	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:11:23.0084 2124	defragsvc - ok
14:11:23.0284 2124	DevoloNetworkService (d2600494c45b98adfdae290205ad7cd3) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
14:11:23.0327 2124	DevoloNetworkService - ok
14:11:23.0458 2124	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:11:23.0509 2124	DfsC - ok
14:11:23.0597 2124	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:11:23.0650 2124	Dhcp - ok
14:11:23.0680 2124	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:11:23.0730 2124	discache - ok
14:11:23.0772 2124	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:11:23.0784 2124	Disk - ok
14:11:23.0824 2124	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:11:23.0890 2124	Dnscache - ok
14:11:23.0928 2124	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:11:23.0978 2124	dot3svc - ok
14:11:24.0019 2124	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:11:24.0066 2124	DPS - ok
14:11:24.0099 2124	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:11:24.0130 2124	drmkaud - ok
14:11:24.0203 2124	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:11:24.0230 2124	DXGKrnl - ok
14:11:24.0262 2124	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:11:24.0311 2124	EapHost - ok
14:11:24.0491 2124	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:11:24.0568 2124	ebdrv - ok
14:11:24.0694 2124	eeCtrl          (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:11:24.0710 2124	eeCtrl - ok
14:11:24.0815 2124	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:11:24.0866 2124	EFS - ok
14:11:24.0956 2124	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:11:24.0992 2124	ehRecvr - ok
14:11:25.0022 2124	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:11:25.0075 2124	ehSched - ok
14:11:25.0167 2124	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:11:25.0187 2124	elxstor - ok
14:11:25.0277 2124	EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:11:25.0288 2124	EraserUtilRebootDrv - ok
14:11:25.0321 2124	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:11:25.0357 2124	ErrDev - ok
14:11:25.0426 2124	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:11:25.0460 2124	EventSystem - ok
14:11:25.0503 2124	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:11:25.0550 2124	exfat - ok
14:11:25.0586 2124	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:11:25.0638 2124	fastfat - ok
14:11:25.0721 2124	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:11:25.0782 2124	Fax - ok
14:11:25.0915 2124	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:11:25.0936 2124	fdc - ok
14:11:26.0092 2124	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:11:26.0141 2124	fdPHost - ok
14:11:26.0159 2124	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:11:26.0211 2124	FDResPub - ok
14:11:26.0236 2124	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:11:26.0247 2124	FileInfo - ok
14:11:26.0260 2124	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:11:26.0310 2124	Filetrace - ok
14:11:26.0315 2124	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:26.0357 2124	flpydisk - ok
14:11:26.0417 2124	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:11:26.0432 2124	FltMgr - ok
14:11:26.0510 2124	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:11:26.0588 2124	FontCache - ok
14:11:26.0679 2124	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:11:26.0689 2124	FontCache3.0.0.0 - ok
14:11:26.0743 2124	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:11:26.0755 2124	FsDepends - ok
14:11:26.0780 2124	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:11:26.0791 2124	Fs_Rec - ok
14:11:26.0849 2124	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:11:26.0866 2124	fvevol - ok
14:11:26.0891 2124	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:11:26.0905 2124	gagp30kx - ok
14:11:26.0953 2124	GEARAspiWDM     (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:11:26.0964 2124	GEARAspiWDM - ok
14:11:27.0032 2124	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:11:27.0084 2124	gpsvc - ok
14:11:27.0218 2124	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:11:27.0230 2124	gusvc - ok
14:11:27.0252 2124	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:11:27.0296 2124	hcw85cir - ok
14:11:27.0361 2124	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:11:27.0402 2124	HdAudAddService - ok
14:11:27.0444 2124	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:11:27.0480 2124	HDAudBus - ok
14:11:27.0497 2124	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:11:27.0530 2124	HidBatt - ok
14:11:27.0569 2124	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:11:27.0603 2124	HidBth - ok
14:11:27.0628 2124	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:11:27.0676 2124	HidIr - ok
14:11:27.0709 2124	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:11:27.0757 2124	hidserv - ok
14:11:27.0809 2124	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:11:27.0821 2124	HidUsb - ok
14:11:27.0854 2124	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:11:27.0909 2124	hkmsvc - ok
14:11:27.0956 2124	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:11:28.0018 2124	HomeGroupListener - ok
14:11:28.0052 2124	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:11:28.0086 2124	HomeGroupProvider - ok
14:11:28.0136 2124	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:11:28.0148 2124	HpSAMD - ok
14:11:28.0217 2124	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:11:28.0275 2124	HTTP - ok
14:11:28.0302 2124	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:11:28.0313 2124	hwpolicy - ok
14:11:28.0331 2124	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:11:28.0344 2124	i8042prt - ok
14:11:28.0375 2124	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:11:28.0393 2124	iaStorV - ok
14:11:28.0466 2124	ICQ Service     (848edebb3c1d6fec50e09eda95c21e84) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
14:11:28.0477 2124	ICQ Service - ok
14:11:28.0624 2124	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:11:28.0648 2124	idsvc - ok
14:11:28.0821 2124	IDSVia64        (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120712.001\IDSvia64.sys
14:11:28.0837 2124	IDSVia64 - ok
14:11:28.0946 2124	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:11:28.0958 2124	iirsp - ok
14:11:29.0029 2124	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:11:29.0088 2124	IKEEXT - ok
14:11:29.0127 2124	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:11:29.0138 2124	intelide - ok
14:11:29.0164 2124	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:11:29.0192 2124	intelppm - ok
14:11:29.0232 2124	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:11:29.0281 2124	IPBusEnum - ok
14:11:29.0320 2124	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:29.0373 2124	IpFilterDriver - ok
14:11:29.0429 2124	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:11:29.0485 2124	iphlpsvc - ok
14:11:29.0512 2124	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:11:29.0526 2124	IPMIDRV - ok
14:11:29.0579 2124	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:11:29.0627 2124	IPNAT - ok
14:11:29.0779 2124	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:11:29.0798 2124	iPod Service - ok
14:11:29.0825 2124	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:11:29.0896 2124	IRENUM - ok
14:11:29.0921 2124	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:11:29.0933 2124	isapnp - ok
14:11:29.0976 2124	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:11:29.0991 2124	iScsiPrt - ok
14:11:30.0014 2124	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:30.0026 2124	kbdclass - ok
14:11:30.0050 2124	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:30.0078 2124	kbdhid - ok
14:11:30.0111 2124	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:30.0123 2124	KeyIso - ok
14:11:30.0154 2124	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:11:30.0166 2124	KSecDD - ok
14:11:30.0199 2124	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:11:30.0213 2124	KSecPkg - ok
14:11:30.0232 2124	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:11:30.0282 2124	ksthunk - ok
14:11:30.0329 2124	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:11:30.0386 2124	KtmRm - ok
14:11:30.0420 2124	L8042Kbd        (3fb80db5ec01b6153572d27438fbea20) C:\Windows\system32\DRIVERS\L8042Kbd.sys
14:11:30.0430 2124	L8042Kbd - ok
14:11:30.0476 2124	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:11:30.0529 2124	LanmanServer - ok
14:11:30.0572 2124	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:11:30.0618 2124	LanmanWorkstation - ok
14:11:30.0697 2124	LBTServ         (3f98db70009e420c332f48891de39fba) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
14:11:30.0708 2124	LBTServ - ok
14:11:30.0730 2124	LHidFilt        (b45686101f9473b52d7a501c544dda5d) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:11:30.0739 2124	LHidFilt - ok
14:11:30.0792 2124	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:11:30.0846 2124	lltdio - ok
14:11:30.0892 2124	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:11:30.0941 2124	lltdsvc - ok
14:11:30.0963 2124	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:11:30.0993 2124	lmhosts - ok
14:11:30.0998 2124	LMouFilt        (9980bb086248ca45772eff2559aa62d3) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:11:31.0008 2124	LMouFilt - ok
14:11:31.0035 2124	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:11:31.0047 2124	LSI_FC - ok
14:11:31.0072 2124	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:11:31.0084 2124	LSI_SAS - ok
14:11:31.0217 2124	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:11:31.0228 2124	LSI_SAS2 - ok
14:11:31.0251 2124	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:11:31.0264 2124	LSI_SCSI - ok
14:11:31.0283 2124	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:11:31.0330 2124	luafv - ok
14:11:31.0366 2124	LUsbFilt        (a1eb1db073972c7ce252daa3456bbbe7) C:\Windows\system32\Drivers\LUsbFilt.Sys
14:11:31.0375 2124	LUsbFilt - ok
14:11:31.0441 2124	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:11:31.0451 2124	MBAMProtector - ok
14:11:31.0594 2124	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:11:31.0610 2124	MBAMService - ok
14:11:31.0639 2124	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:11:31.0670 2124	Mcx2Svc - ok
14:11:31.0694 2124	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:11:31.0705 2124	megasas - ok
14:11:31.0735 2124	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:11:31.0751 2124	MegaSR - ok
14:11:31.0789 2124	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:31.0837 2124	MMCSS - ok
14:11:31.0855 2124	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:11:31.0903 2124	Modem - ok
14:11:31.0960 2124	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:11:31.0994 2124	monitor - ok
14:11:32.0049 2124	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:11:32.0061 2124	mouclass - ok
14:11:32.0080 2124	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:11:32.0109 2124	mouhid - ok
14:11:32.0154 2124	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:11:32.0166 2124	mountmgr - ok
14:11:32.0245 2124	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:11:32.0256 2124	MozillaMaintenance - ok
14:11:32.0277 2124	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:11:32.0291 2124	mpio - ok
14:11:32.0305 2124	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:11:32.0351 2124	mpsdrv - ok
14:11:32.0417 2124	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:11:32.0478 2124	MpsSvc - ok
14:11:32.0537 2124	MRV6X64P        (bb56a50c1b9b352b3fc52a0e2931572a) C:\Windows\system32\DRIVERS\MRVW13C.sys
14:11:32.0591 2124	MRV6X64P - ok
14:11:32.0652 2124	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:11:32.0682 2124	MRxDAV - ok
14:11:32.0715 2124	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:32.0763 2124	mrxsmb - ok
14:11:32.0813 2124	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:32.0840 2124	mrxsmb10 - ok
14:11:32.0891 2124	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:32.0903 2124	mrxsmb20 - ok
14:11:32.0929 2124	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:11:32.0939 2124	msahci - ok
14:11:32.0980 2124	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:11:32.0994 2124	msdsm - ok
14:11:33.0018 2124	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:11:33.0033 2124	MSDTC - ok
14:11:33.0061 2124	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:11:33.0091 2124	Msfs - ok
14:11:33.0116 2124	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:11:33.0159 2124	mshidkmdf - ok
14:11:33.0184 2124	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:11:33.0195 2124	msisadrv - ok
14:11:33.0225 2124	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:11:33.0257 2124	MSiSCSI - ok
14:11:33.0260 2124	msiserver - ok
14:11:33.0278 2124	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:11:33.0329 2124	MSKSSRV - ok
14:11:33.0355 2124	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:33.0402 2124	MSPCLOCK - ok
14:11:33.0416 2124	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:11:33.0466 2124	MSPQM - ok
14:11:33.0510 2124	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:11:33.0527 2124	MsRPC - ok
14:11:33.0553 2124	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:11:33.0564 2124	mssmbios - ok
14:11:33.0575 2124	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:11:33.0617 2124	MSTEE - ok
14:11:33.0637 2124	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:11:33.0649 2124	MTConfig - ok
14:11:33.0690 2124	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
14:11:33.0738 2124	MTsensor - ok
14:11:33.0750 2124	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:11:33.0762 2124	Mup - ok
14:11:33.0898 2124	N360            (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
14:11:33.0908 2124	N360 - ok
14:11:33.0953 2124	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:11:34.0005 2124	napagent - ok
14:11:34.0110 2124	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:11:34.0145 2124	NativeWifiP - ok
14:11:34.0280 2124	NAVENG          (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120712.034\ENG64.SYS
14:11:34.0289 2124	NAVENG - ok
14:11:34.0413 2124	NAVEX15         (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120712.034\EX64.SYS
14:11:34.0447 2124	NAVEX15 - ok
14:11:34.0661 2124	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:11:34.0688 2124	NDIS - ok
14:11:34.0714 2124	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:11:34.0760 2124	NdisCap - ok
14:11:34.0792 2124	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:34.0842 2124	NdisTapi - ok
14:11:34.0879 2124	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:34.0923 2124	Ndisuio - ok
14:11:34.0957 2124	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:35.0010 2124	NdisWan - ok
14:11:35.0028 2124	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:11:35.0078 2124	NDProxy - ok
14:11:35.0226 2124	Nero BackItUp Scheduler 4.0 (27fe4b70c12a2c67a58d799b9a4e8d81) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:11:35.0249 2124	Nero BackItUp Scheduler 4.0 - ok
14:11:35.0278 2124	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:11:35.0331 2124	NetBIOS - ok
14:11:35.0374 2124	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:11:35.0405 2124	NetBT - ok
14:11:35.0433 2124	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:35.0445 2124	Netlogon - ok
14:11:35.0487 2124	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:11:35.0540 2124	Netman - ok
14:11:35.0596 2124	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:11:35.0657 2124	netprofm - ok
14:11:35.0759 2124	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:11:35.0770 2124	NetTcpPortSharing - ok
14:11:35.0815 2124	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:11:35.0826 2124	nfrd960 - ok
14:11:35.0882 2124	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:11:35.0930 2124	NlaSvc - ok
14:11:35.0951 2124	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:11:35.0980 2124	Npfs - ok
14:11:36.0124 2124	NPF_devolo      (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
14:11:36.0133 2124	NPF_devolo - ok
14:11:36.0153 2124	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:11:36.0207 2124	nsi - ok
14:11:36.0251 2124	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:11:36.0320 2124	nsiproxy - ok
14:11:36.0423 2124	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:11:36.0461 2124	Ntfs - ok
14:11:36.0592 2124	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:11:36.0622 2124	Null - ok
14:11:37.0165 2124	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:11:37.0388 2124	nvlddmkm - ok
14:11:37.0531 2124	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:11:37.0545 2124	nvraid - ok
14:11:37.0571 2124	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:11:37.0586 2124	nvstor - ok
14:11:37.0623 2124	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:11:37.0636 2124	nv_agp - ok
14:11:37.0739 2124	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:11:37.0755 2124	odserv - ok
14:11:37.0783 2124	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:11:37.0813 2124	ohci1394 - ok
14:11:37.0853 2124	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:37.0864 2124	ose - ok
14:11:37.0903 2124	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:37.0958 2124	p2pimsvc - ok
14:11:37.0998 2124	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:11:38.0015 2124	p2psvc - ok
14:11:38.0035 2124	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:11:38.0048 2124	Parport - ok
14:11:38.0081 2124	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:11:38.0092 2124	partmgr - ok
14:11:38.0117 2124	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:11:38.0157 2124	PcaSvc - ok
14:11:38.0209 2124	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:11:38.0222 2124	pci - ok
14:11:38.0235 2124	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:11:38.0246 2124	pciide - ok
14:11:38.0272 2124	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:11:38.0286 2124	pcmcia - ok
14:11:38.0304 2124	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:11:38.0316 2124	pcw - ok
14:11:38.0363 2124	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:11:38.0422 2124	PEAUTH - ok
14:11:38.0495 2124	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:11:38.0530 2124	PerfHost - ok
14:11:38.0630 2124	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:11:38.0695 2124	pla - ok
14:11:38.0768 2124	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:11:38.0795 2124	PlugPlay - ok
14:11:38.0820 2124	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:11:38.0849 2124	PNRPAutoReg - ok
14:11:38.0888 2124	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:11:38.0902 2124	PNRPsvc - ok
14:11:38.0957 2124	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:11:39.0016 2124	PolicyAgent - ok
14:11:39.0060 2124	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:11:39.0108 2124	Power - ok
14:11:39.0186 2124	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:11:39.0234 2124	PptpMiniport - ok
14:11:39.0263 2124	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:11:39.0293 2124	Processor - ok
14:11:39.0357 2124	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:11:39.0404 2124	ProfSvc - ok
14:11:39.0425 2124	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:39.0437 2124	ProtectedStorage - ok
14:11:39.0482 2124	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:11:39.0529 2124	Psched - ok
14:11:39.0620 2124	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:11:39.0656 2124	ql2300 - ok
14:11:39.0764 2124	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:11:39.0777 2124	ql40xx - ok
14:11:39.0805 2124	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:11:39.0823 2124	QWAVE - ok
14:11:39.0846 2124	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:11:39.0883 2124	QWAVEdrv - ok
14:11:39.0905 2124	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:11:39.0958 2124	RasAcd - ok
14:11:40.0002 2124	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:11:40.0032 2124	RasAgileVpn - ok
14:11:40.0054 2124	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:11:40.0085 2124	RasAuto - ok
14:11:40.0119 2124	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:40.0166 2124	Rasl2tp - ok
14:11:40.0201 2124	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:11:40.0250 2124	RasMan - ok
14:11:40.0278 2124	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:40.0331 2124	RasPppoe - ok
14:11:40.0361 2124	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:11:40.0406 2124	RasSstp - ok
14:11:40.0457 2124	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:11:40.0489 2124	rdbss - ok
14:11:40.0503 2124	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:11:40.0539 2124	rdpbus - ok
14:11:40.0566 2124	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:40.0596 2124	RDPCDD - ok
14:11:40.0614 2124	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:11:40.0667 2124	RDPENCDD - ok
14:11:40.0687 2124	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:11:40.0718 2124	RDPREFMP - ok
14:11:40.0755 2124	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:11:40.0803 2124	RDPWD - ok
14:11:40.0852 2124	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:11:40.0866 2124	rdyboost - ok
14:11:40.0889 2124	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:11:40.0937 2124	RemoteAccess - ok
14:11:40.0978 2124	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:11:41.0032 2124	RemoteRegistry - ok
14:11:41.0065 2124	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:11:41.0110 2124	RpcEptMapper - ok
14:11:41.0138 2124	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:11:41.0181 2124	RpcLocator - ok
14:11:41.0245 2124	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:11:41.0278 2124	RpcSs - ok
14:11:41.0319 2124	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:11:41.0377 2124	rspndr - ok
14:11:41.0405 2124	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:41.0416 2124	SamSs - ok
14:11:41.0477 2124	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:11:41.0489 2124	sbp2port - ok
14:11:41.0524 2124	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:11:41.0576 2124	SCardSvr - ok
14:11:41.0603 2124	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:11:41.0645 2124	scfilter - ok
14:11:41.0726 2124	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:11:41.0793 2124	Schedule - ok
14:11:41.0836 2124	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:11:41.0864 2124	SCPolicySvc - ok
14:11:41.0909 2124	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:11:41.0956 2124	SDRSVC - ok
14:11:42.0021 2124	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:11:42.0066 2124	secdrv - ok
14:11:42.0083 2124	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:11:42.0132 2124	seclogon - ok
14:11:42.0226 2124	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:11:42.0276 2124	SENS - ok
14:11:42.0300 2124	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:11:42.0329 2124	SensrSvc - ok
14:11:42.0345 2124	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:11:42.0357 2124	Serenum - ok
14:11:42.0377 2124	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:11:42.0403 2124	Serial - ok
14:11:42.0429 2124	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:11:42.0441 2124	sermouse - ok
14:11:42.0484 2124	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:11:42.0534 2124	SessionEnv - ok
14:11:42.0574 2124	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:11:42.0603 2124	sffdisk - ok
14:11:42.0608 2124	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:11:42.0648 2124	sffp_mmc - ok
14:11:42.0652 2124	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:11:42.0687 2124	sffp_sd - ok
14:11:42.0714 2124	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:11:42.0748 2124	sfloppy - ok
14:11:42.0805 2124	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:11:42.0860 2124	SharedAccess - ok
14:11:42.0898 2124	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:11:42.0931 2124	ShellHWDetection - ok
14:11:42.0956 2124	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:11:42.0967 2124	SiSRaid2 - ok
14:11:42.0991 2124	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:11:43.0003 2124	SiSRaid4 - ok
14:11:43.0026 2124	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:11:43.0057 2124	Smb - ok
14:11:43.0098 2124	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:11:43.0135 2124	SNMPTRAP - ok
14:11:43.0166 2124	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:11:43.0177 2124	spldr - ok
14:11:43.0215 2124	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:11:43.0250 2124	Spooler - ok
14:11:43.0436 2124	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:11:43.0525 2124	sppsvc - ok
14:11:43.0618 2124	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:11:43.0649 2124	sppuinotify - ok
14:11:43.0770 2124	SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
14:11:43.0790 2124	SRTSP - ok
14:11:43.0817 2124	SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
14:11:43.0826 2124	SRTSPX - ok
14:11:43.0879 2124	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:11:43.0932 2124	srv - ok
14:11:43.0963 2124	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:11:43.0999 2124	srv2 - ok
14:11:44.0027 2124	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:11:44.0060 2124	srvnet - ok
14:11:44.0107 2124	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:11:44.0155 2124	SSDPSRV - ok
14:11:44.0179 2124	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:11:44.0211 2124	SstpSvc - ok
14:11:44.0235 2124	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:11:44.0247 2124	stexstor - ok
14:11:44.0304 2124	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:11:44.0349 2124	stisvc - ok
14:11:44.0383 2124	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:11:44.0394 2124	swenum - ok
14:11:44.0429 2124	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:11:44.0478 2124	swprv - ok
14:11:44.0570 2124	SymDS           (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
14:11:44.0586 2124	SymDS - ok
14:11:44.0673 2124	SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
14:11:44.0697 2124	SymEFA - ok
14:11:44.0727 2124	SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:11:44.0738 2124	SymEvent - ok
14:11:44.0790 2124	SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
14:11:44.0802 2124	SymIRON - ok
14:11:44.0834 2124	SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
14:11:44.0850 2124	SymNetS - ok
14:11:44.0957 2124	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:11:44.0996 2124	SysMain - ok
14:11:45.0098 2124	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:11:45.0132 2124	TabletInputService - ok
14:11:45.0174 2124	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:11:45.0229 2124	TapiSrv - ok
14:11:45.0263 2124	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:11:45.0317 2124	TBS - ok
14:11:45.0482 2124	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:11:45.0524 2124	Tcpip - ok
14:11:45.0679 2124	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:11:45.0712 2124	TCPIP6 - ok
14:11:45.0779 2124	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:11:45.0821 2124	tcpipreg - ok
14:11:45.0866 2124	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:11:45.0896 2124	TDPIPE - ok
14:11:45.0929 2124	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:11:45.0959 2124	TDTCP - ok
14:11:46.0029 2124	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:11:46.0081 2124	tdx - ok
14:11:46.0120 2124	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:11:46.0132 2124	TermDD - ok
14:11:46.0189 2124	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:11:46.0243 2124	TermService - ok
14:11:46.0274 2124	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:11:46.0306 2124	Themes - ok
14:11:46.0352 2124	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:11:46.0382 2124	THREADORDER - ok
14:11:46.0459 2124	TOSHIBA Bluetooth Service - ok
14:11:46.0506 2124	Tosrfbd         (9d0c8bf8d22268503030a333f1bfef4f) C:\Windows\system32\DRIVERS\tosrfbd.sys
14:11:46.0531 2124	Tosrfbd - ok
14:11:46.0534 2124	Tosrfcom - ok
14:11:46.0565 2124	Tosrfhid        (33c90b98b74d01d179e1963a5bf5edf9) C:\Windows\system32\DRIVERS\Tosrfhid.sys
14:11:46.0600 2124	Tosrfhid - ok
14:11:46.0620 2124	Tosrfusb        (3b2cec108c442e62ce6a4609b3d7e87f) C:\Windows\system32\DRIVERS\tosrfusb.sys
14:11:46.0647 2124	Tosrfusb - ok
14:11:46.0659 2124	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:11:46.0713 2124	TrkWks - ok
14:11:46.0790 2124	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:11:46.0831 2124	TrustedInstaller - ok
14:11:46.0861 2124	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:46.0890 2124	tssecsrv - ok
14:11:46.0934 2124	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:11:46.0983 2124	TsUsbFlt - ok
14:11:47.0022 2124	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:11:47.0071 2124	tunnel - ok
14:11:47.0105 2124	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:11:47.0117 2124	uagp35 - ok
14:11:47.0164 2124	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:11:47.0211 2124	udfs - ok
14:11:47.0244 2124	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:11:47.0280 2124	UI0Detect - ok
14:11:47.0331 2124	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:11:47.0343 2124	uliagpkx - ok
14:11:47.0366 2124	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:11:47.0393 2124	umbus - ok
14:11:47.0417 2124	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:11:47.0429 2124	UmPass - ok
14:11:47.0455 2124	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:11:47.0490 2124	upnphost - ok
14:11:47.0528 2124	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:11:47.0550 2124	USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
14:11:47.0550 2124	USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
14:11:47.0578 2124	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:47.0618 2124	usbccgp - ok
14:11:47.0660 2124	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:11:47.0675 2124	usbcir - ok
14:11:47.0681 2124	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:11:47.0710 2124	usbehci - ok
14:11:47.0760 2124	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:11:47.0797 2124	usbhub - ok
14:11:47.0827 2124	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:11:47.0909 2124	usbohci - ok
14:11:48.0065 2124	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:11:48.0101 2124	usbprint - ok
14:11:48.0128 2124	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:48.0174 2124	USBSTOR - ok
14:11:48.0196 2124	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:48.0225 2124	usbuhci - ok
14:11:48.0264 2124	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:11:48.0313 2124	UxSms - ok
14:11:48.0339 2124	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:11:48.0351 2124	VaultSvc - ok
14:11:48.0370 2124	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:11:48.0381 2124	vdrvroot - ok
14:11:48.0457 2124	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:11:48.0515 2124	vds - ok
14:11:48.0559 2124	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:48.0573 2124	vga - ok
14:11:48.0586 2124	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:11:48.0632 2124	VgaSave - ok
14:11:48.0672 2124	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:11:48.0686 2124	vhdmp - ok
14:11:48.0707 2124	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:11:48.0719 2124	viaide - ok
14:11:48.0735 2124	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:11:48.0746 2124	volmgr - ok
14:11:48.0791 2124	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:11:48.0807 2124	volmgrx - ok
14:11:48.0838 2124	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:11:48.0853 2124	volsnap - ok
14:11:48.0892 2124	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:11:48.0906 2124	vsmraid - ok
14:11:49.0015 2124	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:11:49.0080 2124	VSS - ok
14:11:49.0192 2124	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:11:49.0224 2124	vwifibus - ok
14:11:49.0300 2124	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:11:49.0335 2124	W32Time - ok
14:11:49.0358 2124	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:11:49.0393 2124	WacomPen - ok
14:11:49.0455 2124	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:49.0499 2124	WANARP - ok
14:11:49.0502 2124	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:49.0531 2124	Wanarpv6 - ok
14:11:49.0625 2124	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:11:49.0669 2124	wbengine - ok
14:11:49.0769 2124	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:11:49.0787 2124	WbioSrvc - ok
14:11:49.0832 2124	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:11:49.0871 2124	wcncsvc - ok
14:11:49.0897 2124	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:11:49.0926 2124	WcsPlugInService - ok
14:11:49.0983 2124	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:11:49.0995 2124	Wd - ok
14:11:50.0035 2124	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:11:50.0056 2124	Wdf01000 - ok
14:11:50.0074 2124	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:50.0148 2124	WdiServiceHost - ok
14:11:50.0151 2124	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:11:50.0168 2124	WdiSystemHost - ok
14:11:50.0256 2124	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:11:50.0289 2124	WebClient - ok
14:11:50.0331 2124	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:11:50.0386 2124	Wecsvc - ok
14:11:50.0408 2124	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:11:50.0439 2124	wercplsupport - ok
14:11:50.0473 2124	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:11:50.0519 2124	WerSvc - ok
14:11:50.0583 2124	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:11:50.0612 2124	WfpLwf - ok
14:11:50.0626 2124	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:11:50.0637 2124	WIMMount - ok
14:11:50.0677 2124	WinDefend - ok
14:11:50.0682 2124	WinHttpAutoProxySvc - ok
14:11:50.0734 2124	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:11:50.0766 2124	Winmgmt - ok
14:11:50.0892 2124	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:11:50.0947 2124	WinRM - ok
14:11:51.0068 2124	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:11:51.0102 2124	WinUsb - ok
14:11:51.0163 2124	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:11:51.0209 2124	Wlansvc - ok
14:11:51.0245 2124	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:11:51.0257 2124	WmiAcpi - ok
14:11:51.0313 2124	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:11:51.0343 2124	wmiApSrv - ok
14:11:51.0409 2124	WMPNetworkSvc - ok
14:11:51.0425 2124	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:11:51.0446 2124	WPCSvc - ok
14:11:51.0476 2124	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:11:51.0492 2124	WPDBusEnum - ok
14:11:51.0515 2124	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:11:51.0559 2124	ws2ifsl - ok
14:11:51.0594 2124	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:11:51.0631 2124	wscsvc - ok
14:11:51.0683 2124	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:11:51.0711 2124	WSDPrintDevice - ok
14:11:51.0734 2124	WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
14:11:51.0748 2124	WSDScan - ok
14:11:51.0751 2124	WSearch - ok
14:11:51.0899 2124	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:11:51.0950 2124	wuauserv - ok
14:11:52.0067 2124	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:11:52.0110 2124	WudfPf - ok
14:11:52.0149 2124	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:52.0193 2124	WUDFRd - ok
14:11:52.0230 2124	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:11:52.0260 2124	wudfsvc - ok
14:11:52.0291 2124	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:11:52.0326 2124	WwanSvc - ok
14:11:52.0381 2124	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:11:52.0411 2124	yukonw7 - ok
14:11:52.0451 2124	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:11:52.0686 2124	\Device\Harddisk0\DR0 - ok
14:11:52.0689 2124	Boot (0x1200)   (f3c53ea8ee235cce253497991f690076) \Device\Harddisk0\DR0\Partition0
14:11:52.0690 2124	\Device\Harddisk0\DR0\Partition0 - ok
14:11:52.0722 2124	Boot (0x1200)   (e00211eadf52c28735ba2b1933b9ec9e) \Device\Harddisk0\DR0\Partition1
14:11:52.0724 2124	\Device\Harddisk0\DR0\Partition1 - ok
14:11:52.0724 2124	============================================================
14:11:52.0724 2124	Scan finished
14:11:52.0725 2124	============================================================
14:11:52.0737 3100	Detected object count: 1
14:11:52.0737 3100	Actual detected object count: 1
14:14:00.0179 3100	USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:14:00.0179 3100	USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 13.07.2012, 17:14   #6
markusg
/// Malware-holic
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> WEB.DE wird permanent innerhalb weniger Minuten gehackt

Alt 13.07.2012, 20:08   #7
samoht0403
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



Hallo, was habe ich mir denn eingefangen? Schicke dir hier meine Liste

Code:
ATTFilter
7-Zip 9.20		13.06.2011		--> notwendig
Adobe AIR	Adobe Systems Incorporated	11.03.2012		3.1.0.4880 --> unbekannt
Adobe Digital Editions		06.08.2011	--> unnötig	
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	11.07.2012	6,00MB	11.3.300.265 --> notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	11.07.2012	6,00MB	11.3.300.265 --> unnötig
Adobe Reader 9.3 - Deutsch	Adobe Systems Incorporated	13.02.2010	239MB	9.3.0 --> notwendig
Apple Application Support	Apple Inc.	15.03.2012	60,9MB	2.1.7 --> unbekannt
Apple Mobile Device Support	Apple Inc.	15.03.2012	24,4MB	5.1.1.4 --> unbekannt
Apple Software Update	Apple Inc.	06.07.2011	2,38MB	2.1.3.127 --> unbekannt
Babylon toolbar on IE		28.02.2012	--> unnötig	
Bonjour	Apple Inc.	13.10.2011	2,00MB	3.0.0.10 --> unbekannt
Browser Defender 3.0	Threat Expert Ltd.	21.10.2011	19,4MB	3.0.0.314 --> unbekannt
Canon Easy-PhotoPrint EX		06.04.2012		--> notwendig
Canon Easy-WebPrint EX		06.04.2012		--> notwendig
Canon IJ Network Scanner Selector EX		06.04.2012		 --> notwendig
Canon IJ Network Tool		06.04.2012		--> notwendig
Canon Inkjet Printer Driver Add-On Module		22.11.2010		--> notwendig
Canon MG5300 series Benutzerregistrierung		06.04.2012		--> notwendig
Canon MG5300 series MP Drivers		06.04.2012		--> notwendig
Canon MG5300 series On-screen Manual		06.04.2012		--> notwendig
Canon MP Navigator EX 5.0		06.04.2012		--> notwendig
Canon My Printer		06.04.2012		--> notwendig
Canon Solution Menu EX		06.04.2012		--> notwendig
CCleaner	Piriform	22.06.2012		3.20 --> notwendig
CD-LabelPrint		22.11.2010		--> notwendig
Content Manager 2	Harman Becker Automotive Systems	14.02.2010		2.0.4.60 --> notwendig
Curse Client	Curse	25.06.2012		5.1.1.370 --> notwendig
CutePDF Writer 2.8		19.11.2011		--> unnötig
devolo dLAN Cockpit	devolo AG	09.09.2011		1.0 --> notwendig
Die Sims™ 3	Electronic Arts	27.03.2012		1.33.2 --> notwendig
dm-Fotowelt		25.01.2011		--> notwendig
Dropbox	Dropbox, Inc.	07.06.2012		1.4.7 --> notwendig
Dungeon Keeper 2		13.06.2011		--> unnötig
EA Download Manager	Electronic Arts, Inc.	02.09.2011		5.0.0.255 --> notwendig
Foxit Reader 5.0	Foxit Corporation	15.08.2011	24,8MB	5.0.2.718 --> unnötig
FoxTab Video Converter		28.02.2012		--> unnötig
Free M4a to MP3 Converter 6.2	ManiacTools.com	23.02.2012	3,92MB	 --> unnötig
iCloud	Apple Inc.	15.03.2012	33,2MB	1.1.0.40 --> notwendig
ICQ Toolbar	ICQ	13.02.2010		3.0.0 --> unnötig
iTunes	Apple Inc.	12.04.2012	156MB	10.6.1.7 --> notwendig
Java(TM) 6 Update 29	Oracle	25.01.2011	94,9MB	6.0.290 --> notwendig
Logitech SetPoint	Logitech	13.02.2010		4.70 --> notwendig
MAGIX Foto & Grafik Designer 7	MAGIX AG	20.08.2011		7.1.2.17532 --> unnötig
MAGIX Screenshare	MAGIX AG	20.08.2011	1,54MB	4.3.6.1987 --> unnötig
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	12.07.2012	18,7MB	1.62.0.1300 --> notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.12.2010	 38,8MB	4.0.30319 --> notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	03.12.2011	7,95MB	14.0.5130.5003 --> unnötig
Microsoft Office Home and Student 2007	Microsoft Corporation	13.03.2012		12.0.6612.1000 --> notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	30.04.2012	508KB	2.0.4024.1 --> unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	15.02.2010	260KB	8.0.50727.4053 --> notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	15.02.2010	252KB	8.0.50727.4053 --> notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	300KB	8.0.56336 --> notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	13.02.2010	708KB	8.0.61000 --> notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	15.02.2010	212KB	9.0.30729.4148 --> notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	26.05.2010	200KB	9.0.30729.4148 --> notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	14.02.2010	788KB	9.0.30729 --> notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	17.06.2011	788KB	9.0.30729.6161 --> notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	24.05.2010	1,25MB	9.0.21022 --> notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	25.01.2011	604KB	9.0.30729 --> notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	600KB	9.0.30729.6161 --> notwendig
Microsoft WSE 3.0 Runtime	Microsoft Corp.	02.09.2011	942KB	3.0.5305.0 --> unbekannt
MozBackup 1.4.10	Pavel Cvrcek	14.02.2010		--> notwendig
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	21.06.2012	37,6MB	13.0.1 --> notwendig
Mozilla Maintenance Service	Mozilla	21.06.2012	309KB	13.0.1 --> notwendig
Mozilla Thunderbird 12.0.1 (x86 de)	Mozilla	11.07.2012	39,5MB	12.0.1 --> notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	15.02.2010	1,27MB	4.20.9870.0 --> unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	15.02.2010	1,33MB	4.20.9876.0 --> unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	20.08.2011	1,47MB	4.30.2100.0  --> unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	11.07.2012	1,53MB	4.30.2114.0  --> unbekannt
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	20.08.2011	1,53MB	4.30.2107.0  --> unbekannt
Naviextras Toolbox Prerequesities	Nav N Go Ltd.	14.02.2010	4,04MB	1.0.0  --> unbekannt
Nero 9	Nero AG	13.02.2010 --> notwendig
Norton 360	Symantec Corporation	10.07.2012		5.2.2.3  --> notwendig
OnlineFotoservice		24.05.2010		 --> unnötig
Picasa 3	Google, Inc.	23.02.2012		3.8  --> notwendig
QuickTime	Apple Inc.	28.10.2011	73,2MB	7.71.80.42  --> notwendig
RealPlayer	RealNetworks	26.05.2011		  --> notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.02.2010		6.0.1.6043  --> notwendig
Roadkil's Unstoppable Copier Version 5.2	Roadkil.Net	23.12.2011	812KB	 --> unnötig
Sigel GastroDesigner plus Demo		04.07.2012		 --> unnötig
TeamSpeak 2 RC2	Dominating Bytes Design	14.02.2010		2.0.32.60  --> unnötig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	14.02.2010		  --> notwendig
World of Warcraft	Blizzard Entertainment	07.12.2010		4.0.3.13329 --> notwendig
         
Falls Du allerdings der Meinung bist, dass ich mit einem Neuaufsetzen des Systems (mit zusätzlich von Dir genannter Sicherheitssoftware über Norton hinaus) besser dran wäre, sollten wir das in Betracht ziehen.

Alt 15.07.2012, 21:15   #8
markusg
/// Malware-holic
 
WEB.DE wird permanent innerhalb weniger Minuten gehackt - Standard

WEB.DE wird permanent innerhalb weniger Minuten gehackt



hi, also ich sehe nichts malware technisches, aber wir können natürlich neu aufsetzen und den pc absichern.
weist du wie man neu aufsetzt oder ist ne anleitung nötig?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu WEB.DE wird permanent innerhalb weniger Minuten gehackt
7-zip, alternate, avira, babylon toolbar, babylontoolbar, bho, bonjour, browser, canon, converter, email, error, firefox, flash player, helper, home, install.exe, langs, logfile, mail delivery, mehrere rechner, microsoft office word, mp3, object, office 2007, plug-in, problem, realtek, registry, richtlinie, scan, search the web, searchscopes, security, senden, software, svchost.exe, symantec, teamspeak, version., windows



Ähnliche Themen: WEB.DE wird permanent innerhalb weniger Minuten gehackt


  1. Datenträgerauslastung ständig auf 100%-iger Auslastung, Lüfter dreht permanent, Notebook wird heiß
    Plagegeister aller Art und deren Bekämpfung - 14.06.2015 (3)
  2. Freier Festplattenspeicher wird immer weniger
    Plagegeister aller Art und deren Bekämpfung - 19.03.2015 (19)
  3. Windows 7, Windows wird in weniger als einer Minute heruntergefahren, zbot?
    Log-Analyse und Auswertung - 08.11.2014 (16)
  4. Windows 8.1 Wird oft ein paar Minuten langsam und dann wieder schnell
    Alles rund um Windows - 01.05.2014 (19)
  5. win xp: svchost.exe mit 99% und wird nicht weniger
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (13)
  6. PC wird immer langsamer / Virenscanner schlägt permanent an
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (7)
  7. Windows XP Desktop wird erst nach 5.Minuten angezeigt
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (17)
  8. Umleitung Ergebnis Googlesuche in IE & FF / XP update wird permanent angeboten
    Plagegeister aller Art und deren Bekämpfung - 10.04.2012 (29)
  9. Windows Security-Drohung - Zahlung innerhalb 24 Stunden oder Platte wird gelöscht
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (63)
  10. Festplatten-Speicherplatz auf C: wird konstant weniger
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (16)
  11. Windows wird in weniger als einer Minute herunter gefahren, CMD vom Administrator deaktiviert
    Mülltonne - 26.07.2011 (0)
  12. Internet Explorer wird permanent geöffnet!
    Plagegeister aller Art und deren Bekämpfung - 09.04.2011 (5)
  13. Vista: Sie werden in kürze abgemeldet. Windows wird in weniger als 1 Minute heruntergefahren
    Log-Analyse und Auswertung - 09.10.2010 (8)
  14. Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (10)
  15. Sounddatei wird permanent abgespielt
    Log-Analyse und Auswertung - 10.12.2008 (2)
  16. C: wird weniger ohne installationen
    Log-Analyse und Auswertung - 26.11.2008 (4)
  17. Internetverbindung wird nach 2-3 minuten geblockt (DSL Winxp)
    Alles rund um Windows - 07.04.2006 (3)

Zum Thema WEB.DE wird permanent innerhalb weniger Minuten gehackt - Hallo zusammen, mein WEB.DE Account wird permanent innerhalb weniger Minuten gehackt. Danach bekomme ich immer "Mail Delivery" - Mails, weil der Empfänger unbekannt ist. Weder Norton noch Avira haben etwas - WEB.DE wird permanent innerhalb weniger Minuten gehackt...
Archiv
Du betrachtest: WEB.DE wird permanent innerhalb weniger Minuten gehackt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.