Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Rechner mit 'Torpig' und/oder 'Mebroot' infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.11.2012, 15:34   #1
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



Guten Tag.

Das t-online-abuse-team hat mir mitgeteilt, dass über meinen Internetzugang ein sog. Sinkhole kontaktiert wurde und das laut Beschwerdeführer mind. einer meiner Rechner mit 'Torpig' und/oder 'Mebroot' infiziert sind.
Mir wurde empfohlen mit "DE-Cleaner Rettungssystem CD" von Avira(https://www.botfrei.de/rescuecd.html) die Rechner zu überprüfen. Dies habe ich getan und auf einem Rechner wurden auch 2 "infizierte Dateien" gefunden und behoben.
Nun weiß ich allerdings nicht, ob damit das von t-online beschriebene Problem behoben ist.
Nun hab ich dieses Forum zu spät entdeckt. Besteht die Möglichkeit mit eurer Hilfe die Rechner zu checken, ob das System auch wirklich sauber ist?

OTL vom 1. Rechner:
Code:
ATTFilter
OTL logfile created on: 08.11.2012 15:34:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,51% Memory free
6,68 Gb Paging File | 5,70 Gb Available in Paging File | 85,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 623,89 Gb Free Space | 68,45% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,92 Gb Free Space | 44,63% Space Free | Partition Type: FAT32
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.08 15:31:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe
PRC - [2012.08.30 16:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.08.30 16:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.18 16:27:10 | 000,018,432 | ---- | M] () -- C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2011.11.21 15:12:58 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.05.21 18:58:14 | 000,413,496 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.18 18:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.08 23:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.08.27 15:32:36 | 000,619,816 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 08:55:08 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2012.10.27 13:53:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.25 16:17:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.18 16:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2011.11.23 16:27:36 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.21 15:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.08.31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.05 19:23:26 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121030.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.09.13 14:48:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121107.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.13 14:48:34 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121107.035\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121107.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.30 20:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.09 08:39:29 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 08:39:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.08 11:33:17 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2011.11.16 20:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2011.11.16 20:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2010.10.24 11:28:54 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.06.02 23:57:34 | 000,483,200 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009.03.30 16:53:56 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/04/22 16:10:50] [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.09.21 08:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=010712_6&babsrc=HP_ss&mntrId=cedae3900000000000000022438f5029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=010712_6&babsrc=SP_ss&mntrId=cedae3900000000000000022438f5029
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: cbsf-config@com.extensions.mattiasschlenker.de:0.0.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: metaswitcher@com.extensions.mattiasschlenker.de:1.0.0.25
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Philipp\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.25 08:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.06.08 15:47:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.08 15:33:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 13:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 13:53:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.25 08:55:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 13:53:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 13:53:08 | 000,000,000 | ---D | M]
 
[2009.06.05 13:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions
[2010.04.27 13:42:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.21 09:15:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.05 17:17:48 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions\stats@colorzilla.com
[2012.07.25 21:05:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\2byzprrl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.22 10:51:43 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\2byzprrl.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.27 13:53:08 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Programme\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome
[2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults
[2012.10.27 13:53:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 18:16:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.05 17:17:35 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 15:56:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 18:16:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 18:16:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 18:16:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 18:16:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95F4925D-6FE8-4FE9-8D29-524B6FB499F4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.06 16:04:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2012.11.06 16:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 11:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.11.06 11:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.10.27 13:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.14 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\FIFA 11
[2012.10.14 10:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.08 15:30:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 15:30:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 15:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.08 15:29:50 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.08 15:27:44 | 000,000,020 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2012.11.08 14:58:00 | 000,002,766 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2012.11.08 14:58:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2012.11.08 14:37:57 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.08 14:37:57 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.08 14:37:57 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.08 14:37:57 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.08 10:41:25 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D7FA4C01-CDB3-47C2-A3B0-A3BBE50D1513}.job
[2012.11.07 18:07:12 | 000,048,128 | ---- | M] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.22 18:56:28 | 000,000,680 | ---- | M] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat
[2012.10.18 09:59:47 | 021,023,381 | ---- | M] () -- C:\Users\Philipp\Desktop\Skript fuer WS 2012_13  Strafprozessrecht 14. Auflage.pdf
[2012.10.16 09:04:22 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\VT20121008.022
[2012.10.16 08:03:30 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012.10.16 08:03:19 | 002,661,552 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\Cat.DB
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.08 15:27:33 | 000,000,020 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2012.10.18 09:59:01 | 021,023,381 | ---- | C] () -- C:\Users\Philipp\Desktop\Skript fuer WS 2012_13  Strafprozessrecht 14. Auflage.pdf
[2012.08.30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.06 10:12:28 | 000,000,552 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d8caps.dat
[2011.08.24 17:56:52 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.08.24 17:56:52 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\66BCC00149.sys
[2011.07.30 11:32:16 | 000,000,680 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat
[2011.04.19 19:16:44 | 000,001,940 | ---- | C] () -- C:\Users\Philipp\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.01.15 14:11:02 | 000,000,110 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.03.26 14:14:09 | 000,138,056 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\PnkBstrK.sys
[2009.12.17 14:46:50 | 000,000,095 | ---- | C] () -- C:\Users\Philipp\AppData\Local\fusioncache.dat
[2009.07.28 12:11:17 | 000,048,128 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.18 10:01:03 | 000,017,089 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\UserTile.png
[2009.06.07 11:26:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.06 10:01:26 | 000,001,514 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.09.21 20:10:16 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ashampoo
[2012.07.05 17:17:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2010.09.21 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.07.26 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FarmingSimulator2008
[2009.12.17 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GetRightToGo
[2012.07.31 08:43:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ
[2011.03.21 14:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient
[2012.05.24 21:28:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient2
[2009.11.04 15:40:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org
[2012.10.03 13:10:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin
[2009.06.18 10:01:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PeerNetworking
[2009.06.06 10:06:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Template
[2012.08.22 18:40:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2011.12.09 13:51:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ts3overlay
[2009.09.13 16:03:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software
[2009.12.17 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Turbine
[2010.03.25 18:07:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 08.11.2012 15:34:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,51% Memory free
6,68 Gb Paging File | 5,70 Gb Available in Paging File | 85,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 623,89 Gb Free Space | 68,45% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,92 Gb Free Space | 44,63% Space Free | Partition Type: FAT32
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00313D4A-A31C-4F3B-8063-F58D492A664D}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{0B0F4999-B260-4DA4-90CC-1F9CCA595B25}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0DB4D885-A855-41DE-BD73-E6EC46F92B31}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0E809AE4-B9F3-484A-8569-688B99FC463E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{217A1D2E-71A2-4875-B323-119B3602E6B9}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher | 
"{38362F75-5D49-4FBB-81C4-29D8F6436913}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4012B613-8F5D-4A2C-9DF0-7EE352FCCB6E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4CEE7BA2-9D15-4AB7-A91F-CCC92FC12929}" = rport=137 | protocol=17 | dir=out | app=system | 
"{56696065-60CE-4100-BBC1-68EBE5C1C3B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5F206CA3-ECDF-4CC8-9F56-DC9F1F748EE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6299F731-0295-48CB-BE51-7A9DFF5105F1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7EEC4464-C985-4C8B-98B2-228886E0C5B3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AEA24C82-D289-45FF-AD61-4109D7B72241}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9453387-A853-480C-BD36-E8330C143ADA}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher | 
"{C3927D80-FFD0-4A87-B705-DF4EEED25D90}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C56E46F8-DE34-4101-A0A5-997075773A4D}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher | 
"{C75A242C-706E-4C7F-940C-0F45E3E354BF}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{EFB883A5-C560-4816-AC9C-1EF7CBE3181D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FAD490F9-1036-4116-891B-07B20746E95E}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B1A3A3-E6F9-4601-A3B3-B8CEE05BE901}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{141D22AE-068C-4488-ADD8-38046CEC4AE4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{15C02CA0-214D-4872-A752-20FB5B46A155}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe | 
"{2B778E00-B653-4A06-B090-2CD5D4D0D08E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3F4FF0A3-87A8-4ED9-8811-D0BA88FC2F19}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{42A5F11C-0F7F-4B91-B2FF-18D33E8D0861}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{44E3F3DA-D2F3-46F4-954A-4CD56F505E7E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{44F7F7A0-649A-4605-878E-1D9C1562D8F3}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{49C8E992-92A9-41A1-A5CE-8154713F7487}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{4A17FAA2-A713-461B-A1D8-AA5EA80B013D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4BC113CC-1C99-43DF-9A81-3C8B2C8CFBF2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4E099E0E-65B2-4DC4-B4CD-B533355A43B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{4F2E4E03-24F5-4450-BA44-D84C6EA333F0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{53802C0A-F52B-4B9A-A65F-24B4E96F9ED4}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{57B55DF4-C14B-43C9-9D17-B0D2C5C0796B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{5B46585A-C0E7-4CCB-82FE-0B402D6E2D8A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{5BEEF11E-F0D3-432C-BEC1-7031520CC9B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5C5D76A8-3840-4349-97B5-C5C189D9C722}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd9.exe | 
"{5D8BF66C-519E-4721-A46F-EF949122259C}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe | 
"{60B8E144-CA65-4878-B2C1-49FA22D38E29}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{60ED0DBC-A4E3-4014-8FEE-3F89B83E5748}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{6236AC29-2FB2-47D8-AAC7-FE490C1FABA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{64D710CD-27AD-4EA2-8CA3-B8186BE77751}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{6A1EBC01-B4E3-404E-8BD4-19F9C7181C08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6ADF7886-0F1F-4969-A3F4-8BBD2493AF23}" = protocol=17 | dir=in | app=c:\program files\cs 1.6\hl.exe | 
"{7A942084-DB05-46BC-BFBB-F5C73A997E17}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7CD4515B-B389-4834-BC17-CA549A763424}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{816A8C8C-F7DF-443D-BEB1-AFCD14082118}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{82A08553-098F-4EC2-AAF5-A1B39F41A8B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\fcbayern1900\counter-strike\hl.exe | 
"{850A4AE7-626C-49EE-A4A6-E5F397112251}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{86FE6CA0-6305-4735-84C6-D83A60406125}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{87902FE1-81EF-4551-A413-1A86FBB6BA1B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\fcbayern1900\counter-strike\hl.exe | 
"{88CFCE36-70D5-45ED-AA7E-6CA3CE069D23}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9B65CB17-D883-4A74-B2B1-1A354DE23041}" = dir=in | app=e:\setup\hpznui01.exe | 
"{A169D7FA-A135-47F0-A42B-1277399D512A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AFE3B00B-EFA6-44D0-98DC-0A7634F27357}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B03493D2-8476-47E8-B5A2-82B363C979D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{BCEECAE2-6FF9-4E3E-9B13-B01891F1AC71}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BDA30BF2-C41B-43AB-98ED-F5E0CEBCFB9F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C24AAB0C-6F43-4AFB-B854-1E397918C88C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C6EB1591-5865-4589-89C2-E3915E42F284}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{CB69FA88-6961-4E3B-B580-5EAC46741F2C}" = protocol=6 | dir=in | app=c:\program files\cs 1.6\hl.exe | 
"{CCA66ECC-1920-408F-92EC-4EDAC687477D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{D00488E7-64B4-48A5-972E-98855AE97E06}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D1E448A1-7A69-4D7F-A83B-428839656C91}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D2777488-117C-45BE-872D-25C28BA3EB87}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D39CCA38-4918-45E0-8625-BD70CB53138B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{D53CBB49-321A-4497-AE22-87B4FE1DB7B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DCC0DB3C-E3CD-4027-8A44-6CD77969B4CC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{DDC2B7A0-BEAC-48C1-9E9D-40279F6ED653}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E0484D0F-EFAC-4469-A114-BDC14A109AF1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{E8D46D19-51DC-4E80-A083-2AF3DAF464F2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{EC2B5945-222C-4647-A83F-0E51216E4A4C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{ECCBD39F-B448-42B9-A690-EF8B8DC0C958}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{ED5C47FF-30E0-4C46-8EA1-FC98833BF22B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F1834E85-CDD6-4D07-9B43-175A555C1939}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{F57CB907-F91A-4516-9272-E3C26A7F2F89}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{F8DAFB63-17E3-497C-B250-F31B28D1947A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F9C167C4-AF9F-4E2C-88AB-C62D1CE62CCB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FD9EC57D-1F02-4A46-98EB-810A8B68B2FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Guild Wars" = GUILD WARS
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 11020" = TrackMania Nations Forever
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2012 17:39:48 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.11.2012 03:54:58 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.11.2012 14:33:54 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2012 04:28:00 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2012 12:44:55 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2012 13:38:00 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2012 13:48:36 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2012 05:38:51 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2012 09:33:45 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2012 10:31:25 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 26.04.2010 13:45:28 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 26.04.2010 13:45:44 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 27.06.2010 06:36:33 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 08.08.2010 15:47:37 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 28.10.2010 16:46:09 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 06.12.2010 15:13:59 | Computer Name = Philipp-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/06/2010 20:13:59
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 31.03.2011 04:32:08 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 03.08.2011 08:46:17 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 29.02.2012 17:54:45 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 30.10.2012 16:44:37 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 4
Description = 
 
[ System Events ]
Error - 07.11.2012 13:49:26 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 07.11.2012 13:49:26 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.11.2012 05:39:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 08.11.2012 05:39:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.11.2012 05:54:41 | Computer Name = Philipp-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.11.2012 09:34:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 08.11.2012 09:34:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.11.2012 09:49:40 | Computer Name = Philipp-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.11.2012 10:32:20 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 08.11.2012 10:32:20 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
GMER hängt sich immer auf. Das ist das Log bis zum Abbruch:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-09 16:20:15
Windows 6.0.6002 Service Pack 2 
Running: mq3qktdt.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\pwliyfod.sys


---- System - GMER 1.0.15 ----

SSDT   88A0E960                                       ZwAlertResumeThread
SSDT   88A0EA40                                       ZwAlertThread
SSDT   887FA538                                       ZwAllocateVirtualMemory
SSDT   880BDFB0                                       ZwAlpcConnectPort
SSDT   8829AF90                                       ZwAssignProcessToJobObject
SSDT   88A0E6B0                                       ZwCreateMutant
SSDT   8829ACB0                                       ZwCreateSymbolicLinkObject
SSDT   887FAA20                                       ZwCreateThread
SSDT   88A0E1E8                                       ZwDebugActiveProcess
SSDT   887FA708                                       ZwDuplicateObject
SSDT   887FA2F0                                       ZwFreeVirtualMemory
SSDT   88A0E7A0                                       ZwImpersonateAnonymousToken
SSDT   88A0E880                                       ZwImpersonateThread
SSDT   880C7638                                       ZwLoadDriver
SSDT   887FA1F0                                       ZwMapViewOfSection
SSDT   88A0E5D0                                       ZwOpenEvent
SSDT   887FA8E8                                       ZwOpenProcess
SSDT   887FA628                                       ZwOpenProcessToken
SSDT   88A0E410                                       ZwOpenSection
SSDT   887FA7F8                                       ZwOpenThread
SSDT   8829AEA0                                       ZwProtectVirtualMemory
SSDT   88A0EB20                                       ZwResumeThread
SSDT   88A0EDC0                                       ZwSetContextThread
SSDT   88A0EEA0                                       ZwSetInformationProcess
SSDT   88A0E2C8                                       ZwSetSystemInformation
SSDT   88A0E4F0                                       ZwSuspendProcess
SSDT   88A0EC00                                       ZwSuspendThread
SSDT   887FAB00                                       ZwTerminateProcess
SSDT   88A0ECE0                                       ZwTerminateThread
SSDT   88A0EF90                                       ZwUnmapViewOfSection
SSDT   887FA3E0                                       ZwWriteVirtualMemory
SSDT   8829ADA0                                       ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!KeSetEvent + 11D                  822F57E0 8 Bytes  [60, E9, A0, 88, 40, EA, A0, ...]
.text  ntkrnlpa.exe!KeSetEvent + 131                  822F57F4 4 Bytes  [38, A5, 7F, 88]
.text  ntkrnlpa.exe!KeSetEvent + 13D                  822F5800 4 Bytes  [B0, DF, 0B, 88]
.text  ntkrnlpa.exe!KeSetEvent + 191                  822F5854 4 Bytes  [90, AF, 29, 88]
.text  ntkrnlpa.exe!KeSetEvent + 1F5                  822F58B8 4 Bytes  [B0, E6, A0, 88]
.text  ...                                            
.text  C:\Program Files\HomeCinema\PowerDVD9\000.fcl  section is writeable [0xA9DCC000, 0x2892, 0xE8000020]
.vmp2  C:\Program Files\HomeCinema\PowerDVD9\000.fcl  entry point in ".vmp2" section [0xA9DEF050]
         

Alt 09.11.2012, 17:39   #2
markusg
/// Malware-holic
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



hi
was hat denn avira gefunden, das wäre noch günstig zu wissen.
__________________

__________________

Alt 09.11.2012, 20:07   #3
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



Ja das wüsste ich auch gern, kann ich aber nicht mehr sagen.
Die beiden Dateien wurden auf dem Rechner von meinem Bruder gefunden und der hat leider kein Logfile gemacht.
Er sagt nur, dass die Dateien umbenannt wurden (".vir") und in einem Unterordner von C:/User/Name/.../..low/... sind/waren. Können wir die i-wie finden, um dir die Info mitzuteilen? Wobei das aber auch ein anderer Rechner ist, als der von dem die geposteten Sachen sind.
Aber schon mal vielen Dank für deine Hilfe.
__________________

Alt 09.11.2012, 20:26   #4
markusg
/// Malware-holic
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



poste erst mal otl logs vom infiziertem pc, mit dem sollten wir anfangen :-)
gehe dann mal auf den desktop, drücke dann die taste:
f3
da geht das fenster, suchen, auf
dort tippe:
*.vir
wenn ein fund gemacht wird, rechtsklick, eignschaften, da siehst du dann die pfadangabe
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.11.2012, 20:55   #5
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



OTL vom 2. Rechner
Code:
ATTFilter
OTL logfile created on: 09.11.2012 21:38:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Felix Jung\Desktop\Trojaner
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,40% Memory free
7,96 Gb Paging File | 5,83 Gb Available in Paging File | 73,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1738,16 Gb Free Space | 95,93% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,53 Gb Free Space | 51,07% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.09 21:36:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Trojaner\OTL.exe
PRC - [2012.11.09 20:33:26 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.11.09 20:33:26 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.17 20:18:44 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 08:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.10 18:58:36 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
PRC - [2010.11.03 19:31:44 | 000,558,592 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2009.05.21 19:58:14 | 000,413,496 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2004.10.08 11:24:42 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Video\LogiTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.09 20:33:26 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.11.09 20:33:26 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012.11.09 20:33:26 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012.06.15 14:27:46 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll
MOD - [2012.06.15 04:16:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 04:16:08 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.10 15:04:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll
MOD - [2012.05.10 14:03:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 14:02:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 14:02:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 14:02:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 14:02:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 14:02:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.05.16 15:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.10 18:58:26 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.11.21 15:10:10 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.11.09 20:33:26 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.11.08 17:10:51 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012.10.29 14:42:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.24 15:37:45 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.09 08:37:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.21 15:12:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.11.21 15:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.11.03 19:31:44 | 000,558,592 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer)
SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.10.21 17:15:34 | 000,376,832 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe -- (DFSVC)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.09 20:33:26 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.03 16:28:54 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.12.25 11:17:45 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.06.02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.17 06:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 13:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010.11.25 14:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.16 02:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.01.27 18:57:08 | 000,067,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw17bda.sys -- (hcw17bda)
DRV:64bit: - [2009.10.15 17:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 00:58:24 | 000,507,392 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2012.10.05 19:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.13 11:32:56 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\ex64.sys -- (NAVEX15)
DRV - [2012.09.13 11:32:54 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\eng64.sys -- (NAVENG)
DRV - [2012.09.01 01:27:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121108.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.09 14:43:43 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.02.25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.10.15 17:14:38 | 000,017,952 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS -- (DFSYS)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={FEA2BABA-6249-4DFA-A079-05AC23FBB14F}&mid=914b326185a147d0a7d053eb48581c81-018354677d5828c8928ca0aa2ce148cd8a2bb2bf&lang=en&ds=qw011&pr=sa&d=2012-05-21 15:33:49&v=12.2.5.32&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0CDB7BD3-B6F7-47F3-B142-28EEFA0E7E4E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=2012052113D946F9A928784390B956AC&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={FEA2BABA-6249-4DFA-A079-05AC23FBB14F}&mid=914b326185a147d0a7d053eb48581c81-018354677d5828c8928ca0aa2ce148cd8a2bb2bf&lang=en&ds=qw011&pr=sa&d=2012-05-21 15:33:49&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: {00f12770-e60e-4dc6-9105-425bface7c73}:1.0
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
FF - prefs.js..keyword.URL: "hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.11 10:19:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012.11.09 21:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 14:48:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.09 20:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 15:22:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.29 14:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.23 13:40:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 14:48:21 | 000,000,000 | ---D | M]
 
[2011.12.24 20:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Extensions
[2012.11.06 16:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions
[2012.05.21 15:41:29 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012.06.17 18:59:09 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012.05.21 15:41:23 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions\plugin@yontoo.com
[2012.11.04 15:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.01 15:06:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.09 20:33:27 | 000,003,574 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.21 15:41:32 | 000,002,127 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files (x86)\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Home\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Felix Jung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.09 21:37:21 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\Desktop\Trojaner
[2012.11.08 17:13:05 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.11.08 17:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.08 17:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.08 17:06:58 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.11.08 17:06:56 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.11.08 17:06:56 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.11.08 17:06:56 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.11.08 17:06:55 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.11.08 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities
[2012.11.08 17:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2012.11.06 16:16:07 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Roaming\Malwarebytes
[2012.11.06 16:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.05 18:05:36 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Local\{2738AE06-63AA-45DB-833B-927FB99D36CC}
[2012.10.29 14:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.29 14:39:23 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Local\{91251A86-AA02-4DBB-8B9E-8F47BF972BBB}
[2012.10.27 16:39:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.10.26 14:31:05 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.10.26 14:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.10.25 20:22:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.10.19 19:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.10.15 21:24:39 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Local\{53C66986-C46C-45C0-B929-9FEEFB15A906}
[2012.10.14 09:41:10 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\Documents\FIFA 11
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.09 21:41:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 21:41:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 21:37:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.09 21:33:56 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.09 21:33:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.09 21:32:56 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.09 21:04:19 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.11.09 20:33:26 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.11.09 16:51:01 | 000,002,780 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2012.11.09 16:51:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2012.11.09 16:32:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.08 17:27:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.08 17:10:51 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.08 17:10:51 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2012.11.06 21:13:00 | 745,488,731 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.04 15:21:02 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.01 17:43:56 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.01 17:43:56 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.01 17:43:56 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.01 17:43:56 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.01 17:43:56 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.26 13:27:15 | 000,398,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.25 20:22:58 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.10.19 19:29:18 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.09 21:04:19 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.11.08 17:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.11.08 17:06:47 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.08 17:06:47 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2012.11.08 17:06:33 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk
[2012.10.25 20:22:58 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.10.19 19:29:18 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.10.19 19:27:00 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.19 19:26:59 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.08.25 17:32:13 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.08.13 19:48:31 | 001,526,612 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.02 12:09:05 | 000,000,840 | ---- | C] () -- C:\Windows\_delis32.ini
[2012.02.27 16:43:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.02.27 16:43:08 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.27 16:42:59 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.02.27 16:42:56 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2012.02.27 16:42:41 | 000,006,026 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.02.23 15:38:55 | 000,002,528 | ---- | C] () -- C:\Users\Felix Jung\AppData\Roaming\$_hpcst$.hpc
[2012.02.04 16:03:12 | 000,006,144 | ---- | C] () -- C:\Users\Felix Jung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.16 15:55:43 | 000,000,367 | ---- | C] () -- C:\Users\Felix Jung\Heimnetzgruppe - Verknüpfung.lnk
[2011.12.28 13:31:03 | 000,219,939 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011.12.25 13:56:10 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.12.25 13:43:20 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.06 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\.minecraft
[2012.09.08 21:47:51 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Aeria Games & Entertainment
[2012.05.21 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\AnvSoft
[2012.06.25 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\FotoWire
[2012.08.26 14:23:28 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\MotioninJoy
[2012.03.09 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\MTE
[2011.12.25 11:11:48 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Mugle
[2012.10.26 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Notepad++
[2011.12.25 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\OpenOffice.org
[2012.08.24 15:19:52 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Origin
[2012.02.23 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Samsung
[2012.11.05 17:20:19 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\SoftGrid Client
[2012.07.23 13:40:13 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Thunderbird
[2012.08.13 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\TP
[2012.05.06 17:49:51 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\TS3Client
[2012.05.06 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\ts3overlay
[2012.08.13 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\TuneUp Software
[2012.04.16 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 09.11.2012 21:38:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Felix Jung\Desktop\Trojaner
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,40% Memory free
7,96 Gb Paging File | 5,83 Gb Available in Paging File | 73,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1738,16 Gb Free Space | 95,93% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,53 Gb Free Space | 51,07% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF057B0-567E-43E6-8CDA-D651B0CEAE3A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10F035F0-1721-41C2-9BE5-CCEF94D599A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{18C906EB-8ECE-4038-9748-07A0F22F7C56}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1E5C09A6-DBE8-4791-9363-183A2D7EC44B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A57145D-6FBD-4ED7-AE2B-620F73AAD1CE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2C0CA4C8-302E-4722-8B44-CFB7509611C9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3048AAB6-7C70-4C7B-9C14-455BAD025A9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3AC3EFCE-6F20-44D8-9E0D-BEC125A6FF74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5C6CAE6E-399E-482A-B65D-A297A4AEA07A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6FF4ECFA-71A0-4E7E-9ECC-4D697BBE9961}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{761E2CD0-0CF1-41F4-8D66-5B7DB36805E5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8D51F82C-443D-4152-BE0E-01FDE7C036EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90428F6A-595C-4021-B65F-8F606198130E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{957C524B-FE64-44F8-A3C1-C4044F10AB3A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A85EFDAC-DB9C-4D66-8C17-AF3C177B8E63}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AE97F569-96EF-4ABB-8BFE-79899E25E4E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AF0A86B1-AA5F-43D9-BB44-E29CE71CBABD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC5A3F8C-C7DE-4044-A5D8-2330FB5E694F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{CB2A2321-91F3-4793-B10F-CE8DCC37E446}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CDF97E4F-991B-440C-AC82-5DE6577C08C6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CE26BE9C-E974-4CAA-AB68-231981F95F19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DFAF9E16-58DB-47C3-A1BB-08167CE2990C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F7AD66-AC44-45B6-BF79-40260A542DBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{063548DD-CA9D-4568-B84F-9F012A4BC4BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E355AA2-9F94-49C8-98FE-708CE2E755D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{135160E9-7A08-4460-83C6-10FC9C0DC252}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{174A52D4-C78F-45A4-83E8-D33D48AA1A60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{197DD9D7-592A-4DDE-B411-8C055901B2A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{1E929A50-6218-48CF-B90D-78316684A607}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{23343B39-C5B3-40DF-A2C8-CEDA12556A1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23E02308-85B7-4B8C-9BC4-70F77FA0052F}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{26710F5C-8820-4E83-91CD-2DD5920E3912}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2AD328F0-5136-4B4F-8751-FDE923F487E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{2E96069F-A694-433A-8C3D-CB547AD20D1F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"{2EA771E0-EA06-4F2C-809B-65267904DACF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34FDB031-CF3C-4AD5-AFC1-0A1D7F50C50A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{38125A45-8E9B-43E6-9E5F-A632DBC161AC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{39E2CA14-2F37-46EB-AAFC-22CEDC3AA94B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{4FBA8A34-EDE0-4EDD-9422-BF181DA28109}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{56DEB0DA-1F0B-4C2F-B44D-E50513DA4CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{610E0489-FCAA-43F0-8CB5-1C55280178EF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{71306A53-6A56-44B3-AB66-8428B96A2851}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{788F7898-9DC2-4066-B3A3-CC8C84AC3C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{79A2E97D-A9DB-42AD-A1CB-A6F9DDFDE1B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{80D88350-B222-464E-A9AF-DD236EE2304D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83C5A50D-C4CF-41E8-8C4E-B23923D66320}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8C8A7463-10B4-4C6C-8C86-3A70DCAC0872}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8FBABA01-E824-4306-8962-57E61DBCF7CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{952E8FA9-7D5D-401C-9C38-2AE4E015F890}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{995D3540-8062-421F-97D0-2A61EECDD0FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9AE5C5A4-72DA-464E-AF84-70FB94AB74EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{A236DCE9-69ED-4FB3-B255-477FD9946DC6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{A52D4590-54D4-4153-8A79-3AC732F4D1DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{AA9224BB-6613-4F21-B3C0-3729CA166EB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{B0B59326-816D-4A8E-ABD1-F9523688F536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B59EE47E-0216-4B91-BFD8-9EE698E4E0AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{B64325A5-48B2-4CF1-A8CD-CB4126543F44}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"{B691F0E1-4613-4A45-958F-32FADA5705FA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B9F4B172-3E32-46A2-8A0B-D11C5AC65BC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{BB62F3EE-A330-4D66-AB2D-CB47C77DC027}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{BF8D2355-DA3A-49E4-BC00-47AF84E59F5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C22E068D-D871-488E-B827-96507A94045B}" = dir=in | app=e:\setup\hpznui40.exe | 
"{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CCFD4CA6-01D1-4E7B-B673-3C8261812FEB}" = protocol=6 | dir=out | app=system | 
"{DE7FB8A0-34C0-4F9E-8394-60FA3B1C5CEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E88654D1-1684-4E4F-92B8-95E5EF3826CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EB10D7E7-5E93-49AD-B7AF-35C4321EB5D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{EC83D0CE-1651-4268-8B70-72492FE9BBE7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F7B76BB4-8E92-4B66-9251-9191FB5A2CA6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{FAC5C1BB-46AF-4540-8E03-E0DCB35E2764}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE3E548B-DA98-4241-95E3-7130088663BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{FF9CE6B6-EF72-4399-A942-E2138FC4B2C1}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{13B804CF-C6D6-46A3-856A-8B7B220D7251}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{4866DD44-FD88-4511-B9EB-F9F8DFFEFDA1}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe | 
"TCP Query User{58768DE9-F2E1-4EE3-BF51-B29370DCAF8C}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{64EA0BAC-AB0E-4946-AAB2-A683D200E32B}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"TCP Query User{6D5BBC54-E710-4FDE-8664-76556F4194BE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{AC984A6D-D723-4BF9-9489-1D7BE3B47BB3}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{E7DF1DC0-BC8C-4373-AA7E-D389C60E5BE0}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{185E7834-9B35-47B3-91E9-103CEB31869E}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{1AC601DF-B9EE-4694-AB38-CA0FD2D13663}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe | 
"UDP Query User{1CB94536-FA4D-44BD-AD59-90512C958B28}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{5DACFDEE-BCEB-43BF-9505-F76FA77624E1}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{693828D3-8901-41E7-92E0-713B49C754FE}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{92C9B387-D1AC-4E92-B283-B252C9696A28}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"UDP Query User{E2ACCF07-ACE9-4018-A6C5-1C9BD27A5BB7}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"GIMP-2_is1" = GIMP 2.8.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"AVG Secure Search" = AVG Security Toolbar
"blekkotb" = Spam Free Search Bar
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Logitech Print Service" = Logitech Print Service
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myMugle3.0.0.0" = myMugle
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities" = TuneUp Utilities
"WinLiveSuite" = Windows Liven asennustyökalu
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.11.2012 13:53:15 | Computer Name = *** | Source = Application Error | ID = 1000
Error - 08.11.2012 13:57:00 | Computer Name = *** | Source = CVHSVC | ID =
 100
 
Description = Nur zur Information.
Too many failures while downloading ranges: 2
Error - 08.11.2012 13:59:31 | Computer Name = *** | Source = CVHSVC | ID =
 100
 
Description = Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error - 09.11.2012 10:23:04 | Computer Name = *** | Source = Application Error
 | ID = 1000
 
Error - 09.11.2012 10:29:56 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 09.11.2012 10:33:17 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 09.11.2012 15:32:54 | Computer Name = *** | Source = Application Error | ID = 1000
Error - 09.11.2012 16:05:43 | Computer Name = *** | Source = Application Error
 | ID = 1000
 
Error - 09.11.2012 16:12:32 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 09.11.2012 16:15:48 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 09.11.2012 16:34:09 | Computer Name =*** | Source = Application Error | ID = 1000
Error - 09.11.2012 16:39:05 | Computer Name = FelixJung | Source = CVHSVC | ID =
 100
 
Description = Nur zur Information.
Too many failures while downloading ranges: 2
Error - 09.11.2012 16:40:38 | Computer Name = *** | Source = CVHSVC | ID =
 100
 
Description = Nur zur Information.
(Stream product id=0x0066): Streaming Failed
 
Error encountered while reading event logs.
 
< End of report >
         
Ich hab die beiden Dateien in diesem verstecken Ordner c/benutzer/name/appdata gefunden.
1: 2d405637-70a31286.vir
Code:
ATTFilter
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55
         
2: 56ee73f0-1a32f2e6.vir
Code:
ATTFilter
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48
         


Geändert von Pille Palle (09.11.2012 um 20:59 Uhr) Grund: +++

Alt 09.11.2012, 22:54   #6
markusg
/// Malware-holic
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



ok, das ist nichts weiter.
bei beiden pcs, aber bitte mit pc1 beschriften, bzw pc2, wobei pc1 der pc ist, von dem du die otl logs zu erst gepostet hattest:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Rechner mit 'Torpig' und/oder 'Mebroot' infiziert

Alt 10.11.2012, 09:49   #7
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



Combofix vom rechner 1:
Code:
ATTFilter
ComboFix 12-11-09.02 - Philipp 10.11.2012   8:19.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2083 [GMT 1:00]
ausgeführt von:: c:\users\Philipp\Desktop\Trojaner Board\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih_de.exe
c:\windows\PFRO.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-10 bis 2012-11-10  ))))))))))))))))))))))))))))))
.
.
2012-11-10 07:28 . 2012-11-10 07:29	--------	d-----w-	c:\users\Philipp\AppData\Local\temp
2012-11-10 07:28 . 2012-11-10 07:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-10 07:28 . 2012-11-10 07:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-06 15:04 . 2012-11-06 15:04	--------	d-----w-	c:\users\Philipp\AppData\Roaming\Malwarebytes
2012-11-06 10:34 . 2012-11-06 10:34	--------	d-----w-	c:\program files\Common Files\Java
2012-11-06 10:34 . 2012-11-06 10:33	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-06 10:33 . 2012-11-06 10:33	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-11-06 10:33 . 2012-11-06 10:33	--------	d-----w-	c:\program files\Java
2012-10-14 09:15 . 2012-10-14 09:15	--------	d-----w-	c:\program files\Common Files\SWF Studio
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 10:33 . 2010-04-26 12:06	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-24 11:28 . 2010-03-26 13:36	215128	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-09-24 11:28 . 2010-03-26 13:13	215128	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-09-13 13:28 . 2012-10-10 08:09	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-30 19:13 . 2012-09-14 14:55	6109032	----a-w-	c:\windows\system32\nvopencl.dll
2012-08-30 19:13 . 2012-09-14 14:55	12465512	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-08-30 19:13 . 2012-09-14 14:55	10790760	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:13 . 2012-09-14 14:55	7626088	----a-w-	c:\windows\system32\nvcuda.dll
2012-08-30 19:13 . 2012-09-14 14:55	19828584	----a-w-	c:\windows\system32\nvoglv32.dll
2012-08-30 19:13 . 2012-09-14 14:55	2573672	----a-w-	c:\windows\system32\nvcuvid.dll
2012-08-30 19:13 . 2012-09-14 14:55	1866088	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-08-30 19:13 . 2012-09-14 14:55	17559912	----a-w-	c:\windows\system32\nvcompiler.dll
2012-08-30 19:13 . 2012-08-30 11:01	888168	----a-w-	c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:13 . 2012-08-22 14:45	1009512	----a-w-	c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2009-03-27 20:33	2422120	----a-w-	c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2009-03-27 20:33	15291752	----a-w-	c:\windows\system32\nvd3dum.dll
2012-08-30 15:57 . 2009-03-27 20:33	645992	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-08-22 14:53	62312	----a-w-	c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2009-03-27 20:33	2557288	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2009-03-27 20:33	108392	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2009-03-27 20:33	3963240	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2009-03-27 20:33	2836840	----a-w-	c:\windows\system32\nvsvc.dll
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\system32\nvStreaming.exe
2012-08-29 11:27 . 2012-10-10 08:09	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 08:09	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 08:09	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 15:53 . 2012-09-23 09:50	834048	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 14:07 . 2012-09-23 09:50	389632	----a-w-	c:\windows\system32\html.iec
2012-08-24 13:41 . 2012-09-23 09:50	1383424	----a-w-	c:\windows\system32\mshtml.tlb
2012-10-27 12:53 . 2012-10-27 12:53	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59F7FE53-2860-44B1-968A-E54E3E949A07}]
2012-06-18 15:27	269824	----a-w-	c:\users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\DMEPeriodicTask.job
- c:\program files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 06:17]
.
2012-11-09 c:\windows\Tasks\User_Feed_Synchronization-{D7FA4C01-CDB3-47C2-A3B0-A3BBE50D1513}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=109958&tt=010712_6&babsrc=HP_ss&mntrId=cedae3900000000000000022438f5029
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2byzprrl.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: !HIDDEN! 2009-06-24 13:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-07-09 14:45; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\program files\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - ExtSQL: !HIDDEN! 2010-09-25 09:55; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=010712_6
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - cedae3900000000000000022438f5029
FF - user.js: extensions.BabylonToolbar_i.hardId - cedae3900000000000000022438f5029
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-10 08:29
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-341534412-2317861164-3823495887-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,92,9b,90,1f,fa,ea,fc,76,44,13,b5,0b,3f,b9,3b,13,17,43,62,8f,
   3e,15,d4,cd,36,2c,e5,f9,79,4f,3a,4c,10,ff,52,9f,5a,54,b3,c9,43,fb,a1,ef,34,\
"rkeysecu"=hex:4b,47,de,23,27,d4,10,46,d9,ad,f5,81,a2,21,75,b1
.
Zeit der Fertigstellung: 2012-11-10  08:35:24
ComboFix-quarantined-files.txt  2012-11-10 07:35
.
Vor Suchlauf: 11 Verzeichnis(se), 668.587.327.488 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 668.519.837.696 Bytes frei
.
- - End Of File - - 01D3BA876EE19BA6E1484B0D8F98598B
         
combofix vom 2.rechner:
Code:
ATTFilter
ComboFix 12-11-09.02 - Felix Jung 10.11.2012  11:05:16.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.1930 [GMT 1:00]
ausgeführt von:: c:\users\Felix Jung\Desktop\Trojaner\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-10 bis 2012-11-10  ))))))))))))))))))))))))))))))
.
.
2012-11-10 10:08 . 2012-11-10 10:08	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-10 10:08 . 2012-11-10 10:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-08 16:13 . 2012-10-30 22:50	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-11-08 16:12 . 2012-11-08 17:51	--------	d-----w-	c:\programdata\AVAST Software
2012-11-08 16:12 . 2012-11-08 16:12	--------	d-----w-	c:\program files\AVAST Software
2012-11-08 16:06 . 2011-11-21 14:13	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2012-11-08 16:06 . 2011-11-21 14:10	25920	----a-w-	c:\windows\system32\authuitu.dll
2012-11-08 16:06 . 2011-11-21 14:10	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2012-11-08 16:06 . 2011-11-21 14:10	30016	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2012-11-08 16:06 . 2011-11-21 14:10	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-11-08 16:06 . 2012-11-08 16:10	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2010
2012-11-06 15:16 . 2012-11-06 15:16	--------	d-----w-	c:\users\Felix Jung\AppData\Roaming\Malwarebytes
2012-11-06 15:16 . 2012-11-06 15:16	--------	d-----w-	c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 19:33 . 2012-08-29 13:11	30568	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2012-10-14 08:31 . 2011-12-25 09:25	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-14 08:30 . 2011-12-25 09:25	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-14 08:30 . 2011-12-25 09:25	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-10 17:46 . 2011-07-18 20:31	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 07:37 . 2012-03-31 09:42	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 07:37 . 2011-08-10 19:09	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 12:40 . 2012-01-01 16:21	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 12:40 . 2012-01-01 16:21	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-14 19:19 . 2012-10-10 16:32	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 16:32	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 16:33	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 19:14 . 2012-09-14 13:28	9066344	----a-w-	c:\windows\system32\nvcuda.dll
2012-08-30 19:14 . 2012-09-14 13:28	7397736	----a-w-	c:\windows\system32\nvopencl.dll
2012-08-30 19:14 . 2012-09-14 13:28	2745192	----a-w-	c:\windows\system32\nvcuvid.dll
2012-08-30 19:14 . 2012-09-14 13:28	2216808	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-14 13:28	19828584	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-08-30 19:14 . 2012-09-14 13:28	1866088	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-14 13:28	971624	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-09-14 13:28	830312	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2012-08-30 19:14 . 2012-09-14 13:28	7626088	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-08-30 19:14 . 2012-09-14 13:28	6109032	----a-w-	c:\windows\SysWow64\nvopencl.dll
2012-08-30 19:14 . 2012-09-14 13:28	26228072	----a-w-	c:\windows\system32\nvoglv64.dll
2012-08-30 19:14 . 2012-09-14 13:28	2573672	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-08-30 19:14 . 2012-09-14 13:28	25256296	----a-w-	c:\windows\system32\nvcompiler.dll
2012-08-30 19:14 . 2012-09-14 13:28	247144	----a-w-	c:\windows\system32\nvinitx.dll
2012-08-30 19:14 . 2012-09-14 13:28	2422120	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-09-14 13:28	202600	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-08-30 19:14 . 2012-09-14 13:28	18229096	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-09-14 13:28	17559912	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-08-30 19:14 . 2012-09-14 13:28	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-09-14 13:28	13391720	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:14 . 2011-09-05 22:23	2725224	----a-w-	c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2011-09-05 22:23	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2011-09-05 22:23	15291752	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2011-09-05 22:23	14879080	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2011-09-05 22:23	12465512	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 18:03 . 2012-10-10 16:33	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 16:33	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 16:33	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 16:18 . 2011-09-05 22:23	891240	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2011-09-05 22:23	63336	----a-w-	c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2011-09-05 22:23	2557800	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2011-09-05 22:23	118120	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2011-08-11 21:24	3487434	----a-w-	c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2011-09-05 22:23	3266920	----a-w-	c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2011-09-05 22:23	6198120	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-08-24 18:05 . 2012-10-10 16:32	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 16:32	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 09:00	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 09:00	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 09:00	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 09:00	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 09:00	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 09:00	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 09:00	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 09:00	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 09:00	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 09:00	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 09:00	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 09:00	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 09:00	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 09:00	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 09:00	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 09:00	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 09:00	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 09:00	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 09:00	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 09:00	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 09:00	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 09:00	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 12:32	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 12:32	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 12:32	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 12:32	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 13:10	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 16:32	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 16:32	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 16:32	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 16:32	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 16:32	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 16:32	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 16:32	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 16:32	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 16:32	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28	262312	----a-w-	c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28	86696	----a-w-	c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 19:33	1796552	----a-w-	c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11	194848	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Felix Jung\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"LogitechSoftwareUpdate"="c:\program files (x86)\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"T-Home Dialerschutz-Software"="c:\program files (x86)\T-Home\Dialerschutz-Software\Defender64.exe" [2010-03-29 1974408]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"LogitechVideoRepair"="c:\program files (x86)\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files (x86)\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2012-2-27 117344]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-12-24 300416]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2012-2-27 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2010-01-27 67456]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-12 1255736]
R3 wolf;wolf;c:\aeriagames\Wolfteam\avital\wolf64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DFSVC;T-Home Dialerschutz Dienst;c:\program files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe [2009-10-21 376832]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-11-21 1403200]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-06-02 401896]
S3 DFSYS;T-Home Dialerschutz Hooking Treiber;c:\program files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS [2009-10-15 17952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI64.sys [2009-10-15 28192]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - DFInjDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:37]
.
2012-11-10 c:\windows\Tasks\DMEPeriodicTask.job
- c:\program files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 07:17]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 18:26]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={FEA2BABA-6249-4DFA-A079-05AC23FBB14F}&mid=914b326185a147d0a7d053eb48581c81-018354677d5828c8928ca0aa2ce148cd8a2bb2bf&lang=en&ds=qw011&pr=sa&d=2012-05-21 15:33&v=12.2.5.32&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;<local>
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Felix Jung\AppData\Roaming\Mozilla\Firefox\Profiles\zaxue1zp.default\
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - ExtSQL: !HIDDEN! 2011-12-28 14:48; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - 8aa069a5-ab72-4b00-af14-92c0924943e4
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-10  11:09:43
ComboFix-quarantined-files.txt  2012-11-10 10:09
ComboFix2.txt  2012-11-10 10:00
.
Vor Suchlauf: 14 Verzeichnis(se), 1.865.589.686.272 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 1.865.528.631.296 Bytes frei
.
- - End Of File - - 775D0F5AD72AC24BC1BE689B9F9B8A3B
         

Alt 10.11.2012, 14:43   #8
markusg
/// Malware-holic
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



kannst du bei beiden, mal in den verlauf von norton gucken, ob es fundmeldungen gab, wenn ja, welche, meldungen bitte als text
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.11.2012, 14:58   #9
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



Rechner 1:
Code:
ATTFilter
Kategorie:Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
06.11.2012 10:02:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.11.2012 17:27:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.10.2012 18:52:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.09.2012 09:44:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.08.2012 17:22:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.08.2012 10:58:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.07.2012 17:21:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.06.2012 19:22:28,Mittel,Adware.Mediafinder erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,
05.06.2012 18:19:34,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.06.2012 12:00:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.05.2012 21:03:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.05.2012 14:22:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.05.2012 20:20:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.04.2012 21:42:55,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.04.2012 16:30:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.04.2012 16:44:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2012 21:42:32,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.04.2012 15:19:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.03.2012 17:57:44,Mittel,strafrecht_fortgeschrittene_ss_12_uni_kiel.pdf.exe (Adware.Mediafinder) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\philipp\downloads\strafrecht_fortgeschrittene_ss_12_uni_kiel.pdf.exe
27.03.2012 22:14:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.03.2012 16:32:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.03.2012 16:57:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.03.2012 18:22:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
12.03.2012 14:49:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
03.03.2012 17:56:20,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.02.2012 21:44:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.02.2012 11:45:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.02.2012 19:04:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.02.2012 21:04:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.01.2012 16:13:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.01.2012 10:03:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.01.2012 11:35:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.01.2012 17:57:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.01.2012 19:07:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.01.2012 21:48:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.12.2011 13:38:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.12.2011 10:36:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.12.2011 21:45:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.12.2011 19:44:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.12.2011 20:43:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.12.2011 20:54:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.12.2011 16:17:15,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.11.2011 17:27:34,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.11.2011 16:21:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.11.2011 20:56:00,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
13.11.2011 20:55:16,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.11.2011 12:38:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.10.2011 10:06:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.10.2011 16:02:20,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.10.2011 15:16:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.10.2011 21:58:13,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
13.10.2011 18:58:30,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2011 13:58:22,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2011 09:50:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.10.2011 11:14:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.09.2011 18:59:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.09.2011 11:32:11,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.09.2011 21:24:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
03.09.2011 10:56:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
02.09.2011 09:32:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.09.2011 11:56:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.08.2011 21:35:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.08.2011 15:10:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
27.08.2011 11:36:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.08.2011 21:50:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.08.2011 20:49:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.08.2011 17:37:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.07.2011 17:39:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.07.2011 11:10:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.07.2011 19:46:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.07.2011 12:59:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.07.2011 21:53:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.06.2011 17:33:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.06.2011 13:24:23,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.06.2011 22:15:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.06.2011 21:01:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.05.2011 20:55:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.05.2011 19:24:16,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.05.2011 21:45:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.05.2011 21:55:14,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.04.2011 18:38:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.04.2011 16:45:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.04.2011 21:33:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.04.2011 19:29:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2011 16:27:15,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.04.2011 18:10:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.04.2011 14:23:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.04.2011 19:22:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.03.2011 13:54:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.03.2011 09:51:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.03.2011 18:02:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.03.2011 11:15:20,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.03.2011 09:25:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.03.2011 19:15:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.03.2011 16:25:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.03.2011 09:31:56,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.03.2011 21:48:10,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.03.2011 10:44:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.03.2011 19:22:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.03.2011 11:22:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.03.2011 17:59:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.03.2011 16:02:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.03.2011 22:44:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.03.2011 21:48:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.03.2011 18:56:10,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.03.2011 11:22:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 18:04:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 16:56:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 16:07:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 12:11:22,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.02.2011 20:37:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.02.2011 18:25:00,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.02.2011 20:33:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.02.2011 17:33:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.02.2011 13:59:39,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.02.2011 17:19:05,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.02.2011 14:24:34,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.02.2011 21:05:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.02.2011 11:52:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.02.2011 18:20:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.02.2011 11:06:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.02.2011 14:02:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.02.2011 11:29:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.02.2011 16:59:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.02.2011 13:55:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
02.02.2011 19:10:14,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.02.2011 18:59:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.01.2011 14:00:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.01.2011 12:07:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.01.2011 18:23:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.01.2011 12:51:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.01.2011 21:46:56,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.01.2011 14:03:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.01.2011 21:25:40,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.01.2011 18:33:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.01.2011 14:31:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.01.2011 21:29:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.01.2011 18:46:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.01.2011 21:31:39,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.01.2011 14:11:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 17:50:41,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 16:16:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 15:21:38,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 12:48:11,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.12.2010 22:26:04,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.12.2010 21:55:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.12.2010 20:31:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.12.2010 07:47:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.12.2010 17:36:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
12.12.2010 12:17:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.12.2010 18:29:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.12.2010 12:02:43,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.12.2010 11:20:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.12.2010 18:59:55,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.12.2010 16:34:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.12.2010 09:17:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.11.2010 23:03:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.11.2010 08:06:41,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.11.2010 17:44:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.11.2010 20:44:04,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.11.2010 18:35:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.11.2010 20:51:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.11.2010 09:44:56,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.11.2010 16:40:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.11.2010 20:41:40,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.11.2010 18:40:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.11.2010 20:41:30,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.10.2010 20:54:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.10.2010 16:29:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.10.2010 17:58:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.10.2010 09:31:48,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.10.2010 18:59:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.10.2010 13:48:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.10.2010 22:46:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.10.2010 21:38:13,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.10.2010 20:20:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.10.2010 09:36:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.10.2010 06:46:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2010 15:35:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2010 10:07:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
         

Alt 10.11.2012, 15:03   #10
markusg
/// Malware-holic
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



gibts solch ein log auch für rechner 2?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.11.2012, 15:06   #11
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



Rechner 2:

Code:
ATTFilter
Kategorie:Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
08.11.2012 18:19,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
08.11.2012 16:23,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.11.2012 16:05,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.11.2012 10:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.11.2012 20:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.10.2012 13:48,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
27.10.2012 09:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.10.2012 11:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.10.2012 10:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.09.2012 15:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.09.2012 20:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.09.2012 20:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.09.2012 10:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.09.2012 22:04,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.08.2012 16:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.08.2012 20:13,Hoch,setup(1).exe (Trojan.ADH.2) erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(1).exe
20.08.2012 15:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.08.2012 21:04,Hoch,setup.exe (Trojan.ADH.2) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup.exe
16.08.2012 20:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.08.2012 19:56,Hoch,Trojan.Gen.2 erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\locallow\sun\java\deployment\cache\6.0\55\2d405637-70a31286
08.08.2012 19:56,Hoch,Trojan.Gen.2 erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\locallow\sun\java\deployment\cache\6.0\48\56ee73f0-1a32f2e6
08.08.2012 16:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
03.08.2012 10:55,Hoch,{16190012-5679-3456-9101-468901346788}.exe (Trojan Horse) erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\temp\{16190012-5679-3456-9101-468901346788}.exe
24.07.2012 22:16,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.06.2012 21:22,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.06.2012 14:55,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
25.06.2012 14:55,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
25.06.2012 14:55,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
23.06.2012 13:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.06.2012 19:28,Mittel,fut 12 generator.exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\fut 12 generator.exe
21.06.2012 19:26,Mittel,fifa_12_player_generator_2012.exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\fifa_12_player_generator_2012.exe
21.06.2012 16:29,Mittel,fifa_12_player_generator_2012.exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\fifa_12_player_generator_2012.exe
16.06.2012 10:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.06.2012 19:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.06.2012 18:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.06.2012 17:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.05.2012 15:38,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.05.2012 20:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.05.2012 20:41,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.05.2012 18:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.05.2012 16:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.05.2012 20:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.05.2012 16:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.05.2012 18:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.04.2012 16:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.04.2012 18:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2012 16:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2012 15:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.03.2012 14:41,Hoch,Trojan.Malscript!JS erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\mozilla\firefox\profiles\zaxue1zp.default\cache\8\a6\73e5cd01
31.03.2012 14:41,Hoch,Trojan.Malscript!JS erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\mozilla\firefox\profiles\zaxue1zp.default\cache\7\d9\768acd01
31.03.2012 14:40,Hoch,Trojan.Malscript!JS erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\mozilla\firefox\profiles\zaxue1zp.default\cache\0\5f\32048d01
31.03.2012 13:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.03.2012 10:55,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.03.2012 21:44,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.03.2012 20:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.03.2012 19:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.02.2012 19:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
12.02.2012 19:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.02.2012 12:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
04.02.2012 17:43,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.01.2012 15:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.01.2012 15:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.01.2012 20:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.01.2012 18:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.01.2012 17:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
         
Für dich zur Kenntnis: gibt noch einen 3. Rechner. vllt ist der betroffen.

Alt 10.11.2012, 19:58   #12
markusg
/// Malware-holic
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



sieht auch ok aus.
auf beiden pcs:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.11.2012, 21:33   #13
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



Rechner 1:

Code:
ATTFilter
22:29:27.0247 3148  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:29:27.0653 3148  ============================================================
22:29:27.0653 3148  Current date / time: 2012/11/10 22:29:27.0653
22:29:27.0653 3148  SystemInfo:
22:29:27.0653 3148  
22:29:27.0653 3148  OS Version: 6.0.6002 ServicePack: 2.0
22:29:27.0653 3148  Product type: Workstation
22:29:27.0653 3148  ComputerName: PHILIPP-PC
22:29:27.0653 3148  UserName: Philipp
22:29:27.0653 3148  Windows directory: C:\Windows
22:29:27.0653 3148  System windows directory: C:\Windows
22:29:27.0653 3148  Processor architecture: Intel x86
22:29:27.0653 3148  Number of processors: 4
22:29:27.0653 3148  Page size: 0x1000
22:29:27.0653 3148  Boot type: Normal boot
22:29:27.0653 3148  ============================================================
22:29:28.0214 3148  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:29:28.0214 3148  ============================================================
22:29:28.0214 3148  \Device\Harddisk0\DR0:
22:29:28.0214 3148  MBR partitions:
22:29:28.0214 3148  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x71F04000
22:29:28.0245 3148  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x71F0483F, BlocksNum 0x2801182
22:29:28.0245 3148  ============================================================
22:29:28.0308 3148  C: <-> \Device\Harddisk0\DR0\Partition1
22:29:28.0339 3148  D: <-> \Device\Harddisk0\DR0\Partition2
22:29:28.0339 3148  ============================================================
22:29:28.0339 3148  Initialize success
22:29:28.0339 3148  ============================================================
22:30:27.0869 4448  ============================================================
22:30:27.0869 4448  Scan started
22:30:27.0869 4448  Mode: Manual; SigCheck; TDLFS; 
22:30:27.0869 4448  ============================================================
22:30:28.0196 4448  ================ Scan system memory ========================
22:30:28.0196 4448  System memory - ok
22:30:28.0196 4448  ================ Scan services =============================
22:30:28.0290 4448  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:30:28.0399 4448  ACPI - ok
22:30:28.0477 4448  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:30:28.0477 4448  AdobeARMservice - ok
22:30:28.0539 4448  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:28.0555 4448  AdobeFlashPlayerUpdateSvc - ok
22:30:28.0571 4448  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:30:28.0602 4448  adp94xx - ok
22:30:28.0617 4448  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:30:28.0633 4448  adpahci - ok
22:30:28.0649 4448  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:30:28.0664 4448  adpu160m - ok
22:30:28.0680 4448  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:30:28.0695 4448  adpu320 - ok
22:30:28.0711 4448  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:30:28.0805 4448  AeLookupSvc - ok
22:30:28.0820 4448  [ E3F08935158038D385AD382442F4BB2D ] AF15BDA         C:\Windows\system32\DRIVERS\AF15BDA.sys
22:30:28.0867 4448  AF15BDA - ok
22:30:28.0898 4448  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:30:28.0929 4448  AFD - ok
22:30:28.0945 4448  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:30:28.0961 4448  agp440 - ok
22:30:28.0976 4448  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:30:28.0992 4448  aic78xx - ok
22:30:28.0992 4448  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:30:29.0054 4448  ALG - ok
22:30:29.0085 4448  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:30:29.0085 4448  aliide - ok
22:30:29.0117 4448  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:30:29.0117 4448  amdagp - ok
22:30:29.0132 4448  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:30:29.0132 4448  amdide - ok
22:30:29.0148 4448  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:30:29.0179 4448  AmdK7 - ok
22:30:29.0195 4448  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:30:29.0226 4448  AmdK8 - ok
22:30:29.0241 4448  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:30:29.0273 4448  Appinfo - ok
22:30:29.0319 4448  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
22:30:29.0319 4448  arc - ok
22:30:29.0351 4448  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:30:29.0351 4448  arcsas - ok
22:30:29.0413 4448  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:30:29.0413 4448  aspnet_state - ok
22:30:29.0429 4448  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:29.0460 4448  AsyncMac - ok
22:30:29.0491 4448  [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:30:29.0491 4448  atapi - ok
22:30:29.0522 4448  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:30:29.0553 4448  AudioEndpointBuilder - ok
22:30:29.0553 4448  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:30:29.0585 4448  Audiosrv - ok
22:30:29.0616 4448  [ 7C813EB232C7AEFA627A12A104DDA221 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
22:30:29.0631 4448  Automatic LiveUpdate Scheduler - ok
22:30:29.0647 4448  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:30:29.0678 4448  Beep - ok
22:30:29.0709 4448  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:30:29.0741 4448  BFE - ok
22:30:29.0850 4448  [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
22:30:29.0912 4448  BHDrvx86 - ok
22:30:29.0943 4448  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
22:30:29.0990 4448  BITS - ok
22:30:30.0021 4448  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:30:30.0053 4448  blbdrive - ok
22:30:30.0068 4448  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:30:30.0099 4448  bowser - ok
22:30:30.0115 4448  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:30:30.0146 4448  BrFiltLo - ok
22:30:30.0162 4448  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:30:30.0193 4448  BrFiltUp - ok
22:30:30.0209 4448  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:30:30.0240 4448  Browser - ok
22:30:30.0255 4448  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:30:30.0365 4448  Brserid - ok
22:30:30.0380 4448  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:30:30.0427 4448  BrSerWdm - ok
22:30:30.0458 4448  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:30:30.0505 4448  BrUsbMdm - ok
22:30:30.0505 4448  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:30:30.0552 4448  BrUsbSer - ok
22:30:30.0567 4448  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:30:30.0614 4448  BTHMODEM - ok
22:30:30.0692 4448  catchme - ok
22:30:30.0755 4448  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360      C:\Windows\system32\drivers\N360\0604000.009\ccSetx86.sys
22:30:30.0755 4448  ccSet_N360 - ok
22:30:30.0770 4448  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:30:30.0801 4448  cdfs - ok
22:30:30.0817 4448  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:30:30.0848 4448  cdrom - ok
22:30:30.0864 4448  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:30:30.0895 4448  CertPropSvc - ok
22:30:30.0911 4448  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
22:30:30.0942 4448  circlass - ok
22:30:30.0957 4448  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:30:30.0973 4448  CLFS - ok
22:30:30.0989 4448  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:30:31.0004 4448  clr_optimization_v2.0.50727_32 - ok
22:30:31.0051 4448  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:30:31.0067 4448  clr_optimization_v4.0.30319_32 - ok
22:30:31.0082 4448  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:30:31.0082 4448  cmdide - ok
22:30:31.0129 4448  [ 091A2D76A1FFFA523CD453CBABC4078D ] ColorZillaStatsUpdater C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
22:30:31.0129 4448  ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - warning
22:30:31.0129 4448  ColorZillaStatsUpdater - detected UnsignedFile.Multi.Generic (1)
22:30:31.0145 4448  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:30:31.0160 4448  Compbatt - ok
22:30:31.0160 4448  COMSysApp - ok
22:30:31.0176 4448  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:30:31.0191 4448  crcdisk - ok
22:30:31.0207 4448  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:30:31.0238 4448  Crusoe - ok
22:30:31.0269 4448  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:30:31.0301 4448  CryptSvc - ok
22:30:31.0332 4448  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:30:31.0410 4448  DcomLaunch - ok
22:30:31.0441 4448  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:30:31.0472 4448  DfsC - ok
22:30:31.0535 4448  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:30:31.0613 4448  DFSR - ok
22:30:31.0628 4448  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:30:31.0644 4448  Dhcp - ok
22:30:31.0675 4448  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:30:31.0691 4448  disk - ok
22:30:31.0706 4448  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:30:31.0737 4448  Dnscache - ok
22:30:31.0753 4448  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:30:31.0784 4448  dot3svc - ok
22:30:31.0800 4448  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:30:31.0847 4448  Dot4 - ok
22:30:31.0847 4448  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:30:31.0878 4448  Dot4Print - ok
22:30:31.0893 4448  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:30:31.0909 4448  dot4usb - ok
22:30:31.0940 4448  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:30:31.0987 4448  DPS - ok
22:30:32.0003 4448  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:30:32.0018 4448  drmkaud - ok
22:30:32.0049 4448  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:30:32.0081 4448  DXGKrnl - ok
22:30:32.0096 4448  [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
22:30:32.0112 4448  e1express - ok
22:30:32.0143 4448  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:30:32.0174 4448  E1G60 - ok
22:30:32.0205 4448  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:30:32.0221 4448  EapHost - ok
22:30:32.0252 4448  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:30:32.0252 4448  Ecache - ok
22:30:32.0299 4448  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:30:32.0315 4448  eeCtrl - ok
22:30:32.0346 4448  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:30:32.0377 4448  ehRecvr - ok
22:30:32.0393 4448  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
22:30:32.0408 4448  ehSched - ok
22:30:32.0424 4448  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
22:30:32.0439 4448  ehstart - ok
22:30:32.0471 4448  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:30:32.0502 4448  elxstor - ok
22:30:32.0549 4448  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:30:32.0642 4448  EMDMgmt - ok
22:30:32.0673 4448  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:30:32.0689 4448  EraserUtilRebootDrv - ok
22:30:32.0705 4448  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:30:32.0736 4448  ErrDev - ok
22:30:32.0783 4448  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:30:32.0845 4448  EventSystem - ok
22:30:32.0861 4448  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:30:32.0907 4448  exfat - ok
22:30:32.0923 4448  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:30:32.0939 4448  fastfat - ok
22:30:32.0970 4448  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:30:32.0985 4448  fdc - ok
22:30:33.0017 4448  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:30:33.0032 4448  fdPHost - ok
22:30:33.0032 4448  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:30:33.0079 4448  FDResPub - ok
22:30:33.0095 4448  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:30:33.0110 4448  FileInfo - ok
22:30:33.0110 4448  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:30:33.0141 4448  Filetrace - ok
22:30:33.0141 4448  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:30:33.0173 4448  flpydisk - ok
22:30:33.0188 4448  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:30:33.0204 4448  FltMgr - ok
22:30:33.0235 4448  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
22:30:33.0266 4448  FontCache - ok
22:30:33.0329 4448  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:30:33.0329 4448  FontCache3.0.0.0 - ok
22:30:33.0360 4448  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:30:33.0391 4448  Fs_Rec - ok
22:30:33.0407 4448  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:30:33.0422 4448  gagp30kx - ok
22:30:33.0438 4448  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:30:33.0469 4448  gpsvc - ok
22:30:33.0485 4448  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
22:30:33.0500 4448  hamachi - ok
22:30:33.0531 4448  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:30:33.0563 4448  HdAudAddService - ok
22:30:33.0594 4448  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:30:33.0625 4448  HDAudBus - ok
22:30:33.0641 4448  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:30:33.0687 4448  HidBth - ok
22:30:33.0703 4448  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:30:33.0734 4448  HidIr - ok
22:30:33.0750 4448  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
22:30:33.0781 4448  hidserv - ok
22:30:33.0797 4448  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:30:33.0828 4448  HidUsb - ok
22:30:33.0859 4448  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:30:33.0890 4448  hkmsvc - ok
22:30:33.0906 4448  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:30:33.0921 4448  HpCISSs - ok
22:30:33.0984 4448  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:30:33.0999 4448  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:30:33.0999 4448  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:30:34.0015 4448  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:30:34.0031 4448  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:30:34.0031 4448  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:30:34.0046 4448  [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:30:34.0093 4448  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:30:34.0093 4448  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:30:34.0140 4448  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:30:34.0187 4448  HTTP - ok
22:30:34.0218 4448  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:30:34.0218 4448  i2omp - ok
22:30:34.0249 4448  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:30:34.0280 4448  i8042prt - ok
22:30:34.0311 4448  [ 9BCF5972C941B4B5CB60DED03CB9E300 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:30:34.0343 4448  IAANTMON - ok
22:30:34.0374 4448  [ 28AAE599496B4930B3F19026F2083BC4 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:30:34.0389 4448  iaStor - ok
22:30:34.0421 4448  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:30:34.0436 4448  iaStorV - ok
22:30:34.0483 4448  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:30:34.0530 4448  idsvc - ok
22:30:34.0608 4448  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121109.001\IDSvix86.sys
22:30:34.0623 4448  IDSVix86 - ok
22:30:34.0639 4448  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:30:34.0655 4448  iirsp - ok
22:30:34.0686 4448  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:30:34.0764 4448  IKEEXT - ok
22:30:34.0826 4448  [ 2790CC09422B6BEDAE9825AE289E9BB7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:30:34.0998 4448  IntcAzAudAddService - ok
22:30:35.0029 4448  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:30:35.0045 4448  intelide - ok
22:30:35.0060 4448  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:30:35.0107 4448  intelppm - ok
22:30:35.0123 4448  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:30:35.0154 4448  IPBusEnum - ok
22:30:35.0169 4448  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:30:35.0201 4448  IpFilterDriver - ok
22:30:35.0216 4448  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:30:35.0263 4448  iphlpsvc - ok
22:30:35.0263 4448  IpInIp - ok
22:30:35.0279 4448  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:30:35.0310 4448  IPMIDRV - ok
22:30:35.0310 4448  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:30:35.0341 4448  IPNAT - ok
22:30:35.0357 4448  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:30:35.0388 4448  IRENUM - ok
22:30:35.0388 4448  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:30:35.0403 4448  isapnp - ok
22:30:35.0435 4448  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:30:35.0450 4448  iScsiPrt - ok
22:30:35.0466 4448  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:30:35.0466 4448  iteatapi - ok
22:30:35.0481 4448  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:30:35.0497 4448  iteraid - ok
22:30:35.0497 4448  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:30:35.0513 4448  kbdclass - ok
22:30:35.0528 4448  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:30:35.0559 4448  kbdhid - ok
22:30:35.0575 4448  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:30:35.0606 4448  KeyIso - ok
22:30:35.0622 4448  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:30:35.0653 4448  KSecDD - ok
22:30:35.0684 4448  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:30:35.0731 4448  KtmRm - ok
22:30:35.0762 4448  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:30:35.0793 4448  LanmanServer - ok
22:30:35.0825 4448  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:30:35.0856 4448  LanmanWorkstation - ok
22:30:35.0887 4448  [ 9188D073CD14F886790D6037D1986063 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:30:35.0887 4448  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:30:35.0887 4448  LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:30:35.0903 4448  LiveUpdate - ok
22:30:35.0903 4448  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:30:35.0934 4448  lltdio - ok
22:30:35.0965 4448  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:30:35.0996 4448  lltdsvc - ok
22:30:36.0012 4448  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:30:36.0043 4448  lmhosts - ok
22:30:36.0059 4448  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:30:36.0074 4448  LSI_FC - ok
22:30:36.0090 4448  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:30:36.0105 4448  LSI_SAS - ok
22:30:36.0105 4448  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:30:36.0121 4448  LSI_SCSI - ok
22:30:36.0137 4448  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:30:36.0168 4448  luafv - ok
22:30:36.0168 4448  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:30:36.0199 4448  Mcx2Svc - ok
22:30:36.0199 4448  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:30:36.0215 4448  megasas - ok
22:30:36.0230 4448  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
22:30:36.0261 4448  MegaSR - ok
22:30:36.0308 4448  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:30:36.0324 4448  MMCSS - ok
22:30:36.0371 4448  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:30:36.0402 4448  Modem - ok
22:30:36.0417 4448  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:30:36.0449 4448  monitor - ok
22:30:36.0464 4448  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:30:36.0480 4448  mouclass - ok
22:30:36.0480 4448  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:30:36.0511 4448  mouhid - ok
22:30:36.0527 4448  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:30:36.0542 4448  MountMgr - ok
22:30:36.0573 4448  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:30:36.0589 4448  MozillaMaintenance - ok
22:30:36.0605 4448  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:30:36.0605 4448  mpio - ok
22:30:36.0620 4448  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:30:36.0651 4448  mpsdrv - ok
22:30:36.0683 4448  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:30:36.0714 4448  MpsSvc - ok
22:30:36.0729 4448  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:30:36.0776 4448  Mraid35x - ok
22:30:36.0792 4448  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:30:36.0823 4448  MRxDAV - ok
22:30:36.0839 4448  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:30:36.0854 4448  mrxsmb - ok
22:30:36.0885 4448  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:30:36.0901 4448  mrxsmb10 - ok
22:30:36.0917 4448  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:30:36.0932 4448  mrxsmb20 - ok
22:30:36.0948 4448  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:30:36.0963 4448  msahci - ok
22:30:36.0995 4448  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:30:37.0010 4448  msdsm - ok
22:30:37.0010 4448  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:30:37.0041 4448  MSDTC - ok
22:30:37.0057 4448  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:30:37.0088 4448  Msfs - ok
22:30:37.0104 4448  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:30:37.0104 4448  msisadrv - ok
22:30:37.0135 4448  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:30:37.0151 4448  MSiSCSI - ok
22:30:37.0166 4448  msiserver - ok
22:30:37.0166 4448  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:30:37.0213 4448  MSKSSRV - ok
22:30:37.0213 4448  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:30:37.0244 4448  MSPCLOCK - ok
22:30:37.0260 4448  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:30:37.0291 4448  MSPQM - ok
22:30:37.0307 4448  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:30:37.0322 4448  MsRPC - ok
22:30:37.0338 4448  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:30:37.0353 4448  mssmbios - ok
22:30:37.0353 4448  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:30:37.0369 4448  MSTEE - ok
22:30:37.0385 4448  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:30:37.0400 4448  Mup - ok
22:30:37.0447 4448  [ F2840DBFE9322F35557219AE82CC4597 ] N360            C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
22:30:37.0447 4448  N360 - ok
22:30:37.0494 4448  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:30:37.0509 4448  napagent - ok
22:30:37.0541 4448  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:30:37.0556 4448  NativeWifiP - ok
22:30:37.0603 4448  [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121109.020\NAVENG.SYS
22:30:37.0619 4448  NAVENG - ok
22:30:37.0712 4448  [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121109.020\NAVEX15.SYS
22:30:37.0759 4448  NAVEX15 - ok
22:30:37.0790 4448  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:30:37.0837 4448  NDIS - ok
22:30:37.0884 4448  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:30:37.0899 4448  NdisTapi - ok
22:30:37.0931 4448  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:30:37.0946 4448  Ndisuio - ok
22:30:37.0993 4448  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:30:38.0040 4448  NdisWan - ok
22:30:38.0040 4448  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:30:38.0055 4448  NDProxy - ok
22:30:38.0087 4448  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:30:38.0102 4448  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:30:38.0102 4448  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:30:38.0118 4448  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:30:38.0149 4448  NetBIOS - ok
22:30:38.0180 4448  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:30:38.0211 4448  netbt - ok
22:30:38.0227 4448  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:30:38.0243 4448  Netlogon - ok
22:30:38.0258 4448  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:30:38.0289 4448  Netman - ok
22:30:38.0305 4448  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:30:38.0336 4448  netprofm - ok
22:30:38.0367 4448  [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
22:30:38.0430 4448  netr28u - ok
22:30:38.0445 4448  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:30:38.0461 4448  NetTcpPortSharing - ok
22:30:38.0477 4448  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:30:38.0492 4448  nfrd960 - ok
22:30:38.0508 4448  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:30:38.0539 4448  NlaSvc - ok
22:30:38.0539 4448  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:30:38.0570 4448  Npfs - ok
22:30:38.0586 4448  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:30:38.0617 4448  nsi - ok
22:30:38.0633 4448  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:30:38.0664 4448  nsiproxy - ok
22:30:38.0711 4448  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:30:38.0742 4448  Ntfs - ok
22:30:38.0773 4448  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:30:38.0804 4448  ntrigdigi - ok
22:30:38.0820 4448  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:30:38.0851 4448  Null - ok
22:30:39.0319 4448  [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:30:39.0615 4448  nvlddmkm - ok
22:30:39.0662 4448  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:30:39.0678 4448  nvraid - ok
22:30:39.0678 4448  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:30:39.0693 4448  nvstor - ok
22:30:39.0725 4448  [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:30:39.0756 4448  nvsvc - ok
22:30:40.0005 4448  [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:30:40.0052 4448  nvUpdatusService - ok
22:30:40.0083 4448  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:30:40.0099 4448  nv_agp - ok
22:30:40.0099 4448  NwlnkFlt - ok
22:30:40.0115 4448  NwlnkFwd - ok
22:30:40.0130 4448  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:30:40.0161 4448  ohci1394 - ok
22:30:40.0193 4448  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:30:40.0302 4448  p2pimsvc - ok
22:30:40.0317 4448  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:30:40.0333 4448  p2psvc - ok
22:30:40.0395 4448  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:30:40.0442 4448  Parport - ok
22:30:40.0458 4448  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:30:40.0473 4448  partmgr - ok
22:30:40.0489 4448  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:30:40.0536 4448  Parvdm - ok
22:30:40.0567 4448  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:30:40.0598 4448  PcaSvc - ok
22:30:40.0614 4448  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:30:40.0629 4448  pci - ok
22:30:40.0645 4448  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
22:30:40.0661 4448  pciide - ok
22:30:40.0661 4448  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:30:40.0676 4448  pcmcia - ok
22:30:40.0707 4448  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:30:40.0770 4448  PEAUTH - ok
22:30:40.0879 4448  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:30:40.0941 4448  pla - ok
22:30:40.0957 4448  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:30:40.0988 4448  PlugPlay - ok
22:30:41.0004 4448  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:30:41.0019 4448  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:30:41.0019 4448  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:30:41.0051 4448  [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
22:30:41.0051 4448  PnkBstrA - ok
22:30:41.0082 4448  [ 9A386EC60A166DF66205343CA12C6B86 ] PnkBstrB        C:\Windows\system32\PnkBstrB.exe
22:30:41.0097 4448  PnkBstrB - ok
22:30:41.0113 4448  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:30:41.0144 4448  PNRPAutoReg - ok
22:30:41.0144 4448  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:30:41.0175 4448  PNRPsvc - ok
22:30:41.0191 4448  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:30:41.0238 4448  PolicyAgent - ok
22:30:41.0269 4448  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:30:41.0300 4448  PptpMiniport - ok
22:30:41.0316 4448  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
22:30:41.0331 4448  Processor - ok
22:30:41.0347 4448  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:30:41.0378 4448  ProfSvc - ok
22:30:41.0394 4448  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:30:41.0409 4448  ProtectedStorage - ok
22:30:41.0425 4448  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
22:30:41.0441 4448  ProtexisLicensing - ok
22:30:41.0472 4448  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:30:41.0503 4448  PSched - ok
22:30:41.0534 4448  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:30:41.0565 4448  ql2300 - ok
22:30:41.0581 4448  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:30:41.0597 4448  ql40xx - ok
22:30:41.0612 4448  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:30:41.0628 4448  QWAVE - ok
22:30:41.0643 4448  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:30:41.0659 4448  QWAVEdrv - ok
22:30:41.0675 4448  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:30:41.0690 4448  RasAcd - ok
22:30:41.0706 4448  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:30:41.0737 4448  RasAuto - ok
22:30:41.0753 4448  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:30:41.0768 4448  Rasl2tp - ok
22:30:41.0784 4448  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:30:41.0831 4448  RasMan - ok
22:30:41.0846 4448  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:30:41.0862 4448  RasPppoe - ok
22:30:41.0862 4448  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:30:41.0877 4448  RasSstp - ok
22:30:41.0893 4448  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:30:41.0924 4448  rdbss - ok
22:30:41.0940 4448  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:30:41.0971 4448  RDPCDD - ok
22:30:41.0987 4448  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:30:42.0018 4448  rdpdr - ok
22:30:42.0018 4448  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:30:42.0049 4448  RDPENCDD - ok
22:30:42.0049 4448  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:30:42.0080 4448  RDPWD - ok
22:30:42.0111 4448  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:30:42.0127 4448  RemoteAccess - ok
22:30:42.0158 4448  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:30:42.0189 4448  RemoteRegistry - ok
22:30:42.0221 4448  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
22:30:42.0236 4448  RichVideo - ok
22:30:42.0252 4448  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:30:42.0267 4448  RpcLocator - ok
22:30:42.0283 4448  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:30:42.0314 4448  RpcSs - ok
22:30:42.0330 4448  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:30:42.0361 4448  rspndr - ok
22:30:42.0377 4448  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
22:30:42.0392 4448  SamSs - ok
22:30:42.0408 4448  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:30:42.0423 4448  sbp2port - ok
22:30:42.0439 4448  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:30:42.0455 4448  SCardSvr - ok
22:30:42.0501 4448  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:30:42.0579 4448  Schedule - ok
22:30:42.0611 4448  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:30:42.0626 4448  SCPolicySvc - ok
22:30:42.0689 4448  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:30:42.0735 4448  SDRSVC - ok
22:30:42.0751 4448  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:30:42.0798 4448  secdrv - ok
22:30:42.0813 4448  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:30:42.0829 4448  seclogon - ok
22:30:42.0845 4448  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
22:30:42.0876 4448  SENS - ok
22:30:42.0891 4448  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:30:42.0907 4448  Serenum - ok
22:30:42.0923 4448  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:30:42.0954 4448  Serial - ok
22:30:42.0969 4448  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:30:43.0001 4448  sermouse - ok
22:30:43.0032 4448  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:30:43.0047 4448  SessionEnv - ok
22:30:43.0063 4448  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:30:43.0079 4448  sffdisk - ok
22:30:43.0094 4448  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:30:43.0125 4448  sffp_mmc - ok
22:30:43.0125 4448  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:30:43.0157 4448  sffp_sd - ok
22:30:43.0172 4448  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:30:43.0219 4448  sfloppy - ok
22:30:43.0235 4448  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:30:43.0250 4448  SharedAccess - ok
22:30:43.0281 4448  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:30:43.0313 4448  ShellHWDetection - ok
22:30:43.0344 4448  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:30:43.0359 4448  sisagp - ok
22:30:43.0375 4448  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:30:43.0375 4448  SiSRaid2 - ok
22:30:43.0391 4448  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:30:43.0406 4448  SiSRaid4 - ok
22:30:43.0437 4448  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:30:43.0453 4448  SkypeUpdate - ok
22:30:43.0515 4448  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:30:43.0609 4448  slsvc - ok
22:30:43.0671 4448  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:30:43.0703 4448  SLUINotify - ok
22:30:43.0718 4448  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:30:43.0749 4448  Smb - ok
22:30:43.0765 4448  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:30:43.0796 4448  SNMPTRAP - ok
22:30:43.0812 4448  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:30:43.0812 4448  spldr - ok
22:30:43.0843 4448  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:30:43.0874 4448  Spooler - ok
22:30:43.0921 4448  [ 73205BD9A388639C210636793FE3FD61 ] sptd            C:\Windows\System32\Drivers\sptd.sys
22:30:43.0952 4448  sptd - ok
22:30:44.0046 4448  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\Windows\System32\Drivers\N360\0604000.009\SRTSP.SYS
22:30:44.0077 4448  SRTSP - ok
22:30:44.0093 4448  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\N360\0604000.009\SRTSPX.SYS
22:30:44.0108 4448  SRTSPX - ok
22:30:44.0139 4448  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:30:44.0171 4448  srv - ok
22:30:44.0186 4448  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:30:44.0202 4448  srv2 - ok
22:30:44.0217 4448  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:30:44.0233 4448  srvnet - ok
22:30:44.0264 4448  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:30:44.0295 4448  SSDPSRV - ok
22:30:44.0295 4448  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:30:44.0311 4448  SstpSvc - ok
22:30:44.0405 4448  [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
22:30:44.0420 4448  StarWindService ( UnsignedFile.Multi.Generic ) - warning
22:30:44.0420 4448  StarWindService - detected UnsignedFile.Multi.Generic (1)
22:30:44.0420 4448  Steam Client Service - ok
22:30:44.0483 4448  [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:30:44.0514 4448  Stereo Service - ok
22:30:44.0545 4448  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:30:44.0576 4448  StillCam - ok
22:30:44.0639 4448  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:30:44.0685 4448  stisvc - ok
22:30:44.0717 4448  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:30:44.0732 4448  swenum - ok
22:30:44.0763 4448  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:30:44.0826 4448  swprv - ok
22:30:44.0826 4448  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:30:44.0841 4448  Symc8xx - ok
22:30:44.0857 4448  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\Windows\system32\drivers\N360\0604000.009\SYMDS.SYS
22:30:44.0873 4448  SymDS - ok
22:30:44.0904 4448  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\N360\0604000.009\SYMEFA.SYS
22:30:44.0966 4448  SymEFA - ok
22:30:44.0997 4448  [ 74E2521E96176A4449570E50BE91954D ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
22:30:45.0013 4448  SymEvent - ok
22:30:45.0013 4448  SymIMMP - ok
22:30:45.0044 4448  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\Windows\system32\drivers\N360\0604000.009\Ironx86.SYS
22:30:45.0044 4448  SymIRON - ok
22:30:45.0075 4448  [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv         C:\Windows\System32\Drivers\N360\0604000.009\SYMTDIV.SYS
22:30:45.0091 4448  SYMTDIv - ok
22:30:45.0107 4448  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:30:45.0122 4448  Sym_hi - ok
22:30:45.0138 4448  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:30:45.0138 4448  Sym_u3 - ok
22:30:45.0169 4448  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:30:45.0216 4448  SysMain - ok
22:30:45.0231 4448  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:30:45.0247 4448  TabletInputService - ok
22:30:45.0278 4448  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:30:45.0325 4448  TapiSrv - ok
22:30:45.0356 4448  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:30:45.0387 4448  TBS - ok
22:30:45.0434 4448  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:30:45.0481 4448  Tcpip - ok
22:30:45.0497 4448  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:30:45.0559 4448  Tcpip6 - ok
22:30:45.0590 4448  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:30:45.0621 4448  tcpipreg - ok
22:30:45.0668 4448  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:30:45.0715 4448  TDPIPE - ok
22:30:45.0731 4448  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:30:45.0762 4448  TDTCP - ok
22:30:45.0777 4448  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:30:45.0809 4448  tdx - ok
22:30:45.0824 4448  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:30:45.0824 4448  TermDD - ok
22:30:45.0840 4448  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:30:45.0871 4448  TermService - ok
22:30:45.0887 4448  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:30:45.0902 4448  Themes - ok
22:30:45.0902 4448  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:30:45.0933 4448  THREADORDER - ok
22:30:45.0949 4448  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:30:45.0996 4448  TrkWks - ok
22:30:46.0043 4448  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:30:46.0058 4448  TrustedInstaller - ok
22:30:46.0074 4448  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:30:46.0105 4448  tssecsrv - ok
22:30:46.0152 4448  [ C1A64414DB4E49D41D9DF9359ED9369B ] TuneUp.Defrag   C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
22:30:46.0183 4448  TuneUp.Defrag - ok
22:30:46.0214 4448  [ DC653CF2D70827C4EBC2B157DA25CF57 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
22:30:46.0245 4448  TuneUp.UtilitiesSvc - ok
22:30:46.0261 4448  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
22:30:46.0277 4448  TuneUpUtilitiesDrv - ok
22:30:46.0292 4448  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:30:46.0323 4448  tunmp - ok
22:30:46.0339 4448  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:30:46.0355 4448  tunnel - ok
22:30:46.0370 4448  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:30:46.0370 4448  uagp35 - ok
22:30:46.0386 4448  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:30:46.0417 4448  udfs - ok
22:30:46.0433 4448  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:30:46.0464 4448  UI0Detect - ok
22:30:46.0479 4448  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:30:46.0495 4448  uliagpkx - ok
22:30:46.0511 4448  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:30:46.0526 4448  uliahci - ok
22:30:46.0526 4448  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:30:46.0542 4448  UlSata - ok
22:30:46.0542 4448  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:30:46.0557 4448  ulsata2 - ok
22:30:46.0573 4448  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:30:46.0589 4448  umbus - ok
22:30:46.0604 4448  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:30:46.0635 4448  upnphost - ok
22:30:46.0667 4448  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:30:46.0682 4448  usbaudio - ok
22:30:46.0698 4448  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:30:46.0713 4448  usbccgp - ok
22:30:46.0729 4448  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:30:46.0776 4448  usbcir - ok
22:30:46.0791 4448  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:30:46.0807 4448  usbehci - ok
22:30:46.0823 4448  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:30:46.0838 4448  usbhub - ok
22:30:46.0854 4448  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:30:46.0885 4448  usbohci - ok
22:30:46.0901 4448  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:30:46.0932 4448  usbprint - ok
22:30:46.0947 4448  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:30:46.0963 4448  usbscan - ok
22:30:46.0979 4448  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:30:47.0010 4448  USBSTOR - ok
22:30:47.0025 4448  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:30:47.0057 4448  usbuhci - ok
22:30:47.0072 4448  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:30:47.0088 4448  UxSms - ok
22:30:47.0103 4448  [ DC2172ACCB384C6A3D59342050422102 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
22:30:47.0119 4448  UxTuneUp - ok
22:30:47.0135 4448  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:30:47.0181 4448  vds - ok
22:30:47.0228 4448  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:30:47.0259 4448  vga - ok
22:30:47.0275 4448  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:30:47.0291 4448  VgaSave - ok
22:30:47.0322 4448  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:30:47.0322 4448  viaagp - ok
22:30:47.0337 4448  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:30:47.0353 4448  ViaC7 - ok
22:30:47.0384 4448  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:30:47.0400 4448  viaide - ok
22:30:47.0415 4448  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:30:47.0431 4448  volmgr - ok
22:30:47.0462 4448  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:30:47.0478 4448  volmgrx - ok
22:30:47.0493 4448  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:30:47.0509 4448  volsnap - ok
22:30:47.0525 4448  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:30:47.0540 4448  vsmraid - ok
22:30:47.0556 4448  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:30:47.0634 4448  VSS - ok
22:30:47.0681 4448  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:30:47.0712 4448  W32Time - ok
22:30:47.0727 4448  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:30:47.0774 4448  WacomPen - ok
22:30:47.0774 4448  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:30:47.0805 4448  Wanarp - ok
22:30:47.0805 4448  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:30:47.0821 4448  Wanarpv6 - ok
22:30:47.0852 4448  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:30:47.0883 4448  wcncsvc - ok
22:30:47.0915 4448  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:30:47.0930 4448  WcsPlugInService - ok
22:30:47.0946 4448  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
22:30:47.0961 4448  Wd - ok
22:30:47.0977 4448  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:30:48.0024 4448  Wdf01000 - ok
22:30:48.0055 4448  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:30:48.0086 4448  WdiServiceHost - ok
22:30:48.0086 4448  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:30:48.0102 4448  WdiSystemHost - ok
22:30:48.0149 4448  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:30:48.0164 4448  WebClient - ok
22:30:48.0180 4448  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:30:48.0211 4448  Wecsvc - ok
22:30:48.0242 4448  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:30:48.0273 4448  wercplsupport - ok
22:30:48.0289 4448  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:30:48.0305 4448  WerSvc - ok
22:30:48.0336 4448  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:30:48.0351 4448  WinDefend - ok
22:30:48.0367 4448  WinHttpAutoProxySvc - ok
22:30:48.0398 4448  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:30:48.0414 4448  Winmgmt - ok
22:30:48.0461 4448  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:30:48.0539 4448  WinRM - ok
22:30:48.0601 4448  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:30:48.0663 4448  Wlansvc - ok
22:30:48.0695 4448  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:30:48.0710 4448  WmiAcpi - ok
22:30:48.0726 4448  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:30:48.0757 4448  wmiApSrv - ok
22:30:48.0788 4448  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:30:48.0882 4448  WMPNetworkSvc - ok
22:30:48.0897 4448  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:30:48.0975 4448  WPCSvc - ok
22:30:48.0991 4448  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:30:49.0007 4448  WPDBusEnum - ok
22:30:49.0038 4448  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:30:49.0053 4448  WpdUsb - ok
22:30:49.0085 4448  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:30:49.0116 4448  WPFFontCache_v0400 - ok
22:30:49.0147 4448  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:30:49.0163 4448  ws2ifsl - ok
22:30:49.0178 4448  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
22:30:49.0209 4448  wscsvc - ok
22:30:49.0209 4448  WSearch - ok
22:30:49.0350 4448  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:30:49.0412 4448  wuauserv - ok
22:30:49.0443 4448  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:30:49.0475 4448  WUDFRd - ok
22:30:49.0490 4448  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:30:49.0521 4448  wudfsvc - ok
22:30:49.0568 4448  [ 556B5CFE8D21B256ADD7F87D7F4B4123 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files\HomeCinema\PowerDVD9\000.fcl
22:30:49.0584 4448  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
22:30:49.0584 4448  ================ Scan global ===============================
22:30:49.0631 4448  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:30:49.0646 4448  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:30:49.0662 4448  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:30:49.0677 4448  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:30:49.0677 4448  [Global] - ok
22:30:49.0677 4448  ================ Scan MBR ==================================
22:30:49.0693 4448  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:30:50.0520 4448  \Device\Harddisk0\DR0 - ok
22:30:50.0520 4448  ================ Scan VBR ==================================
22:30:50.0551 4448  [ AB3E16EE174C667656F7EE64C93D7D5B ] \Device\Harddisk0\DR0\Partition1
22:30:50.0551 4448  \Device\Harddisk0\DR0\Partition1 - ok
22:30:50.0567 4448  [ 68BCB801FBBA89978B72A6524480AB30 ] \Device\Harddisk0\DR0\Partition2
22:30:50.0567 4448  \Device\Harddisk0\DR0\Partition2 - ok
22:30:50.0567 4448  ============================================================
22:30:50.0567 4448  Scan finished
22:30:50.0567 4448  ============================================================
22:30:50.0567 5860  Detected object count: 8
22:30:50.0567 5860  Actual detected object count: 8
22:31:15.0573 5860  ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0573 5860  ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:15.0573 5860  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0573 5860  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:15.0589 5860  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:15.0589 5860  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:15.0589 5860  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:15.0589 5860  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:15.0589 5860  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:31:15.0589 5860  StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860  StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 10.11.2012, 21:37   #14
Pille Palle
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



Rechner 2:

Code:
ATTFilter
22:39:24.0713 7120  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:39:24.0953 7120  ============================================================
22:39:24.0953 7120  Current date / time: 2012/11/10 22:39:24.0953
22:39:24.0953 7120  SystemInfo:
22:39:24.0953 7120  
22:39:24.0953 7120  OS Version: 6.1.7601 ServicePack: 1.0
22:39:24.0953 7120  Product type: Workstation
22:39:24.0953 7120  ComputerName: FELIXJUNG
22:39:24.0953 7120  UserName: Felix Jung
22:39:24.0953 7120  Windows directory: C:\Windows
22:39:24.0953 7120  System windows directory: C:\Windows
22:39:24.0953 7120  Running under WOW64
22:39:24.0953 7120  Processor architecture: Intel x64
22:39:24.0953 7120  Number of processors: 4
22:39:24.0953 7120  Page size: 0x1000
22:39:24.0953 7120  Boot type: Normal boot
22:39:24.0953 7120  ============================================================
22:39:25.0483 7120  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:25.0503 7120  ============================================================
22:39:25.0503 7120  \Device\Harddisk0\DR0:
22:39:25.0503 7120  MBR partitions:
22:39:25.0503 7120  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:39:25.0503 7120  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE27D5800
22:39:25.0503 7120  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE2808000, BlocksNum 0x6400000
22:39:25.0503 7120  ============================================================
22:39:25.0523 7120  C: <-> \Device\Harddisk0\DR0\Partition2
22:39:25.0643 7120  D: <-> \Device\Harddisk0\DR0\Partition3
22:39:25.0643 7120  ============================================================
22:39:25.0643 7120  Initialize success
22:39:25.0643 7120  ============================================================
22:39:32.0846 5352  ============================================================
22:39:32.0846 5352  Scan started
22:39:32.0846 5352  Mode: Manual; SigCheck; TDLFS; 
22:39:32.0846 5352  ============================================================
22:39:33.0454 5352  ================ Scan system memory ========================
22:39:33.0454 5352  System memory - ok
22:39:33.0454 5352  ================ Scan services =============================
22:39:34.0000 5352  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:39:34.0078 5352  1394ohci - ok
22:39:34.0110 5352  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:39:34.0125 5352  ACPI - ok
22:39:34.0141 5352  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:39:34.0203 5352  AcpiPmi - ok
22:39:34.0328 5352  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:34.0344 5352  AdobeARMservice - ok
22:39:34.0437 5352  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:34.0453 5352  AdobeFlashPlayerUpdateSvc - ok
22:39:34.0484 5352  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:39:34.0515 5352  adp94xx - ok
22:39:34.0531 5352  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:39:34.0562 5352  adpahci - ok
22:39:34.0578 5352  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:39:34.0593 5352  adpu320 - ok
22:39:34.0624 5352  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:39:34.0765 5352  AeLookupSvc - ok
22:39:34.0796 5352  [ 0517E1670A58213E3F206066CD209273 ] AF15BDA         C:\Windows\system32\DRIVERS\AF15BDA.sys
22:39:34.0827 5352  AF15BDA - ok
22:39:34.0890 5352  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:39:34.0952 5352  AFD - ok
22:39:34.0968 5352  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:39:34.0983 5352  agp440 - ok
22:39:34.0999 5352  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:39:35.0046 5352  ALG - ok
22:39:35.0061 5352  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:39:35.0077 5352  aliide - ok
22:39:35.0108 5352  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:39:35.0124 5352  amdide - ok
22:39:35.0139 5352  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:39:35.0186 5352  AmdK8 - ok
22:39:35.0202 5352  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:39:35.0248 5352  AmdPPM - ok
22:39:35.0280 5352  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:39:35.0295 5352  amdsata - ok
22:39:35.0326 5352  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:39:35.0342 5352  amdsbs - ok
22:39:35.0358 5352  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:39:35.0373 5352  amdxata - ok
22:39:35.0389 5352  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:39:35.0529 5352  AppID - ok
22:39:35.0545 5352  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:39:35.0607 5352  AppIDSvc - ok
22:39:35.0638 5352  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:39:35.0701 5352  Appinfo - ok
22:39:35.0779 5352  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:39:35.0794 5352  arc - ok
22:39:35.0810 5352  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:39:35.0826 5352  arcsas - ok
22:39:35.0857 5352  [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
22:39:35.0904 5352  asmthub3 - ok
22:39:35.0935 5352  [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
22:39:35.0982 5352  asmtxhci - ok
22:39:36.0013 5352  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:36.0075 5352  AsyncMac - ok
22:39:36.0122 5352  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:39:36.0138 5352  atapi - ok
22:39:36.0169 5352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:39:36.0231 5352  AudioEndpointBuilder - ok
22:39:36.0231 5352  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:39:36.0262 5352  AudioSrv - ok
22:39:36.0309 5352  [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
22:39:36.0309 5352  avgtp - ok
22:39:36.0372 5352  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:39:36.0434 5352  AxInstSV - ok
22:39:36.0465 5352  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:39:36.0512 5352  b06bdrv - ok
22:39:36.0543 5352  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:39:36.0590 5352  b57nd60a - ok
22:39:36.0621 5352  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:39:36.0652 5352  BDESVC - ok
22:39:36.0652 5352  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:39:36.0684 5352  Beep - ok
22:39:36.0746 5352  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:39:36.0808 5352  BFE - ok
22:39:36.0964 5352  [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys
22:39:36.0996 5352  BHDrvx64 - ok
22:39:37.0058 5352  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:39:37.0120 5352  BITS - ok
22:39:37.0152 5352  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:39:37.0183 5352  blbdrive - ok
22:39:37.0230 5352  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:39:37.0276 5352  bowser - ok
22:39:37.0308 5352  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:39:37.0323 5352  BrFiltLo - ok
22:39:37.0354 5352  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:39:37.0401 5352  BrFiltUp - ok
22:39:37.0448 5352  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:39:37.0495 5352  BridgeMP - ok
22:39:37.0573 5352  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:39:37.0620 5352  Browser - ok
22:39:37.0635 5352  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:39:37.0666 5352  Brserid - ok
22:39:37.0698 5352  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:37.0729 5352  BrSerWdm - ok
22:39:37.0744 5352  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:37.0776 5352  BrUsbMdm - ok
22:39:37.0791 5352  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:37.0822 5352  BrUsbSer - ok
22:39:37.0838 5352  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:39:37.0885 5352  BTHMODEM - ok
22:39:37.0916 5352  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:39:37.0978 5352  bthserv - ok
22:39:38.0041 5352  catchme - ok
22:39:38.0056 5352  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:39:38.0119 5352  cdfs - ok
22:39:38.0134 5352  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:39:38.0134 5352  cdrom - ok
22:39:38.0197 5352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:39:38.0244 5352  CertPropSvc - ok
22:39:38.0275 5352  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:39:38.0306 5352  circlass - ok
22:39:38.0337 5352  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:39:38.0353 5352  CLFS - ok
22:39:38.0384 5352  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:38.0415 5352  clr_optimization_v2.0.50727_32 - ok
22:39:38.0431 5352  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:38.0462 5352  clr_optimization_v2.0.50727_64 - ok
22:39:38.0540 5352  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:38.0571 5352  clr_optimization_v4.0.30319_32 - ok
22:39:38.0602 5352  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:38.0618 5352  clr_optimization_v4.0.30319_64 - ok
22:39:38.0618 5352  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:39:38.0649 5352  CmBatt - ok
22:39:38.0680 5352  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:39:38.0696 5352  cmdide - ok
22:39:38.0743 5352  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:39:38.0805 5352  CNG - ok
22:39:38.0821 5352  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:39:38.0836 5352  Compbatt - ok
22:39:38.0868 5352  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:39:38.0914 5352  CompositeBus - ok
22:39:38.0930 5352  COMSysApp - ok
22:39:38.0946 5352  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:39:38.0961 5352  crcdisk - ok
22:39:38.0992 5352  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:39:39.0039 5352  CryptSvc - ok
22:39:39.0086 5352  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:39:39.0117 5352  cvhsvc - ok
22:39:39.0148 5352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:39:39.0195 5352  DcomLaunch - ok
22:39:39.0242 5352  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:39:39.0304 5352  defragsvc - ok
22:39:39.0304 5352  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:39:39.0351 5352  DfsC - ok
22:39:39.0429 5352  [ 2609FC634FF93EC2BD081ABFECEEF997 ] DFSVC           C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe
22:39:39.0460 5352  DFSVC ( UnsignedFile.Multi.Generic ) - warning
22:39:39.0460 5352  DFSVC - detected UnsignedFile.Multi.Generic (1)
22:39:39.0492 5352  [ 245244B2740975F74F56559105093A2D ] DFSYS           C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS
22:39:39.0507 5352  DFSYS - ok
22:39:39.0523 5352  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:39:39.0585 5352  Dhcp - ok
22:39:39.0648 5352  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:39:39.0710 5352  discache - ok
22:39:39.0741 5352  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:39:39.0757 5352  Disk - ok
22:39:39.0788 5352  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:39:39.0819 5352  Dnscache - ok
22:39:39.0819 5352  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:39:39.0897 5352  dot3svc - ok
22:39:39.0897 5352  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:39:39.0960 5352  DPS - ok
22:39:39.0991 5352  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:39:40.0006 5352  drmkaud - ok
22:39:40.0038 5352  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:39:40.0053 5352  DXGKrnl - ok
22:39:40.0053 5352  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:39:40.0084 5352  EapHost - ok
22:39:40.0147 5352  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:39:40.0240 5352  ebdrv - ok
22:39:40.0287 5352  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:39:40.0303 5352  eeCtrl - ok
22:39:40.0334 5352  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:39:40.0365 5352  EFS - ok
22:39:40.0428 5352  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:39:40.0474 5352  ehRecvr - ok
22:39:40.0490 5352  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:39:40.0537 5352  ehSched - ok
22:39:40.0568 5352  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:39:40.0599 5352  elxstor - ok
22:39:40.0693 5352  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:39:40.0708 5352  EraserUtilRebootDrv - ok
22:39:40.0724 5352  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:39:40.0771 5352  ErrDev - ok
22:39:40.0818 5352  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:39:40.0864 5352  EventSystem - ok
22:39:40.0911 5352  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:39:40.0974 5352  exfat - ok
22:39:40.0989 5352  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:39:41.0020 5352  fastfat - ok
22:39:41.0052 5352  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:39:41.0114 5352  Fax - ok
22:39:41.0145 5352  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:39:41.0176 5352  fdc - ok
22:39:41.0208 5352  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:39:41.0270 5352  fdPHost - ok
22:39:41.0286 5352  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:39:41.0332 5352  FDResPub - ok
22:39:41.0348 5352  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:39:41.0364 5352  FileInfo - ok
22:39:41.0379 5352  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:39:41.0426 5352  Filetrace - ok
22:39:41.0442 5352  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:39:41.0457 5352  flpydisk - ok
22:39:41.0473 5352  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:39:41.0504 5352  FltMgr - ok
22:39:41.0535 5352  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:39:41.0582 5352  FontCache - ok
22:39:41.0598 5352  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:41.0613 5352  FontCache3.0.0.0 - ok
22:39:41.0629 5352  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:39:41.0629 5352  FsDepends - ok
22:39:41.0660 5352  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:39:41.0676 5352  Fs_Rec - ok
22:39:41.0676 5352  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:39:41.0707 5352  fvevol - ok
22:39:41.0722 5352  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:39:41.0738 5352  gagp30kx - ok
22:39:41.0785 5352  [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:39:41.0800 5352  GEARAspiWDM - ok
22:39:41.0816 5352  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:39:41.0878 5352  gpsvc - ok
22:39:41.0972 5352  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:41.0988 5352  gupdate - ok
22:39:42.0003 5352  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:42.0019 5352  gupdatem - ok
22:39:42.0034 5352  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
22:39:42.0050 5352  hamachi - ok
22:39:42.0081 5352  [ FFFF099F1DA0A4B7E765642A5A4D1399 ] HauppaugeTVServer C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
22:39:42.0128 5352  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0128 5352  HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
22:39:42.0144 5352  [ FFE2B6DA03F47DB339A538679D2DC600 ] hcw17bda        C:\Windows\system32\drivers\hcw17bda.sys
22:39:42.0175 5352  hcw17bda - ok
22:39:42.0206 5352  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:39:42.0222 5352  hcw85cir - ok
22:39:42.0253 5352  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:39:42.0300 5352  HdAudAddService - ok
22:39:42.0315 5352  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:39:42.0346 5352  HDAudBus - ok
22:39:42.0378 5352  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:39:42.0393 5352  HidBatt - ok
22:39:42.0409 5352  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:39:42.0456 5352  HidBth - ok
22:39:42.0471 5352  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:39:42.0487 5352  HidIr - ok
22:39:42.0502 5352  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:39:42.0534 5352  hidserv - ok
22:39:42.0549 5352  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:39:42.0565 5352  HidUsb - ok
22:39:42.0580 5352  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:39:42.0627 5352  hkmsvc - ok
22:39:42.0643 5352  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:39:42.0658 5352  HomeGroupListener - ok
22:39:42.0690 5352  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:39:42.0705 5352  HomeGroupProvider - ok
22:39:42.0783 5352  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:39:42.0799 5352  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0799 5352  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:39:42.0814 5352  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:39:42.0846 5352  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0846 5352  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:39:42.0861 5352  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:39:42.0877 5352  HpSAMD - ok
22:39:42.0924 5352  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:39:42.0955 5352  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0955 5352  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:39:42.0986 5352  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:39:43.0033 5352  HTTP - ok
22:39:43.0048 5352  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:39:43.0048 5352  hwpolicy - ok
22:39:43.0080 5352  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:39:43.0095 5352  i8042prt - ok
22:39:43.0126 5352  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
22:39:43.0142 5352  iaStor - ok
22:39:43.0189 5352  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:39:43.0220 5352  IAStorDataMgrSvc - ok
22:39:43.0251 5352  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:39:43.0282 5352  iaStorV - ok
22:39:43.0298 5352  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:43.0345 5352  idsvc - ok
22:39:43.0407 5352  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSvia64.sys
22:39:43.0423 5352  IDSVia64 - ok
22:39:43.0548 5352  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:39:43.0688 5352  igfx - ok
22:39:43.0704 5352  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:39:43.0704 5352  iirsp - ok
22:39:43.0735 5352  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:39:43.0782 5352  IKEEXT - ok
22:39:43.0875 5352  [ 8F6ED52134EBB4CE2953EC37C9275497 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:39:43.0922 5352  IntcAzAudAddService - ok
22:39:43.0953 5352  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:39:43.0969 5352  intelide - ok
22:39:44.0000 5352  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:39:44.0031 5352  intelppm - ok
22:39:44.0047 5352  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:39:44.0125 5352  IPBusEnum - ok
22:39:44.0140 5352  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:44.0187 5352  IpFilterDriver - ok
22:39:44.0218 5352  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:39:44.0281 5352  iphlpsvc - ok
22:39:44.0312 5352  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:39:44.0328 5352  IPMIDRV - ok
22:39:44.0343 5352  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:39:44.0390 5352  IPNAT - ok
22:39:44.0406 5352  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:39:44.0437 5352  IRENUM - ok
22:39:44.0452 5352  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:39:44.0468 5352  isapnp - ok
22:39:44.0484 5352  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:39:44.0499 5352  iScsiPrt - ok
22:39:44.0530 5352  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:44.0530 5352  kbdclass - ok
22:39:44.0562 5352  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:44.0577 5352  kbdhid - ok
22:39:44.0608 5352  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:39:44.0624 5352  KeyIso - ok
22:39:44.0640 5352  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:39:44.0655 5352  KSecDD - ok
22:39:44.0671 5352  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:39:44.0686 5352  KSecPkg - ok
22:39:44.0702 5352  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:39:44.0749 5352  ksthunk - ok
22:39:44.0749 5352  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:39:44.0811 5352  KtmRm - ok
22:39:44.0827 5352  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:39:44.0858 5352  LanmanServer - ok
22:39:44.0874 5352  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:39:44.0936 5352  LanmanWorkstation - ok
22:39:44.0967 5352  libusbd - ok
22:39:44.0998 5352  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:39:45.0045 5352  lltdio - ok
22:39:45.0061 5352  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:39:45.0108 5352  lltdsvc - ok
22:39:45.0123 5352  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:39:45.0170 5352  lmhosts - ok
22:39:45.0201 5352  [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:39:45.0217 5352  LMS - ok
22:39:45.0248 5352  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:39:45.0248 5352  LSI_FC - ok
22:39:45.0295 5352  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:39:45.0310 5352  LSI_SAS - ok
22:39:45.0357 5352  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:39:45.0373 5352  LSI_SAS2 - ok
22:39:45.0420 5352  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:39:45.0435 5352  LSI_SCSI - ok
22:39:45.0435 5352  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:39:45.0498 5352  luafv - ok
22:39:45.0529 5352  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:39:45.0560 5352  Mcx2Svc - ok
22:39:45.0576 5352  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:39:45.0591 5352  megasas - ok
22:39:45.0638 5352  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:39:45.0654 5352  MegaSR - ok
22:39:45.0685 5352  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
22:39:45.0700 5352  MEIx64 - ok
22:39:45.0716 5352  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:39:45.0778 5352  MMCSS - ok
22:39:45.0794 5352  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:39:45.0841 5352  Modem - ok
22:39:45.0872 5352  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:39:45.0903 5352  monitor - ok
22:39:45.0934 5352  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:39:45.0950 5352  mouclass - ok
22:39:45.0981 5352  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:39:45.0997 5352  mouhid - ok
22:39:46.0028 5352  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:39:46.0044 5352  mountmgr - ok
22:39:46.0122 5352  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:39:46.0168 5352  MozillaMaintenance - ok
22:39:46.0184 5352  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:39:46.0200 5352  mpio - ok
22:39:46.0215 5352  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:39:46.0231 5352  mpsdrv - ok
22:39:46.0278 5352  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:39:46.0309 5352  MpsSvc - ok
22:39:46.0324 5352  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:39:46.0356 5352  MRxDAV - ok
22:39:46.0371 5352  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:46.0418 5352  mrxsmb - ok
22:39:46.0434 5352  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:46.0480 5352  mrxsmb10 - ok
22:39:46.0480 5352  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:46.0512 5352  mrxsmb20 - ok
22:39:46.0543 5352  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:39:46.0543 5352  msahci - ok
22:39:46.0574 5352  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:39:46.0590 5352  msdsm - ok
22:39:46.0605 5352  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:39:46.0636 5352  MSDTC - ok
22:39:46.0652 5352  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:39:46.0714 5352  Msfs - ok
22:39:46.0730 5352  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:39:46.0761 5352  mshidkmdf - ok
22:39:46.0777 5352  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:39:46.0777 5352  msisadrv - ok
22:39:46.0792 5352  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:39:46.0855 5352  MSiSCSI - ok
22:39:46.0855 5352  msiserver - ok
22:39:46.0870 5352  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:39:46.0902 5352  MSKSSRV - ok
22:39:46.0917 5352  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:46.0948 5352  MSPCLOCK - ok
22:39:46.0964 5352  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:39:46.0995 5352  MSPQM - ok
22:39:47.0011 5352  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:39:47.0026 5352  MsRPC - ok
22:39:47.0042 5352  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:39:47.0042 5352  mssmbios - ok
22:39:47.0058 5352  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:39:47.0089 5352  MSTEE - ok
22:39:47.0120 5352  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:39:47.0151 5352  MTConfig - ok
22:39:47.0167 5352  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:39:47.0182 5352  Mup - ok
22:39:47.0214 5352  [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360            C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
22:39:47.0229 5352  N360 - ok
22:39:47.0245 5352  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:39:47.0292 5352  napagent - ok
22:39:47.0307 5352  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:39:47.0354 5352  NativeWifiP - ok
22:39:47.0401 5352  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121109.020\ENG64.SYS
22:39:47.0416 5352  NAVENG - ok
22:39:47.0463 5352  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121109.020\EX64.SYS
22:39:47.0494 5352  NAVEX15 - ok
22:39:47.0526 5352  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:39:47.0572 5352  NDIS - ok
22:39:47.0572 5352  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:47.0619 5352  NdisCap - ok
22:39:47.0635 5352  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:47.0666 5352  NdisTapi - ok
22:39:47.0682 5352  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:47.0728 5352  Ndisuio - ok
22:39:47.0744 5352  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:47.0775 5352  NdisWan - ok
22:39:47.0806 5352  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:39:47.0884 5352  NDProxy - ok
22:39:47.0931 5352  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:39:47.0947 5352  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:39:47.0947 5352  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:39:47.0947 5352  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:39:47.0994 5352  NetBIOS - ok
22:39:48.0009 5352  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:39:48.0040 5352  NetBT - ok
22:39:48.0072 5352  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:39:48.0072 5352  Netlogon - ok
22:39:48.0118 5352  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:39:48.0196 5352  Netman - ok
22:39:48.0212 5352  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:39:48.0259 5352  netprofm - ok
22:39:48.0259 5352  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:39:48.0274 5352  NetTcpPortSharing - ok
22:39:48.0306 5352  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:39:48.0306 5352  nfrd960 - ok
22:39:48.0337 5352  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:39:48.0384 5352  NlaSvc - ok
22:39:48.0384 5352  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:39:48.0415 5352  Npfs - ok
22:39:48.0430 5352  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:39:48.0462 5352  nsi - ok
22:39:48.0477 5352  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:39:48.0508 5352  nsiproxy - ok
22:39:48.0555 5352  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:39:48.0586 5352  Ntfs - ok
22:39:48.0602 5352  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:39:48.0633 5352  Null - ok
22:39:48.0680 5352  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:39:48.0680 5352  NVHDA - ok
22:39:48.0883 5352  [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:39:49.0039 5352  nvlddmkm - ok
22:39:49.0070 5352  nvpciflt - ok
22:39:49.0086 5352  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:39:49.0101 5352  nvraid - ok
22:39:49.0132 5352  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:39:49.0132 5352  nvstor - ok
22:39:49.0179 5352  [ 43F91595049DE14C4B61D1E76436164F ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:39:49.0226 5352  nvsvc - ok
22:39:49.0273 5352  [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:39:49.0335 5352  nvUpdatusService - ok
22:39:49.0351 5352  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:39:49.0366 5352  nv_agp - ok
22:39:49.0382 5352  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:39:49.0398 5352  ohci1394 - ok
22:39:49.0398 5352  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:49.0429 5352  ose - ok
22:39:49.0538 5352  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:39:49.0647 5352  osppsvc - ok
22:39:49.0647 5352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:39:49.0678 5352  p2pimsvc - ok
22:39:49.0694 5352  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:39:49.0710 5352  p2psvc - ok
22:39:49.0741 5352  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:39:49.0756 5352  Parport - ok
22:39:49.0788 5352  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:39:49.0803 5352  partmgr - ok
22:39:49.0803 5352  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:39:49.0834 5352  PcaSvc - ok
22:39:49.0834 5352  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:39:49.0850 5352  pci - ok
22:39:49.0881 5352  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:39:49.0897 5352  pciide - ok
22:39:49.0928 5352  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:39:49.0928 5352  pcmcia - ok
22:39:49.0975 5352  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:39:49.0990 5352  pcw - ok
22:39:50.0006 5352  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:39:50.0068 5352  PEAUTH - ok
22:39:50.0131 5352  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:39:50.0146 5352  PerfHost - ok
22:39:50.0193 5352  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:39:50.0271 5352  pla - ok
22:39:50.0302 5352  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:39:50.0334 5352  PlugPlay - ok
22:39:50.0380 5352  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:39:50.0396 5352  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:39:50.0396 5352  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:39:50.0412 5352  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:39:50.0443 5352  PNRPAutoReg - ok
22:39:50.0458 5352  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:39:50.0458 5352  PNRPsvc - ok
22:39:50.0490 5352  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:39:50.0536 5352  PolicyAgent - ok
22:39:50.0552 5352  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:39:50.0583 5352  Power - ok
22:39:50.0630 5352  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:39:50.0661 5352  PptpMiniport - ok
22:39:50.0692 5352  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:39:50.0692 5352  Processor - ok
22:39:50.0708 5352  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:39:50.0739 5352  ProfSvc - ok
22:39:50.0739 5352  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:39:50.0755 5352  ProtectedStorage - ok
22:39:50.0770 5352  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:39:50.0786 5352  Psched - ok
22:39:50.0817 5352  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:39:50.0817 5352  PSI_SVC_2 - ok
22:39:50.0864 5352  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:39:50.0911 5352  ql2300 - ok
22:39:50.0926 5352  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:39:50.0942 5352  ql40xx - ok
22:39:50.0958 5352  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:39:50.0973 5352  QWAVE - ok
22:39:50.0989 5352  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:39:51.0036 5352  QWAVEdrv - ok
22:39:51.0051 5352  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:39:51.0098 5352  RasAcd - ok
22:39:51.0129 5352  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:39:51.0207 5352  RasAgileVpn - ok
22:39:51.0223 5352  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:39:51.0285 5352  RasAuto - ok
22:39:51.0316 5352  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:51.0363 5352  Rasl2tp - ok
22:39:51.0394 5352  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:39:51.0426 5352  RasMan - ok
22:39:51.0441 5352  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:51.0472 5352  RasPppoe - ok
22:39:51.0488 5352  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:39:51.0519 5352  RasSstp - ok
22:39:51.0550 5352  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:39:51.0582 5352  rdbss - ok
22:39:51.0613 5352  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:39:51.0613 5352  rdpbus - ok
22:39:51.0628 5352  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:51.0675 5352  RDPCDD - ok
22:39:51.0691 5352  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:39:51.0722 5352  RDPENCDD - ok
22:39:51.0738 5352  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:39:51.0784 5352  RDPREFMP - ok
22:39:51.0800 5352  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:39:51.0816 5352  RDPWD - ok
22:39:51.0831 5352  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:39:51.0847 5352  rdyboost - ok
22:39:51.0847 5352  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:39:51.0894 5352  RemoteAccess - ok
22:39:51.0909 5352  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:39:51.0956 5352  RemoteRegistry - ok
22:39:51.0972 5352  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:39:51.0987 5352  RpcEptMapper - ok
22:39:52.0018 5352  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:39:52.0034 5352  RpcLocator - ok
22:39:52.0050 5352  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:39:52.0081 5352  RpcSs - ok
22:39:52.0096 5352  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:39:52.0143 5352  rspndr - ok
22:39:52.0190 5352  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:39:52.0206 5352  RTL8167 - ok
22:39:52.0252 5352  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
22:39:52.0268 5352  RTL8192su - ok
22:39:52.0284 5352  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:39:52.0299 5352  SamSs - ok
22:39:52.0315 5352  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:39:52.0315 5352  sbp2port - ok
22:39:52.0330 5352  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:39:52.0362 5352  SCardSvr - ok
22:39:52.0377 5352  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:39:52.0408 5352  scfilter - ok
22:39:52.0440 5352  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:39:52.0486 5352  Schedule - ok
22:39:52.0502 5352  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:39:52.0533 5352  SCPolicySvc - ok
22:39:52.0533 5352  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:39:52.0564 5352  SDRSVC - ok
22:39:52.0580 5352  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:39:52.0611 5352  secdrv - ok
22:39:52.0627 5352  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:39:52.0658 5352  seclogon - ok
22:39:52.0658 5352  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:39:52.0705 5352  SENS - ok
22:39:52.0720 5352  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:39:52.0736 5352  SensrSvc - ok
22:39:52.0767 5352  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:39:52.0798 5352  Serenum - ok
22:39:52.0830 5352  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:39:52.0861 5352  Serial - ok
22:39:52.0908 5352  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:39:52.0923 5352  sermouse - ok
22:39:52.0954 5352  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:39:53.0001 5352  SessionEnv - ok
22:39:53.0017 5352  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:39:53.0032 5352  sffdisk - ok
22:39:53.0048 5352  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:39:53.0079 5352  sffp_mmc - ok
22:39:53.0095 5352  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:39:53.0110 5352  sffp_sd - ok
22:39:53.0126 5352  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:39:53.0126 5352  sfloppy - ok
22:39:53.0157 5352  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:39:53.0173 5352  Sftfs - ok
22:39:53.0204 5352  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:39:53.0220 5352  sftlist - ok
22:39:53.0251 5352  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:39:53.0251 5352  Sftplay - ok
22:39:53.0282 5352  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:39:53.0282 5352  Sftredir - ok
22:39:53.0298 5352  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:39:53.0313 5352  Sftvol - ok
22:39:53.0344 5352  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:39:53.0360 5352  sftvsa - ok
22:39:53.0376 5352  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:39:53.0422 5352  SharedAccess - ok
22:39:53.0454 5352  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:39:53.0485 5352  ShellHWDetection - ok
22:39:53.0532 5352  [ BD0D88034925E49A273A44905E2796A8 ] SipIMNDI        C:\Windows\system32\DRIVERS\SipIMNDI64.sys
22:39:53.0532 5352  SipIMNDI - ok
22:39:53.0547 5352  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:39:53.0563 5352  SiSRaid2 - ok
22:39:53.0578 5352  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:39:53.0594 5352  SiSRaid4 - ok
22:39:53.0688 5352  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:39:53.0766 5352  Skype C2C Service - ok
22:39:53.0812 5352  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:39:53.0828 5352  SkypeUpdate - ok
22:39:53.0859 5352  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:39:53.0922 5352  Smb - ok
22:39:53.0953 5352  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:39:53.0984 5352  SNMPTRAP - ok
22:39:54.0140 5352  [ 37D91C6385BB1104D67925FC43800ED0 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
22:39:54.0358 5352  SNPSTD3 - ok
22:39:54.0358 5352  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:39:54.0374 5352  spldr - ok
22:39:54.0405 5352  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:39:54.0421 5352  Spooler - ok
22:39:54.0483 5352  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:39:54.0577 5352  sppsvc - ok
22:39:54.0592 5352  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:39:54.0624 5352  sppuinotify - ok
22:39:54.0670 5352  [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP           C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
22:39:54.0686 5352  SRTSP - ok
22:39:54.0702 5352  [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX          C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
22:39:54.0702 5352  SRTSPX - ok
22:39:54.0717 5352  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:39:54.0748 5352  srv - ok
22:39:54.0764 5352  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:39:54.0795 5352  srv2 - ok
22:39:54.0795 5352  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:39:54.0811 5352  srvnet - ok
22:39:54.0842 5352  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:39:54.0889 5352  SSDPSRV - ok
22:39:54.0889 5352  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:39:54.0920 5352  SstpSvc - ok
22:39:54.0982 5352  Steam Client Service - ok
22:39:55.0060 5352  [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:39:55.0076 5352  Stereo Service - ok
22:39:55.0107 5352  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:39:55.0123 5352  stexstor - ok
22:39:55.0154 5352  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:39:55.0170 5352  StillCam - ok
22:39:55.0201 5352  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:39:55.0232 5352  stisvc - ok
22:39:55.0263 5352  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:39:55.0279 5352  swenum - ok
22:39:55.0294 5352  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:39:55.0326 5352  swprv - ok
22:39:55.0357 5352  [ 6160145C7A87FC7672E8E3B886888176 ] SymDS           C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
22:39:55.0372 5352  SymDS - ok
22:39:55.0388 5352  [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA          C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
22:39:55.0404 5352  SymEFA - ok
22:39:55.0419 5352  [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:39:55.0435 5352  SymEvent - ok
22:39:55.0450 5352  [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON         C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
22:39:55.0450 5352  SymIRON - ok
22:39:55.0466 5352  [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS         C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
22:39:55.0482 5352  SymNetS - ok
22:39:55.0513 5352  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:39:55.0560 5352  SysMain - ok
22:39:55.0575 5352  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:39:55.0606 5352  TabletInputService - ok
22:39:55.0606 5352  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:39:55.0638 5352  TapiSrv - ok
22:39:55.0669 5352  [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
22:39:55.0684 5352  tbhsd - ok
22:39:55.0700 5352  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:39:55.0731 5352  TBS - ok
22:39:55.0794 5352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:39:55.0856 5352  Tcpip - ok
22:39:55.0903 5352  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:39:55.0918 5352  TCPIP6 - ok
22:39:55.0950 5352  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:39:55.0981 5352  tcpipreg - ok
22:39:55.0996 5352  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:39:56.0028 5352  TDPIPE - ok
22:39:56.0043 5352  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:39:56.0074 5352  TDTCP - ok
22:39:56.0090 5352  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:39:56.0137 5352  tdx - ok
22:39:56.0152 5352  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:39:56.0168 5352  TermDD - ok
22:39:56.0184 5352  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:39:56.0246 5352  TermService - ok
22:39:56.0277 5352  TFsExDisk - ok
22:39:56.0293 5352  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:39:56.0324 5352  Themes - ok
22:39:56.0340 5352  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:39:56.0371 5352  THREADORDER - ok
22:39:56.0386 5352  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:39:56.0433 5352  TrkWks - ok
22:39:56.0496 5352  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:39:56.0542 5352  TrustedInstaller - ok
22:39:56.0558 5352  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:56.0605 5352  tssecsrv - ok
22:39:56.0620 5352  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:39:56.0652 5352  TsUsbFlt - ok
22:39:56.0667 5352  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:39:56.0698 5352  TsUsbGD - ok
22:39:56.0776 5352  [ 41A3F69FBB7CA37A3FC5CD8EF424F199 ] TuneUp.Defrag   C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:39:56.0823 5352  TuneUp.Defrag - ok
22:39:56.0870 5352  [ EBA3ABFFDADA40A2B590ADEF1A24CA24 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:39:56.0917 5352  TuneUp.UtilitiesSvc - ok
22:39:56.0979 5352  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:39:56.0995 5352  TuneUpUtilitiesDrv - ok
22:39:57.0010 5352  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:39:57.0057 5352  tunnel - ok
22:39:57.0073 5352  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:39:57.0088 5352  uagp35 - ok
22:39:57.0104 5352  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:39:57.0151 5352  udfs - ok
22:39:57.0166 5352  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:39:57.0198 5352  UI0Detect - ok
22:39:57.0229 5352  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:39:57.0229 5352  uliagpkx - ok
22:39:57.0260 5352  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:39:57.0276 5352  umbus - ok
22:39:57.0307 5352  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:39:57.0338 5352  UmPass - ok
22:39:57.0416 5352  [ FC43877B4625F6EB773C98233EB625C5 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:39:57.0510 5352  UNS - ok
22:39:57.0525 5352  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:39:57.0556 5352  upnphost - ok
22:39:57.0603 5352  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:39:57.0634 5352  usbaudio - ok
22:39:57.0666 5352  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:57.0697 5352  usbccgp - ok
22:39:57.0712 5352  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:39:57.0759 5352  usbcir - ok
22:39:57.0806 5352  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:39:57.0837 5352  usbehci - ok
22:39:57.0853 5352  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
22:39:57.0884 5352  usbhub - ok
22:39:57.0900 5352  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:39:57.0915 5352  usbohci - ok
22:39:57.0931 5352  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:39:57.0962 5352  usbprint - ok
22:39:57.0978 5352  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:57.0993 5352  USBSTOR - ok
22:39:58.0040 5352  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:39:58.0056 5352  usbuhci - ok
22:39:58.0087 5352  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:39:58.0134 5352  UxSms - ok
22:39:58.0196 5352  [ 9AC0C072FD7EDE138842BEF7DA73B0E6 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
22:39:58.0212 5352  UxTuneUp - ok
22:39:58.0227 5352  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:39:58.0243 5352  VaultSvc - ok
22:39:58.0258 5352  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:39:58.0274 5352  vdrvroot - ok
22:39:58.0290 5352  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:39:58.0352 5352  vds - ok
22:39:58.0368 5352  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:58.0383 5352  vga - ok
22:39:58.0383 5352  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:39:58.0430 5352  VgaSave - ok
22:39:58.0446 5352  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:39:58.0461 5352  vhdmp - ok
22:39:58.0461 5352  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:39:58.0477 5352  viaide - ok
22:39:58.0492 5352  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:39:58.0492 5352  volmgr - ok
22:39:58.0508 5352  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:39:58.0508 5352  volmgrx - ok
22:39:58.0524 5352  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:39:58.0539 5352  volsnap - ok
22:39:58.0555 5352  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:39:58.0570 5352  vsmraid - ok
22:39:58.0602 5352  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:39:58.0664 5352  VSS - ok
22:39:58.0742 5352  [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
22:39:58.0773 5352  vToolbarUpdater13.2.0 - ok
22:39:58.0773 5352  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:39:58.0804 5352  vwifibus - ok
22:39:58.0820 5352  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:39:58.0851 5352  vwififlt - ok
22:39:58.0867 5352  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:39:58.0914 5352  W32Time - ok
22:39:58.0929 5352  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:39:58.0945 5352  WacomPen - ok
22:39:58.0960 5352  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:39:58.0992 5352  WANARP - ok
22:39:59.0007 5352  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:39:59.0023 5352  Wanarpv6 - ok
22:39:59.0085 5352  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:39:59.0148 5352  WatAdminSvc - ok
22:39:59.0194 5352  [ 878C947C69EE89E4DBFF9DBD6155C15D ] watchmi         C:\Program Files (x86)\watchmi\TvdService.exe
22:39:59.0210 5352  watchmi ( UnsignedFile.Multi.Generic ) - warning
22:39:59.0210 5352  watchmi - detected UnsignedFile.Multi.Generic (1)
22:39:59.0257 5352  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:39:59.0319 5352  wbengine - ok
22:39:59.0335 5352  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:39:59.0350 5352  WbioSrvc - ok
22:39:59.0366 5352  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:39:59.0413 5352  wcncsvc - ok
22:39:59.0428 5352  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:39:59.0444 5352  WcsPlugInService - ok
22:39:59.0475 5352  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:39:59.0475 5352  Wd - ok
22:39:59.0538 5352  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:39:59.0569 5352  Wdf01000 - ok
22:39:59.0584 5352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:39:59.0600 5352  WdiServiceHost - ok
22:39:59.0616 5352  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:39:59.0616 5352  WdiSystemHost - ok
22:39:59.0647 5352  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:39:59.0662 5352  WebClient - ok
22:39:59.0694 5352  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:39:59.0725 5352  Wecsvc - ok
22:39:59.0740 5352  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:39:59.0772 5352  wercplsupport - ok
22:39:59.0803 5352  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:39:59.0865 5352  WerSvc - ok
22:39:59.0896 5352  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:39:59.0928 5352  WfpLwf - ok
22:39:59.0943 5352  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:39:59.0943 5352  WIMMount - ok
22:39:59.0974 5352  WinDefend - ok
22:39:59.0974 5352  WinHttpAutoProxySvc - ok
22:40:00.0006 5352  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:40:00.0052 5352  Winmgmt - ok
22:40:00.0099 5352  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:40:00.0162 5352  WinRM - ok
22:40:00.0224 5352  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:00.0240 5352  WinUsb - ok
22:40:00.0271 5352  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:40:00.0318 5352  Wlansvc - ok
22:40:00.0380 5352  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:40:00.0396 5352  wlcrasvc - ok
22:40:00.0442 5352  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:00.0505 5352  wlidsvc - ok
22:40:00.0520 5352  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:40:00.0552 5352  WmiAcpi - ok
22:40:00.0567 5352  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:40:00.0598 5352  wmiApSrv - ok
22:40:00.0630 5352  WMPNetworkSvc - ok
22:40:00.0661 5352  wolf - ok
22:40:00.0708 5352  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:40:00.0723 5352  WPCSvc - ok
22:40:00.0739 5352  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:40:00.0754 5352  WPDBusEnum - ok
22:40:00.0770 5352  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:40:00.0801 5352  ws2ifsl - ok
22:40:00.0817 5352  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:40:00.0848 5352  wscsvc - ok
22:40:00.0848 5352  WSearch - ok
22:40:00.0864 5352  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
22:40:00.0879 5352  wsvd - ok
22:40:00.0910 5352  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:40:00.0973 5352  wuauserv - ok
22:40:00.0973 5352  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:40:01.0020 5352  WudfPf - ok
22:40:01.0035 5352  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:01.0082 5352  WUDFRd - ok
22:40:01.0098 5352  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:40:01.0129 5352  wudfsvc - ok
22:40:01.0144 5352  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:40:01.0160 5352  WwanSvc - ok
22:40:01.0176 5352  ================ Scan global ===============================
22:40:01.0207 5352  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:40:01.0207 5352  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:40:01.0222 5352  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:40:01.0238 5352  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:40:01.0254 5352  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:40:01.0269 5352  [Global] - ok
22:40:01.0269 5352  ================ Scan MBR ==================================
22:40:01.0269 5352  [ 753CA1D394F3C0855134963D7361060F ] \Device\Harddisk0\DR0
22:40:03.0126 5352  \Device\Harddisk0\DR0 - ok
22:40:03.0126 5352  ================ Scan VBR ==================================
22:40:03.0126 5352  [ B5967DEE3556AB5547CE4A01720D3A87 ] \Device\Harddisk0\DR0\Partition1
22:40:03.0126 5352  \Device\Harddisk0\DR0\Partition1 - ok
22:40:03.0173 5352  [ 723B1384481DF8BCF39370C73915C3B3 ] \Device\Harddisk0\DR0\Partition2
22:40:03.0173 5352  \Device\Harddisk0\DR0\Partition2 - ok
22:40:03.0204 5352  [ 321024554349D673DA11DF6C854568BF ] \Device\Harddisk0\DR0\Partition3
22:40:03.0219 5352  \Device\Harddisk0\DR0\Partition3 - ok
22:40:03.0219 5352  ============================================================
22:40:03.0219 5352  Scan finished
22:40:03.0219 5352  ============================================================
22:40:03.0219 5132  Detected object count: 8
22:40:03.0219 5132  Actual detected object count: 8
22:40:12.0067 5132  DFSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  DFSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:40:12.0067 5132  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:40:12.0067 5132  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:40:12.0067 5132  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:40:12.0067 5132  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:40:12.0067 5132  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:40:12.0067 5132  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:40:12.0067 5132  watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132  watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 10.11.2012, 21:59   #15
markusg
/// Malware-holic
 
Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Standard

Rechner mit 'Torpig' und/oder 'Mebroot' infiziert



sieht bisher ok aus.
auf beiden pcs:
lade hitman pro
http://www.trojaner-board.de/99424-c...o-scannen.html
lizense, aktivate test lizense.
dann auf scan, nichts löschen, am ende log als xml exportieren und posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Rechner mit 'Torpig' und/oder 'Mebroot' infiziert
32 bit, abbruch, autorun, avira, bho, desktop, error, firefox, flash player, format, helper, home, hängt, infizierte dateien, install.exe, league of legends, logfile, mozilla, nvidia update, problem, realtek, registry, rundll, scan, sinkhole, software, svchost.exe, symantec, teamspeak, vista



Ähnliche Themen: Rechner mit 'Torpig' und/oder 'Mebroot' infiziert


  1. Unsicher ob GVU-Trojaner (oder ähnliches) noch auf dem Rechner ist oder ob dieser entfernt wurde.
    Mülltonne - 29.01.2015 (0)
  2. Rechner ist infiziert u.a. mit TrojanFake.MS
    Log-Analyse und Auswertung - 10.08.2013 (11)
  3. Laut Telekom: Torpig/Mebroot - aber keine Funde
    Log-Analyse und Auswertung - 31.10.2012 (5)
  4. T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats?
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (34)
  5. Mebroot/Torpig/Sinowal, Warnung der Uni
    Log-Analyse und Auswertung - 06.06.2012 (22)
  6. Rechner durch Download eines Wurms infiziert oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (37)
  7. torpig und/oder Mebroot infizierung
    Log-Analyse und Auswertung - 16.10.2011 (5)
  8. T-Online meldet Torpig und Mebroot
    Log-Analyse und Auswertung - 09.08.2011 (12)
  9. T-Online meldet Torpig und Mebroot
    Log-Analyse und Auswertung - 03.08.2011 (18)
  10. Rechner infiziert........
    Plagegeister aller Art und deren Bekämpfung - 16.03.2011 (4)
  11. Habe ich einen Virus oder Malware oder sonstiges auf dem Rechner?
    Log-Analyse und Auswertung - 15.08.2010 (23)
  12. Rechner infiziert?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (4)
  13. boot.mebroot bzw. win32/mebroot.mbr Problem - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 28.12.2009 (10)
  14. Rechner infiziert!?
    Log-Analyse und Auswertung - 22.12.2008 (2)
  15. Rechner infiziert?
    Mülltonne - 21.12.2008 (0)
  16. Rechner infiziert mit Malware!
    Log-Analyse und Auswertung - 14.06.2008 (1)
  17. Rechner infiziert
    Plagegeister aller Art und deren Bekämpfung - 07.03.2007 (2)

Zum Thema Rechner mit 'Torpig' und/oder 'Mebroot' infiziert - Guten Tag. Das t-online-abuse-team hat mir mitgeteilt, dass über meinen Internetzugang ein sog. Sinkhole kontaktiert wurde und das laut Beschwerdeführer mind. einer meiner Rechner mit 'Torpig' und/oder 'Mebroot' infiziert sind. - Rechner mit 'Torpig' und/oder 'Mebroot' infiziert...
Archiv
Du betrachtest: Rechner mit 'Torpig' und/oder 'Mebroot' infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.