Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.07.2012, 18:18   #1
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hallo,
ich habe vorgestern Abend eine Email von einem Freund geöffnet und habe auf den Link, der in der Email war, drauf geklickt. Es war eine Seite mit Diätpillen oder sowas. Ich habe die Seite sofort wieder verlassen, da ich mir dachte, dass das nicht von ihm sein kann. Der Link lautet: ***EDIT:Larusso
Da hier stand, dass man alles genau aufschreiben soll werde ich das dann auch mal tun.
Ich habe die Mail am nächsten Morgen nach dem ich erfahren habe, dass die Email nicht von meinem Kumpel kam, leider gelöscht . Abends habe ich mich im Internet mal informiert, was das eigentlich sein könnte und bin auf euch gestoßen. Die Email war weder in meinem Outlook in den gelöschten Mails zu finden noch in meinem googlemail Emailaccount, jedoch auf meinem iPhone.
Ich habe mir das Programm Malwarebytes Anti-Malware heruntergeladen und habe den Scan zwei Mal durchlaufen lassen. die Ergebnisdatei des ersten Scanns sind folgendermaßen:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ella :: ELLA-PC [Administrator]

Schutz: Aktiviert

16.07.2012 19:29:20
mbam-log-2012-07-16 (19-29-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405461
Laufzeit: 1 Stunde(n), 14 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Ella\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ella\Downloads\SoftonicDownloader_fuer_gpl-mpeg-1-2-directshow-decoder-filter.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



Beim zweiten Durchlauf wurde nichts mehr gefunden.
Ich bin mir jetzt nichts sicher ob mein PC noch infiziert ist oder nicht. Habe jetzt mein Passwort in meinem Emailaccount geändert weiß aber nicht ob das ausreicht.
Auf meinem Laptop ist Avast! Free installiert.
Könnt ihr mir da weiter helfen?

Vielen lieben Dank im Voraus.

Ella

Geändert von Larusso (18.07.2012 um 14:07 Uhr)

Alt 18.07.2012, 14:08   #2
Larusso
/// Selecta Jahrusso
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?





Bitte folge den Anweisungen hier und poste die geforderten Logfiles.
http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 19.07.2012, 00:42   #3
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hallo Daniel,
vielen Dank für die Antwort. ich habe jetzt den 1. & 2. Schritt gemacht. Der defrogger hat keine Fehlermeldung angezeigt.

Anbei zuerst das OTL.txt Dokument:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2012 01:02:50 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Ella\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,00% Memory free
7,93 Gb Paging File | 6,01 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,80 Gb Total Space | 130,13 Gb Free Space | 46,34% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,90 Gb Free Space | 46,00% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 1,21 Gb Free Space | 61,01% Space Free | Partition Type: FAT32
 
Computer Name: ELLA-PC | User Name: Ella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 00:59:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ella\Downloads\OTL (1).exe
PRC - [2012.07.19 00:53:27 | 000,050,477 | ---- | M] () -- C:\Users\Ella\Downloads\Defogger.exe
PRC - [2012.07.06 18:17:04 | 001,192,664 | ---- | M] () -- C:\Users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ella\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009.10.30 13:28:54 | 000,135,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2009.06.17 09:56:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.06.17 09:56:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 00:53:27 | 000,050,477 | ---- | M] () -- C:\Users\Ella\Downloads\Defogger.exe
MOD - [2012.07.06 18:17:04 | 001,192,664 | ---- | M] () -- C:\Users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.30 13:29:16 | 001,387,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzvbi_plugin.dll
MOD - [2009.10.30 13:29:16 | 001,201,171 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,074,259 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,037,395 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2009.10.30 13:29:14 | 002,448,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2009.10.30 13:29:14 | 001,191,443 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,306,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,248,339 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,121,363 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,059,923 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_directx_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,047,635 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,046,099 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubtitle_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsdec_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,037,907 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvobsub_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,033,811 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,032,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,028,691 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2009.10.30 13:29:12 | 009,607,699 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,725,011 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,285,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsdl_image_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2009.10.30 13:29:10 | 001,298,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,205,331 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,128,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,096,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,033,299 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2009.10.30 13:29:08 | 001,728,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2009.10.30 13:29:08 | 001,705,491 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,309,267 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,270,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,216,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,195,603 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,173,587 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,148,499 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,143,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvbsub_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,134,163 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,101,907 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libkate_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,070,675 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,052,755 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,051,731 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,047,123 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,046,099 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,035,859 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,835 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvmem_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,028,691 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_plugin.dll
MOD - [2009.10.30 13:29:06 | 005,003,795 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,053,779 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,045,075 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,042,003 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_float_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,042,003 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcmml_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,033,299 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,041,491 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,036,371 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libadpcm_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,073,747 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,064,019 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,031,763 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_file_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2009.10.30 13:28:58 | 002,112,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2009.10.30 13:28:58 | 000,114,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2009.10.30 13:28:54 | 000,135,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.08.04 12:52:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.15 14:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010.11.13 12:18:16 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Ella\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.28 19:52:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.30 18:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.17 09:56:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.04 03:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.01.13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.08.04 13:26:00 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 03:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 13:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 13:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 13:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.04 10:10:00 | 000,406,528 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2009.05.18 14:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.07 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 1E 8E CC 5A C5 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {949ADDEF-83E1-4FB5-A1F6-444B62034615}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VD&o=14770&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{949ADDEF-83E1-4FB5-A1F6-444B62034615}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.1:80
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ella\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ella\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.23 07:49:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.23 07:49:06 | 000,000,000 | ---D | M]
 
[2010.11.09 21:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ella\AppData\Roaming\mozilla\Extensions
[2010.11.09 21:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ella\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.28 21:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Search
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Search
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ella\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Ella\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ella\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: MeasureIt! = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Web Developer = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: Ultimate YouTube Downloader = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.1.1_0\
CHR - Extension: YouTube = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: colorPicker 0.9 = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\jegimleidpfmpepbfajjlielaheedkdo\0.9.90_0\
CHR - Extension: Skype Click to Call = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: AT_ChloeV4 = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\
CHR - Extension: Google Mail = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ella\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E33D596-9741-42D3-9E99-E719ACF5D396}: DhcpNameServer = 217.237.150.51 217.237.148.22 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC41AD0E-1BBC-46D5-9A0D-3F023D4A9682}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E54F5B44-8B21-41B6-9178-D2BB265116B3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{10cb17a3-24a1-11df-be5a-0027135dcaa7}\Shell - "" = AutoRun
O33 - MountPoints2\{10cb17a3-24a1-11df-be5a-0027135dcaa7}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{d2ea87ed-3906-11df-b7a7-0027135dcaa7}\Shell - "" = AutoRun
O33 - MountPoints2\{d2ea87ed-3906-11df-b7a7-0027135dcaa7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\Ella\AppData\Roaming\Malwarebytes
[2012.07.16 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 19:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 19:25:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 19:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\Ella\AppData\Roaming\DiskSpaceFan
[2012.07.14 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4 Free
[2012.07.14 23:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookapp
[2012.07.14 21:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.02 11:35:17 | 002,131,336 | ---- | C] (Ask.com                                                      ) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
[2010.02.14 16:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 01:01:56 | 000,001,444 | ---- | M] () -- C:\Users\Ella\Desktop\OTL (1) - Verknüpfung.lnk
[2012.07.19 00:55:33 | 000,000,000 | ---- | M] () -- C:\Users\Ella\defogger_reenable
[2012.07.19 00:43:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000UA.job
[2012.07.19 00:23:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 00:23:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 20:09:30 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 20:09:30 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 20:09:30 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 20:09:30 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 20:09:30 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.18 20:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 07:47:21 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000Core.job
[2012.07.18 01:21:23 | 000,015,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 01:21:23 | 000,015,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 21:23:42 | 3193,122,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 19:25:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 22:17:10 | 002,363,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.14 21:26:49 | 000,153,244 | ---- | M] () -- C:\Users\Ella\Documents\cc_20120714_212637.reg
[2012.07.14 21:21:30 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.06 12:59:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.05 15:57:56 | 002,238,083 | ---- | M] () -- C:\Users\Ella\Documents\lookbook 1 version.pdf
[2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.19 01:01:56 | 000,001,444 | ---- | C] () -- C:\Users\Ella\Desktop\OTL (1) - Verknüpfung.lnk
[2012.07.19 00:55:33 | 000,000,000 | ---- | C] () -- C:\Users\Ella\defogger_reenable
[2012.07.16 19:25:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 21:26:41 | 000,153,244 | ---- | C] () -- C:\Users\Ella\Documents\cc_20120714_212637.reg
[2012.07.14 21:21:30 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.05 15:57:56 | 002,238,083 | ---- | C] () -- C:\Users\Ella\Documents\lookbook 1 version.pdf
[2012.05.06 17:13:55 | 000,007,602 | ---- | C] () -- C:\Users\Ella\AppData\Local\Resmon.ResmonCfg
[2011.10.27 08:00:05 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011.09.30 00:38:30 | 000,015,364 | -H-- | C] () -- C:\Users\Ella\.DS_Store
[2011.04.30 19:36:28 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.09 01:38:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.28 21:54:33 | 000,005,632 | ---- | C] () -- C:\Users\Ella\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.10.28 22:40:01 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Design Science
[2012.07.16 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Desktopicon
[2012.07.15 00:06:18 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\DiskSpaceFan
[2012.07.16 22:47:20 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Dropbox
[2011.10.29 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\DVDVideoSoft
[2011.09.25 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.13 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Mikogo
[2010.03.03 23:10:02 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\oald7
[2010.02.28 20:33:32 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Opera
[2010.12.28 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\ScreeNet iSaver
[2012.07.15 08:12:32 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Spotify
[2010.11.09 21:50:57 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Thunderbird
[2011.01.15 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Titanium
[2011.09.26 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Toolbars
[2011.10.30 11:58:11 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\TuneUp Software
[2012.07.14 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\uTorrent
[2012.02.21 17:22:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Ella\Documents\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Ella\.DS_Store:AFP_AfpInfo

< End of report >
         
--- --- ---


und die Extras.txt DateiOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2012 01:02:50 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Ella\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,00% Memory free
7,93 Gb Paging File | 6,01 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,80 Gb Total Space | 130,13 Gb Free Space | 46,34% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,90 Gb Free Space | 46,00% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 1,21 Gb Free Space | 61,01% Space Free | Partition Type: FAT32
 
Computer Name: ELLA-PC | User Name: Ella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [myprinting Fotobuch] -- "C:\Program Files (x86)\myprinting\myprinting Fotobuch\myprinting Fotobuch.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [myprinting Fotobuch] -- "C:\Program Files (x86)\myprinting\myprinting Fotobuch\myprinting Fotobuch.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0992780E-9443-482A-B20C-FB83A88721A3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0D0CAB99-19F7-49A9-80F7-FFD29201C727}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1249C422-7870-4B2E-BD45-B4CD471F3269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{198BEB14-A919-48C1-87D0-53DB86C283F8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{19928518-E2DF-44A7-AF00-C92BDB292327}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1FBC266C-CDC4-4DCF-AECE-BCD3F5B155C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32268428-2F11-49AF-A5F2-0309607CF788}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{328528CD-7A41-4AE4-A5AB-E219F73E5170}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4509F441-DF0A-4FBE-87EC-7F15EBFF949D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5DB42007-F4AB-4F1B-93B2-E1CC88ABD8A4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6279759A-02BA-4B53-8F53-C3529483E3DC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6ED7AF9B-FB42-4999-84B4-DD4C26767DF0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{724963E5-3FC4-4FD4-A9C2-907541DAB64D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{752A10CA-5F01-4108-8B27-5E7CBDAE54D1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{853662AB-3A90-4991-A50D-DB7D3035687A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{93ADAEB2-5EFA-4FF9-8CB1-03B678B6EDCD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A18EE7DE-8EB0-4A3A-87C8-2B285F869581}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A2299AAE-95E7-4D58-B727-F7AEF97BE338}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A39F5AFD-BF71-4E17-B0F4-A03CEB0C9722}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A5E0512E-C4DA-452F-BA0A-4100BBEDD936}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BCF84318-7518-495B-966F-54A14806DD17}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BEC6A320-CA9C-4116-ADB6-20340C508352}" = rport=2077 | protocol=6 | dir=out | name=stablehost webdisc | 
"{C92A1DC2-0DF7-41F7-BF0B-C2C086FF8A5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D241D959-777F-43C2-8966-86A6F0BE6488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5A7D855-757D-4BA2-AC68-86B730E3A914}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D85CD5C6-548A-4EEF-9F3C-00826219657D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC489C49-499A-48A5-95BD-87B3F4E06B99}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023B85E4-7A7F-4372-927F-7B66E891485F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03000544-B398-44CF-A480-BC8D6E9B7E69}" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe | 
"{034A88B5-00E7-479C-BF1C-5AA25E0627BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0EA38895-E8C2-4667-9F7C-08D96CDD12E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{1B620C5B-80FC-4DB1-B826-D2E4A9AAAB06}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{1F8456A2-7106-4857-B803-59DEE2F71CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{20944839-2AC9-4433-BFC6-CBC59E32BB78}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{28256EB9-8EA2-4141-B42A-A5A057E501BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{31B74E7A-651C-4CB0-B12E-07C3804459FF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{3D038487-74C8-45EE-89AD-49BAFBC2E480}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3F3F0F36-F7A4-4A4F-91D6-638E29E4B5AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4123055E-C052-458A-9ACE-B77C075AC4C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45D3C913-2F96-4625-81CE-4E21B143CFE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A77290E-BB0F-4A9D-90C7-B6AE478CFB73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DB1A2A4-EBBD-4BED-95E6-65713724C492}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{510CB2D7-9084-4DA5-B20B-F1C648CFB807}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{56DC20EB-3A2A-4492-AABB-63A4E3EF99EA}" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe | 
"{58C19595-B937-49BA-832A-AA30EA32BD3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{61806BEF-574E-4760-B6F3-747B7B80FB56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A3FD83D-74CD-4C2C-97A6-DDAB2C75C8AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6E907539-8978-4841-B724-B86C31F04D96}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6E95FE85-7A9F-4AE1-9205-8326BAD10A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{707D546F-4875-4D84-8C5C-105F13DED6C4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{7BF2093A-0E83-4528-AF55-7ED844033DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7ED3FB86-55DC-4BD6-8675-38C678BAD47A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{85509F8E-756D-4685-B190-A0225F54FE45}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9E96128D-BD60-40CC-9895-42F2DF6867CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A131DD11-1EFF-488D-9117-B7B0CDEDE947}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{A9F90066-60A7-4225-84D4-3586CB7EE45A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B2EA1AB6-01F6-4ABA-A617-0F8830FD966C}" = protocol=6 | dir=out | app=system | 
"{B56564CC-C802-44C6-B210-B009C0480507}" = dir=in | app=c:\program files (x86)\airport\apagent.exe | 
"{BA4E7049-AECC-45B2-A79B-067CD6FD279A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BC4496CB-5970-49FA-AD2D-63E4F4FB4FE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2F792D0-55E8-4360-9B78-5B411664E52F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3849E83-DB98-4BDF-975F-7E16D01C443D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D576BCFE-3EF8-4C83-8767-1082000EDF8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D58A244D-B2AF-4AF6-814C-3592BC6186CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6CC332E-2E8F-48B2-B5BA-D7D6C76A116B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D9F24D50-88CC-43B1-B21E-FE87DAAD6F24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DB7C9627-6795-416F-8912-3FFDEDAD6CF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD35157D-07FB-4835-9F56-94BC9887572B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E9535F73-108F-4687-B2C5-CF29BF133779}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{F424DD41-C779-429D-ADFA-8F4CFBFB3D8C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{F70C19C3-6029-48C5-BDA8-4A7BE1C3D246}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7BA44A1-07A1-49E0-981B-F5D7496E034C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{2133BC64-0CF2-4159-8752-92A15091E96F}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{47596608-7AAC-456C-B875-B9DA70A5BD57}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{70F658CF-1866-4D70-B399-AD7359631036}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{72A65344-31EA-4F6F-9FD5-B89CB33EAD00}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{897D6C5D-7A9A-451D-8FC9-AE852A56E9CB}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{90C97022-BC30-4138-AF32-1EB8E066FF5A}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe | 
"TCP Query User{9E5EE22E-C4CE-4945-A381-9908FF3473E9}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{A4D929AB-FB02-4B22-8CC8-47F2E8E89F68}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe | 
"TCP Query User{A5013A40-9B3F-42B1-AD43-725BCD691D9E}C:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{E4E203A8-0C0E-4140-95CB-15918A0B14D6}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{0673EB1E-4E19-4ABE-AC8E-31302EFF516D}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{2A50BD70-F9FF-4CF5-AE40-A828B99D6FF7}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{4B6145A0-EB36-4B30-9AAD-82E4FBB6176E}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{926E4751-20FB-4660-B50F-2CA8B5B693BE}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{B351106E-1C2B-41A1-B246-1F24E3EFC347}C:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{BA07727D-57B7-48AD-97C4-4C5CE7C86E00}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe | 
"UDP Query User{CE036039-FF2A-4AE7-8A47-153AF8990366}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe | 
"UDP Query User{D4944456-3A52-4D73-AAF4-86E8C5FCC41F}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E3E98C2C-786A-4F9D-B7E6-4946E37ACF8C}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{F3CAFE50-3562-4912-A06B-AF4F54D61DAF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ABD3650-2D22-6C01-3CD6-9744E8819CD0}" = ATI Catalyst Install Manager
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}" = Bonjour-Druckdienste
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DEF8812-6379-A0B9-DD09-49FB8F2BCDCF}" = ccc-utility64
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows-Treiberpaket - Intel (NETw5v64) net  (09/15/2009 13.0.0.107)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"FB8C5A1BB9B0EB1DBE21E5BBBF6942439C4FB2F9" = Windows-Treiberpaket - Intel net  (09/15/2009 13.0.0.107)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D31A57-0446-3886-AEFF-201E1E7C4854}" = Google Talk Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B11BCAC-CE60-418E-A0BD-F773EC1194E5}" = HP QuickLook
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}" = Windows 7 Default Setting
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 9.15 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Audiograbber" = Audiograbber 1.83 SE 
"avast" = avast! Free Antivirus
"Disk Space Fan 4 Free_is1" = Disk Space Fan 4 Free (4.0.2.100)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HaaliMkx" = Haali Media Splitter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mediaport" = Mediaport
"Mikogo" = Mikogo
"myprinting Fotobuch" = myprinting Fotobuch
"OALD7" = Oxford Advanced Learner's Dictionary - 7th edition
"Picasa 3" = Picasa 3
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description = 
 
[ OSession Events ]
Error - 09.11.2010 16:33:37 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7795
 seconds with 3420 seconds of active time.  This session ended with a crash.
 
Error - 08.01.2011 10:50:50 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1694
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.03.2011 11:06:30 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 161
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.07.2011 16:25:57 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2011 12:22:51 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1010
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 24.11.2011 09:26:05 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 613448
 seconds with 6180 seconds of active time.  This session ended with a crash.
 
Error - 07.01.2012 20:57:14 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54409
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error - 21.01.2012 03:29:56 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 222376
 seconds with 1980 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 20:00:09 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49813
 seconds with 2580 seconds of active time.  This session ended with a crash.
 
Error - 20.04.2012 05:30:21 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 220982
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 16.07.2012 15:24:22 | Computer Name = Ella-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 16.07.2012 15:24:22 | Computer Name = Ella-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 17.07.2012 01:16:46 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.07.2012 12:36:15 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.07.2012 19:27:46 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2012 01:47:07 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2012 08:21:04 | Computer Name = Ella-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.07.2012 08:21:04 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2012 14:06:29 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2012 14:06:33 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---

Vielen Dank im voraus für die Hilfe.

Viele Grüße
Ella
__________________

Alt 19.07.2012, 11:34   #4
Larusso
/// Selecta Jahrusso
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Macht der Rechner irgendwelche Probleme ? Ich seh da nichts, was mich beunruhigen würde.



Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 19.07.2012, 22:03   #5
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hallo Daniel,
vielen Dank für deine Hilfe. Ich habe jetzt Java aktualisiert.
Zu der Frage über das Problem. Mein PC ist langsam und laut... und was mir noch aufgefallen ist, ist das als ich den Ordner mit meinen Bilder öffnen wollte waren alle Bilder erst mal weg und kamen nach einander wieder.
Anbei die Logfile. Es wurden 6 Threats gefunden, eine davon hatte im Namen trojan...

Danke im Voraus für die Antwort.

Viele Grüße
Ella


Alt 20.07.2012, 10:20   #6
Larusso
/// Selecta Jahrusso
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
--> Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?

Alt 20.07.2012, 10:46   #7
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hallo Daniel,
vielen DANK für die Mühe!
Also ich habe das jetzt herunter geladen und das kam dabei raus (konnte es nicht als txt Datei speichern es hat mich nicht danach gefragt und ich habe leider nicht herausfinden können wo ich das machen könnte, sorry):


11:31:21.0818 7156 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
11:31:23.0846 7156 ============================================================
11:31:23.0846 7156 Current date / time: 2012/07/20 11:31:23.0846
11:31:23.0846 7156 SystemInfo:
11:31:23.0846 7156
11:31:23.0846 7156 OS Version: 6.1.7601 ServicePack: 1.0
11:31:23.0846 7156 Product type: Workstation
11:31:23.0846 7156 ComputerName: ELLA-PC
11:31:23.0846 7156 UserName: Ella
11:31:23.0846 7156 Windows directory: C:\Windows
11:31:23.0846 7156 System windows directory: C:\Windows
11:31:23.0846 7156 Running under WOW64
11:31:23.0846 7156 Processor architecture: Intel x64
11:31:23.0846 7156 Number of processors: 2
11:31:23.0846 7156 Page size: 0x1000
11:31:23.0846 7156 Boot type: Normal boot
11:31:23.0846 7156 ============================================================
11:31:24.0595 7156 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:31:24.0595 7156 Drive \Device\Harddisk1\DR1 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:31:28.0323 7156 Drive \Device\Harddisk2\DR2 - Size: 0x3BB000000 (14.92 Gb), SectorSize: 0x200, Cylinders: 0x79B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:31:28.0323 7156 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:31:28.0705 7156 ============================================================
11:31:28.0705 7156 \Device\Harddisk0\DR0:
11:31:28.0745 7156 MBR partitions:
11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197800
11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322E000, BlocksNum 0x1E00000
11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502E000, BlocksNum 0x3FD800
11:31:28.0745 7156 \Device\Harddisk1\DR1:
11:31:28.0745 7156 MBR partitions:
11:31:28.0745 7156 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
11:31:28.0745 7156 \Device\Harddisk2\DR2:
11:31:28.0745 7156 MBR partitions:
11:31:28.0745 7156 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD6080
11:31:28.0745 7156 \Device\Harddisk3\DR3:
11:31:28.0745 7156 MBR partitions:
11:31:28.0745 7156 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
11:31:28.0745 7156 ============================================================
11:31:28.0775 7156 C: <-> \Device\Harddisk0\DR0\Partition1
11:31:28.0835 7156 D: <-> \Device\Harddisk0\DR0\Partition2
11:31:28.0845 7156 E: <-> \Device\Harddisk0\DR0\Partition3
11:31:28.0855 7156 I: <-> \Device\Harddisk3\DR3\Partition0
11:31:28.0915 7156 K: <-> \Device\Harddisk1\DR1\Partition0
11:31:28.0915 7156 ============================================================
11:31:28.0915 7156 Initialize success
11:31:28.0915 7156 ============================================================
11:32:28.0747 1828 ============================================================
11:32:28.0747 1828 Scan started
11:32:28.0747 1828 Mode: Manual;
11:32:28.0747 1828 ============================================================
11:32:30.0650 1828 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:32:30.0650 1828 1394ohci - ok
11:32:30.0713 1828 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:32:30.0713 1828 Accelerometer - ok
11:32:30.0806 1828 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:32:30.0806 1828 ACPI - ok
11:32:30.0822 1828 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:32:30.0822 1828 AcpiPmi - ok
11:32:30.0916 1828 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
11:32:30.0931 1828 ADIHdAudAddService - ok
11:32:31.0056 1828 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:32:31.0056 1828 AdobeARMservice - ok
11:32:31.0150 1828 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:32:31.0165 1828 adp94xx - ok
11:32:31.0228 1828 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:32:31.0243 1828 adpahci - ok
11:32:31.0274 1828 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:32:31.0274 1828 adpu320 - ok
11:32:31.0306 1828 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
11:32:31.0321 1828 AEADIFilters - ok
11:32:31.0337 1828 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:32:31.0337 1828 AeLookupSvc - ok
11:32:31.0446 1828 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:32:31.0446 1828 AFD - ok
11:32:31.0571 1828 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
11:32:31.0586 1828 AgereSoftModem - ok
11:32:31.0649 1828 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:32:31.0664 1828 agp440 - ok
11:32:31.0680 1828 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:32:31.0680 1828 ALG - ok
11:32:31.0711 1828 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:32:31.0711 1828 aliide - ok
11:32:31.0774 1828 AMD External Events Utility (b77ad31137f1d997dd97e2ed426b42ea) C:\Windows\system32\atiesrxx.exe
11:32:31.0774 1828 AMD External Events Utility - ok
11:32:31.0820 1828 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:32:31.0820 1828 amdide - ok
11:32:31.0867 1828 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:32:31.0867 1828 AmdK8 - ok
11:32:31.0883 1828 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:32:31.0898 1828 AmdPPM - ok
11:32:31.0961 1828 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:32:31.0961 1828 amdsata - ok
11:32:31.0992 1828 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:32:32.0008 1828 amdsbs - ok
11:32:32.0023 1828 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:32:32.0023 1828 amdxata - ok
11:32:32.0086 1828 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:32:32.0086 1828 AppID - ok
11:32:32.0117 1828 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:32:32.0117 1828 AppIDSvc - ok
11:32:32.0164 1828 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:32:32.0179 1828 Appinfo - ok
11:32:32.0320 1828 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:32:32.0320 1828 Apple Mobile Device - ok
11:32:32.0382 1828 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:32:32.0382 1828 AppMgmt - ok
11:32:32.0413 1828 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:32:32.0413 1828 arc - ok
11:32:32.0444 1828 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:32:32.0444 1828 arcsas - ok
11:32:32.0476 1828 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
11:32:32.0476 1828 aswFsBlk - ok
11:32:32.0507 1828 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
11:32:32.0507 1828 aswMonFlt - ok
11:32:32.0569 1828 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
11:32:32.0569 1828 aswRdr - ok
11:32:32.0710 1828 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
11:32:32.0725 1828 aswSnx - ok
11:32:32.0772 1828 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
11:32:32.0788 1828 aswSP - ok
11:32:32.0803 1828 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
11:32:32.0803 1828 aswTdi - ok
11:32:32.0819 1828 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:32:32.0819 1828 AsyncMac - ok
11:32:32.0881 1828 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:32:32.0881 1828 atapi - ok
11:32:32.0928 1828 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
11:32:32.0944 1828 AtiHdmiService - ok
11:32:33.0536 1828 atikmdag (c7c8a63a356d34823aae5a226c1048f1) C:\Windows\system32\DRIVERS\atikmdag.sys
11:32:33.0630 1828 atikmdag - ok
11:32:33.0833 1828 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:32:33.0848 1828 AudioEndpointBuilder - ok
11:32:33.0864 1828 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:32:33.0864 1828 AudioSrv - ok
11:32:33.0958 1828 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:32:33.0958 1828 avast! Antivirus - ok
11:32:34.0020 1828 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:32:34.0036 1828 AxInstSV - ok
11:32:34.0145 1828 B-Service (c3edb060c0427607eb9344ec861585ff) C:\Users\Ella\AppData\Roaming\Mikogo\B-Service.exe
11:32:34.0145 1828 B-Service - ok
11:32:34.0254 1828 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:32:34.0254 1828 b06bdrv - ok
11:32:34.0301 1828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:32:34.0316 1828 b57nd60a - ok
11:32:34.0348 1828 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:32:34.0363 1828 BDESVC - ok
11:32:34.0379 1828 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:32:34.0379 1828 Beep - ok
11:32:34.0504 1828 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:32:34.0504 1828 BFE - ok
11:32:34.0597 1828 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:32:34.0613 1828 BITS - ok
11:32:34.0675 1828 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:32:34.0675 1828 blbdrive - ok
11:32:34.0800 1828 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:32:34.0800 1828 Bonjour Service - ok
11:32:34.0862 1828 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:32:34.0862 1828 bowser - ok
11:32:34.0878 1828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:32:34.0878 1828 BrFiltLo - ok
11:32:34.0894 1828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:32:34.0894 1828 BrFiltUp - ok
11:32:34.0956 1828 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:32:34.0956 1828 Browser - ok
11:32:35.0003 1828 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:32:35.0018 1828 Brserid - ok
11:32:35.0034 1828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:32:35.0034 1828 BrSerWdm - ok
11:32:35.0050 1828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:32:35.0065 1828 BrUsbMdm - ok
11:32:35.0065 1828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:32:35.0065 1828 BrUsbSer - ok
11:32:35.0128 1828 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:32:35.0128 1828 BthEnum - ok
11:32:35.0174 1828 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:32:35.0174 1828 BTHMODEM - ok
11:32:35.0221 1828 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:32:35.0221 1828 BthPan - ok
11:32:35.0346 1828 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:32:35.0362 1828 BTHPORT - ok
11:32:35.0408 1828 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:32:35.0408 1828 bthserv - ok
11:32:35.0440 1828 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:32:35.0440 1828 BTHUSB - ok
11:32:35.0518 1828 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
11:32:35.0518 1828 btwaudio - ok
11:32:35.0549 1828 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
11:32:35.0549 1828 btwavdt - ok
11:32:35.0669 1828 btwdins (17da11c703b8e86ac3df8f796a118aef) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:32:35.0679 1828 btwdins - ok
11:32:35.0699 1828 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:32:35.0709 1828 btwl2cap - ok
11:32:35.0709 1828 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
11:32:35.0709 1828 btwrchid - ok
11:32:35.0749 1828 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:32:35.0749 1828 cdfs - ok
11:32:35.0819 1828 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:32:35.0819 1828 cdrom - ok
11:32:35.0889 1828 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:32:35.0889 1828 CertPropSvc - ok
11:32:35.0919 1828 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:32:35.0929 1828 circlass - ok
11:32:35.0969 1828 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:32:35.0979 1828 CLFS - ok
11:32:36.0039 1828 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:32:36.0049 1828 clr_optimization_v2.0.50727_32 - ok
11:32:36.0099 1828 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:32:36.0099 1828 clr_optimization_v2.0.50727_64 - ok
11:32:36.0179 1828 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:32:36.0209 1828 clr_optimization_v4.0.30319_32 - ok
11:32:36.0259 1828 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:32:36.0259 1828 clr_optimization_v4.0.30319_64 - ok
11:32:36.0299 1828 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:32:36.0299 1828 CmBatt - ok
11:32:36.0349 1828 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:32:36.0349 1828 cmdide - ok
11:32:36.0439 1828 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:32:36.0449 1828 CNG - ok
11:32:36.0489 1828 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:32:36.0499 1828 Compbatt - ok
11:32:36.0559 1828 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:32:36.0559 1828 CompositeBus - ok
11:32:36.0569 1828 COMSysApp - ok
11:32:36.0589 1828 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:32:36.0589 1828 crcdisk - ok
11:32:36.0659 1828 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:32:36.0669 1828 CryptSvc - ok
11:32:36.0759 1828 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:32:36.0769 1828 CSC - ok
11:32:36.0850 1828 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:32:36.0860 1828 CscService - ok
11:32:36.0900 1828 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:32:36.0910 1828 DcomLaunch - ok
11:32:36.0960 1828 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:32:36.0960 1828 defragsvc - ok
11:32:37.0050 1828 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:32:37.0060 1828 DfsC - ok
11:32:37.0110 1828 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:32:37.0120 1828 Dhcp - ok
11:32:37.0150 1828 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:32:37.0150 1828 discache - ok
11:32:37.0190 1828 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:32:37.0190 1828 Disk - ok
11:32:37.0250 1828 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:32:37.0260 1828 Dnscache - ok
11:32:37.0310 1828 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:32:37.0310 1828 dot3svc - ok
11:32:37.0380 1828 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:32:37.0380 1828 DPS - ok
11:32:37.0420 1828 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:32:37.0420 1828 drmkaud - ok
11:32:37.0550 1828 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:32:37.0570 1828 DXGKrnl - ok
11:32:37.0600 1828 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:32:37.0600 1828 EapHost - ok
11:32:37.0870 1828 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:32:37.0920 1828 ebdrv - ok
11:32:38.0070 1828 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:32:38.0080 1828 EFS - ok
11:32:38.0170 1828 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:32:38.0180 1828 ehRecvr - ok
11:32:38.0220 1828 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:32:38.0220 1828 ehSched - ok
11:32:38.0320 1828 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
11:32:38.0320 1828 ElbyCDIO - ok
11:32:38.0390 1828 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:32:38.0400 1828 elxstor - ok
11:32:38.0450 1828 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:32:38.0450 1828 ErrDev - ok
11:32:38.0540 1828 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:32:38.0550 1828 EventSystem - ok
11:32:38.0580 1828 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:32:38.0590 1828 exfat - ok
11:32:38.0620 1828 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:32:38.0620 1828 fastfat - ok
11:32:38.0730 1828 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:32:38.0740 1828 Fax - ok
11:32:38.0760 1828 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:32:38.0760 1828 fdc - ok
11:32:38.0780 1828 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:32:38.0790 1828 fdPHost - ok
11:32:38.0810 1828 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:32:38.0810 1828 FDResPub - ok
11:32:38.0820 1828 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:32:38.0830 1828 FileInfo - ok
11:32:38.0860 1828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:32:38.0860 1828 Filetrace - ok
11:32:38.0980 1828 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:32:38.0990 1828 FLEXnet Licensing Service - ok
11:32:39.0020 1828 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:32:39.0020 1828 flpydisk - ok
11:32:39.0060 1828 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:32:39.0070 1828 FltMgr - ok
11:32:39.0190 1828 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:32:39.0200 1828 FontCache - ok
11:32:39.0290 1828 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:32:39.0290 1828 FontCache3.0.0.0 - ok
11:32:39.0340 1828 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:32:39.0340 1828 FsDepends - ok
11:32:39.0387 1828 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:32:39.0387 1828 Fs_Rec - ok
11:32:39.0478 1828 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:32:39.0478 1828 fvevol - ok
11:32:39.0508 1828 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:32:39.0518 1828 gagp30kx - ok
11:32:39.0548 1828 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:32:39.0548 1828 GEARAspiWDM - ok
11:32:39.0648 1828 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:32:39.0658 1828 gpsvc - ok
11:32:39.0848 1828 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:32:39.0848 1828 gupdate - ok
11:32:39.0878 1828 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:32:39.0878 1828 gupdatem - ok
11:32:39.0938 1828 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:32:39.0938 1828 gusvc - ok
11:32:39.0968 1828 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:32:39.0978 1828 hcw85cir - ok
11:32:40.0048 1828 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:32:40.0058 1828 HdAudAddService - ok
11:32:40.0088 1828 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:32:40.0088 1828 HDAudBus - ok
11:32:40.0108 1828 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:32:40.0118 1828 HidBatt - ok
11:32:40.0138 1828 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:32:40.0138 1828 HidBth - ok
11:32:40.0158 1828 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:32:40.0158 1828 HidIr - ok
11:32:40.0188 1828 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:32:40.0188 1828 hidserv - ok
11:32:40.0248 1828 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:32:40.0248 1828 HidUsb - ok
11:32:40.0308 1828 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:32:40.0308 1828 hkmsvc - ok
11:32:40.0378 1828 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:32:40.0388 1828 HomeGroupListener - ok
11:32:40.0448 1828 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:32:40.0458 1828 HomeGroupProvider - ok
11:32:40.0508 1828 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:32:40.0508 1828 hpdskflt - ok
11:32:40.0618 1828 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:32:40.0618 1828 hpqwmiex - ok
11:32:40.0688 1828 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:32:40.0688 1828 HpSAMD - ok
11:32:40.0738 1828 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
11:32:40.0738 1828 hpsrv - ok
11:32:40.0818 1828 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:32:40.0828 1828 HTTP - ok
11:32:40.0878 1828 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:32:40.0878 1828 hwpolicy - ok
11:32:40.0938 1828 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:32:40.0938 1828 i8042prt - ok
11:32:41.0008 1828 IAANTMON (0d2d28a3f60fb0b69812d6861bcbfebd) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:32:41.0018 1828 IAANTMON - ok
11:32:41.0058 1828 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:32:41.0068 1828 iaStor - ok
11:32:41.0158 1828 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:32:41.0168 1828 iaStorV - ok
11:32:41.0338 1828 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:32:41.0348 1828 idsvc - ok
11:32:41.0398 1828 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:32:41.0408 1828 iirsp - ok
11:32:41.0543 1828 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:32:41.0559 1828 IKEEXT - ok
11:32:41.0575 1828 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:32:41.0575 1828 intelide - ok
11:32:41.0600 1828 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:32:41.0600 1828 intelppm - ok
11:32:41.0640 1828 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:32:41.0640 1828 IPBusEnum - ok
11:32:41.0700 1828 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:32:41.0700 1828 IpFilterDriver - ok
11:32:41.0770 1828 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:32:41.0780 1828 iphlpsvc - ok
11:32:41.0840 1828 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:32:41.0840 1828 IPMIDRV - ok
11:32:41.0860 1828 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:32:41.0860 1828 IPNAT - ok
11:32:42.0050 1828 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:32:42.0070 1828 iPod Service - ok
11:32:42.0090 1828 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:32:42.0090 1828 IRENUM - ok
11:32:42.0140 1828 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:32:42.0140 1828 isapnp - ok
11:32:42.0180 1828 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:32:42.0190 1828 iScsiPrt - ok
11:32:42.0220 1828 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:32:42.0220 1828 kbdclass - ok
11:32:42.0250 1828 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:32:42.0270 1828 kbdhid - ok
11:32:42.0310 1828 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:32:42.0320 1828 KeyIso - ok
11:32:42.0370 1828 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:32:42.0380 1828 KSecDD - ok
11:32:42.0430 1828 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:32:42.0440 1828 KSecPkg - ok
11:32:42.0460 1828 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:32:42.0460 1828 ksthunk - ok
11:32:42.0520 1828 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:32:42.0530 1828 KtmRm - ok
11:32:42.0610 1828 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:32:42.0610 1828 LanmanServer - ok
11:32:42.0670 1828 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:32:42.0680 1828 LanmanWorkstation - ok
11:32:42.0720 1828 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:32:42.0720 1828 lltdio - ok
11:32:42.0780 1828 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:32:42.0780 1828 lltdsvc - ok
11:32:42.0800 1828 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:32:42.0810 1828 lmhosts - ok
11:32:42.0860 1828 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:32:42.0860 1828 LSI_FC - ok
11:32:42.0870 1828 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:32:42.0880 1828 LSI_SAS - ok
11:32:42.0900 1828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:32:42.0900 1828 LSI_SAS2 - ok
11:32:42.0930 1828 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:32:42.0940 1828 LSI_SCSI - ok
11:32:42.0970 1828 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:32:42.0980 1828 luafv - ok
11:32:43.0020 1828 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
11:32:43.0020 1828 MBAMProtector - ok
11:32:43.0140 1828 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:32:43.0150 1828 MBAMService - ok
11:32:43.0200 1828 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:32:43.0210 1828 Mcx2Svc - ok
11:32:43.0270 1828 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:32:43.0270 1828 megasas - ok
11:32:43.0330 1828 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:32:43.0330 1828 MegaSR - ok
11:32:43.0410 1828 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:32:43.0410 1828 Microsoft Office Groove Audit Service - ok
11:32:43.0450 1828 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:32:43.0460 1828 MMCSS - ok
11:32:43.0480 1828 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:32:43.0480 1828 Modem - ok
11:32:43.0500 1828 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:32:43.0510 1828 monitor - ok
11:32:43.0560 1828 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:32:43.0560 1828 mouclass - ok
11:32:43.0580 1828 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:32:43.0580 1828 mouhid - ok
11:32:43.0650 1828 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:32:43.0650 1828 mountmgr - ok
11:32:43.0707 1828 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:32:43.0723 1828 mpio - ok
11:32:43.0738 1828 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:32:43.0738 1828 mpsdrv - ok
11:32:43.0863 1828 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:32:43.0879 1828 MpsSvc - ok
11:32:43.0941 1828 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:32:43.0941 1828 MRxDAV - ok
11:32:44.0003 1828 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:32:44.0003 1828 mrxsmb - ok
11:32:44.0081 1828 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:32:44.0081 1828 mrxsmb10 - ok
11:32:44.0113 1828 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:32:44.0113 1828 mrxsmb20 - ok
11:32:44.0175 1828 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:32:44.0175 1828 msahci - ok
11:32:44.0206 1828 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:32:44.0206 1828 msdsm - ok
11:32:44.0253 1828 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:32:44.0253 1828 MSDTC - ok
11:32:44.0284 1828 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:32:44.0300 1828 Msfs - ok
11:32:44.0315 1828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:32:44.0315 1828 mshidkmdf - ok
11:32:44.0361 1828 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:32:44.0361 1828 msisadrv - ok
11:32:44.0411 1828 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:32:44.0411 1828 MSiSCSI - ok
11:32:44.0421 1828 msiserver - ok
11:32:44.0471 1828 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:32:44.0471 1828 MSKSSRV - ok
11:32:44.0481 1828 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:32:44.0491 1828 MSPCLOCK - ok
11:32:44.0491 1828 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:32:44.0491 1828 MSPQM - ok
11:32:44.0561 1828 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:32:44.0571 1828 MsRPC - ok
11:32:44.0591 1828 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:32:44.0591 1828 mssmbios - ok
11:32:44.0601 1828 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:32:44.0601 1828 MSTEE - ok
11:32:44.0621 1828 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:32:44.0621 1828 MTConfig - ok
11:32:44.0631 1828 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:32:44.0641 1828 Mup - ok
11:32:44.0701 1828 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:32:44.0711 1828 napagent - ok
11:32:44.0751 1828 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:32:44.0761 1828 NativeWifiP - ok
11:32:44.0821 1828 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:32:44.0831 1828 NDIS - ok
11:32:44.0851 1828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:32:44.0851 1828 NdisCap - ok
11:32:44.0871 1828 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:32:44.0881 1828 NdisTapi - ok
11:32:44.0931 1828 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:32:44.0931 1828 Ndisuio - ok
11:32:44.0991 1828 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:32:45.0001 1828 NdisWan - ok
11:32:45.0051 1828 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:32:45.0061 1828 NDProxy - ok
11:32:45.0091 1828 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
11:32:45.0091 1828 Netaapl - ok
11:32:45.0131 1828 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:32:45.0131 1828 NetBIOS - ok
11:32:45.0201 1828 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:32:45.0201 1828 NetBT - ok
11:32:45.0261 1828 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:32:45.0271 1828 Netlogon - ok
11:32:45.0351 1828 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:32:45.0361 1828 Netman - ok
11:32:45.0411 1828 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:32:45.0421 1828 netprofm - ok
11:32:45.0511 1828 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:32:45.0511 1828 NetTcpPortSharing - ok
11:32:46.0191 1828 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
11:32:46.0301 1828 NETw5s64 - ok
11:32:46.0455 1828 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:32:46.0455 1828 nfrd960 - ok
11:32:46.0564 1828 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:32:46.0564 1828 NlaSvc - ok
11:32:46.0579 1828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:32:46.0579 1828 Npfs - ok
11:32:46.0611 1828 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:32:46.0611 1828 nsi - ok
11:32:46.0626 1828 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:32:46.0626 1828 nsiproxy - ok
11:32:46.0751 1828 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:32:46.0767 1828 Ntfs - ok
11:32:46.0829 1828 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:32:46.0845 1828 Null - ok
11:32:46.0907 1828 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:32:46.0907 1828 nvraid - ok
11:32:46.0938 1828 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:32:46.0954 1828 nvstor - ok
11:32:46.0969 1828 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:32:46.0969 1828 nv_agp - ok
11:32:47.0110 1828 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:32:47.0110 1828 odserv - ok
11:32:47.0172 1828 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:32:47.0172 1828 ohci1394 - ok
11:32:47.0203 1828 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:32:47.0203 1828 ose - ok
11:32:47.0281 1828 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:32:47.0281 1828 p2pimsvc - ok
11:32:47.0359 1828 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:32:47.0375 1828 p2psvc - ok
11:32:47.0391 1828 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:32:47.0406 1828 Parport - ok
11:32:47.0453 1828 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:32:47.0453 1828 partmgr - ok
11:32:47.0484 1828 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:32:47.0484 1828 PcaSvc - ok
11:32:47.0547 1828 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:32:47.0562 1828 pci - ok
11:32:47.0578 1828 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:32:47.0578 1828 pciide - ok
11:32:47.0625 1828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:32:47.0625 1828 pcmcia - ok
11:32:47.0640 1828 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:32:47.0656 1828 pcw - ok
11:32:47.0734 1828 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:32:47.0749 1828 PEAUTH - ok
11:32:47.0843 1828 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:32:47.0874 1828 PeerDistSvc - ok
11:32:47.0968 1828 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:32:47.0968 1828 PerfHost - ok
11:32:48.0249 1828 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:32:48.0280 1828 pla - ok
11:32:48.0358 1828 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:32:48.0373 1828 PlugPlay - ok
11:32:48.0405 1828 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:32:48.0405 1828 PNRPAutoReg - ok
11:32:48.0451 1828 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:32:48.0451 1828 PNRPsvc - ok
11:32:48.0545 1828 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
11:32:48.0545 1828 Point64 - ok
11:32:48.0592 1828 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:32:48.0592 1828 PolicyAgent - ok
11:32:48.0639 1828 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:32:48.0654 1828 Power - ok
11:32:48.0717 1828 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:32:48.0732 1828 PptpMiniport - ok
11:32:48.0763 1828 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:32:48.0763 1828 Processor - ok
11:32:48.0826 1828 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:32:48.0826 1828 ProfSvc - ok
11:32:48.0873 1828 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:32:48.0888 1828 ProtectedStorage - ok
11:32:48.0951 1828 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:32:48.0951 1828 Psched - ok
11:32:49.0107 1828 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:32:49.0122 1828 ql2300 - ok
11:32:49.0278 1828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:32:49.0278 1828 ql40xx - ok
11:32:49.0341 1828 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:32:49.0341 1828 QWAVE - ok
11:32:49.0372 1828 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:32:49.0372 1828 QWAVEdrv - ok
11:32:49.0387 1828 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:32:49.0387 1828 RasAcd - ok
11:32:49.0434 1828 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:32:49.0434 1828 RasAgileVpn - ok
11:32:49.0465 1828 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:32:49.0465 1828 RasAuto - ok
11:32:49.0528 1828 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:32:49.0528 1828 Rasl2tp - ok
11:32:49.0606 1828 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:32:49.0621 1828 RasMan - ok
11:32:49.0637 1828 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:32:49.0637 1828 RasPppoe - ok
11:32:49.0668 1828 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:32:49.0668 1828 RasSstp - ok
11:32:49.0715 1828 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:32:49.0715 1828 rdbss - ok
11:32:49.0731 1828 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:32:49.0746 1828 rdpbus - ok
11:32:49.0746 1828 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:32:49.0746 1828 RDPCDD - ok
11:32:49.0824 1828 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:32:49.0824 1828 RDPDR - ok
11:32:49.0840 1828 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:32:49.0840 1828 RDPENCDD - ok
11:32:49.0855 1828 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:32:49.0871 1828 RDPREFMP - ok
11:32:49.0933 1828 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:32:49.0933 1828 RDPWD - ok
11:32:50.0011 1828 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:32:50.0011 1828 rdyboost - ok
11:32:50.0043 1828 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:32:50.0043 1828 RemoteAccess - ok
11:32:50.0089 1828 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:32:50.0089 1828 RemoteRegistry - ok
11:32:50.0136 1828 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:32:50.0136 1828 RFCOMM - ok
11:32:50.0167 1828 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:32:50.0167 1828 RpcEptMapper - ok
11:32:50.0199 1828 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:32:50.0199 1828 RpcLocator - ok
11:32:50.0292 1828 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:32:50.0308 1828 RpcSs - ok
11:32:50.0339 1828 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:32:50.0339 1828 rspndr - ok
11:32:50.0396 1828 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:32:50.0396 1828 s3cap - ok
11:32:50.0446 1828 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:32:50.0456 1828 SamSs - ok
11:32:50.0476 1828 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:32:50.0476 1828 sbp2port - ok
11:32:50.0506 1828 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:32:50.0516 1828 SCardSvr - ok
11:32:50.0566 1828 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:32:50.0566 1828 scfilter - ok
11:32:50.0696 1828 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:32:50.0716 1828 Schedule - ok
11:32:50.0766 1828 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:32:50.0776 1828 SCPolicySvc - ok
11:32:50.0826 1828 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:32:50.0836 1828 SDRSVC - ok
11:32:50.0906 1828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:32:50.0916 1828 secdrv - ok
11:32:50.0966 1828 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:32:50.0966 1828 seclogon - ok
11:32:51.0006 1828 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:32:51.0016 1828 SENS - ok
11:32:51.0026 1828 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:32:51.0036 1828 SensrSvc - ok
11:32:51.0056 1828 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:32:51.0056 1828 Serenum - ok
11:32:51.0076 1828 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:32:51.0076 1828 Serial - ok
11:32:51.0126 1828 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:32:51.0126 1828 sermouse - ok
11:32:51.0196 1828 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:32:51.0196 1828 SessionEnv - ok
11:32:51.0246 1828 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:32:51.0246 1828 sffdisk - ok
11:32:51.0276 1828 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:32:51.0276 1828 sffp_mmc - ok
11:32:51.0296 1828 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:32:51.0306 1828 sffp_sd - ok
11:32:51.0336 1828 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:32:51.0336 1828 sfloppy - ok
11:32:51.0396 1828 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:32:51.0406 1828 SharedAccess - ok
11:32:51.0486 1828 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:32:51.0496 1828 ShellHWDetection - ok
11:32:51.0526 1828 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:32:51.0526 1828 SiSRaid2 - ok
11:32:51.0556 1828 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:32:51.0556 1828 SiSRaid4 - ok
11:32:51.0996 1828 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:32:52.0036 1828 Skype C2C Service - ok
11:32:52.0146 1828 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:32:52.0156 1828 SkypeUpdate - ok
11:32:52.0296 1828 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:32:52.0296 1828 Smb - ok
11:32:52.0326 1828 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:32:52.0336 1828 SNMPTRAP - ok
11:32:52.0346 1828 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:32:52.0356 1828 spldr - ok
11:32:52.0446 1828 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:32:52.0456 1828 Spooler - ok
11:32:52.0830 1828 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:32:52.0877 1828 sppsvc - ok
11:32:53.0002 1828 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:32:53.0017 1828 sppuinotify - ok
11:32:53.0127 1828 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:32:53.0142 1828 srv - ok
11:32:53.0189 1828 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:32:53.0189 1828 srv2 - ok
11:32:53.0220 1828 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:32:53.0236 1828 srvnet - ok
11:32:53.0286 1828 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:32:53.0296 1828 SSDPSRV - ok
11:32:53.0326 1828 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:32:53.0336 1828 SstpSvc - ok
11:32:53.0356 1828 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:32:53.0366 1828 stexstor - ok
11:32:53.0466 1828 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:32:53.0476 1828 stisvc - ok
11:32:53.0526 1828 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:32:53.0536 1828 storflt - ok
11:32:53.0566 1828 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:32:53.0576 1828 StorSvc - ok
11:32:53.0596 1828 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:32:53.0596 1828 storvsc - ok
11:32:53.0636 1828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:32:53.0636 1828 swenum - ok
11:32:53.0696 1828 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:32:53.0706 1828 swprv - ok
11:32:53.0906 1828 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys
11:32:53.0936 1828 SynTP - ok
11:32:54.0236 1828 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:32:54.0266 1828 SysMain - ok
11:32:54.0406 1828 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:32:54.0406 1828 TabletInputService - ok
11:32:54.0456 1828 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:32:54.0466 1828 TapiSrv - ok
11:32:54.0496 1828 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:32:54.0506 1828 TBS - ok
11:32:54.0746 1828 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:32:54.0766 1828 Tcpip - ok
11:32:55.0116 1828 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:32:55.0126 1828 TCPIP6 - ok
11:32:55.0256 1828 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:32:55.0256 1828 tcpipreg - ok
11:32:55.0303 1828 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:32:55.0303 1828 TDPIPE - ok
11:32:55.0349 1828 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:32:55.0349 1828 TDTCP - ok
11:32:55.0412 1828 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:32:55.0427 1828 tdx - ok
11:32:55.0771 1828 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:32:55.0802 1828 TeamViewer7 - ok
11:32:55.0973 1828 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:32:55.0973 1828 TermDD - ok
11:32:56.0083 1828 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:32:56.0098 1828 TermService - ok
11:32:56.0129 1828 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:32:56.0129 1828 Themes - ok
11:32:56.0176 1828 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:32:56.0176 1828 THREADORDER - ok
11:32:56.0223 1828 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:32:56.0223 1828 TrkWks - ok
11:32:56.0301 1828 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:32:56.0301 1828 TrustedInstaller - ok
11:32:56.0348 1828 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:32:56.0363 1828 tssecsrv - ok
11:32:56.0395 1828 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:32:56.0395 1828 TsUsbFlt - ok
11:32:56.0457 1828 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:32:56.0473 1828 tunnel - ok
11:32:56.0504 1828 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:32:56.0504 1828 uagp35 - ok
11:32:56.0582 1828 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:32:56.0582 1828 udfs - ok
11:32:56.0613 1828 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:32:56.0629 1828 UI0Detect - ok
11:32:56.0707 1828 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:32:56.0707 1828 uliagpkx - ok
11:32:56.0769 1828 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:32:56.0769 1828 umbus - ok
11:32:56.0785 1828 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:32:56.0785 1828 UmPass - ok
11:32:56.0909 1828 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:32:56.0925 1828 UmRdpService - ok
11:32:56.0972 1828 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:32:56.0987 1828 upnphost - ok
11:32:57.0034 1828 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:32:57.0034 1828 USBAAPL64 - ok
11:32:57.0097 1828 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:32:57.0097 1828 usbccgp - ok
11:32:57.0159 1828 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:32:57.0159 1828 usbcir - ok
11:32:57.0206 1828 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:32:57.0221 1828 usbehci - ok
11:32:57.0284 1828 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:32:57.0284 1828 usbhub - ok
11:32:57.0299 1828 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:32:57.0315 1828 usbohci - ok
11:32:57.0331 1828 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:32:57.0331 1828 usbprint - ok
11:32:57.0362 1828 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:32:57.0362 1828 USBSTOR - ok
11:32:57.0377 1828 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:32:57.0377 1828 usbuhci - ok
11:32:57.0424 1828 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:32:57.0424 1828 usbvideo - ok
11:32:57.0455 1828 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:32:57.0471 1828 UxSms - ok
11:32:57.0518 1828 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:32:57.0518 1828 VaultSvc - ok
11:32:57.0580 1828 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
11:32:57.0580 1828 VClone - ok
11:32:57.0611 1828 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:32:57.0611 1828 vdrvroot - ok
11:32:57.0674 1828 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:32:57.0689 1828 vds - ok
11:32:57.0705 1828 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:32:57.0705 1828 vga - ok
11:32:57.0721 1828 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:32:57.0721 1828 VgaSave - ok
11:32:57.0793 1828 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:32:57.0803 1828 vhdmp - ok
11:32:57.0843 1828 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:32:57.0843 1828 viaide - ok
11:32:57.0913 1828 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:32:57.0923 1828 vmbus - ok
11:32:57.0943 1828 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:32:57.0943 1828 VMBusHID - ok
11:32:57.0973 1828 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:32:57.0973 1828 volmgr - ok
11:32:58.0053 1828 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:32:58.0063 1828 volmgrx - ok
11:32:58.0093 1828 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:32:58.0093 1828 volsnap - ok
11:32:58.0143 1828 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:32:58.0153 1828 vsmraid - ok
11:32:58.0343 1828 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:32:58.0373 1828 VSS - ok
11:32:58.0513 1828 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:32:58.0513 1828 vwifibus - ok
11:32:58.0543 1828 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:32:58.0543 1828 vwififlt - ok
11:32:58.0563 1828 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:32:58.0573 1828 vwifimp - ok
11:32:58.0623 1828 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:32:58.0643 1828 W32Time - ok
11:32:58.0663 1828 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:32:58.0673 1828 WacomPen - ok
11:32:58.0743 1828 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:32:58.0743 1828 WANARP - ok
11:32:58.0763 1828 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:32:58.0763 1828 Wanarpv6 - ok
11:32:58.0953 1828 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:32:58.0983 1828 wbengine - ok
11:32:59.0103 1828 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:32:59.0113 1828 WbioSrvc - ok
11:32:59.0193 1828 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:32:59.0203 1828 wcncsvc - ok
11:32:59.0223 1828 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:32:59.0223 1828 WcsPlugInService - ok
11:32:59.0283 1828 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:32:59.0283 1828 Wd - ok
11:32:59.0413 1828 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:32:59.0423 1828 Wdf01000 - ok
11:32:59.0463 1828 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:32:59.0473 1828 WdiServiceHost - ok
11:32:59.0483 1828 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:32:59.0483 1828 WdiSystemHost - ok
11:32:59.0553 1828 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:32:59.0563 1828 WebClient - ok
11:32:59.0603 1828 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:32:59.0613 1828 Wecsvc - ok
11:32:59.0643 1828 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:32:59.0643 1828 wercplsupport - ok
11:32:59.0683 1828 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:32:59.0693 1828 WerSvc - ok
11:32:59.0723 1828 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:32:59.0723 1828 WfpLwf - ok
11:32:59.0743 1828 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:32:59.0743 1828 WIMMount - ok
11:32:59.0773 1828 WinDefend - ok
11:32:59.0783 1828 WinHttpAutoProxySvc - ok
11:32:59.0844 1828 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:32:59.0844 1828 Winmgmt - ok
11:33:00.0109 1828 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:33:00.0141 1828 WinRM - ok
11:33:00.0343 1828 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:33:00.0343 1828 WinUsb - ok
11:33:00.0453 1828 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:33:00.0468 1828 Wlansvc - ok
11:33:00.0499 1828 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:33:00.0499 1828 WmiAcpi - ok
11:33:00.0562 1828 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:33:00.0562 1828 wmiApSrv - ok
11:33:00.0609 1828 WMPNetworkSvc - ok
11:33:00.0624 1828 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:33:00.0640 1828 WPCSvc - ok
11:33:00.0702 1828 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:33:00.0718 1828 WPDBusEnum - ok
11:33:00.0733 1828 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:33:00.0733 1828 ws2ifsl - ok
11:33:00.0749 1828 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:33:00.0765 1828 wscsvc - ok
11:33:00.0765 1828 WSearch - ok
11:33:01.0061 1828 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:33:01.0092 1828 wuauserv - ok
11:33:01.0279 1828 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:33:01.0279 1828 WudfPf - ok
11:33:01.0326 1828 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:33:01.0326 1828 WUDFRd - ok
11:33:01.0373 1828 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:33:01.0389 1828 wudfsvc - ok
11:33:01.0435 1828 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:33:01.0435 1828 WwanSvc - ok
11:33:01.0623 1828 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:33:01.0638 1828 YahooAUService - ok
11:33:01.0716 1828 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
11:33:01.0716 1828 yukonw7 - ok
11:33:01.0779 1828 yukonx64 (87ed1e703e88b30182b46275f0e02b99) C:\Windows\system32\DRIVERS\yk60x64.sys
11:33:01.0779 1828 yukonx64 - ok
11:33:01.0841 1828 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:33:02.0215 1828 \Device\Harddisk0\DR0 - ok
11:33:02.0215 1828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:33:02.0215 1828 \Device\Harddisk1\DR1 - ok
11:33:02.0231 1828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
11:33:02.0231 1828 \Device\Harddisk2\DR2 - ok
11:33:02.0231 1828 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk3\DR3
11:33:02.0247 1828 \Device\Harddisk3\DR3 - ok
11:33:02.0247 1828 Boot (0x1200) (a262899c9979d950a91b5811f183bbd3) \Device\Harddisk0\DR0\Partition0
11:33:02.0247 1828 \Device\Harddisk0\DR0\Partition0 - ok
11:33:02.0262 1828 Boot (0x1200) (e614bb0480363c307ec39685a4f11c4d) \Device\Harddisk0\DR0\Partition1
11:33:02.0262 1828 \Device\Harddisk0\DR0\Partition1 - ok
11:33:02.0293 1828 Boot (0x1200) (bb5ccc4987b0b371e199482e1906c860) \Device\Harddisk0\DR0\Partition2
11:33:02.0293 1828 \Device\Harddisk0\DR0\Partition2 - ok
11:33:02.0309 1828 Boot (0x1200) (41cf8c527065bd1037e64678716ec4a2) \Device\Harddisk0\DR0\Partition3
11:33:02.0309 1828 \Device\Harddisk0\DR0\Partition3 - ok
11:33:02.0325 1828 Boot (0x1200) (679468958eaf69d7baf921957bb6c2fa) \Device\Harddisk1\DR1\Partition0
11:33:02.0325 1828 \Device\Harddisk1\DR1\Partition0 - ok
11:33:02.0325 1828 Boot (0x1200) (9f463ba5f48157a26e3aabc300f84c6d) \Device\Harddisk2\DR2\Partition0
11:33:02.0340 1828 \Device\Harddisk2\DR2\Partition0 - ok
11:33:02.0340 1828 Boot (0x1200) (e4d2df4b8cba948575f0189d0042edeb) \Device\Harddisk3\DR3\Partition0
11:33:02.0340 1828 \Device\Harddisk3\DR3\Partition0 - ok
11:33:02.0340 1828 ============================================================
11:33:02.0340 1828 Scan finished
11:33:02.0340 1828 ============================================================
11:33:02.0356 5972 Detected object count: 0
11:33:02.0356 5972 Actual detected object count: 0


Ich habe noch eine Frage zum defrogger gibst du mir bescheid wann ich den wieder "re-enable" soll? Es hieß ja ich soll das nicht ohne Anweisung machen.

Vielen Dank schon mal.

und viele Grüße

Ella

Alt 20.07.2012, 10:51   #8
Larusso
/// Selecta Jahrusso
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Ja, sag ich dir.


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 20.07.2012, 10:58   #9
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Ich glaube ich war zu voreilig
Habe da jetzt was gefunden weiß nicht ob das etwas bringt. Aber sicher ist sicher

Vielen DANK!

Ella

Alt 20.07.2012, 12:16   #10
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hallo Daniel,

habe jetzt Combofix erledigt, anbei die txt Datei.

Vielen Dank.

Liebe Grüße

Ella

Alt 20.07.2012, 12:17   #11
Larusso
/// Selecta Jahrusso
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Was soll ich mit der Logfile ?
Ich brauche die Combofixlog.

Und bitte nicht anhängen. Danke


Note: Planänderung bei mir. Ich muss jetzt weg ( Show Vorbereitungen ) und komm frühestens morgen am späten NM wieder an den Laptop
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 20.07.2012, 12:20   #12
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hi,
sorry kenn mich da leider nicht so aus
Meinst du das?
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-20.01 - Ella 20.07.2012  12:10:19.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4060.2175 [GMT 2:00]
ausgeführt von:: c:\users\Ella\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ella\AppData\Roaming\Desktopicon
I:\autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-20 bis 2012-07-20  ))))))))))))))))))))))))))))))
.
.
2012-07-20 10:20 . 2012-07-20 10:20	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-07-20 10:20 . 2012-07-20 10:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-19 16:25 . 2012-07-19 16:25	--------	d-----w-	c:\program files (x86)\ESET
2012-07-19 14:19 . 2012-07-19 14:19	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-07-19 14:19 . 2012-07-19 14:19	--------	d-----w-	c:\program files (x86)\Oracle
2012-07-19 14:18 . 2012-07-05 20:06	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-17 16:48 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{703A6EAC-5F34-48AF-A7D3-5A64C6DF0F3B}\mpengine.dll
2012-07-16 17:26 . 2012-07-16 17:26	--------	d-----w-	c:\users\Ella\AppData\Roaming\Malwarebytes
2012-07-16 17:25 . 2012-07-16 17:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-16 17:25 . 2012-07-16 17:25	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 17:25 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-14 21:11 . 2012-07-14 22:06	--------	d-----w-	c:\users\Ella\AppData\Roaming\DiskSpaceFan
2012-07-14 21:11 . 2012-07-14 21:11	--------	d-----w-	c:\program files (x86)\Cookapp
2012-07-14 20:13 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-14 19:21 . 2012-07-14 19:21	--------	d-----w-	c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 20:09 . 2010-08-01 16:25	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-07-05 20:06 . 2010-12-28 22:21	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 16:21 . 2012-02-26 19:04	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-05-17 21:39	958400	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-02-28 18:15	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2010-02-28 18:15	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-02-28 18:15	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-02-28 18:15	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-06-30 13:27	41224	----a-w-	c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-02-28 18:14	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-16 19:42	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-11 21:09 . 2012-05-13 09:51	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 21:09 . 2012-02-21 07:07	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-18 22:27	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 22:27	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 22:27	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 22:27	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 22:27	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 22:27	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 22:27	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-18 22:27	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-18 22:27	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-02-28 16:50	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 00:49	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 00:49	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 00:49	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 00:49	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 00:49	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 00:49	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 00:49	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 00:49	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 00:48	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 00:48	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 00:48	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 00:48	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 00:48	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 00:48	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2011-01-15 20:53 . 2010-02-14 14:35	4411392	----a-w-	c:\program files (x86)\mplayerc.exe
2010-02-10 14:18 . 2010-04-02 09:35	2131336	----a-w-	c:\program files (x86)\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-06 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ella\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 B-Service;B-Service;c:\users\Ella\AppData\Roaming\Mikogo\B-Service.exe [2010-11-13 185640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2009-06-04 406528]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 17849125
*NewlyCreated* - 22887611
*Deregistered* - 17849125
*Deregistered* - 22887611
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 21:53]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 21:53]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000Core.job
- c:\users\Ella\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 20:39]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000UA.job
- c:\users\Ella\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	133400	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.1.1:80
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-20  12:24:55
ComboFix-quarantined-files.txt  2012-07-20 10:24
.
Vor Suchlauf: 11 Verzeichnis(se), 133.553.639.424 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 133.177.438.208 Bytes frei
.
- - End Of File - - F250AE59B5667767F5C426E5D289D9F7
         
--- --- ---
Dankeschön
viele Grüße
Ella

Alt 21.07.2012, 14:07   #13
Larusso
/// Selecta Jahrusso
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hy und Sorry, scheint wir haben gleichzeitig geantwortet und nur die TDSSKiller Log gesehen

Anyway, ich seh in den Logs nichts, was mir sorgen machen würde.

Sonst noch Auffälligkeiten, zB braucht er lange zum Hochfahren ?


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 22.07.2012, 15:46   #14
EllaG
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Hallo Daniel,
vielen Dank für deine Mühen. Ich muss sagen mein Laptop ist so weit ok. Dieses Verschwinden und wieder auftauchen von Dateien kam nicht wieder vor.
Ich habe meinen Laptop gescannt und hänge es dir an. Zur Info das Tool hat mich nicht gefragt ob ich den Scann mit Avast! beginnen möchte somit habe ich dann einfach auf scannen gedrückt.


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-22 15:57:16
-----------------------------
15:57:16.617 OS Version: Windows x64 6.1.7601 Service Pack 1
15:57:16.617 Number of processors: 2 586 0x170A
15:57:16.619 ComputerName: ELLA-PC UserName: Ella
15:57:20.526 Initialize success
15:57:24.126 AVAST engine defs: 12072200
16:00:14.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:00:14.732 Disk 0 Vendor: TOSHIBA_ LH01 Size: 305245MB BusType: 3
16:00:14.744 Disk 0 MBR read successfully
16:00:14.748 Disk 0 MBR scan
16:00:14.768 Disk 0 Windows 7 default MBR code
16:00:14.786 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
16:00:14.803 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287535 MB offset 616448
16:00:14.833 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589488128
16:00:14.854 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620945408
16:00:14.894 Disk 0 scanning C:\Windows\system32\drivers
16:00:27.048 Service scanning
16:00:47.962 Modules scanning
16:00:47.978 Disk 0 trace - called modules:
16:00:48.020 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
16:00:48.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ce3690]
16:00:48.040 3 CLASSPNP.SYS[fffff88001b9043f] -> nt!IofCallDriver -> [0xfffffa8004ce3040]
16:00:48.050 5 hpdskflt.sys[fffff88001b37189] -> nt!IofCallDriver -> [0xfffffa8003cf5e40]
16:00:48.060 7 ACPI.sys[fffff88000f177a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b4b050]
16:00:49.180 AVAST engine scan C:\Windows
16:00:51.799 AVAST engine scan C:\Windows\system32
16:03:28.061 AVAST engine scan C:\Windows\system32\drivers
16:03:40.401 AVAST engine scan C:\Users\Ella
16:19:08.885 AVAST engine scan C:\ProgramData
16:20:55.973 Scan finished successfully
16:21:40.209 Disk 0 MBR has been saved successfully to "C:\Users\Ella\Documents\MBR.dat"
16:21:40.220 The log file has been saved successfully to "C:\Users\Ella\Documents\aswMBR.txt"

Danke, und viele Grüße
Ella

Alt 22.07.2012, 17:23   #15
Larusso
/// Selecta Jahrusso
 
Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Standard

Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?



Würde mich auch wundern, ich seh da nichts mehr


Starte bitte Defogger und klicke den Re-enable Button.
Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen.

Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier.



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?
administrator, adware.adon, anti-malware, appdata, autostart, avast, dateien, email, explorer, folge, free, gelöscht, heuristiks/extra, heuristiks/shuriken, infiziert, infiziert?, internet, laptop, link, malwarebytes, passwort, programm, quarantäne, roaming, scan, seite, speicher, test, version



Ähnliche Themen: Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?


  1. Hab leider einen Link in einer Email angeklickt
    Plagegeister aller Art und deren Bekämpfung - 17.08.2015 (9)
  2. Auf den link einer fake amazon email geklickt
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (19)
  3. DHL Paketankündigung fake email - leider versehentlich den Sendungsstatus link angeklickt - Infiziert?
    Plagegeister aller Art und deren Bekämpfung - 13.05.2015 (38)
  4. Windows 8.1, email von dhl mit Sendungsnummer angeklickt, hat sich jetzt ein Trojaner auf meinem PC versteckt?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (31)
  5. DHL Fake Email - Phishing Link leider angeklickt
    Plagegeister aller Art und deren Bekämpfung - 08.03.2015 (5)
  6. DHL Fake Email - Phishing Link leider angeklickt
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (8)
  7. Link in verdächtiger Email angeklickt
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (13)
  8. Link angeklickt der von einer gehackten EMail Adresse kam und auf dann auf Seite mit Werbung weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 15.09.2014 (9)
  9. Linux Ubuntu: Link in email angeklickt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2014 (3)
  10. Email von einer Bekannten erhalten mit fragwürdigem Link, sie hat jedoch keine Email verschickt.
    Plagegeister aller Art und deren Bekämpfung - 11.07.2014 (3)
  11. Link in einer Vodafone Phishing Mail angeklick - ist der Rechner jetzt infiziert?
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (3)
  12. Auf den link in einer phishing email geklickt.
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (5)
  13. Link in Email angeklickt durch gehackten Mail account
    Log-Analyse und Auswertung - 14.04.2013 (26)
  14. Link in Email angeklickt. PC mit Malware infiziert?
    Log-Analyse und Auswertung - 10.11.2012 (8)
  15. email link angeklickt - ist PC jetzt infiziert?
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (11)
  16. Link in eMail angeklickt: PC infiziert?
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (5)
  17. Per ICQ geschickter Link, leider angeklickt. Jetzt Viren.(?)
    Log-Analyse und Auswertung - 22.02.2007 (8)

Zum Thema Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? - Hallo, ich habe vorgestern Abend eine Email von einem Freund geöffnet und habe auf den Link, der in der Email war, drauf geklickt. Es war eine Seite mit Diätpillen oder - Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?...
Archiv
Du betrachtest: Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.