Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ebenfalls BRD Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 26.07.2012, 00:41   #1
alialcali
 
ebenfalls BRD Trojaner - Standard

ebenfalls BRD Trojaner



Hallo,

habe mir soeben auch den BRD Trojaner eingefangen.
Hier ist ja ganz schön was los im Forum, bin wohl nicht der einzige mit
dem Problem!

Jedenfalls hab ich im abgesicherten Modus mal die OTL-Files erstellen lassen. Allerdings habe ich bei LOP und Purity Prüfung keine Häkchen gesetzt für den Scan. Ist dies notwendig?

Hier der Scan:

OTL logfile created on: 26.07.2012 00:58:38 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Helen\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,16% Memory free
3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 43,13 Gb Free Space | 43,13% Space Free | Partition Type: NTFS
Drive D: | 350,74 Gb Total Space | 233,61 Gb Free Space | 66,60% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Helen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=641eba1a000000000000f46d04554a99
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=641eba1a000000000000f46d04554a99
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=641eba1a000000000000f46d04554a99&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 20:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 20:48:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.09.09 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Extensions
[2012.07.16 11:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions
[2012.03.30 12:57:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.14 15:44:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\suw52bie.default\extensions\ffxtlbr@babylon.com
[2012.07.13 22:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 20:48:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\Helen\AppData\Local\Microsoft\Windows\2564\TapiMigPlugin.exe ()
O4 - Startup: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Helen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A2AAD8-9B24-494D-B295-24A3B151F6A5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.26 00:56:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2012.07.25 23:59:32 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\hellomoto
[2012.07.16 18:21:33 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9C485454-6208-4F37-B22E-29809535D682}
[2012.07.16 18:21:20 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{D19777FF-C7F6-4956-A21A-98D937501ACB}
[2012.07.16 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{43DCBD8F-EC83-4600-9D44-9D2A80841C88}
[2012.07.16 16:35:25 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{D21CF5EF-47AD-428E-96E1-093D86B024D3}
[2012.07.16 16:35:14 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{CE529AFA-2002-400B-90F4-1331865A1009}
[2012.07.16 16:35:03 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{97B602B2-F2C5-4D5F-BC9D-CC23104B6741}
[2012.07.16 16:34:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{B711FC83-F6DF-445D-BB7A-067D37F4BEDC}
[2012.07.16 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{2179FFC6-159D-41BC-8F11-D31B17251352}
[2012.07.16 16:34:09 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9762F804-DCC3-49B3-B74E-6889238B7F9A}
[2012.07.16 16:33:56 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{05631721-F9B6-4D09-BC68-1CAB50D3F382}
[2012.07.13 22:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.13 22:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.13 22:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.13 19:29:04 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{8ECDA36E-4D20-4B0E-AA54-63BCAB1D35DD}
[2012.07.13 19:28:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{22B3DA65-3602-4BF5-B333-80408130AE3A}
[2012.07.13 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{0BDC0BAE-A6DE-4797-83A0-6F51CC78DB32}
[2012.07.13 18:31:45 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{C01BF31B-2150-4C9E-B2C9-279173BDEF68}
[2012.07.11 12:33:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.07.11 12:33:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.07.11 12:33:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012.07.11 12:33:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.07.11 12:33:02 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012.07.11 12:33:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.07.11 12:32:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012.07.11 12:29:47 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.07.11 08:47:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2012.07.11 08:47:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll
[2012.07.11 08:47:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2012.07.10 21:06:05 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2012.07.10 19:34:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\Desktop\konrAD
[2012.07.10 09:39:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{7186AC0E-83B3-4104-887A-A98322D1398A}
[2012.07.10 09:39:24 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9C373695-9223-4461-80BF-31A9875FCEA7}
[2012.07.05 13:03:17 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\elsterformular
[2012.07.05 13:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.05 13:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.07.05 13:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.07.05 13:01:21 | 060,109,528 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Helen\Desktop\ElsterFormular-13.2.0.8623p.exe
[2012.06.29 12:25:52 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{FC320FD4-E6C1-4A4D-B013-1EB273427876}
[2012.06.29 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{DDCA012F-EB82-4813-9691-5F03C5E3C4FE}
[2012.06.29 12:25:30 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{BEDC29ED-343C-4171-B498-6054A8746F66}
[2012.06.29 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{1EEEB591-D49D-48C7-AB2A-708346C5EFDD}
[2012.06.29 09:59:57 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9BB38683-5647-4982-9D95-6C99095780AA}
[2012.06.29 09:59:47 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{4D3F5D6C-7CDB-4F92-BCC1-7039217B61EA}
[2012.06.29 09:59:36 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{25389F5B-3A8E-4A29-8A83-60D21F8EBBA6}
[2012.06.29 09:59:25 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{EF02060F-E687-4CD9-B187-96D59ED23EC8}
[2012.06.29 09:59:14 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{C4518C95-6D89-4BBD-B302-9E7A3F272793}
[2012.06.29 09:59:01 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{A18BEA2C-507E-4189-856F-C285D5B573AE}
[2012.06.26 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Helen\Desktop\orga
[2012.06.26 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{9196A4AC-C4F2-46F8-8B26-904DF2810473}
[2012.06.26 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Local\{01594283-E840-404A-B25D-3A6EC5559BF8}

========== Files - Modified Within 30 Days ==========

[2012.07.26 01:01:42 | 003,932,872 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.07.26 01:01:42 | 001,611,648 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.07.26 01:01:42 | 001,177,688 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.07.26 01:01:42 | 001,050,940 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.07.26 00:56:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2012.07.26 00:55:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.26 00:54:56 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 00:36:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 00:36:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 00:21:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.13 22:43:11 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.12 12:21:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.07.12 12:21:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.07.11 18:32:34 | 000,410,064 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.07.05 13:02:46 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.05 13:01:45 | 060,109,528 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\Helen\Desktop\ElsterFormular-13.2.0.8623p.exe

========== Files Created - No Company Name ==========

[2012.07.13 22:43:11 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 22:43:10 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.05 13:02:46 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.06.03 15:39:55 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2012.06.03 15:39:55 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2012.06.03 15:39:54 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2012.06.03 15:39:54 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2012.06.03 15:39:54 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2012.06.03 15:39:54 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2012.06.03 15:39:54 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2012.06.03 15:39:54 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2012.06.03 15:39:54 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2012.06.03 15:39:54 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2012.06.03 15:39:54 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2012.06.03 15:39:54 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2012.06.03 15:39:54 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2012.06.03 15:39:54 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2012.06.03 15:39:54 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2012.06.03 15:39:54 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2012.06.03 15:39:54 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2012.06.03 15:39:54 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2012.06.03 15:39:54 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2012.06.03 15:29:29 | 000,000,025 | ---- | C] () -- C:\windows\CDEBX300DEFGIPS.ini
[2012.04.16 21:12:24 | 000,000,126 | ---- | C] () -- C:\windows\System32\AF15IRTBL.bin
[2011.09.09 16:42:56 | 000,000,154 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\default.rss
[2011.09.09 15:19:29 | 000,002,684 | ---- | C] () -- C:\Users\Helen\Nero StartSmart Essentials.lnk
[2011.09.09 14:54:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2011.09.09 14:53:27 | 000,001,104 | ---- | C] () -- C:\Users\Helen\E-Manual.lnk
[2011.04.15 20:20:34 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2011.04.15 20:20:33 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2011.04.15 20:18:36 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.04.15 20:16:20 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2011.04.15 20:16:18 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2011.04.15 20:15:55 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2011.04.15 20:15:55 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011.04.15 20:15:53 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini
[2011.04.15 20:08:43 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2011.04.15 20:05:03 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011.04.15 20:05:03 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011.02.16 12:41:17 | 003,932,872 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2011.02.16 12:41:17 | 001,177,688 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2011.02.16 12:41:17 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2011.02.16 12:41:17 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010.07.29 09:43:10 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

< End of report >



Und hier der Scan von der Extras-Datei:


OTL Extras logfile created on: 26.07.2012 00:58:38 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Helen\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,16% Memory free
3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 43,13 Gb Free Space | 43,13% Space Free | Partition Type: NTFS
Drive D: | 350,74 Gb Total Space | 233,61 Gb Free Space | 66,60% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02128961-31FB-49BE-8773-A97FA0FF2C4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{04E8382A-5C52-428E-8120-51D89D2DB4ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{0A563FD1-D31D-490C-8383-A4BF73FE71B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E9B0BEC-17DA-4C1A-ABCA-7E956692A681}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EA21E7F-937E-41D0-B3EB-DFBA44AFE75C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1EBC79DA-C9E5-44A0-B221-8CAA2414CC1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2284C6CD-9471-4ABB-B4BF-43DDA9C822B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D815D21-F39F-4275-80A8-3E72C18BBD43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FFE8166-F0A6-44A4-8D85-BB45E52365C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D4A268E-ABF6-4001-AE4D-20F2C800F4B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3F5DF7FC-452D-4F0E-96C5-D3FBFDFFE32F}" = rport=137 | protocol=17 | dir=out | app=system |
"{57AA23D8-2CEC-40DF-B872-1B8E44DFDAFA}" = rport=138 | protocol=17 | dir=out | app=system |
"{5978F86D-636B-4342-AA70-9F010CA1ED27}" = lport=137 | protocol=17 | dir=in | app=system |
"{5AF7B3A7-81ED-4096-8AEB-06924F5304EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{665C269A-AE69-4A8E-AB78-2CBC7F989D48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68F6EB20-9121-41E8-82BB-80918D92AA38}" = rport=139 | protocol=6 | dir=out | app=system |
"{857D4AAB-C549-4AE7-ACAE-F2CCCF402F7A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{98C3B615-51ED-4F87-9F9F-3E72B0ABB51E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9B234762-AD68-46D8-9F24-D1838135701A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A4487380-8E51-4C1A-B1D5-67DCD93F7CC5}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{AFAB807C-04A0-4F53-9588-B6678C89A34C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE20F2BD-F3E5-4E31-BF1A-2DB78179EE1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEF4B8A2-8E52-41C7-BDB9-89A2FD1C8539}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA8EAA85-4E7F-49E7-A0B5-660CEECBE1C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA7754F1-4F99-4E39-AFC0-6EF6649A2761}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC1CB879-1CB1-4B7C-B99F-936E753566BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F22CF440-3F8E-41DE-9C77-67CE35D19913}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F415D6D7-D0B8-4154-A336-59CBA44B072A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EC0A11-AABC-44FB-9134-FB47C33612D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B9062F3-2E9C-46D3-9FD8-B7B7139488EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CD9809E-D50B-4661-9EF3-0D0B543FDA15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ABD58F4-4DB4-4C8E-9841-57DD917128CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1E426BA7-70F9-4F14-9DF2-386A91F7DFA7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{20353FD6-4B63-4BC3-B423-083C5DD8AE31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{205703C7-D530-4CCA-A549-C320EDC7F033}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3B5FFC27-7FA7-470D-BF00-469F6B732739}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EC4549B-B19D-476E-9552-73DA66C7D173}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3F380DD3-7467-4A22-8AEF-85D9805F9AFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{427BAA16-CB47-4944-B762-78C37F76E1F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{49F66FE2-6BB9-4E98-AB27-F02B83B23A20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5661CC1A-7D8D-4462-88BF-22E7CF96E5A3}" = protocol=17 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe |
"{5EEE7F49-0B1B-4A4B-BE9D-97E7577EEC16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{665B855C-EEDF-485F-8E65-4388F298F98B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BEBA761-6B55-4D27-8FA5-3E5ADD51281B}" = protocol=6 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe |
"{96EE3C52-51C2-4288-836D-C438CA2A0F96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97A96353-DB5A-4BEB-B902-9921C5DB1C9C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BD4AFB2E-7894-4AF6-83C5-7404C2D4FC1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3CCE8DB-1D6C-4720-B047-B2F114033E4A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEA8B43F-D862-486A-807D-10BBDD419972}" = protocol=6 | dir=out | app=system |
"{DB2B2FA9-A041-4930-B868-8474AAD0BEA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DBFE2052-60C9-47F0-87D9-455336C93F1D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E8995C65-AADD-4399-99F2-97C39BC86FEC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ED4D9000-7018-41DC-ACC7-9B084E62D77D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0319BEE-8098-48E2-9401-48DCBFB02A51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{0D61D9D1-DB3A-4E85-9AC9-291ABF3A84F8}C:\program files\tuloxfreewbf\freedict.exe" = protocol=6 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe |
"TCP Query User{0FBC53B3-BD51-413A-8608-F1BA6C8A4740}C:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B37667F7-C174-4537-87C0-068382AF110E}C:\program files\tuloxfreewbf\freedict.exe" = protocol=6 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe |
"TCP Query User{C2D7BB05-CB57-43F5-ACFE-5236DF48995D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A6688AED-3598-4F65-861C-AC57F98BFD8B}C:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\helen\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D1035AD5-D6F9-4338-9ECF-5C2698C57ECE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D63FAF2F-B63B-48C0-8CFA-1494E8FD748C}C:\program files\tuloxfreewbf\freedict.exe" = protocol=17 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe |
"UDP Query User{F7E0936C-1A1E-4A52-83A8-AF6ED8D2FF59}C:\program files\tuloxfreewbf\freedict.exe" = protocol=17 | dir=in | app=c:\program files\tuloxfreewbf\freedict.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{0f5aaa71-64ab-43bb-afdf-2282f9c211bf}" = Nero 9 Essentials
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}" = uMedia uTV
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"dm-Fotowelt" = dm-Fotowelt
"Eee Docking_is1" = Eee Docking 3.8.3
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch
"fotokasten comfort_is1" = fotokasten comfort 4.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08.07.2012 17:18:11 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 08.07.2012 17:18:11 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 09.07.2012 03:10:02 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 10.07.2012 03:42:01 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 11.07.2012 02:43:44 | Computer Name = Helen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

[ System Events ]
Error - 19.03.2012 23:28:12 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 20.03.2012 06:47:42 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 20.03.2012 11:13:25 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira AntiVir Guard" wurde nicht richtig gestartet.

Error - 20.03.2012 11:13:31 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 21.03.2012 03:06:04 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 21.03.2012 14:03:56 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 21.03.2012 23:28:00 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = DCOM | ID = 10005
Description =

Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 21.03.2012 23:59:17 | Computer Name = Helen-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069


< End of report >



Ich hoffe, auch mir kann geholfen werden.

im Voraus

Alt 26.07.2012, 18:09   #2
markusg
/// Malware-holic
 
ebenfalls BRD Trojaner - Standard

ebenfalls BRD Trojaner



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [TapiMigPlugin] C:\Users\Helen\AppData\Local\Microsoft\Windows\2564\TapiMigPlugin.exe ()
 :Files
C:\Users\Helen\AppData\Local\Microsoft\Windows\2564
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
__________________

__________________

Alt 26.07.2012, 18:57   #3
alialcali
 
ebenfalls BRD Trojaner - Standard

ebenfalls BRD Trojaner



Hier der Inhalt der Desktop.ini:


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183


Habe auch alle Dateien im UpChannel hochgeladen.
__________________

Alt 26.07.2012, 19:54   #4
markusg
/// Malware-holic
 
ebenfalls BRD Trojaner - Standard

ebenfalls BRD Trojaner



danke fürs hochladen
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 20:54   #5
alialcali
 
ebenfalls BRD Trojaner - Standard

ebenfalls BRD Trojaner



Hier die Combofix.txt:


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-27.02 - Helen 26.07.2012  21:32:06.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2038.904 [GMT 2:00]
ausgeführt von:: c:\users\Helen\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\AF15BDAEX.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 19:45 . 2012-07-26 19:46	--------	d-----w-	c:\users\Helen\AppData\Local\temp
2012-07-26 19:45 . 2012-07-26 19:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-26 17:28 . 2012-07-26 17:44	--------	d-----w-	C:\_OTL
2012-07-26 17:12 . 2012-05-07 13:10	14720	----a-w-	c:\windows\system32\drivers\AiDriver.sys
2012-07-26 12:54 . 2012-07-26 12:54	--------	d-----w-	c:\users\Helen\AppData\Roaming\Malwarebytes
2012-07-26 12:52 . 2012-07-26 12:52	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-26 12:52 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-25 21:59 . 2012-07-25 21:59	--------	d-----w-	c:\users\Helen\AppData\Roaming\hellomoto
2012-07-24 08:34 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB9C030D-8A6D-48E0-9FD6-F8711DE8CA1F}\mpengine.dll
2012-07-13 20:43 . 2012-07-19 22:27	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-07-11 10:32 . 2012-06-02 08:25	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-11 10:29 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-10 19:06 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-05 11:03 . 2012-07-05 11:03	--------	d-----w-	c:\users\Helen\AppData\Roaming\elsterformular
2012-07-05 11:02 . 2012-07-05 11:03	--------	d-----w-	c:\programdata\elsterformular
2012-07-05 11:02 . 2012-07-05 11:02	--------	d-----w-	c:\program files\ElsterFormular
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 10:21 . 2012-04-23 12:16	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-12 10:21 . 2011-09-09 14:38	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 19:23	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:23	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:23	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:23	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 19:23	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 19:23	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 19:23	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 19:22	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 19:22	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-09-09 15:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-14 13:44 . 2012-05-14 13:44	4203106	----a-w-	c:\users\Helen\AppData\Roaming\Microsoft\Windows\Templates\tuloxff.exe
2012-05-01 04:44 . 2012-06-13 06:20	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 06:20	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-19 18:48 . 2012-07-13 20:43	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Helen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Helen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Helen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-15 2018032]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-09-09 2429]
"Malwarebytes' Anti-Malware"="d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"iSeriesCharge"="AsusSender.exe" [2011-03-11 34728]
.
c:\users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Helen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\Asus\AsusVibe\AsusVibeLauncher.exe [2011-10-20 549040]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
p6_19_erinnerung.lnk - c:\program files\phase6\phase6_19\WinStart\p6erinnerung.exe [2007-2-11 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 10:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=641eba1a000000000000f46d04554a99
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{48A2AAD8-9B24-494D-B295-24A3B151F6A5}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{48A2AAD8-9B24-494D-B295-24A3B151F6A5}\355756679616E4544523: DhcpNameServer = 172.23.239.1
FF - ProfilePath - c:\users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\suw52bie.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=641eba1a000000000000f46d04554a99&q=
FF - user.js: extensions.BabylonToolbar_i.id - 641eba1a000000000000f46d04554a99
FF - user.js: extensions.BabylonToolbar_i.hardId - 641eba1a000000000000f46d04554a99
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15474
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
MSConfigStartUp-TapiMigPlugin - c:\users\Helen\AppData\Local\Microsoft\Windows\2564\TapiMigPlugin.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-26  21:50:17
ComboFix-quarantined-files.txt  2012-07-26 19:50
.
Vor Suchlauf: 9 Verzeichnis(se), 45.429.342.208 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 48.108.691.456 Bytes frei
.
- - End Of File - - 2EE014B2E5F69FD69EC9AD12A4C5A0B1
         
--- --- ---


Alt 27.07.2012, 23:13   #6
markusg
/// Malware-holic
 
ebenfalls BRD Trojaner - Standard

ebenfalls BRD Trojaner



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> ebenfalls BRD Trojaner

Alt 31.07.2012, 22:45   #7
alialcali
 
ebenfalls BRD Trojaner - Standard

ebenfalls BRD Trojaner



So der tdsskiller hat nichts gefunden. Hier der report:


23:37:51.0068 2244 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:37:51.0398 2244 ============================================================
23:37:51.0398 2244 Current date / time: 2012/07/31 23:37:51.0398
23:37:51.0398 2244 SystemInfo:
23:37:51.0398 2244
23:37:51.0398 2244 OS Version: 6.1.7601 ServicePack: 1.0
23:37:51.0398 2244 Product type: Workstation
23:37:51.0398 2244 ComputerName: ***
23:37:51.0398 2244 UserName: ***
23:37:51.0398 2244 Windows directory: C:\windows
23:37:51.0398 2244 System windows directory: C:\windows
23:37:51.0398 2244 Processor architecture: Intel x86
23:37:51.0398 2244 Number of processors: 4
23:37:51.0398 2244 Page size: 0x1000
23:37:51.0398 2244 Boot type: Normal boot
23:37:51.0398 2244 ============================================================
23:37:52.0868 2244 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:37:52.0878 2244 ============================================================
23:37:52.0878 2244 \Device\Harddisk0\DR0:
23:37:52.0878 2244 MBR partitions:
23:37:52.0878 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
23:37:52.0878 2244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0x2BD7D000
23:37:52.0878 2244 ============================================================
23:37:52.0888 2244 C: <-> \Device\Harddisk0\DR0\Partition0
23:37:52.0938 2244 D: <-> \Device\Harddisk0\DR0\Partition1
23:37:52.0938 2244 ============================================================
23:37:52.0938 2244 Initialize success
23:37:52.0938 2244 ============================================================
23:38:40.0798 5524 ============================================================
23:38:40.0798 5524 Scan started
23:38:40.0798 5524 Mode: Manual; SigCheck; TDLFS;
23:38:40.0798 5524 ============================================================
23:38:43.0038 5524 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
23:38:43.0428 5524 1394ohci - ok
23:38:43.0498 5524 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
23:38:43.0588 5524 ACPI - ok
23:38:43.0628 5524 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
23:38:43.0738 5524 AcpiPmi - ok
23:38:43.0858 5524 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:38:43.0898 5524 AdobeARMservice - ok
23:38:43.0998 5524 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:38:44.0118 5524 AdobeFlashPlayerUpdateSvc - ok
23:38:44.0198 5524 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\drivers\adp94xx.sys
23:38:44.0328 5524 adp94xx - ok
23:38:44.0388 5524 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\drivers\adpahci.sys
23:38:44.0488 5524 adpahci - ok
23:38:44.0518 5524 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\drivers\adpu320.sys
23:38:44.0618 5524 adpu320 - ok
23:38:44.0658 5524 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
23:38:44.0868 5524 AeLookupSvc - ok
23:38:44.0948 5524 AF15BDA (e3f08935158038d385ad382442f4bb2d) C:\windows\system32\DRIVERS\AF15BDA.sys
23:38:45.0098 5524 AF15BDA - ok
23:38:45.0178 5524 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
23:38:45.0348 5524 AFD - ok
23:38:45.0388 5524 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
23:38:45.0458 5524 agp440 - ok
23:38:45.0508 5524 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\drivers\djsvs.sys
23:38:45.0578 5524 aic78xx - ok
23:38:45.0668 5524 AiDriver (68d6075d1fdc90038b0dc5b9d1f17adf) C:\windows\system32\DRIVERS\AiDriver.sys
23:38:45.0748 5524 AiDriver - ok
23:38:45.0818 5524 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
23:38:45.0938 5524 ALG - ok
23:38:45.0988 5524 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
23:38:46.0048 5524 aliide - ok
23:38:46.0078 5524 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
23:38:46.0158 5524 amdagp - ok
23:38:46.0188 5524 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
23:38:46.0258 5524 amdide - ok
23:38:46.0268 5524 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\drivers\amdk8.sys
23:38:46.0388 5524 AmdK8 - ok
23:38:46.0408 5524 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\drivers\amdppm.sys
23:38:46.0498 5524 AmdPPM - ok
23:38:46.0568 5524 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
23:38:46.0648 5524 amdsata - ok
23:38:46.0698 5524 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\drivers\amdsbs.sys
23:38:46.0788 5524 amdsbs - ok
23:38:46.0818 5524 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
23:38:46.0888 5524 amdxata - ok
23:38:46.0998 5524 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:38:47.0048 5524 AntiVirSchedulerService - ok
23:38:47.0108 5524 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:38:47.0168 5524 AntiVirService - ok
23:38:47.0218 5524 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
23:38:47.0348 5524 AppID - ok
23:38:47.0398 5524 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
23:38:47.0528 5524 AppIDSvc - ok
23:38:47.0568 5524 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
23:38:47.0698 5524 Appinfo - ok
23:38:47.0778 5524 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\drivers\arc.sys
23:38:47.0858 5524 arc - ok
23:38:47.0878 5524 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\drivers\arcsas.sys
23:38:47.0958 5524 arcsas - ok
23:38:48.0008 5524 AsIO (956c7177dbda0f02436868ad644ccf31) C:\windows\system32\drivers\AsIO.sys
23:38:48.0068 5524 AsIO - ok
23:38:48.0098 5524 AsUpIO (a9a565c669786c402752f609afdd0dd5) C:\windows\system32\drivers\AsUpIO.sys
23:38:48.0158 5524 AsUpIO - ok
23:38:48.0208 5524 AsusService (bdedd780a12e75ac5902ca6bb027eab7) C:\windows\system32\AsusService.exe
23:38:48.0258 5524 AsusService - ok
23:38:48.0298 5524 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
23:38:48.0478 5524 AsyncMac - ok
23:38:48.0548 5524 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
23:38:48.0618 5524 atapi - ok
23:38:48.0738 5524 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys
23:38:48.0968 5524 athr - ok
23:38:49.0048 5524 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
23:38:49.0198 5524 AudioEndpointBuilder - ok
23:38:49.0228 5524 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
23:38:49.0358 5524 Audiosrv - ok
23:38:49.0448 5524 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
23:38:49.0528 5524 avgntflt - ok
23:38:49.0578 5524 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
23:38:49.0668 5524 avipbb - ok
23:38:49.0748 5524 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
23:38:49.0938 5524 AxInstSV - ok
23:38:50.0008 5524 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\drivers\bxvbdx.sys
23:38:50.0148 5524 b06bdrv - ok
23:38:50.0208 5524 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
23:38:50.0318 5524 b57nd60x - ok
23:38:50.0418 5524 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
23:38:50.0518 5524 BBSvc - ok
23:38:50.0758 5524 BCM43XX (2be0f23d494c301641c42ead2fdcd4f2) C:\windows\system32\DRIVERS\bcmwl6.sys
23:38:51.0048 5524 BCM43XX - ok
23:38:51.0188 5524 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
23:38:51.0308 5524 BDESVC - ok
23:38:51.0388 5524 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
23:38:51.0528 5524 Beep - ok
23:38:51.0618 5524 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
23:38:51.0758 5524 BFE - ok
23:38:51.0828 5524 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
23:38:52.0078 5524 BITS - ok
23:38:52.0108 5524 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
23:38:52.0178 5524 blbdrive - ok
23:38:52.0248 5524 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
23:38:52.0338 5524 bowser - ok
23:38:52.0358 5524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\BrFiltLo.sys
23:38:52.0448 5524 BrFiltLo - ok
23:38:52.0468 5524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\BrFiltUp.sys
23:38:52.0558 5524 BrFiltUp - ok
23:38:52.0618 5524 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
23:38:52.0778 5524 BridgeMP - ok
23:38:52.0828 5524 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
23:38:52.0968 5524 Browser - ok
23:38:53.0018 5524 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
23:38:53.0148 5524 Brserid - ok
23:38:53.0168 5524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
23:38:53.0268 5524 BrSerWdm - ok
23:38:53.0288 5524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
23:38:53.0368 5524 BrUsbMdm - ok
23:38:53.0378 5524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
23:38:53.0468 5524 BrUsbSer - ok
23:38:53.0538 5524 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
23:38:53.0688 5524 BthEnum - ok
23:38:53.0738 5524 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\drivers\bthmodem.sys
23:38:53.0818 5524 BTHMODEM - ok
23:38:53.0858 5524 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
23:38:53.0958 5524 BthPan - ok
23:38:54.0048 5524 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
23:38:54.0198 5524 BTHPORT - ok
23:38:54.0258 5524 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
23:38:54.0418 5524 bthserv - ok
23:38:54.0448 5524 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
23:38:54.0528 5524 BTHUSB - ok
23:38:54.0598 5524 btwampfl (d57641bf7e6af5c996eab931afadc271) C:\windows\system32\drivers\btwampfl.sys
23:38:54.0698 5524 btwampfl - ok
23:38:54.0728 5524 btwaudio (81471a7d64d1fc014d47a4cf33cd701e) C:\windows\system32\drivers\btwaudio.sys
23:38:54.0798 5524 btwaudio - ok
23:38:54.0838 5524 btwavdt (098af3559710fcec05b7aa5159f435f9) C:\windows\system32\drivers\btwavdt.sys
23:38:54.0918 5524 btwavdt - ok
23:38:55.0058 5524 btwdins (8fcf8e276b5755db87c8b015cad1bc41) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:38:55.0148 5524 btwdins - ok
23:38:55.0178 5524 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
23:38:55.0238 5524 btwl2cap - ok
23:38:55.0258 5524 btwrchid (e28ef3c4ef1849b876f850015066380b) C:\windows\system32\DRIVERS\btwrchid.sys
23:38:55.0318 5524 btwrchid - ok
23:38:55.0398 5524 catchme - ok
23:38:55.0448 5524 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
23:38:55.0588 5524 cdfs - ok
23:38:55.0638 5524 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
23:38:55.0738 5524 cdrom - ok
23:38:55.0788 5524 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
23:38:55.0908 5524 CertPropSvc - ok
23:38:55.0948 5524 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\drivers\circlass.sys
23:38:56.0048 5524 circlass - ok
23:38:56.0088 5524 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
23:38:56.0168 5524 CLFS - ok
23:38:56.0258 5524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:38:56.0328 5524 clr_optimization_v2.0.50727_32 - ok
23:38:56.0428 5524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:38:56.0508 5524 clr_optimization_v4.0.30319_32 - ok
23:38:56.0528 5524 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
23:38:56.0618 5524 CmBatt - ok
23:38:56.0648 5524 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
23:38:56.0708 5524 cmdide - ok
23:38:56.0778 5524 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
23:38:56.0918 5524 CNG - ok
23:38:56.0958 5524 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\drivers\compbatt.sys
23:38:57.0028 5524 Compbatt - ok
23:38:57.0078 5524 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\DRIVERS\CompositeBus.sys
23:38:57.0168 5524 CompositeBus - ok
23:38:57.0188 5524 COMSysApp - ok
23:38:57.0228 5524 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\drivers\crcdisk.sys
23:38:57.0298 5524 crcdisk - ok
23:38:57.0358 5524 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
23:38:57.0448 5524 CryptSvc - ok
23:38:57.0518 5524 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
23:38:57.0678 5524 DcomLaunch - ok
23:38:57.0738 5524 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
23:38:57.0928 5524 defragsvc - ok
23:38:57.0968 5524 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
23:38:58.0118 5524 DfsC - ok
23:38:58.0198 5524 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
23:38:58.0328 5524 Dhcp - ok
23:38:58.0348 5524 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
23:38:58.0498 5524 discache - ok
23:38:58.0548 5524 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\drivers\disk.sys
23:38:58.0628 5524 Disk - ok
23:38:58.0678 5524 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
23:38:58.0768 5524 Dnscache - ok
23:38:58.0828 5524 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
23:38:59.0018 5524 dot3svc - ok
23:38:59.0058 5524 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
23:38:59.0188 5524 DPS - ok
23:38:59.0238 5524 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
23:38:59.0328 5524 drmkaud - ok
23:38:59.0408 5524 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
23:38:59.0598 5524 DXGKrnl - ok
23:38:59.0658 5524 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
23:38:59.0798 5524 EapHost - ok
23:39:00.0068 5524 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\drivers\evbdx.sys
23:39:00.0408 5524 ebdrv - ok
23:39:00.0548 5524 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
23:39:00.0628 5524 EFS - ok
23:39:00.0748 5524 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
23:39:00.0938 5524 ehRecvr - ok
23:39:00.0968 5524 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
23:39:01.0078 5524 ehSched - ok
23:39:01.0208 5524 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\drivers\elxstor.sys
23:39:01.0338 5524 elxstor - ok
23:39:01.0358 5524 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
23:39:01.0428 5524 ErrDev - ok
23:39:01.0518 5524 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
23:39:01.0648 5524 EventSystem - ok
23:39:01.0698 5524 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
23:39:01.0848 5524 exfat - ok
23:39:01.0888 5524 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
23:39:02.0048 5524 fastfat - ok
23:39:02.0128 5524 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
23:39:02.0228 5524 Fax - ok
23:39:02.0268 5524 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\drivers\fdc.sys
23:39:02.0338 5524 fdc - ok
23:39:02.0368 5524 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
23:39:02.0498 5524 fdPHost - ok
23:39:02.0538 5524 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
23:39:02.0668 5524 FDResPub - ok
23:39:02.0708 5524 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
23:39:02.0788 5524 FileInfo - ok
23:39:02.0838 5524 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
23:39:02.0988 5524 Filetrace - ok
23:39:03.0018 5524 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\drivers\flpydisk.sys
23:39:03.0098 5524 flpydisk - ok
23:39:03.0128 5524 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
23:39:03.0198 5524 FltMgr - ok
23:39:03.0288 5524 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
23:39:03.0448 5524 FontCache - ok
23:39:03.0538 5524 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:39:03.0608 5524 FontCache3.0.0.0 - ok
23:39:03.0658 5524 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
23:39:03.0728 5524 FsDepends - ok
23:39:03.0788 5524 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
23:39:03.0848 5524 fssfltr - ok
23:39:04.0038 5524 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:39:04.0288 5524 fsssvc - ok
23:39:04.0458 5524 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
23:39:04.0528 5524 Fs_Rec - ok
23:39:04.0588 5524 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
23:39:04.0708 5524 fvevol - ok
23:39:04.0768 5524 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\drivers\gagp30kx.sys
23:39:04.0848 5524 gagp30kx - ok
23:39:04.0918 5524 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
23:39:05.0088 5524 gpsvc - ok
23:39:05.0108 5524 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
23:39:05.0198 5524 hcw85cir - ok
23:39:05.0248 5524 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
23:39:05.0398 5524 HdAudAddService - ok
23:39:05.0438 5524 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\DRIVERS\HDAudBus.sys
23:39:05.0518 5524 HDAudBus - ok
23:39:05.0538 5524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\drivers\HidBatt.sys
23:39:05.0638 5524 HidBatt - ok
23:39:05.0678 5524 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\drivers\hidbth.sys
23:39:05.0768 5524 HidBth - ok
23:39:05.0798 5524 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\drivers\hidir.sys
23:39:05.0898 5524 HidIr - ok
23:39:05.0978 5524 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
23:39:06.0118 5524 hidserv - ok
23:39:06.0178 5524 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
23:39:06.0258 5524 HidUsb - ok
23:39:06.0308 5524 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
23:39:06.0428 5524 hkmsvc - ok
23:39:06.0478 5524 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
23:39:06.0578 5524 HomeGroupListener - ok
23:39:06.0638 5524 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
23:39:06.0738 5524 HomeGroupProvider - ok
23:39:06.0798 5524 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
23:39:06.0878 5524 HpSAMD - ok
23:39:06.0968 5524 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
23:39:07.0178 5524 HTTP - ok
23:39:07.0208 5524 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
23:39:07.0278 5524 hwpolicy - ok
23:39:07.0318 5524 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
23:39:07.0418 5524 i8042prt - ok
23:39:07.0488 5524 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\windows\system32\drivers\iaStor.sys
23:39:07.0548 5524 iaStor - ok
23:39:07.0648 5524 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
23:39:07.0758 5524 iaStorV - ok
23:39:07.0908 5524 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:39:08.0168 5524 idsvc - ok
23:39:08.0668 5524 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
23:39:09.0148 5524 igfx - ok
23:39:09.0358 5524 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\drivers\iirsp.sys
23:39:09.0428 5524 iirsp - ok
23:39:09.0518 5524 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
23:39:09.0678 5524 IKEEXT - ok
23:39:09.0978 5524 IntcAzAudAddService (e8b6f7896db2ee6a7af7a177a9bbc526) C:\windows\system32\drivers\RTKVHDA.sys
23:39:10.0348 5524 IntcAzAudAddService - ok
23:39:10.0538 5524 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
23:39:10.0608 5524 intelide - ok
23:39:10.0648 5524 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
23:39:10.0718 5524 intelppm - ok
23:39:10.0758 5524 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
23:39:10.0918 5524 IPBusEnum - ok
23:39:10.0958 5524 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:39:11.0108 5524 IpFilterDriver - ok
23:39:11.0168 5524 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
23:39:11.0308 5524 iphlpsvc - ok
23:39:11.0438 5524 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
23:39:11.0558 5524 IPMIDRV - ok
23:39:11.0668 5524 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
23:39:11.0858 5524 IPNAT - ok
23:39:11.0898 5524 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
23:39:12.0098 5524 IRENUM - ok
23:39:12.0268 5524 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
23:39:12.0348 5524 isapnp - ok
23:39:12.0688 5524 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
23:39:12.0828 5524 iScsiPrt - ok
23:39:12.0888 5524 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
23:39:12.0958 5524 kbdclass - ok
23:39:13.0008 5524 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
23:39:13.0098 5524 kbdhid - ok
23:39:13.0138 5524 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
23:39:13.0188 5524 kbfiltr - ok
23:39:13.0218 5524 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:39:13.0288 5524 KeyIso - ok
23:39:13.0328 5524 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
23:39:13.0408 5524 KSecDD - ok
23:39:13.0438 5524 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
23:39:13.0538 5524 KSecPkg - ok
23:39:13.0608 5524 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
23:39:13.0818 5524 KtmRm - ok
23:39:13.0878 5524 L1C (01738f10ca813c5a4dbd4d7ec6fdc3fd) C:\windows\system32\DRIVERS\L1C62x86.sys
23:39:13.0938 5524 L1C - ok
23:39:14.0028 5524 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
23:39:14.0168 5524 LanmanServer - ok
23:39:14.0208 5524 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
23:39:14.0358 5524 LanmanWorkstation - ok
23:39:14.0438 5524 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
23:39:14.0588 5524 lltdio - ok
23:39:14.0638 5524 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
23:39:14.0808 5524 lltdsvc - ok
23:39:14.0848 5524 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
23:39:14.0968 5524 lmhosts - ok
23:39:15.0018 5524 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\drivers\lsi_fc.sys
23:39:15.0098 5524 LSI_FC - ok
23:39:15.0148 5524 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\drivers\lsi_sas.sys
23:39:15.0228 5524 LSI_SAS - ok
23:39:15.0258 5524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\drivers\lsi_sas2.sys
23:39:15.0328 5524 LSI_SAS2 - ok
23:39:15.0378 5524 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\drivers\lsi_scsi.sys
23:39:15.0448 5524 LSI_SCSI - ok
23:39:15.0478 5524 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
23:39:15.0638 5524 luafv - ok
23:39:15.0698 5524 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys
23:39:15.0768 5524 MBAMProtector - ok
23:39:15.0878 5524 MBAMService (43683e970f008c93c9429ef428147a54) D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:39:15.0978 5524 MBAMService - ok
23:39:16.0028 5524 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
23:39:16.0138 5524 Mcx2Svc - ok
23:39:16.0188 5524 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\drivers\megasas.sys
23:39:16.0258 5524 megasas - ok
23:39:16.0298 5524 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\drivers\MegaSR.sys
23:39:16.0398 5524 MegaSR - ok
23:39:16.0568 5524 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:39:16.0638 5524 Microsoft Office Groove Audit Service - ok
23:39:16.0678 5524 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
23:39:16.0818 5524 MMCSS - ok
23:39:16.0858 5524 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
23:39:16.0988 5524 Modem - ok
23:39:17.0028 5524 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
23:39:17.0098 5524 monitor - ok
23:39:17.0148 5524 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
23:39:17.0218 5524 mouclass - ok
23:39:17.0268 5524 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
23:39:17.0358 5524 mouhid - ok
23:39:17.0388 5524 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
23:39:17.0458 5524 mountmgr - ok
23:39:17.0538 5524 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:39:17.0618 5524 MozillaMaintenance - ok
23:39:17.0658 5524 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
23:39:17.0758 5524 mpio - ok
23:39:17.0788 5524 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
23:39:17.0928 5524 mpsdrv - ok
23:39:18.0008 5524 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
23:39:18.0158 5524 MpsSvc - ok
23:39:18.0188 5524 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
23:39:18.0288 5524 MRxDAV - ok
23:39:18.0358 5524 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
23:39:18.0468 5524 mrxsmb - ok
23:39:18.0498 5524 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:39:18.0608 5524 mrxsmb10 - ok
23:39:18.0638 5524 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:39:18.0728 5524 mrxsmb20 - ok
23:39:18.0768 5524 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
23:39:18.0828 5524 msahci - ok
23:39:18.0878 5524 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
23:39:18.0968 5524 msdsm - ok
23:39:19.0018 5524 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
23:39:19.0138 5524 MSDTC - ok
23:39:19.0198 5524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
23:39:19.0348 5524 Msfs - ok
23:39:19.0378 5524 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
23:39:19.0518 5524 mshidkmdf - ok
23:39:19.0538 5524 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
23:39:19.0618 5524 msisadrv - ok
23:39:19.0678 5524 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
23:39:19.0828 5524 MSiSCSI - ok
23:39:19.0848 5524 msiserver - ok
23:39:19.0898 5524 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
23:39:20.0038 5524 MSKSSRV - ok
23:39:20.0088 5524 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
23:39:20.0228 5524 MSPCLOCK - ok
23:39:20.0248 5524 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
23:39:20.0388 5524 MSPQM - ok
23:39:20.0428 5524 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
23:39:20.0518 5524 MsRPC - ok
23:39:20.0558 5524 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
23:39:20.0608 5524 mssmbios - ok
23:39:20.0638 5524 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
23:39:20.0768 5524 MSTEE - ok
23:39:20.0778 5524 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\drivers\MTConfig.sys
23:39:20.0868 5524 MTConfig - ok
23:39:20.0898 5524 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
23:39:20.0968 5524 Mup - ok
23:39:21.0038 5524 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
23:39:21.0188 5524 napagent - ok
23:39:21.0258 5524 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
23:39:21.0398 5524 NativeWifiP - ok
23:39:21.0488 5524 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
23:39:21.0598 5524 NDIS - ok
23:39:21.0678 5524 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
23:39:21.0808 5524 NdisCap - ok
23:39:21.0848 5524 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
23:39:21.0988 5524 NdisTapi - ok
23:39:22.0058 5524 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
23:39:22.0188 5524 Ndisuio - ok
23:39:22.0228 5524 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
23:39:22.0378 5524 NdisWan - ok
23:39:22.0418 5524 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
23:39:22.0578 5524 NDProxy - ok
23:39:22.0768 5524 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
23:39:22.0908 5524 Nero BackItUp Scheduler 4.0 - ok
23:39:22.0988 5524 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
23:39:23.0138 5524 NetBIOS - ok
23:39:23.0178 5524 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
23:39:23.0358 5524 NetBT - ok
23:39:23.0388 5524 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:39:23.0458 5524 Netlogon - ok
23:39:23.0518 5524 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
23:39:23.0668 5524 Netman - ok
23:39:23.0718 5524 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
23:39:23.0878 5524 netprofm - ok
23:39:23.0968 5524 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:39:24.0068 5524 NetTcpPortSharing - ok
23:39:24.0118 5524 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\drivers\nfrd960.sys
23:39:24.0188 5524 nfrd960 - ok
23:39:24.0248 5524 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
23:39:24.0398 5524 NlaSvc - ok
23:39:24.0428 5524 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
23:39:24.0568 5524 Npfs - ok
23:39:24.0598 5524 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
23:39:24.0758 5524 nsi - ok
23:39:24.0778 5524 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
23:39:24.0928 5524 nsiproxy - ok
23:39:25.0068 5524 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
23:39:25.0298 5524 Ntfs - ok
23:39:25.0338 5524 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
23:39:25.0468 5524 Null - ok
23:39:25.0518 5524 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
23:39:25.0608 5524 nvraid - ok
23:39:25.0658 5524 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
23:39:25.0738 5524 nvstor - ok
23:39:25.0798 5524 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
23:39:25.0888 5524 nv_agp - ok
23:39:26.0028 5524 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:39:26.0158 5524 odserv - ok
23:39:26.0198 5524 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
23:39:26.0278 5524 ohci1394 - ok
23:39:26.0338 5524 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:39:26.0428 5524 ose - ok
23:39:26.0498 5524 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
23:39:26.0638 5524 p2pimsvc - ok
23:39:26.0878 5524 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
23:39:26.0978 5524 p2psvc - ok
23:39:27.0048 5524 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\drivers\parport.sys
23:39:27.0138 5524 Parport - ok
23:39:27.0198 5524 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
23:39:27.0268 5524 partmgr - ok
23:39:27.0288 5524 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\drivers\parvdm.sys
23:39:27.0368 5524 Parvdm - ok
23:39:27.0428 5524 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
23:39:27.0518 5524 PcaSvc - ok
23:39:27.0558 5524 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
23:39:27.0648 5524 pci - ok
23:39:27.0698 5524 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
23:39:27.0758 5524 pciide - ok
23:39:27.0798 5524 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\drivers\pcmcia.sys
23:39:27.0898 5524 pcmcia - ok
23:39:27.0928 5524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
23:39:27.0998 5524 pcw - ok
23:39:28.0078 5524 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
23:39:28.0318 5524 PEAUTH - ok
23:39:28.0508 5524 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
23:39:28.0788 5524 pla - ok
23:39:28.0958 5524 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
23:39:29.0058 5524 PlugPlay - ok
23:39:29.0098 5524 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
23:39:29.0198 5524 PNRPAutoReg - ok
23:39:29.0238 5524 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
23:39:29.0328 5524 PNRPsvc - ok
23:39:29.0388 5524 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
23:39:29.0548 5524 PolicyAgent - ok
23:39:29.0588 5524 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
23:39:29.0728 5524 Power - ok
23:39:29.0808 5524 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
23:39:29.0958 5524 PptpMiniport - ok
23:39:29.0988 5524 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\drivers\processr.sys
23:39:30.0078 5524 Processor - ok
23:39:30.0138 5524 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
23:39:30.0228 5524 ProfSvc - ok
23:39:30.0268 5524 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:39:30.0338 5524 ProtectedStorage - ok
23:39:30.0408 5524 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
23:39:30.0568 5524 Psched - ok
23:39:30.0958 5524 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\drivers\ql2300.sys
23:39:31.0218 5524 ql2300 - ok
23:39:31.0578 5524 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\drivers\ql40xx.sys
23:39:31.0658 5524 ql40xx - ok
23:39:31.0718 5524 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
23:39:31.0868 5524 QWAVE - ok
23:39:31.0898 5524 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
23:39:31.0988 5524 QWAVEdrv - ok
23:39:32.0028 5524 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
23:39:32.0158 5524 RasAcd - ok
23:39:32.0198 5524 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
23:39:32.0328 5524 RasAgileVpn - ok
23:39:32.0378 5524 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
23:39:32.0538 5524 RasAuto - ok
23:39:32.0598 5524 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
23:39:32.0738 5524 Rasl2tp - ok
23:39:32.0818 5524 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
23:39:32.0978 5524 RasMan - ok
23:39:33.0018 5524 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
23:39:33.0168 5524 RasPppoe - ok
23:39:33.0218 5524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
23:39:33.0358 5524 RasSstp - ok
23:39:33.0398 5524 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
23:39:33.0588 5524 rdbss - ok
23:39:33.0628 5524 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\drivers\rdpbus.sys
23:39:33.0718 5524 rdpbus - ok
23:39:33.0758 5524 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
23:39:33.0868 5524 RDPCDD - ok
23:39:33.0908 5524 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
23:39:34.0038 5524 RDPENCDD - ok
23:39:34.0068 5524 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
23:39:34.0188 5524 RDPREFMP - ok
23:39:34.0228 5524 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
23:39:34.0348 5524 RDPWD - ok
23:39:34.0388 5524 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
23:39:34.0478 5524 rdyboost - ok
23:39:34.0528 5524 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
23:39:34.0688 5524 RemoteAccess - ok
23:39:34.0738 5524 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
23:39:34.0918 5524 RemoteRegistry - ok
23:39:34.0968 5524 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
23:39:35.0078 5524 RFCOMM - ok
23:39:35.0128 5524 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
23:39:35.0268 5524 RpcEptMapper - ok
23:39:35.0298 5524 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
23:39:35.0398 5524 RpcLocator - ok
23:39:35.0448 5524 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
23:39:35.0588 5524 RpcSs - ok
23:39:35.0638 5524 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
23:39:35.0778 5524 rspndr - ok
23:39:35.0818 5524 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:39:35.0888 5524 SamSs - ok
23:39:35.0938 5524 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
23:39:36.0008 5524 sbp2port - ok
23:39:36.0058 5524 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
23:39:36.0218 5524 SCardSvr - ok
23:39:36.0258 5524 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
23:39:36.0398 5524 scfilter - ok
23:39:36.0478 5524 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
23:39:36.0658 5524 Schedule - ok
23:39:36.0708 5524 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
23:39:36.0828 5524 SCPolicySvc - ok
23:39:36.0858 5524 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
23:39:37.0028 5524 SDRSVC - ok
23:39:37.0118 5524 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
23:39:37.0198 5524 SeaPort - ok
23:39:37.0278 5524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
23:39:37.0418 5524 secdrv - ok
23:39:37.0448 5524 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
23:39:37.0598 5524 seclogon - ok
23:39:37.0628 5524 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
23:39:37.0778 5524 SENS - ok
23:39:37.0808 5524 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
23:39:37.0898 5524 SensrSvc - ok
23:39:37.0928 5524 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\drivers\serenum.sys
23:39:37.0998 5524 Serenum - ok
23:39:38.0038 5524 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\drivers\serial.sys
23:39:38.0128 5524 Serial - ok
23:39:38.0168 5524 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\drivers\sermouse.sys
23:39:38.0248 5524 sermouse - ok
23:39:38.0338 5524 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
23:39:38.0478 5524 SessionEnv - ok
23:39:38.0518 5524 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
23:39:38.0598 5524 sffdisk - ok
23:39:38.0618 5524 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
23:39:38.0698 5524 sffp_mmc - ok
23:39:38.0718 5524 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
23:39:38.0798 5524 sffp_sd - ok
23:39:38.0818 5524 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\drivers\sfloppy.sys
23:39:38.0888 5524 sfloppy - ok
23:39:38.0948 5524 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
23:39:39.0108 5524 SharedAccess - ok
23:39:39.0168 5524 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
23:39:39.0318 5524 ShellHWDetection - ok
23:39:39.0378 5524 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
23:39:39.0448 5524 sisagp - ok
23:39:39.0488 5524 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\drivers\SiSRaid2.sys
23:39:39.0558 5524 SiSRaid2 - ok
23:39:39.0598 5524 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\drivers\sisraid4.sys
23:39:39.0668 5524 SiSRaid4 - ok
23:39:39.0788 5524 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
23:39:39.0848 5524 SkypeUpdate - ok
23:39:39.0888 5524 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
23:39:40.0028 5524 Smb - ok
23:39:40.0108 5524 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
23:39:40.0198 5524 SNMPTRAP - ok
23:39:40.0238 5524 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
23:39:40.0308 5524 spldr - ok
23:39:40.0358 5524 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
23:39:40.0518 5524 Spooler - ok
23:39:40.0778 5524 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
23:39:41.0078 5524 sppsvc - ok
23:39:41.0228 5524 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
23:39:41.0388 5524 sppuinotify - ok
23:39:41.0488 5524 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
23:39:41.0668 5524 srv - ok
23:39:41.0718 5524 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
23:39:41.0838 5524 srv2 - ok
23:39:41.0878 5524 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
23:39:41.0978 5524 srvnet - ok
23:39:42.0018 5524 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
23:39:42.0178 5524 SSDPSRV - ok
23:39:42.0218 5524 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
23:39:42.0268 5524 ssmdrv - ok
23:39:42.0308 5524 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
23:39:42.0448 5524 SstpSvc - ok
23:39:42.0488 5524 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\drivers\stexstor.sys
23:39:42.0548 5524 stexstor - ok
23:39:42.0618 5524 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
23:39:42.0738 5524 StiSvc - ok
23:39:42.0768 5524 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
23:39:42.0838 5524 swenum - ok
23:39:42.0898 5524 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
23:39:43.0098 5524 swprv - ok
23:39:43.0168 5524 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
23:39:43.0258 5524 SynTP - ok
23:39:43.0378 5524 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
23:39:43.0548 5524 SysMain - ok
23:39:43.0578 5524 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
23:39:43.0718 5524 TabletInputService - ok
23:39:43.0758 5524 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
23:39:43.0898 5524 TapiSrv - ok
23:39:43.0938 5524 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
23:39:44.0088 5524 TBS - ok
23:39:44.0258 5524 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
23:39:44.0498 5524 Tcpip - ok
23:39:44.0788 5524 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
23:39:44.0918 5524 TCPIP6 - ok
23:39:45.0108 5524 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
23:39:45.0228 5524 tcpipreg - ok
23:39:45.0288 5524 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
23:39:45.0388 5524 TDPIPE - ok
23:39:45.0418 5524 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
23:39:45.0498 5524 TDTCP - ok
23:39:45.0538 5524 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
23:39:45.0688 5524 tdx - ok
23:39:45.0718 5524 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\DRIVERS\termdd.sys
23:39:45.0798 5524 TermDD - ok
23:39:45.0878 5524 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
23:39:46.0028 5524 TermService - ok
23:39:46.0058 5524 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
23:39:46.0138 5524 Themes - ok
23:39:46.0188 5524 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
23:39:46.0318 5524 THREADORDER - ok
23:39:46.0358 5524 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
23:39:46.0518 5524 TrkWks - ok
23:39:46.0578 5524 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
23:39:46.0728 5524 TrustedInstaller - ok
23:39:46.0768 5524 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
23:39:46.0908 5524 tssecsrv - ok
23:39:46.0948 5524 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
23:39:47.0038 5524 TsUsbFlt - ok
23:39:47.0088 5524 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\windows\system32\drivers\TsUsbGD.sys
23:39:47.0158 5524 TsUsbGD - ok
23:39:47.0208 5524 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
23:39:47.0328 5524 tunnel - ok
23:39:47.0378 5524 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\drivers\uagp35.sys
23:39:47.0448 5524 uagp35 - ok
23:39:47.0498 5524 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
23:39:47.0658 5524 udfs - ok
23:39:47.0718 5524 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
23:39:47.0838 5524 UI0Detect - ok
23:39:47.0888 5524 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
23:39:47.0968 5524 uliagpkx - ok
23:39:48.0008 5524 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\DRIVERS\umbus.sys
23:39:48.0098 5524 umbus - ok
23:39:48.0148 5524 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\drivers\umpass.sys
23:39:48.0218 5524 UmPass - ok
23:39:48.0278 5524 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
23:39:48.0438 5524 upnphost - ok
23:39:48.0488 5524 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
23:39:48.0578 5524 usbccgp - ok
23:39:48.0638 5524 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
23:39:48.0738 5524 usbcir - ok
23:39:48.0788 5524 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
23:39:48.0858 5524 usbehci - ok
23:39:48.0918 5524 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
23:39:49.0038 5524 usbhub - ok
23:39:49.0088 5524 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
23:39:49.0158 5524 usbohci - ok
23:39:49.0198 5524 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
23:39:49.0288 5524 usbprint - ok
23:39:49.0318 5524 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
23:39:49.0408 5524 usbscan - ok
23:39:49.0458 5524 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:39:49.0548 5524 USBSTOR - ok
23:39:49.0588 5524 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
23:39:49.0668 5524 usbuhci - ok
23:39:49.0718 5524 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\system32\Drivers\usbvideo.sys
23:39:49.0828 5524 usbvideo - ok
23:39:49.0878 5524 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
23:39:49.0998 5524 UxSms - ok
23:39:50.0038 5524 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
23:39:50.0108 5524 VaultSvc - ok
23:39:50.0158 5524 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
23:39:50.0228 5524 vdrvroot - ok
23:39:50.0298 5524 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
23:39:50.0508 5524 vds - ok
23:39:50.0558 5524 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
23:39:50.0648 5524 vga - ok
23:39:50.0678 5524 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
23:39:50.0798 5524 VgaSave - ok
23:39:50.0838 5524 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
23:39:50.0928 5524 vhdmp - ok
23:39:50.0978 5524 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
23:39:51.0048 5524 viaagp - ok
23:39:51.0078 5524 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\drivers\viac7.sys
23:39:51.0178 5524 ViaC7 - ok
23:39:51.0218 5524 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
23:39:51.0278 5524 viaide - ok
23:39:51.0308 5524 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
23:39:51.0378 5524 volmgr - ok
23:39:51.0558 5524 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
23:39:51.0678 5524 volmgrx - ok
23:39:51.0738 5524 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
23:39:51.0848 5524 volsnap - ok
23:39:51.0908 5524 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\drivers\vsmraid.sys
23:39:51.0998 5524 vsmraid - ok
23:39:52.0108 5524 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
23:39:52.0368 5524 VSS - ok
23:39:52.0418 5524 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
23:39:52.0498 5524 vwifibus - ok
23:39:52.0538 5524 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
23:39:52.0638 5524 vwififlt - ok
23:39:52.0698 5524 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
23:39:52.0848 5524 W32Time - ok
23:39:52.0898 5524 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\drivers\wacompen.sys
23:39:52.0978 5524 WacomPen - ok
23:39:53.0018 5524 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:39:53.0168 5524 WANARP - ok
23:39:53.0188 5524 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
23:39:53.0298 5524 Wanarpv6 - ok
23:39:53.0458 5524 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
23:39:53.0778 5524 WatAdminSvc - ok
23:39:54.0018 5524 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
23:39:54.0278 5524 wbengine - ok
23:39:54.0318 5524 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
23:39:54.0458 5524 WbioSrvc - ok
23:39:54.0508 5524 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
23:39:54.0648 5524 wcncsvc - ok
23:39:54.0678 5524 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
23:39:54.0798 5524 WcsPlugInService - ok
23:39:54.0868 5524 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\drivers\wd.sys
23:39:54.0938 5524 Wd - ok
23:39:55.0008 5524 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
23:39:55.0158 5524 Wdf01000 - ok
23:39:55.0198 5524 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
23:39:55.0308 5524 WdiServiceHost - ok
23:39:55.0318 5524 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
23:39:55.0398 5524 WdiSystemHost - ok
23:39:55.0438 5524 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
23:39:55.0598 5524 WebClient - ok
23:39:55.0638 5524 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
23:39:55.0798 5524 Wecsvc - ok
23:39:55.0838 5524 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
23:39:55.0968 5524 wercplsupport - ok
23:39:56.0008 5524 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
23:39:56.0128 5524 WerSvc - ok
23:39:56.0188 5524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
23:39:56.0318 5524 WfpLwf - ok
23:39:56.0348 5524 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
23:39:56.0408 5524 WIMMount - ok
23:39:56.0538 5524 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:39:56.0658 5524 WinDefend - ok
23:39:56.0688 5524 WinHttpAutoProxySvc - ok
23:39:56.0788 5524 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
23:39:56.0928 5524 Winmgmt - ok
23:39:57.0048 5524 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
23:39:57.0228 5524 WinRM - ok
23:39:57.0358 5524 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
23:39:57.0498 5524 Wlansvc - ok
23:39:57.0588 5524 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:39:57.0658 5524 wlcrasvc - ok
23:39:57.0848 5524 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:39:58.0028 5524 wlidsvc - ok
23:39:58.0208 5524 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
23:39:58.0268 5524 WmiAcpi - ok
23:39:58.0368 5524 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
23:39:58.0488 5524 wmiApSrv - ok
23:39:58.0658 5524 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:39:58.0818 5524 WMPNetworkSvc - ok
23:39:58.0968 5524 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
23:39:59.0088 5524 WPCSvc - ok
23:39:59.0128 5524 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
23:39:59.0238 5524 WPDBusEnum - ok
23:39:59.0308 5524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
23:39:59.0448 5524 ws2ifsl - ok
23:39:59.0498 5524 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
23:39:59.0598 5524 wscsvc - ok
23:39:59.0628 5524 WSearch - ok
23:39:59.0818 5524 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
23:40:00.0018 5524 wuauserv - ok
23:40:00.0218 5524 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
23:40:00.0358 5524 WudfPf - ok
23:40:00.0418 5524 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
23:40:00.0588 5524 WUDFRd - ok
23:40:00.0628 5524 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
23:40:00.0788 5524 wudfsvc - ok
23:40:00.0838 5524 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
23:40:00.0988 5524 WwanSvc - ok
23:40:01.0058 5524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:40:01.0518 5524 \Device\Harddisk0\DR0 - ok
23:40:01.0538 5524 Boot (0x1200) (8287a65c0c9431e3221ce8cd5fa64db5) \Device\Harddisk0\DR0\Partition0
23:40:01.0538 5524 \Device\Harddisk0\DR0\Partition0 - ok
23:40:01.0588 5524 Boot (0x1200) (a0689bbae61c951e92e37be4c129bf19) \Device\Harddisk0\DR0\Partition1
23:40:01.0588 5524 \Device\Harddisk0\DR0\Partition1 - ok
23:40:01.0598 5524 ============================================================
23:40:01.0598 5524 Scan finished
23:40:01.0598 5524 ============================================================
23:40:01.0738 5588 Detected object count: 0
23:40:01.0738 5588 Actual detected object count: 0

Antwort

Themen zu ebenfalls BRD Trojaner
antivir guard, avira, babylon toolbar, babylontoolbar, bho, bingbar, error, excel, fehler, firefox, flash player, format, google, home, install.exe, installation, logfile, mozilla, office 2007, plug-in, problem, prozess, realtek, registry, rundll, search the web, searchscopes, security, software, svchost.exe, trojaner, udp, windows



Ähnliche Themen: ebenfalls BRD Trojaner


  1. avast meldet bei ebay bei mir ebenfalls Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (7)
  2. Ebenfalls gvu oder BKA Trojaner geschädigter pc......
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (17)
  3. Habe ebenfalls den GVU Trojaner auf meinem Rechner
    Log-Analyse und Auswertung - 31.01.2013 (3)
  4. Ebenfalls GVU Trojaner - OTL und Malwarebytes Log- wie geht`s weiter?
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (8)
  5. Ebenfalls GVU Trojaner
    Log-Analyse und Auswertung - 19.12.2012 (9)
  6. Ebenfalls Opfer vom Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (19)
  7. ebenfalls Bundespolizei Trojaner :(
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (9)
  8. Trojaner hat mich ebenfalls erwischt.
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  9. Ebenfalls GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  10. ebenfalls Windows- Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (4)
  11. Ebenfalls vom Gema-Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (16)
  12. Mich hat es ebenfalls erwischt - Erpresser Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  13. [doppelt] Ebenfalls einen Trojaner...
    Mülltonne - 05.12.2011 (1)
  14. Ebenfalls BKA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2011 (39)
  15. Ich habe ebenfalls Probleme mit dem TR/Agent/Ruo Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.04.2010 (7)
  16. Ebenfalls Msn-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2008 (12)
  17. Bitte um Hilfe! Ebenfalls WSNPOEM Trojaner wie viele!
    Plagegeister aller Art und deren Bekämpfung - 11.11.2007 (12)

Zum Thema ebenfalls BRD Trojaner - Hallo, habe mir soeben auch den BRD Trojaner eingefangen. Hier ist ja ganz schön was los im Forum, bin wohl nicht der einzige mit dem Problem! Jedenfalls hab ich im - ebenfalls BRD Trojaner...
Archiv
Du betrachtest: ebenfalls BRD Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.