| |
| |||||||
Log-Analyse und Auswertung: ebenfalls BRD TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
26.07.2012, 00:41
| #1 |
 |  ebenfalls BRD Trojaner Hallo, habe mir soeben auch den BRD Trojaner eingefangen. Hier ist ja ganz schön was los im Forum, bin wohl nicht der einzige mit dem Problem! Jedenfalls hab ich im abgesicherten Modus mal die OTL-Files erstellen lassen. Allerdings habe ich bei LOP und Purity Prüfung keine Häkchen gesetzt für den Scan. Ist dies notwendig? Hier der Scan: OTL logfile created on: 26.07.2012 00:58:38 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Helen\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,16% Memory free 3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 43,13 Gb Free Space | 43,13% Space Free | Partition Type: NTFS Drive D: | 350,74 Gb Total Space | 233,61 Gb Free Space | 66,60% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Helen\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=641eba1a000000000000f46d04554a99 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=641eba1a000000000000f46d04554a99 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=641eba1a000000000000f46d04554a99&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 20:48:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 20:48:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Extensions [2012.07.16 11:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions [2012.03.30 12:57:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.14 15:44:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions\ffxtlbr@babylon.com [2012.07.13 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.07.19 20:48:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\Helen\AppData\Local\Microsoft\Windows\2564\TapiMigPlugin.exe () O4 - Startup: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Helen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A2AAD8-9B24-494D-B295-24A3B151F6A5}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 00:56:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe [2012.07.25 23:59:32 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\hellomoto [2012.07.16 18:21:33 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9C485454-6208-4F37-B22E-29809535D682} [2012.07.16 18:21:20 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{D19777FF-C7F6-4956-A21A-98D937501ACB} [2012.07.16 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{43DCBD8F-EC83-4600-9D44-9D2A80841C88} [2012.07.16 16:35:25 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{D21CF5EF-47AD-428E-96E1-093D86B024D3} [2012.07.16 16:35:14 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{CE529AFA-2002-400B-90F4-1331865A1009} [2012.07.16 16:35:03 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{97B602B2-F2C5-4D5F-BC9D-CC23104B6741} [2012.07.16 16:34:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{B711FC83-F6DF-445D-BB7A-067D37F4BEDC} [2012.07.16 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{2179FFC6-159D-41BC-8F11-D31B17251352} [2012.07.16 16:34:09 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9762F804-DCC3-49B3-B74E-6889238B7F9A} [2012.07.16 16:33:56 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{05631721-F9B6-4D09-BC68-1CAB50D3F382} [2012.07.13 22:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.13 22:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.07.13 22:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.07.13 19:29:04 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{8ECDA36E-4D20-4B0E-AA54-63BCAB1D35DD} [2012.07.13 19:28:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{22B3DA65-3602-4BF5-B333-80408130AE3A} [2012.07.13 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{0BDC0BAE-A6DE-4797-83A0-6F51CC78DB32} [2012.07.13 18:31:45 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{C01BF31B-2150-4C9E-B2C9-279173BDEF68} [2012.07.11 12:33:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.07.11 12:33:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.07.11 12:33:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012.07.11 12:33:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.07.11 12:33:02 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.07.11 12:33:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.07.11 12:32:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.07.11 12:29:47 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.07.11 08:47:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2012.07.11 08:47:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll [2012.07.11 08:47:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll [2012.07.10 21:06:05 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe [2012.07.10 19:34:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\Desktop\konrAD [2012.07.10 09:39:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{7186AC0E-83B3-4104-887A-A98322D1398A} [2012.07.10 09:39:24 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9C373695-9223-4461-80BF-31A9875FCEA7} [2012.07.05 13:03:17 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\elsterformular [2012.07.05 13:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.07.05 13:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.07.05 13:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [2012.07.05 13:01:21 | 060,109,528 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Helen\Desktop\ElsterFormular-13.2.0.8623p.exe [2012.06.29 12:25:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{FC320FD4-E6C1-4A4D-B013-1EB273427876} [2012.06.29 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{DDCA012F-EB82-4813-9691-5F03C5E3C4FE} [2012.06.29 12:25:30 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{BEDC29ED-343C-4171-B498-6054A8746F66} [2012.06.29 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{1EEEB591-D49D-48C7-AB2A-708346C5EFDD} [2012.06.29 09:59:57 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9BB38683-5647-4982-9D95-6C99095780AA} [2012.06.29 09:59:47 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{4D3F5D6C-7CDB-4F92-BCC1-7039217B61EA} [2012.06.29 09:59:36 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{25389F5B-3A8E-4A29-8A83-60D21F8EBBA6} [2012.06.29 09:59:25 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{EF02060F-E687-4CD9-B187-96D59ED23EC8} [2012.06.29 09:59:14 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{C4518C95-6D89-4BBD-B302-9E7A3F272793} [2012.06.29 09:59:01 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{A18BEA2C-507E-4189-856F-C285D5B573AE} [2012.06.26 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Helen\Desktop\orga [2012.06.26 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9196A4AC-C4F2-46F8-8B26-904DF2810473} [2012.06.26 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{01594283-E840-404A-B25D-3A6EC5559BF8} ========== Files - Modified Within 30 Days ========== [2012.07.26 01:01:42 | 003,932,872 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.07.26 01:01:42 | 001,611,648 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.07.26 01:01:42 | 001,177,688 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.07.26 01:01:42 | 001,050,940 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.07.26 00:56:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe [2012.07.26 00:55:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.26 00:54:56 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 00:36:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 00:36:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 00:21:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.07.13 22:43:11 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.12 12:21:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.07.12 12:21:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.07.11 18:32:34 | 000,410,064 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.07.05 13:02:46 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.07.05 13:01:45 | 060,109,528 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\Helen\Desktop\ElsterFormular-13.2.0.8623p.exe ========== Files Created - No Company Name ========== [2012.07.13 22:43:11 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.13 22:43:10 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.05 13:02:46 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.06.03 15:39:55 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat [2012.06.03 15:39:55 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini [2012.06.03 15:39:54 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat [2012.06.03 15:39:54 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat [2012.06.03 15:39:54 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat [2012.06.03 15:39:54 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat [2012.06.03 15:39:54 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat [2012.06.03 15:39:54 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat [2012.06.03 15:39:54 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat [2012.06.03 15:39:54 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat [2012.06.03 15:39:54 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat [2012.06.03 15:39:54 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat [2012.06.03 15:39:54 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat [2012.06.03 15:39:54 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat [2012.06.03 15:39:54 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat [2012.06.03 15:39:54 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat [2012.06.03 15:39:54 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat [2012.06.03 15:39:54 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat [2012.06.03 15:39:54 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat [2012.06.03 15:29:29 | 000,000,025 | ---- | C] () -- C:\windows\CDEBX300DEFGIPS.ini [2012.04.16 21:12:24 | 000,000,126 | ---- | C] () -- C:\windows\System32\AF15IRTBL.bin [2011.09.09 16:42:56 | 000,000,154 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\default.rss [2011.09.09 15:19:29 | 000,002,684 | ---- | C] () -- C:\Users\Helen\Nero StartSmart Essentials.lnk [2011.09.09 14:54:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2011.09.09 14:53:27 | 000,001,104 | ---- | C] () -- C:\Users\Helen\E-Manual.lnk [2011.04.15 20:20:34 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe [2011.04.15 20:20:33 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2011.04.15 20:18:36 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.04.15 20:16:20 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2011.04.15 20:16:18 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys [2011.04.15 20:15:55 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat [2011.04.15 20:15:55 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.15 20:15:53 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini [2011.04.15 20:08:43 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2011.04.15 20:05:03 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2011.04.15 20:05:03 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2011.02.16 12:41:17 | 003,932,872 | ---- | C] () -- C:\windows\System32\perfh007.dat [2011.02.16 12:41:17 | 001,177,688 | ---- | C] () -- C:\windows\System32\perfc007.dat [2011.02.16 12:41:17 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2011.02.16 12:41:17 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010.07.29 09:43:10 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys < End of report > Und hier der Scan von der Extras-Datei: OTL Extras logfile created on: 26.07.2012 00:58:38 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Helen\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,16% Memory free 3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 43,13 Gb Free Space | 43,13% Space Free | Partition Type: NTFS Drive D: | 350,74 Gb Total Space | 233,61 Gb Free Space | 66,60% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02128961-31FB-49BE-8773-A97FA0FF2C4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{04E8382A-5C52-428E-8120-51D89D2DB4ED}" = rport=445 | protocol=6 | dir=out | app=system | "{0A563FD1-D31D-490C-8383-A4BF73FE71B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0E9B0BEC-17DA-4C1A-ABCA-7E956692A681}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1EA21E7F-937E-41D0-B3EB-DFBA44AFE75C}" = lport=10243 | protocol=6 | dir=in | app=system | "{1EBC79DA-C9E5-44A0-B221-8CAA2414CC1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{2284C6CD-9471-4ABB-B4BF-43DDA9C822B5}" = lport=138 | protocol=17 | dir=in | app=system | "{2D815D21-F39F-4275-80A8-3E72C18BBD43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2FFE8166-F0A6-44A4-8D85-BB45E52365C7}" = lport=139 | protocol=6 | dir=in | app=system | "{3D4A268E-ABF6-4001-AE4D-20F2C800F4B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3F5DF7FC-452D-4F0E-96C5-D3FBFDFFE32F}" = rport=137 | protocol=17 | dir=out | app=system | "{57AA23D8-2CEC-40DF-B872-1B8E44DFDAFA}" = rport=138 | protocol=17 | dir=out | app=system | "{5978F86D-636B-4342-AA70-9F010CA1ED27}" = lport=137 | protocol=17 | dir=in | app=system | "{5AF7B3A7-81ED-4096-8AEB-06924F5304EE}" = lport=445 | protocol=6 | dir=in | app=system | "{665C269A-AE69-4A8E-AB78-2CBC7F989D48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{68F6EB20-9121-41E8-82BB-80918D92AA38}" = rport=139 | protocol=6 | dir=out | app=system | "{857D4AAB-C549-4AE7-ACAE-F2CCCF402F7A}" = rport=10243 | protocol=6 | dir=out | app=system | "{98C3B615-51ED-4F87-9F9F-3E72B0ABB51E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9B234762-AD68-46D8-9F24-D1838135701A}" = lport=2869 | protocol=6 | dir=in | app=system | "{A4487380-8E51-4C1A-B1D5-67DCD93F7CC5}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{AFAB807C-04A0-4F53-9588-B6678C89A34C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BE20F2BD-F3E5-4E31-BF1A-2DB78179EE1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BEF4B8A2-8E52-41C7-BDB9-89A2FD1C8539}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA8EAA85-4E7F-49E7-A0B5-660CEECBE1C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EA7754F1-4F99-4E39-AFC0-6EF6649A2761}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EC1CB879-1CB1-4B7C-B99F-936E753566BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F22CF440-3F8E-41DE-9C77-67CE35D19913}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F415D6D7-D0B8-4154-A336-59CBA44B072A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00EC0A11-AABC-44FB-9134-FB47C33612D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0B9062F3-2E9C-46D3-9FD8-B7B7139488EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0CD9809E-D50B-4661-9EF3-0D0B543FDA15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1ABD58F4-4DB4-4C8E-9841-57DD917128CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1E426BA7-70F9-4F14-9DF2-386A91F7DFA7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{20353FD6-4B63-4BC3-B423-083C5DD8AE31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{205703C7-D530-4CCA-A549-C320EDC7F033}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3B5FFC27-7FA7-470D-BF00-469F6B732739}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3EC4549B-B19D-476E-9552-73DA66C7D173}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3F380DD3-7467-4A22-8AEF-85D9805F9AFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{427BAA16-CB47-4944-B762-78C37F76E1F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{49F66FE2-6BB9-4E98-AB27-F02B83B23A20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5661CC1A-7D8D-4462-88BF-22E7CF96E5A3}" = protocol=17 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "{5EEE7F49-0B1B-4A4B-BE9D-97E7577EEC16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{665B855C-EEDF-485F-8E65-4388F298F98B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8BEBA761-6B55-4D27-8FA5-3E5ADD51281B}" = protocol=6 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "{96EE3C52-51C2-4288-836D-C438CA2A0F96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{97A96353-DB5A-4BEB-B902-9921C5DB1C9C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BD4AFB2E-7894-4AF6-83C5-7404C2D4FC1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C3CCE8DB-1D6C-4720-B047-B2F114033E4A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CEA8B43F-D862-486A-807D-10BBDD419972}" = protocol=6 | dir=out | app=system | "{DB2B2FA9-A041-4930-B868-8474AAD0BEA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DBFE2052-60C9-47F0-87D9-455336C93F1D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E8995C65-AADD-4399-99F2-97C39BC86FEC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{ED4D9000-7018-41DC-ACC7-9B084E62D77D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F0319BEE-8098-48E2-9401-48DCBFB02A51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{0D61D9D1-DB3A-4E85-9AC9-291ABF3A84F8}C:\program files\tuloxfreewbf\freedict.exe" = protocol=6 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | "TCP Query User{0FBC53B3-BD51-413A-8608-F1BA6C8A4740}C:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{B37667F7-C174-4537-87C0-068382AF110E}C:\program files\tuloxfreewbf\freedict.exe" = protocol=6 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | "TCP Query User{C2D7BB05-CB57-43F5-ACFE-5236DF48995D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{A6688AED-3598-4F65-861C-AC57F98BFD8B}C:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{D1035AD5-D6F9-4338-9ECF-5C2698C57ECE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{D63FAF2F-B63B-48C0-8CFA-1494E8FD748C}C:\program files\tuloxfreewbf\freedict.exe" = protocol=17 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | "UDP Query User{F7E0936C-1A1E-4A52-83A8-AF6ED8D2FF59}C:\program files\tuloxfreewbf\freedict.exe" = protocol=17 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety "{0f5aaa71-64ab-43bb-afdf-2282f9c211bf}" = Nero 9 Essentials "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter "{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}" = uMedia uTV "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19 "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources "{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources "{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2 "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "dm-Fotowelt" = dm-Fotowelt "Eee Docking_is1" = Eee Docking 3.8.3 "ElsterFormular 13.2.0.8623p" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch "fotokasten comfort_is1" = fotokasten comfort 4.4 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.07.2012 17:18:11 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 08.07.2012 17:18:11 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 19.03.2012 23:28:12 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 20.03.2012 06:47:42 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 20.03.2012 11:13:25 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Avira AntiVir Guard" wurde nicht richtig gestartet. Error - 20.03.2012 11:13:31 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 03:06:04 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 14:03:56 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 23:28:00 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = DCOM | ID = 10005 Description = Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Ich hoffe, auch mir kann geholfen werden.  im Voraus |
|
26.07.2012, 18:09
| #2 |
| /// Malware-holic   | ebenfalls BRD Trojaner dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
__________________wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\Helen\AppData\Local\Microsoft\Windows\2564\TapiMigPlugin.exe ()
:Files
C:\Users\Helen\AppData\Local\Microsoft\Windows\2564
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ |
|
26.07.2012, 18:57
| #3 |
| | ebenfalls BRD Trojaner Hier der Inhalt der Desktop.ini:
__________________[.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 Habe auch alle Dateien im UpChannel hochgeladen. |
|
26.07.2012, 19:54
| #4 | |
| /// Malware-holic | ebenfalls BRD Trojaner danke fürs hochladen Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.07.2012, 20:54
| #5 |
| | ebenfalls BRD Trojaner Hier die Combofix.txt: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-27.02 - Helen 26.07.2012 21:32:06.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2038.904 [GMT 2:00]
ausgeführt von:: c:\users\Helen\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\AF15BDAEX.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-26 bis 2012-07-26 ))))))))))))))))))))))))))))))
.
.
2012-07-26 19:45 . 2012-07-26 19:46 -------- d-----w- c:\users\Helen\AppData\Local\temp
2012-07-26 19:45 . 2012-07-26 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 17:28 . 2012-07-26 17:44 -------- d-----w- C:\_OTL
2012-07-26 17:12 . 2012-05-07 13:10 14720 ----a-w- c:\windows\system32\drivers\AiDriver.sys
2012-07-26 12:54 . 2012-07-26 12:54 -------- d-----w- c:\users\Helen\AppData\Roaming\Malwarebytes
2012-07-26 12:52 . 2012-07-26 12:52 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 12:52 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-25 21:59 . 2012-07-25 21:59 -------- d-----w- c:\users\Helen\AppData\Roaming\hellomoto
2012-07-24 08:34 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB9C030D-8A6D-48E0-9FD6-F8711DE8CA1F}\mpengine.dll
2012-07-13 20:43 . 2012-07-19 22:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-11 10:32 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-11 10:29 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 19:06 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-05 11:03 . 2012-07-05 11:03 -------- d-----w- c:\users\Helen\AppData\Roaming\elsterformular
2012-07-05 11:02 . 2012-07-05 11:03 -------- d-----w- c:\programdata\elsterformular
2012-07-05 11:02 . 2012-07-05 11:02 -------- d-----w- c:\program files\ElsterFormular
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 10:21 . 2012-04-23 12:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 10:21 . 2011-09-09 14:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 19:23 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:23 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 19:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 19:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 19:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 19:22 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 19:22 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-09-09 15:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-14 13:44 . 2012-05-14 13:44 4203106 ----a-w- c:\users\Helen\AppData\Roaming\Microsoft\Windows\Templates\tuloxff.exe
2012-05-01 04:44 . 2012-06-13 06:20 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 06:20 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-19 18:48 . 2012-07-13 20:43 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Helen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Helen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Helen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-15 2018032]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-09-09 2429]
"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"iSeriesCharge"="AsusSender.exe" [2011-03-11 34728]
.
c:\users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Helen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\Asus\AsusVibe\AsusVibeLauncher.exe [2011-10-20 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
p6_19_erinnerung.lnk - c:\program files\phase6\phase6_19\WinStart\p6erinnerung.exe [2007-2-11 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=641eba1a000000000000f46d04554a99
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{48A2AAD8-9B24-494D-B295-24A3B151F6A5}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{48A2AAD8-9B24-494D-B295-24A3B151F6A5}\355756679616E4544523: DhcpNameServer = 172.23.239.1
FF - ProfilePath - c:\users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\suw52bie.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=641eba1a000000000000f46d04554a99&q=
FF - user.js: extensions.BabylonToolbar_i.id - 641eba1a000000000000f46d04554a99
FF - user.js: extensions.BabylonToolbar_i.hardId - 641eba1a000000000000f46d04554a99
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15474
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
MSConfigStartUp-TapiMigPlugin - c:\users\Helen\AppData\Local\Microsoft\Windows\2564\TapiMigPlugin.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-26 21:50:17
ComboFix-quarantined-files.txt 2012-07-26 19:50
.
Vor Suchlauf: 9 Verzeichnis(se), 45.429.342.208 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 48.108.691.456 Bytes frei
.
- - End Of File - - 2EE014B2E5F69FD69EC9AD12A4C5A0B1
|
|
27.07.2012, 23:13
| #6 |
| /// Malware-holic | ebenfalls BRD Trojaner hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> ebenfalls BRD Trojaner |
|
31.07.2012, 22:45
| #7 |
| | ebenfalls BRD Trojaner So der tdsskiller hat nichts gefunden. Hier der report: 23:37:51.0068 2244 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 23:37:51.0398 2244 ============================================================ 23:37:51.0398 2244 Current date / time: 2012/07/31 23:37:51.0398 23:37:51.0398 2244 SystemInfo: 23:37:51.0398 2244 23:37:51.0398 2244 OS Version: 6.1.7601 ServicePack: 1.0 23:37:51.0398 2244 Product type: Workstation 23:37:51.0398 2244 ComputerName: *** 23:37:51.0398 2244 UserName: *** 23:37:51.0398 2244 Windows directory: C:\windows 23:37:51.0398 2244 System windows directory: C:\windows 23:37:51.0398 2244 Processor architecture: Intel x86 23:37:51.0398 2244 Number of processors: 4 23:37:51.0398 2244 Page size: 0x1000 23:37:51.0398 2244 Boot type: Normal boot 23:37:51.0398 2244 ============================================================ 23:37:52.0868 2244 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:37:52.0878 2244 ============================================================ 23:37:52.0878 2244 \Device\Harddisk0\DR0: 23:37:52.0878 2244 MBR partitions: 23:37:52.0878 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000 23:37:52.0878 2244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0x2BD7D000 23:37:52.0878 2244 ============================================================ 23:37:52.0888 2244 C: <-> \Device\Harddisk0\DR0\Partition0 23:37:52.0938 2244 D: <-> \Device\Harddisk0\DR0\Partition1 23:37:52.0938 2244 ============================================================ 23:37:52.0938 2244 Initialize success 23:37:52.0938 2244 ============================================================ 23:38:40.0798 5524 ============================================================ 23:38:40.0798 5524 Scan started 23:38:40.0798 5524 Mode: Manual; SigCheck; TDLFS; 23:38:40.0798 5524 ============================================================ 23:38:43.0038 5524 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 23:38:43.0428 5524 1394ohci - ok 23:38:43.0498 5524 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 23:38:43.0588 5524 ACPI - ok 23:38:43.0628 5524 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 23:38:43.0738 5524 AcpiPmi - ok 23:38:43.0858 5524 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 23:38:43.0898 5524 AdobeARMservice - ok 23:38:43.0998 5524 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 23:38:44.0118 5524 AdobeFlashPlayerUpdateSvc - ok 23:38:44.0198 5524 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\drivers\adp94xx.sys 23:38:44.0328 5524 adp94xx - ok 23:38:44.0388 5524 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\drivers\adpahci.sys 23:38:44.0488 5524 adpahci - ok 23:38:44.0518 5524 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\drivers\adpu320.sys 23:38:44.0618 5524 adpu320 - ok 23:38:44.0658 5524 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll 23:38:44.0868 5524 AeLookupSvc - ok 23:38:44.0948 5524 AF15BDA (e3f08935158038d385ad382442f4bb2d) C:\windows\system32\DRIVERS\AF15BDA.sys 23:38:45.0098 5524 AF15BDA - ok 23:38:45.0178 5524 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys 23:38:45.0348 5524 AFD - ok 23:38:45.0388 5524 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 23:38:45.0458 5524 agp440 - ok 23:38:45.0508 5524 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\drivers\djsvs.sys 23:38:45.0578 5524 aic78xx - ok 23:38:45.0668 5524 AiDriver (68d6075d1fdc90038b0dc5b9d1f17adf) C:\windows\system32\DRIVERS\AiDriver.sys 23:38:45.0748 5524 AiDriver - ok 23:38:45.0818 5524 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe 23:38:45.0938 5524 ALG - ok 23:38:45.0988 5524 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 23:38:46.0048 5524 aliide - ok 23:38:46.0078 5524 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 23:38:46.0158 5524 amdagp - ok 23:38:46.0188 5524 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 23:38:46.0258 5524 amdide - ok 23:38:46.0268 5524 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\drivers\amdk8.sys 23:38:46.0388 5524 AmdK8 - ok 23:38:46.0408 5524 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\drivers\amdppm.sys 23:38:46.0498 5524 AmdPPM - ok 23:38:46.0568 5524 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys 23:38:46.0648 5524 amdsata - ok 23:38:46.0698 5524 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\drivers\amdsbs.sys 23:38:46.0788 5524 amdsbs - ok 23:38:46.0818 5524 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys 23:38:46.0888 5524 amdxata - ok 23:38:46.0998 5524 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe 23:38:47.0048 5524 AntiVirSchedulerService - ok 23:38:47.0108 5524 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 23:38:47.0168 5524 AntiVirService - ok 23:38:47.0218 5524 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 23:38:47.0348 5524 AppID - ok 23:38:47.0398 5524 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll 23:38:47.0528 5524 AppIDSvc - ok 23:38:47.0568 5524 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll 23:38:47.0698 5524 Appinfo - ok 23:38:47.0778 5524 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\drivers\arc.sys 23:38:47.0858 5524 arc - ok 23:38:47.0878 5524 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\drivers\arcsas.sys 23:38:47.0958 5524 arcsas - ok 23:38:48.0008 5524 AsIO (956c7177dbda0f02436868ad644ccf31) C:\windows\system32\drivers\AsIO.sys 23:38:48.0068 5524 AsIO - ok 23:38:48.0098 5524 AsUpIO (a9a565c669786c402752f609afdd0dd5) C:\windows\system32\drivers\AsUpIO.sys 23:38:48.0158 5524 AsUpIO - ok 23:38:48.0208 5524 AsusService (bdedd780a12e75ac5902ca6bb027eab7) C:\windows\system32\AsusService.exe 23:38:48.0258 5524 AsusService - ok 23:38:48.0298 5524 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 23:38:48.0478 5524 AsyncMac - ok 23:38:48.0548 5524 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 23:38:48.0618 5524 atapi - ok 23:38:48.0738 5524 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys 23:38:48.0968 5524 athr - ok 23:38:49.0048 5524 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 23:38:49.0198 5524 AudioEndpointBuilder - ok 23:38:49.0228 5524 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 23:38:49.0358 5524 Audiosrv - ok 23:38:49.0448 5524 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys 23:38:49.0528 5524 avgntflt - ok 23:38:49.0578 5524 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys 23:38:49.0668 5524 avipbb - ok 23:38:49.0748 5524 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll 23:38:49.0938 5524 AxInstSV - ok 23:38:50.0008 5524 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\drivers\bxvbdx.sys 23:38:50.0148 5524 b06bdrv - ok 23:38:50.0208 5524 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 23:38:50.0318 5524 b57nd60x - ok 23:38:50.0418 5524 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 23:38:50.0518 5524 BBSvc - ok 23:38:50.0758 5524 BCM43XX (2be0f23d494c301641c42ead2fdcd4f2) C:\windows\system32\DRIVERS\bcmwl6.sys 23:38:51.0048 5524 BCM43XX - ok 23:38:51.0188 5524 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll 23:38:51.0308 5524 BDESVC - ok 23:38:51.0388 5524 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 23:38:51.0528 5524 Beep - ok 23:38:51.0618 5524 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll 23:38:51.0758 5524 BFE - ok 23:38:51.0828 5524 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll 23:38:52.0078 5524 BITS - ok 23:38:52.0108 5524 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 23:38:52.0178 5524 blbdrive - ok 23:38:52.0248 5524 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 23:38:52.0338 5524 bowser - ok 23:38:52.0358 5524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\BrFiltLo.sys 23:38:52.0448 5524 BrFiltLo - ok 23:38:52.0468 5524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\BrFiltUp.sys 23:38:52.0558 5524 BrFiltUp - ok 23:38:52.0618 5524 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys 23:38:52.0778 5524 BridgeMP - ok 23:38:52.0828 5524 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll 23:38:52.0968 5524 Browser - ok 23:38:53.0018 5524 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 23:38:53.0148 5524 Brserid - ok 23:38:53.0168 5524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 23:38:53.0268 5524 BrSerWdm - ok 23:38:53.0288 5524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 23:38:53.0368 5524 BrUsbMdm - ok 23:38:53.0378 5524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 23:38:53.0468 5524 BrUsbSer - ok 23:38:53.0538 5524 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 23:38:53.0688 5524 BthEnum - ok 23:38:53.0738 5524 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\drivers\bthmodem.sys 23:38:53.0818 5524 BTHMODEM - ok 23:38:53.0858 5524 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 23:38:53.0958 5524 BthPan - ok 23:38:54.0048 5524 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 23:38:54.0198 5524 BTHPORT - ok 23:38:54.0258 5524 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll 23:38:54.0418 5524 bthserv - ok 23:38:54.0448 5524 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 23:38:54.0528 5524 BTHUSB - ok 23:38:54.0598 5524 btwampfl (d57641bf7e6af5c996eab931afadc271) C:\windows\system32\drivers\btwampfl.sys 23:38:54.0698 5524 btwampfl - ok 23:38:54.0728 5524 btwaudio (81471a7d64d1fc014d47a4cf33cd701e) C:\windows\system32\drivers\btwaudio.sys 23:38:54.0798 5524 btwaudio - ok 23:38:54.0838 5524 btwavdt (098af3559710fcec05b7aa5159f435f9) C:\windows\system32\drivers\btwavdt.sys 23:38:54.0918 5524 btwavdt - ok 23:38:55.0058 5524 btwdins (8fcf8e276b5755db87c8b015cad1bc41) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 23:38:55.0148 5524 btwdins - ok 23:38:55.0178 5524 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys 23:38:55.0238 5524 btwl2cap - ok 23:38:55.0258 5524 btwrchid (e28ef3c4ef1849b876f850015066380b) C:\windows\system32\DRIVERS\btwrchid.sys 23:38:55.0318 5524 btwrchid - ok 23:38:55.0398 5524 catchme - ok 23:38:55.0448 5524 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 23:38:55.0588 5524 cdfs - ok 23:38:55.0638 5524 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys 23:38:55.0738 5524 cdrom - ok 23:38:55.0788 5524 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 23:38:55.0908 5524 CertPropSvc - ok 23:38:55.0948 5524 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\drivers\circlass.sys 23:38:56.0048 5524 circlass - ok 23:38:56.0088 5524 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 23:38:56.0168 5524 CLFS - ok 23:38:56.0258 5524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:38:56.0328 5524 clr_optimization_v2.0.50727_32 - ok 23:38:56.0428 5524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:38:56.0508 5524 clr_optimization_v4.0.30319_32 - ok 23:38:56.0528 5524 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 23:38:56.0618 5524 CmBatt - ok 23:38:56.0648 5524 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 23:38:56.0708 5524 cmdide - ok 23:38:56.0778 5524 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys 23:38:56.0918 5524 CNG - ok 23:38:56.0958 5524 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\drivers\compbatt.sys 23:38:57.0028 5524 Compbatt - ok 23:38:57.0078 5524 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\DRIVERS\CompositeBus.sys 23:38:57.0168 5524 CompositeBus - ok 23:38:57.0188 5524 COMSysApp - ok 23:38:57.0228 5524 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\drivers\crcdisk.sys 23:38:57.0298 5524 crcdisk - ok 23:38:57.0358 5524 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll 23:38:57.0448 5524 CryptSvc - ok 23:38:57.0518 5524 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 23:38:57.0678 5524 DcomLaunch - ok 23:38:57.0738 5524 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll 23:38:57.0928 5524 defragsvc - ok 23:38:57.0968 5524 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 23:38:58.0118 5524 DfsC - ok 23:38:58.0198 5524 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll 23:38:58.0328 5524 Dhcp - ok 23:38:58.0348 5524 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 23:38:58.0498 5524 discache - ok 23:38:58.0548 5524 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\drivers\disk.sys 23:38:58.0628 5524 Disk - ok 23:38:58.0678 5524 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll 23:38:58.0768 5524 Dnscache - ok 23:38:58.0828 5524 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll 23:38:59.0018 5524 dot3svc - ok 23:38:59.0058 5524 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll 23:38:59.0188 5524 DPS - ok 23:38:59.0238 5524 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 23:38:59.0328 5524 drmkaud - ok 23:38:59.0408 5524 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 23:38:59.0598 5524 DXGKrnl - ok 23:38:59.0658 5524 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll 23:38:59.0798 5524 EapHost - ok 23:39:00.0068 5524 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\drivers\evbdx.sys 23:39:00.0408 5524 ebdrv - ok 23:39:00.0548 5524 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe 23:39:00.0628 5524 EFS - ok 23:39:00.0748 5524 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe 23:39:00.0938 5524 ehRecvr - ok 23:39:00.0968 5524 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe 23:39:01.0078 5524 ehSched - ok 23:39:01.0208 5524 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\drivers\elxstor.sys 23:39:01.0338 5524 elxstor - ok 23:39:01.0358 5524 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 23:39:01.0428 5524 ErrDev - ok 23:39:01.0518 5524 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll 23:39:01.0648 5524 EventSystem - ok 23:39:01.0698 5524 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 23:39:01.0848 5524 exfat - ok 23:39:01.0888 5524 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 23:39:02.0048 5524 fastfat - ok 23:39:02.0128 5524 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe 23:39:02.0228 5524 Fax - ok 23:39:02.0268 5524 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\drivers\fdc.sys 23:39:02.0338 5524 fdc - ok 23:39:02.0368 5524 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll 23:39:02.0498 5524 fdPHost - ok 23:39:02.0538 5524 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll 23:39:02.0668 5524 FDResPub - ok 23:39:02.0708 5524 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 23:39:02.0788 5524 FileInfo - ok 23:39:02.0838 5524 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 23:39:02.0988 5524 Filetrace - ok 23:39:03.0018 5524 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\drivers\flpydisk.sys 23:39:03.0098 5524 flpydisk - ok 23:39:03.0128 5524 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 23:39:03.0198 5524 FltMgr - ok 23:39:03.0288 5524 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll 23:39:03.0448 5524 FontCache - ok 23:39:03.0538 5524 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:39:03.0608 5524 FontCache3.0.0.0 - ok 23:39:03.0658 5524 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 23:39:03.0728 5524 FsDepends - ok 23:39:03.0788 5524 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys 23:39:03.0848 5524 fssfltr - ok 23:39:04.0038 5524 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 23:39:04.0288 5524 fsssvc - ok 23:39:04.0458 5524 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys 23:39:04.0528 5524 Fs_Rec - ok 23:39:04.0588 5524 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 23:39:04.0708 5524 fvevol - ok 23:39:04.0768 5524 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\drivers\gagp30kx.sys 23:39:04.0848 5524 gagp30kx - ok 23:39:04.0918 5524 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll 23:39:05.0088 5524 gpsvc - ok 23:39:05.0108 5524 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 23:39:05.0198 5524 hcw85cir - ok 23:39:05.0248 5524 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 23:39:05.0398 5524 HdAudAddService - ok 23:39:05.0438 5524 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\DRIVERS\HDAudBus.sys 23:39:05.0518 5524 HDAudBus - ok 23:39:05.0538 5524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\drivers\HidBatt.sys 23:39:05.0638 5524 HidBatt - ok 23:39:05.0678 5524 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\drivers\hidbth.sys 23:39:05.0768 5524 HidBth - ok 23:39:05.0798 5524 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\drivers\hidir.sys 23:39:05.0898 5524 HidIr - ok 23:39:05.0978 5524 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll 23:39:06.0118 5524 hidserv - ok 23:39:06.0178 5524 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys 23:39:06.0258 5524 HidUsb - ok 23:39:06.0308 5524 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll 23:39:06.0428 5524 hkmsvc - ok 23:39:06.0478 5524 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll 23:39:06.0578 5524 HomeGroupListener - ok 23:39:06.0638 5524 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll 23:39:06.0738 5524 HomeGroupProvider - ok 23:39:06.0798 5524 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 23:39:06.0878 5524 HpSAMD - ok 23:39:06.0968 5524 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 23:39:07.0178 5524 HTTP - ok 23:39:07.0208 5524 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 23:39:07.0278 5524 hwpolicy - ok 23:39:07.0318 5524 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys 23:39:07.0418 5524 i8042prt - ok 23:39:07.0488 5524 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\windows\system32\drivers\iaStor.sys 23:39:07.0548 5524 iaStor - ok 23:39:07.0648 5524 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys 23:39:07.0758 5524 iaStorV - ok 23:39:07.0908 5524 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:39:08.0168 5524 idsvc - ok 23:39:08.0668 5524 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys 23:39:09.0148 5524 igfx - ok 23:39:09.0358 5524 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\drivers\iirsp.sys 23:39:09.0428 5524 iirsp - ok 23:39:09.0518 5524 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll 23:39:09.0678 5524 IKEEXT - ok 23:39:09.0978 5524 IntcAzAudAddService (e8b6f7896db2ee6a7af7a177a9bbc526) C:\windows\system32\drivers\RTKVHDA.sys 23:39:10.0348 5524 IntcAzAudAddService - ok 23:39:10.0538 5524 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 23:39:10.0608 5524 intelide - ok 23:39:10.0648 5524 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 23:39:10.0718 5524 intelppm - ok 23:39:10.0758 5524 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll 23:39:10.0918 5524 IPBusEnum - ok 23:39:10.0958 5524 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 23:39:11.0108 5524 IpFilterDriver - ok 23:39:11.0168 5524 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll 23:39:11.0308 5524 iphlpsvc - ok 23:39:11.0438 5524 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 23:39:11.0558 5524 IPMIDRV - ok 23:39:11.0668 5524 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 23:39:11.0858 5524 IPNAT - ok 23:39:11.0898 5524 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 23:39:12.0098 5524 IRENUM - ok 23:39:12.0268 5524 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 23:39:12.0348 5524 isapnp - ok 23:39:12.0688 5524 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 23:39:12.0828 5524 iScsiPrt - ok 23:39:12.0888 5524 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys 23:39:12.0958 5524 kbdclass - ok 23:39:13.0008 5524 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys 23:39:13.0098 5524 kbdhid - ok 23:39:13.0138 5524 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys 23:39:13.0188 5524 kbfiltr - ok 23:39:13.0218 5524 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:39:13.0288 5524 KeyIso - ok 23:39:13.0328 5524 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys 23:39:13.0408 5524 KSecDD - ok 23:39:13.0438 5524 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys 23:39:13.0538 5524 KSecPkg - ok 23:39:13.0608 5524 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll 23:39:13.0818 5524 KtmRm - ok 23:39:13.0878 5524 L1C (01738f10ca813c5a4dbd4d7ec6fdc3fd) C:\windows\system32\DRIVERS\L1C62x86.sys 23:39:13.0938 5524 L1C - ok 23:39:14.0028 5524 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll 23:39:14.0168 5524 LanmanServer - ok 23:39:14.0208 5524 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll 23:39:14.0358 5524 LanmanWorkstation - ok 23:39:14.0438 5524 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 23:39:14.0588 5524 lltdio - ok 23:39:14.0638 5524 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll 23:39:14.0808 5524 lltdsvc - ok 23:39:14.0848 5524 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll 23:39:14.0968 5524 lmhosts - ok 23:39:15.0018 5524 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\drivers\lsi_fc.sys 23:39:15.0098 5524 LSI_FC - ok 23:39:15.0148 5524 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\drivers\lsi_sas.sys 23:39:15.0228 5524 LSI_SAS - ok 23:39:15.0258 5524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\drivers\lsi_sas2.sys 23:39:15.0328 5524 LSI_SAS2 - ok 23:39:15.0378 5524 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\drivers\lsi_scsi.sys 23:39:15.0448 5524 LSI_SCSI - ok 23:39:15.0478 5524 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 23:39:15.0638 5524 luafv - ok 23:39:15.0698 5524 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys 23:39:15.0768 5524 MBAMProtector - ok 23:39:15.0878 5524 MBAMService (43683e970f008c93c9429ef428147a54) D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 23:39:15.0978 5524 MBAMService - ok 23:39:16.0028 5524 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll 23:39:16.0138 5524 Mcx2Svc - ok 23:39:16.0188 5524 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\drivers\megasas.sys 23:39:16.0258 5524 megasas - ok 23:39:16.0298 5524 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\drivers\MegaSR.sys 23:39:16.0398 5524 MegaSR - ok 23:39:16.0568 5524 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 23:39:16.0638 5524 Microsoft Office Groove Audit Service - ok 23:39:16.0678 5524 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 23:39:16.0818 5524 MMCSS - ok 23:39:16.0858 5524 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 23:39:16.0988 5524 Modem - ok 23:39:17.0028 5524 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 23:39:17.0098 5524 monitor - ok 23:39:17.0148 5524 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 23:39:17.0218 5524 mouclass - ok 23:39:17.0268 5524 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 23:39:17.0358 5524 mouhid - ok 23:39:17.0388 5524 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 23:39:17.0458 5524 mountmgr - ok 23:39:17.0538 5524 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 23:39:17.0618 5524 MozillaMaintenance - ok 23:39:17.0658 5524 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 23:39:17.0758 5524 mpio - ok 23:39:17.0788 5524 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 23:39:17.0928 5524 mpsdrv - ok 23:39:18.0008 5524 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll 23:39:18.0158 5524 MpsSvc - ok 23:39:18.0188 5524 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 23:39:18.0288 5524 MRxDAV - ok 23:39:18.0358 5524 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 23:39:18.0468 5524 mrxsmb - ok 23:39:18.0498 5524 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 23:39:18.0608 5524 mrxsmb10 - ok 23:39:18.0638 5524 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 23:39:18.0728 5524 mrxsmb20 - ok 23:39:18.0768 5524 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 23:39:18.0828 5524 msahci - ok 23:39:18.0878 5524 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 23:39:18.0968 5524 msdsm - ok 23:39:19.0018 5524 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe 23:39:19.0138 5524 MSDTC - ok 23:39:19.0198 5524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 23:39:19.0348 5524 Msfs - ok 23:39:19.0378 5524 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 23:39:19.0518 5524 mshidkmdf - ok 23:39:19.0538 5524 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 23:39:19.0618 5524 msisadrv - ok 23:39:19.0678 5524 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll 23:39:19.0828 5524 MSiSCSI - ok 23:39:19.0848 5524 msiserver - ok 23:39:19.0898 5524 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 23:39:20.0038 5524 MSKSSRV - ok 23:39:20.0088 5524 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 23:39:20.0228 5524 MSPCLOCK - ok 23:39:20.0248 5524 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 23:39:20.0388 5524 MSPQM - ok 23:39:20.0428 5524 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 23:39:20.0518 5524 MsRPC - ok 23:39:20.0558 5524 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys 23:39:20.0608 5524 mssmbios - ok 23:39:20.0638 5524 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 23:39:20.0768 5524 MSTEE - ok 23:39:20.0778 5524 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\drivers\MTConfig.sys 23:39:20.0868 5524 MTConfig - ok 23:39:20.0898 5524 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 23:39:20.0968 5524 Mup - ok 23:39:21.0038 5524 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll 23:39:21.0188 5524 napagent - ok 23:39:21.0258 5524 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 23:39:21.0398 5524 NativeWifiP - ok 23:39:21.0488 5524 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 23:39:21.0598 5524 NDIS - ok 23:39:21.0678 5524 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 23:39:21.0808 5524 NdisCap - ok 23:39:21.0848 5524 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 23:39:21.0988 5524 NdisTapi - ok 23:39:22.0058 5524 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 23:39:22.0188 5524 Ndisuio - ok 23:39:22.0228 5524 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 23:39:22.0378 5524 NdisWan - ok 23:39:22.0418 5524 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 23:39:22.0578 5524 NDProxy - ok 23:39:22.0768 5524 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 23:39:22.0908 5524 Nero BackItUp Scheduler 4.0 - ok 23:39:22.0988 5524 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 23:39:23.0138 5524 NetBIOS - ok 23:39:23.0178 5524 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 23:39:23.0358 5524 NetBT - ok 23:39:23.0388 5524 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:39:23.0458 5524 Netlogon - ok 23:39:23.0518 5524 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll 23:39:23.0668 5524 Netman - ok 23:39:23.0718 5524 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll 23:39:23.0878 5524 netprofm - ok 23:39:23.0968 5524 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:39:24.0068 5524 NetTcpPortSharing - ok 23:39:24.0118 5524 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\drivers\nfrd960.sys 23:39:24.0188 5524 nfrd960 - ok 23:39:24.0248 5524 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll 23:39:24.0398 5524 NlaSvc - ok 23:39:24.0428 5524 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 23:39:24.0568 5524 Npfs - ok 23:39:24.0598 5524 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll 23:39:24.0758 5524 nsi - ok 23:39:24.0778 5524 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 23:39:24.0928 5524 nsiproxy - ok 23:39:25.0068 5524 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys 23:39:25.0298 5524 Ntfs - ok 23:39:25.0338 5524 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 23:39:25.0468 5524 Null - ok 23:39:25.0518 5524 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys 23:39:25.0608 5524 nvraid - ok 23:39:25.0658 5524 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys 23:39:25.0738 5524 nvstor - ok 23:39:25.0798 5524 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 23:39:25.0888 5524 nv_agp - ok 23:39:26.0028 5524 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:39:26.0158 5524 odserv - ok 23:39:26.0198 5524 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 23:39:26.0278 5524 ohci1394 - ok 23:39:26.0338 5524 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:39:26.0428 5524 ose - ok 23:39:26.0498 5524 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 23:39:26.0638 5524 p2pimsvc - ok 23:39:26.0878 5524 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll 23:39:26.0978 5524 p2psvc - ok 23:39:27.0048 5524 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\drivers\parport.sys 23:39:27.0138 5524 Parport - ok 23:39:27.0198 5524 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys 23:39:27.0268 5524 partmgr - ok 23:39:27.0288 5524 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\drivers\parvdm.sys 23:39:27.0368 5524 Parvdm - ok 23:39:27.0428 5524 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll 23:39:27.0518 5524 PcaSvc - ok 23:39:27.0558 5524 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys 23:39:27.0648 5524 pci - ok 23:39:27.0698 5524 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys 23:39:27.0758 5524 pciide - ok 23:39:27.0798 5524 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\drivers\pcmcia.sys 23:39:27.0898 5524 pcmcia - ok 23:39:27.0928 5524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 23:39:27.0998 5524 pcw - ok 23:39:28.0078 5524 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 23:39:28.0318 5524 PEAUTH - ok 23:39:28.0508 5524 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll 23:39:28.0788 5524 pla - ok 23:39:28.0958 5524 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll 23:39:29.0058 5524 PlugPlay - ok 23:39:29.0098 5524 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll 23:39:29.0198 5524 PNRPAutoReg - ok 23:39:29.0238 5524 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 23:39:29.0328 5524 PNRPsvc - ok 23:39:29.0388 5524 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll 23:39:29.0548 5524 PolicyAgent - ok 23:39:29.0588 5524 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll 23:39:29.0728 5524 Power - ok 23:39:29.0808 5524 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 23:39:29.0958 5524 PptpMiniport - ok 23:39:29.0988 5524 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\drivers\processr.sys 23:39:30.0078 5524 Processor - ok 23:39:30.0138 5524 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll 23:39:30.0228 5524 ProfSvc - ok 23:39:30.0268 5524 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:39:30.0338 5524 ProtectedStorage - ok 23:39:30.0408 5524 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 23:39:30.0568 5524 Psched - ok 23:39:30.0958 5524 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\drivers\ql2300.sys 23:39:31.0218 5524 ql2300 - ok 23:39:31.0578 5524 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\drivers\ql40xx.sys 23:39:31.0658 5524 ql40xx - ok 23:39:31.0718 5524 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll 23:39:31.0868 5524 QWAVE - ok 23:39:31.0898 5524 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 23:39:31.0988 5524 QWAVEdrv - ok 23:39:32.0028 5524 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 23:39:32.0158 5524 RasAcd - ok 23:39:32.0198 5524 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 23:39:32.0328 5524 RasAgileVpn - ok 23:39:32.0378 5524 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll 23:39:32.0538 5524 RasAuto - ok 23:39:32.0598 5524 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 23:39:32.0738 5524 Rasl2tp - ok 23:39:32.0818 5524 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll 23:39:32.0978 5524 RasMan - ok 23:39:33.0018 5524 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 23:39:33.0168 5524 RasPppoe - ok 23:39:33.0218 5524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 23:39:33.0358 5524 RasSstp - ok 23:39:33.0398 5524 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys 23:39:33.0588 5524 rdbss - ok 23:39:33.0628 5524 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\drivers\rdpbus.sys 23:39:33.0718 5524 rdpbus - ok 23:39:33.0758 5524 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys 23:39:33.0868 5524 RDPCDD - ok 23:39:33.0908 5524 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 23:39:34.0038 5524 RDPENCDD - ok 23:39:34.0068 5524 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 23:39:34.0188 5524 RDPREFMP - ok 23:39:34.0228 5524 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys 23:39:34.0348 5524 RDPWD - ok 23:39:34.0388 5524 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys 23:39:34.0478 5524 rdyboost - ok 23:39:34.0528 5524 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll 23:39:34.0688 5524 RemoteAccess - ok 23:39:34.0738 5524 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll 23:39:34.0918 5524 RemoteRegistry - ok 23:39:34.0968 5524 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 23:39:35.0078 5524 RFCOMM - ok 23:39:35.0128 5524 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll 23:39:35.0268 5524 RpcEptMapper - ok 23:39:35.0298 5524 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe 23:39:35.0398 5524 RpcLocator - ok 23:39:35.0448 5524 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 23:39:35.0588 5524 RpcSs - ok 23:39:35.0638 5524 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 23:39:35.0778 5524 rspndr - ok 23:39:35.0818 5524 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:39:35.0888 5524 SamSs - ok 23:39:35.0938 5524 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys 23:39:36.0008 5524 sbp2port - ok 23:39:36.0058 5524 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll 23:39:36.0218 5524 SCardSvr - ok 23:39:36.0258 5524 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys 23:39:36.0398 5524 scfilter - ok 23:39:36.0478 5524 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll 23:39:36.0658 5524 Schedule - ok 23:39:36.0708 5524 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 23:39:36.0828 5524 SCPolicySvc - ok 23:39:36.0858 5524 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll 23:39:37.0028 5524 SDRSVC - ok 23:39:37.0118 5524 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 23:39:37.0198 5524 SeaPort - ok 23:39:37.0278 5524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 23:39:37.0418 5524 secdrv - ok 23:39:37.0448 5524 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll 23:39:37.0598 5524 seclogon - ok 23:39:37.0628 5524 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll 23:39:37.0778 5524 SENS - ok 23:39:37.0808 5524 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll 23:39:37.0898 5524 SensrSvc - ok 23:39:37.0928 5524 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\drivers\serenum.sys 23:39:37.0998 5524 Serenum - ok 23:39:38.0038 5524 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\drivers\serial.sys 23:39:38.0128 5524 Serial - ok 23:39:38.0168 5524 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\drivers\sermouse.sys 23:39:38.0248 5524 sermouse - ok 23:39:38.0338 5524 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll 23:39:38.0478 5524 SessionEnv - ok 23:39:38.0518 5524 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys 23:39:38.0598 5524 sffdisk - ok 23:39:38.0618 5524 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys 23:39:38.0698 5524 sffp_mmc - ok 23:39:38.0718 5524 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys 23:39:38.0798 5524 sffp_sd - ok 23:39:38.0818 5524 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\drivers\sfloppy.sys 23:39:38.0888 5524 sfloppy - ok 23:39:38.0948 5524 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll 23:39:39.0108 5524 SharedAccess - ok 23:39:39.0168 5524 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll 23:39:39.0318 5524 ShellHWDetection - ok 23:39:39.0378 5524 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys 23:39:39.0448 5524 sisagp - ok 23:39:39.0488 5524 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\drivers\SiSRaid2.sys 23:39:39.0558 5524 SiSRaid2 - ok 23:39:39.0598 5524 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\drivers\sisraid4.sys 23:39:39.0668 5524 SiSRaid4 - ok 23:39:39.0788 5524 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 23:39:39.0848 5524 SkypeUpdate - ok 23:39:39.0888 5524 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 23:39:40.0028 5524 Smb - ok 23:39:40.0108 5524 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe 23:39:40.0198 5524 SNMPTRAP - ok 23:39:40.0238 5524 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 23:39:40.0308 5524 spldr - ok 23:39:40.0358 5524 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe 23:39:40.0518 5524 Spooler - ok 23:39:40.0778 5524 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe 23:39:41.0078 5524 sppsvc - ok 23:39:41.0228 5524 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll 23:39:41.0388 5524 sppuinotify - ok 23:39:41.0488 5524 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys 23:39:41.0668 5524 srv - ok 23:39:41.0718 5524 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys 23:39:41.0838 5524 srv2 - ok 23:39:41.0878 5524 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys 23:39:41.0978 5524 srvnet - ok 23:39:42.0018 5524 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll 23:39:42.0178 5524 SSDPSRV - ok 23:39:42.0218 5524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys 23:39:42.0268 5524 ssmdrv - ok 23:39:42.0308 5524 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll 23:39:42.0448 5524 SstpSvc - ok 23:39:42.0488 5524 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\drivers\stexstor.sys 23:39:42.0548 5524 stexstor - ok 23:39:42.0618 5524 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll 23:39:42.0738 5524 StiSvc - ok 23:39:42.0768 5524 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys 23:39:42.0838 5524 swenum - ok 23:39:42.0898 5524 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll 23:39:43.0098 5524 swprv - ok 23:39:43.0168 5524 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys 23:39:43.0258 5524 SynTP - ok 23:39:43.0378 5524 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll 23:39:43.0548 5524 SysMain - ok 23:39:43.0578 5524 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll 23:39:43.0718 5524 TabletInputService - ok 23:39:43.0758 5524 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll 23:39:43.0898 5524 TapiSrv - ok 23:39:43.0938 5524 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll 23:39:44.0088 5524 TBS - ok 23:39:44.0258 5524 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys 23:39:44.0498 5524 Tcpip - ok 23:39:44.0788 5524 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys 23:39:44.0918 5524 TCPIP6 - ok 23:39:45.0108 5524 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys 23:39:45.0228 5524 tcpipreg - ok 23:39:45.0288 5524 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys 23:39:45.0388 5524 TDPIPE - ok 23:39:45.0418 5524 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys 23:39:45.0498 5524 TDTCP - ok 23:39:45.0538 5524 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys 23:39:45.0688 5524 tdx - ok 23:39:45.0718 5524 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\DRIVERS\termdd.sys 23:39:45.0798 5524 TermDD - ok 23:39:45.0878 5524 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll 23:39:46.0028 5524 TermService - ok 23:39:46.0058 5524 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll 23:39:46.0138 5524 Themes - ok 23:39:46.0188 5524 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 23:39:46.0318 5524 THREADORDER - ok 23:39:46.0358 5524 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll 23:39:46.0518 5524 TrkWks - ok 23:39:46.0578 5524 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe 23:39:46.0728 5524 TrustedInstaller - ok 23:39:46.0768 5524 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys 23:39:46.0908 5524 tssecsrv - ok 23:39:46.0948 5524 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys 23:39:47.0038 5524 TsUsbFlt - ok 23:39:47.0088 5524 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\windows\system32\drivers\TsUsbGD.sys 23:39:47.0158 5524 TsUsbGD - ok 23:39:47.0208 5524 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys 23:39:47.0328 5524 tunnel - ok 23:39:47.0378 5524 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\drivers\uagp35.sys 23:39:47.0448 5524 uagp35 - ok 23:39:47.0498 5524 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys 23:39:47.0658 5524 udfs - ok 23:39:47.0718 5524 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe 23:39:47.0838 5524 UI0Detect - ok 23:39:47.0888 5524 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys 23:39:47.0968 5524 uliagpkx - ok 23:39:48.0008 5524 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\DRIVERS\umbus.sys 23:39:48.0098 5524 umbus - ok 23:39:48.0148 5524 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\drivers\umpass.sys 23:39:48.0218 5524 UmPass - ok 23:39:48.0278 5524 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll 23:39:48.0438 5524 upnphost - ok 23:39:48.0488 5524 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys 23:39:48.0578 5524 usbccgp - ok 23:39:48.0638 5524 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys 23:39:48.0738 5524 usbcir - ok 23:39:48.0788 5524 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys 23:39:48.0858 5524 usbehci - ok 23:39:48.0918 5524 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys 23:39:49.0038 5524 usbhub - ok 23:39:49.0088 5524 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys 23:39:49.0158 5524 usbohci - ok 23:39:49.0198 5524 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 23:39:49.0288 5524 usbprint - ok 23:39:49.0318 5524 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 23:39:49.0408 5524 usbscan - ok 23:39:49.0458 5524 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS 23:39:49.0548 5524 USBSTOR - ok 23:39:49.0588 5524 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys 23:39:49.0668 5524 usbuhci - ok 23:39:49.0718 5524 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\system32\Drivers\usbvideo.sys 23:39:49.0828 5524 usbvideo - ok 23:39:49.0878 5524 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll 23:39:49.0998 5524 UxSms - ok 23:39:50.0038 5524 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 23:39:50.0108 5524 VaultSvc - ok 23:39:50.0158 5524 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys 23:39:50.0228 5524 vdrvroot - ok 23:39:50.0298 5524 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe 23:39:50.0508 5524 vds - ok 23:39:50.0558 5524 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 23:39:50.0648 5524 vga - ok 23:39:50.0678 5524 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 23:39:50.0798 5524 VgaSave - ok 23:39:50.0838 5524 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys 23:39:50.0928 5524 vhdmp - ok 23:39:50.0978 5524 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys 23:39:51.0048 5524 viaagp - ok 23:39:51.0078 5524 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\drivers\viac7.sys 23:39:51.0178 5524 ViaC7 - ok 23:39:51.0218 5524 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys 23:39:51.0278 5524 viaide - ok 23:39:51.0308 5524 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys 23:39:51.0378 5524 volmgr - ok 23:39:51.0558 5524 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 23:39:51.0678 5524 volmgrx - ok 23:39:51.0738 5524 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys 23:39:51.0848 5524 volsnap - ok 23:39:51.0908 5524 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\drivers\vsmraid.sys 23:39:51.0998 5524 vsmraid - ok 23:39:52.0108 5524 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe 23:39:52.0368 5524 VSS - ok 23:39:52.0418 5524 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 23:39:52.0498 5524 vwifibus - ok 23:39:52.0538 5524 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 23:39:52.0638 5524 vwififlt - ok 23:39:52.0698 5524 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll 23:39:52.0848 5524 W32Time - ok 23:39:52.0898 5524 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\drivers\wacompen.sys 23:39:52.0978 5524 WacomPen - ok 23:39:53.0018 5524 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 23:39:53.0168 5524 WANARP - ok 23:39:53.0188 5524 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 23:39:53.0298 5524 Wanarpv6 - ok 23:39:53.0458 5524 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe 23:39:53.0778 5524 WatAdminSvc - ok 23:39:54.0018 5524 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe 23:39:54.0278 5524 wbengine - ok 23:39:54.0318 5524 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll 23:39:54.0458 5524 WbioSrvc - ok 23:39:54.0508 5524 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll 23:39:54.0648 5524 wcncsvc - ok 23:39:54.0678 5524 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll 23:39:54.0798 5524 WcsPlugInService - ok 23:39:54.0868 5524 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\drivers\wd.sys 23:39:54.0938 5524 Wd - ok 23:39:55.0008 5524 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 23:39:55.0158 5524 Wdf01000 - ok 23:39:55.0198 5524 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 23:39:55.0308 5524 WdiServiceHost - ok 23:39:55.0318 5524 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 23:39:55.0398 5524 WdiSystemHost - ok 23:39:55.0438 5524 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll 23:39:55.0598 5524 WebClient - ok 23:39:55.0638 5524 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll 23:39:55.0798 5524 Wecsvc - ok 23:39:55.0838 5524 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll 23:39:55.0968 5524 wercplsupport - ok 23:39:56.0008 5524 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll 23:39:56.0128 5524 WerSvc - ok 23:39:56.0188 5524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 23:39:56.0318 5524 WfpLwf - ok 23:39:56.0348 5524 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 23:39:56.0408 5524 WIMMount - ok 23:39:56.0538 5524 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 23:39:56.0658 5524 WinDefend - ok 23:39:56.0688 5524 WinHttpAutoProxySvc - ok 23:39:56.0788 5524 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll 23:39:56.0928 5524 Winmgmt - ok 23:39:57.0048 5524 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll 23:39:57.0228 5524 WinRM - ok 23:39:57.0358 5524 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll 23:39:57.0498 5524 Wlansvc - ok 23:39:57.0588 5524 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 23:39:57.0658 5524 wlcrasvc - ok 23:39:57.0848 5524 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:39:58.0028 5524 wlidsvc - ok 23:39:58.0208 5524 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys 23:39:58.0268 5524 WmiAcpi - ok 23:39:58.0368 5524 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe 23:39:58.0488 5524 wmiApSrv - ok 23:39:58.0658 5524 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 23:39:58.0818 5524 WMPNetworkSvc - ok 23:39:58.0968 5524 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll 23:39:59.0088 5524 WPCSvc - ok 23:39:59.0128 5524 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll 23:39:59.0238 5524 WPDBusEnum - ok 23:39:59.0308 5524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 23:39:59.0448 5524 ws2ifsl - ok 23:39:59.0498 5524 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll 23:39:59.0598 5524 wscsvc - ok 23:39:59.0628 5524 WSearch - ok 23:39:59.0818 5524 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll 23:40:00.0018 5524 wuauserv - ok 23:40:00.0218 5524 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys 23:40:00.0358 5524 WudfPf - ok 23:40:00.0418 5524 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys 23:40:00.0588 5524 WUDFRd - ok 23:40:00.0628 5524 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll 23:40:00.0788 5524 wudfsvc - ok 23:40:00.0838 5524 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll 23:40:00.0988 5524 WwanSvc - ok 23:40:01.0058 5524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 23:40:01.0518 5524 \Device\Harddisk0\DR0 - ok 23:40:01.0538 5524 Boot (0x1200) (8287a65c0c9431e3221ce8cd5fa64db5) \Device\Harddisk0\DR0\Partition0 23:40:01.0538 5524 \Device\Harddisk0\DR0\Partition0 - ok 23:40:01.0588 5524 Boot (0x1200) (a0689bbae61c951e92e37be4c129bf19) \Device\Harddisk0\DR0\Partition1 23:40:01.0588 5524 \Device\Harddisk0\DR0\Partition1 - ok 23:40:01.0598 5524 ============================================================ 23:40:01.0598 5524 Scan finished 23:40:01.0598 5524 ============================================================ 23:40:01.0738 5588 Detected object count: 0 23:40:01.0738 5588 Actual detected object count: 0 |
|
| Themen zu ebenfalls BRD Trojaner |
| antivir guard, avira, babylon toolbar, babylontoolbar, bho, bingbar, error, excel, fehler, firefox, flash player, format, google, home, install.exe, installation, logfile, mozilla, office 2007, problem, prozess, realtek, registry, rundll, search the web, searchscopes, security, software, svchost.exe, trojaner, udp, windows |
