Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.12.2012, 19:17   #1
Jo.Ro
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Hallo zusammen,

ich bin anscheinend nicht der einzige, der das Problem hat, aber ich dachte, ich frage besser einmal nach, wie ihr die Lage hier einschätzt.

Seit ca. einer Woche erhalte ich massig "Mail delivery status failed" Mails auf mein Web.de Konto. Die Mails laufen im Viertelstundentakt bei mir rund um die Uhr auf, aber nur über einen Zeitraum von ca. 8-10h pro Tag. Da ich schon so viele gelöscht habe, kann ich das nicht mehr genau nachvollziehen. Diese Mails laufen auch auf, wenn ich den Rechner nicht am laufen haben oder von irgendwo anderes auf mein eMail-Fach/Programm (Thunderbird) zugreife. Als Browser nutze ich Firefox. BS ist Win 7 64bit. Updates sind alle auf dem neusten Stand.


Habe bisher folgende Aktionen unternommen:
Adobe Air/Flash/Reader deinstalliert
Java deinstalliert
Defogger installiert und gemäß Anleitung ausgeführt
OTL installiert und gemäß Anleitung ausgeführt
Malwarebytes Anti-Malware ausgeführt ohne Resultat
Passwort wird gleich geändert


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.12.2012 19:39:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,34% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 393,27 Gb Free Space | 84,45% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 435,86 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
 
Computer Name: XXX| User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 19:29:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.03 19:12:52 | 001,354,736 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2012.11.27 06:33:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.27 06:33:30 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.27 06:33:30 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.11.16 10:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012.10.31 20:40:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2008.06.06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
PRC - [2008.06.06 11:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008.06.04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
PRC - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.03 19:37:52 | 000,835,072 | ---- | M] () -- D:\Steam\sdl.dll
MOD - [2012.12.03 19:37:50 | 020,319,568 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012.12.03 19:37:50 | 001,099,616 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012.12.03 19:37:50 | 000,965,616 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012.12.03 19:37:50 | 000,190,816 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012.12.03 19:37:50 | 000,123,232 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012.10.31 20:40:14 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2008.06.06 11:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008.06.06 11:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008.06.04 17:59:34 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\di2c.dll
MOD - [2008.06.04 17:59:34 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\smsc.dll
MOD - [2008.06.04 17:59:34 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\null.dll
MOD - [2008.06.04 17:58:18 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\drivers\vista.dll
MOD - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
MOD - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007.02.09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.27 06:33:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.27 06:33:30 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.10.31 17:42:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 13:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.06.06 11:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008.06.04 17:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.03 19:24:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012.11.14 18:13:37 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.14 18:13:36 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.04.18 15:20:31 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.22 12:56:32 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.16 10:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.06.04 17:59:44 | 000,020,520 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002.07.17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D BF 3C 6C 1F DB CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={B8E462C8-8168-4168-A8CB-2723A39656EF}&mid=7604f11ec7ea47d0a984d16dca8209cb-c586dc351b53ca840fabcf0b7d455a798f90ec44&lang=de&ds=avgab0&pr=sa&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EA299F2A-CA9B-465D-A847-82FF56D0DC91}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.03 19:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.03 19:15:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 17:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.10.10 21:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.22 12:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.03 19:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rvwflitq.default\extensions
[2012.12.03 19:23:51 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rvwflitq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.12.03 19:23:54 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\rvwflitq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.11.25 13:09:30 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rvwflitq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.31 20:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.04 17:34:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.31 20:40:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.30 07:03:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.09 19:39:25 | 000,003,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.10.30 07:03:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.30 07:03:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.30 07:03:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.30 07:03:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.30 07:03:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [4StoryPrePatch] d:\4Story_DE\PrePatch.exe File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E823D94-20B3-480A-8B49-ABF470669E56}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91E19F34-C164-4D9D-93F9-2142CE34F097}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02f0d90e-0ade-11e2-ae1c-00248c66e038}\Shell - "" = AutoRun
O33 - MountPoints2\{02f0d90e-0ade-11e2-ae1c-00248c66e038}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{0e998102-0d71-11e1-9ae8-00248c66e038}\Shell - "" = AutoRun
O33 - MountPoints2\{0e998102-0d71-11e1-9ae8-00248c66e038}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{8e23c50f-69c7-11e0-a0e2-00248c66e038}\Shell - "" = AutoRun
O33 - MountPoints2\{8e23c50f-69c7-11e0-a0e2-00248c66e038}\Shell\AutoRun\command - "" = F:\AutorunShim.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.03 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.12.03 19:34:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.03 19:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.03 19:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.03 19:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.03 19:30:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.03 19:30:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2012.12.03 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012.12.03 19:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.12.03 19:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.12.03 19:24:30 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.12.03 19:24:30 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2012.12.03 19:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012.12.03 19:24:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2012.12.03 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.12.03 19:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012.12.03 19:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012.12.03 19:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.11.25 19:31:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Duke Nukem Forever
[2012.11.17 10:46:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.17 10:46:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.17 10:40:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.17 10:40:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.17 10:40:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.17 10:40:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.17 10:40:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.17 10:40:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.17 10:40:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.17 10:40:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.17 10:40:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.17 10:40:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.17 10:40:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.17 10:40:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.17 10:40:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.17 10:40:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.17 10:40:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.17 10:39:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.17 10:39:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.17 10:39:32 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.17 10:39:32 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.17 10:23:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.17 10:23:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.17 10:23:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.17 10:23:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.17 10:23:52 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.17 10:23:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.17 10:23:51 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.17 10:23:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.17 10:23:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.17 10:23:40 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.17 10:23:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.11 18:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Remedy
[2012.11.11 10:43:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\My Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 19:43:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.03 19:43:46 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.03 19:43:46 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.03 19:43:46 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.03 19:43:46 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.03 19:38:08 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.12.03 19:37:45 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 19:37:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 19:37:27 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.03 19:36:24 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.12.03 19:34:26 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.03 19:29:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.03 19:29:10 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.12.03 19:24:29 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.12.03 19:24:29 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2012.12.03 19:20:14 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 19:20:14 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 07:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 18:42:39 | 000,000,201 | ---- | M] () -- C:\Users\***\Desktop\Borderlands 2.url
[2012.11.17 12:29:56 | 000,342,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.14 18:13:37 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.14 18:13:36 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.03 19:36:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.12.03 19:34:26 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.03 19:30:28 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.12.03 19:24:51 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.11.29 18:42:39 | 000,000,201 | ---- | C] () -- C:\Users\***\Desktop\Borderlands 2.url
[2012.11.17 10:46:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 10:39:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.13 20:50:07 | 000,025,483 | ---- | C] () -- C:\Windows\scunin.dat
[2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.13 19:12:19 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.06.13 19:12:19 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.05.19 10:57:19 | 000,015,428 | ---- | C] () -- C:\Users\***\RefEdit.exd
[2012.04.23 05:26:00 | 000,084,253 | ---- | C] () -- C:\Users\***\bookmarks.html
[2011.11.02 21:15:06 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.20 15:14:16 | 000,941,537 | ---- | C] () -- C:\Users\***\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf
[2011.05.30 12:28:01 | 000,097,769 | ---- | C] () -- C:\Users\***\Gehaltsanalyse Berufserfahrene ***.pdf
[2011.05.17 19:53:54 | 000,010,654 | ---- | C] () -- C:\Users\***\Adressbuch.ldif
[2011.04.20 09:38:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.20 09:38:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.20 08:37:54 | 000,098,089 | ---- | C] () -- C:\Users\***\***, ***.V2010
[2011.04.20 08:31:45 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini
[2011.03.08 20:15:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.25 21:13:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.25 21:13:23 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.01.22 12:50:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.01.22 12:44:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.22 12:25:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.22 12:07:59 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011.01.22 11:12:53 | 010,383,196 | ---- | C] () -- C:\Users\***\fazer600.zip
[2011.01.22 11:12:53 | 000,083,234 | ---- | C] () -- C:\Users\***\Wiederbesteller-Rabatt.pdf
[2011.01.22 11:12:53 | 000,004,011 | ---- | C] () -- C:\Users\***\Buddies.xml
[2011.01.22 10:55:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
         
Extras Logfile
Code:
ATTFilter
OTL Extras logfile created on: 03.12.2012 19:39:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,34% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 393,27 Gb Free Space | 84,45% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 435,86 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6AA79C-C522-4BFA-A47C-96FEA0701FD9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1FC847C3-86B7-4C39-88C6-D6E239825642}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23955638-095F-4EAF-A8B6-45F9678F9514}" = rport=137 | protocol=17 | dir=out | app=system | 
"{27145373-0C72-4777-8B15-E2A482888C85}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3301DD80-DE2C-4E2C-AE1C-85D3DE160029}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39EC6AB9-D884-4075-9339-B412B16DE548}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5352180F-CF5B-41F8-B1A4-7E1A060EAD96}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5D3E6DB7-7673-4828-922A-E9FF8CB3ECC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5FC2E89D-DDA4-496C-8B0C-D36FE2D1D161}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6E8761A6-4ED0-4903-8247-F54C9085556F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{76B30F77-3C4B-46B2-85C8-ABA577BFBCC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7BC9F925-FA40-4D90-A3E9-91C685FF8B76}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7C98EF57-BDC1-45DF-958A-88C575B0121C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89BB65D4-CEC7-4694-B0DF-5085CBEAEDBF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{96E46253-B371-46A7-91E5-2987B595FBA2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{98600902-670A-4CBB-B363-F6674C0E2E45}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9DF0689-1A81-463F-9223-BF9868C2E62E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D8397402-8AFF-4766-896D-26694A453E7E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D9885D4C-4CF8-429A-85AB-E1F0A9356726}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EAFD71C9-43E7-4E69-89EF-A53AC499E9DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2DA323D-DCD3-4275-B481-01C6E4CBE9D2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F59DBD69-8FA0-4D4C-BB4C-23F928A00F99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD534736-144F-462D-94D6-176DE453EDFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0058B39D-0EEE-497B-A89F-5BF261C7053F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{0189A506-7216-44DA-8446-0B1F2FF09CBA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{044C82D4-A84C-4D23-AC0F-055B323D7910}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{04C3286C-42F9-429A-8FEB-7B91B6E71AAF}" = protocol=6 | dir=in | app=d:\diablo iii beta\diablo iii.exe | 
"{0756700C-E2B6-4E24-AFF5-66A78EB55E14}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{09EDC600-6B6E-48B1-BD58-D603A8A6F5A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0A0CF1BF-27F0-42A9-B522-81F714D0853C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{0E2F3B04-1FCE-43B3-9DC8-888418FA2B73}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{12809A07-E643-4121-AAE7-E59823181DCA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{12AE7D02-4465-4B92-97F1-A61895DDC99B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BE1D7A3-58CF-45BC-92D7-5435CEFC43BB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{1FB57D7A-C660-4EB0-BD55-923694054ACE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{273FC65E-9DF2-4F22-A50E-0B5AF63A430D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{2A8484CD-45A9-45FC-9426-3BF92C4FCF25}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{382E4AA6-18A0-4AD1-BD73-91D50277F704}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{3FE462B5-85F7-47F9-973C-254367B318C2}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{40D1F14E-58D7-48D7-925B-E901B786974C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{4D7386B7-1C2B-4384-A678-07AEF33C46E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{50412F8B-12EE-431B-A1E5-32EB66A815F0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{511D6D4B-A35D-4DBA-8BDA-EFDFD35C4B25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{53716B8D-81B7-4B6B-B292-3F49ED3293CD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{5D8F73E9-0B68-477D-AA43-8A45E86A1929}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6546FE63-7001-4927-8AE7-AA71087932B1}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{6EF77DF5-34E3-4984-B259-46442A63FA49}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7434865F-CB99-46AF-B408-8C63B148EC58}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{750CD709-F742-46F7-AFC7-1BE4FC386DC9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{75E09F0E-F931-4A1F-921E-F706D5BCF137}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{75F56C66-1D64-4FCB-949D-228E065F3CED}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{77AA1685-47DF-4735-B38B-149297463BF0}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{7819B4F3-ACCF-4EFA-8EC0-0A9A8C288D0B}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{7AEA9A39-CBA9-4756-B8E0-337A639E0317}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{7C29440C-0E63-4E7B-B005-83515F4CCE75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7E1B9F39-21FE-480C-AE57-184D3A82A7D0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{7F4C9F4B-5359-415B-A6C5-BA191924F7A4}" = protocol=17 | dir=in | app=d:\diablo iii beta\diablo iii.exe | 
"{843EF6CC-AB47-4278-9B49-0B6F90C0E8AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{873E552B-C4C2-4960-8375-066052A7AC12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8CD43F59-0BC3-4458-95F9-BBB32F9938B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{91EA047B-1323-4CE7-ACF3-379D107510DA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{927004BE-9DA8-4C2B-8659-41EB2989DD56}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{982307BD-5E97-44BD-B779-66C6A9B1632F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{98316AE4-D8F7-4995-A99A-5DE53D5174E7}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{9DA244C2-5A48-401A-8687-BFCDFFACBC7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A47B32BB-9871-41AA-BC6E-8C44771895CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{A9DAD80C-9604-4EA4-AFCD-853776D04480}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{AB7FD39D-5900-463D-AC91-52710661AAE0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{B30815BC-C88C-4581-A588-926C46A29A9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B401D7FB-C694-4559-A5A0-D24897A1D170}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{B4133D4A-7D1D-4D90-8165-B3F7A1AB3682}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{B531541F-08EC-4C6C-B4D0-B355766917C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7CFB3E9-F5B7-430B-AC43-56CF56FCAB0B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B93A6AF9-D33A-44B8-BB15-133C2720DE2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BB406A8A-9789-42BB-99E0-B812CE9A4BF3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C20A8C2D-C45E-4BB8-BA8E-799DBC07157C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{C5C72AA6-2CAC-46EA-A91B-2DBE7DB2D315}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CAB829C0-BCDD-47F3-8F36-F0A29F1C80DD}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{CE2D8D9A-4C4A-4416-B3D9-4D9AC6E8EB69}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D621F2A1-313B-4631-95B4-7EDB6714B195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9A09403-80F4-4A5A-9DBB-DFC67B1F0B9A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{DAC3DF5E-F92B-454D-89A7-23BB34105CC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCA1D8F0-E03E-4BC0-ACE6-3E229577C758}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{E2D17E14-0FFC-4937-992F-7E9535E52501}" = protocol=6 | dir=out | app=system | 
"{EB1ED4AF-3B50-46A0-93C4-72D4E7E9129A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F33CDD48-CEFE-40BB-B9E4-50FC8805470A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F83421C3-956A-459C-9701-EED2588762B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F861827F-CB89-49DD-A75E-F6E46A97B905}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{FA4EE750-5EC5-4818-B189-3B6B5FEE0A52}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{FBC8C18A-FFEF-43A6-90DC-F1FE11853C87}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{FC1DD3D7-CC52-458C-A40F-69372CAAB1EA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{FE0132D9-A489-4FF5-A4AD-0E81B3522F69}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{FEF581F5-7044-4D9C-A730-A791B387A368}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FEFA7A39-150F-4C54-BE98-48FFB430C812}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{0DD65740-C8E0-4195-8E52-87BFD4C898E2}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{10203671-33CC-43C0-B794-D850F6D1AF7E}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{17ABC9ED-AA47-4C11-94C9-9E05951BD16A}D:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{1B2B2EFF-E302-4B0E-A1F3-63BAF51DAC55}D:\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=d:\cryptic studios\star trek online\live\gameclient.exe | 
"TCP Query User{20991CAB-775C-4B73-9A8A-E044AF3F6AB8}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{3DE812D4-34F8-43E4-805F-D7F4F51250F8}C:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe | 
"TCP Query User{3F4C0E83-7799-4B1E-89EB-B5CA40A08A22}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{45336AEB-1043-4DED-911B-832801B7ABE7}C:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe | 
"TCP Query User{52FB8FF3-6B6C-47A4-B1C4-71039248B7AF}D:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\starcraft\starcraft.exe | 
"TCP Query User{6AE6E5E3-7A51-4F22-9158-4E29811F140C}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{A70C1860-F161-4141-BB3D-3D57A646DFE8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{EB7D4F24-8423-4CB1-9C48-9570CBC9DA16}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{EE52BD31-4EB6-4B72-A0FE-58B821A420C5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{0E04FB76-15B3-4080-B3E7-83310EA8B446}C:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wolterskluwer\bgb-kommentar\server\apache\bin\lexpro.exe | 
"UDP Query User{269D1DBD-D549-4A51-80F9-2CA49038E47C}D:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\starcraft\starcraft.exe | 
"UDP Query User{340F422F-EAD7-442B-8134-38CB246990A4}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{3CD6D987-1735-42EF-9E34-DFDD4B045EA4}D:\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=d:\cryptic studios\star trek online\live\gameclient.exe | 
"UDP Query User{3F345E3A-91E7-4714-848E-F0CE75287A02}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{52029185-1919-459F-A993-11382F48DF03}C:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lighthouse interactive\sword of the stars\sword of the stars.exe | 
"UDP Query User{81F3E7E3-9E88-4986-9DB1-CDFF81DD1F75}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{8A6B4F49-59B8-4C21-9951-B4BD9C1BE317}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{99AE3FCF-8EE1-40C6-9DA1-DE7E5C5F0A8C}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{A76A2282-C18F-4087-A2FE-28C40585A6BF}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{B5CE19BE-9693-42AF-8281-EA1898BC9819}D:\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{BD8ABC55-61C1-4472-89FB-B1D5F38C649B}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{E455EA82-BFAC-4F1C-909F-9E9132E42D50}D:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ABEF5E2-4F31-9543-EF17-AFC61AD96DB5}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7A47656D-0369-4C67-D98C-DA369EC504C2}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{DE1B48FB-0EA4-6E6F-5335-9095994CB7EB}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.20
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{03533053-A0DD-0A8F-F18B-388CF251929B}" = CCC Help Finnish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04D38795-0B33-C6FC-47C9-D85DBAF82216}" = CCC Help Norwegian
"{0A225245-3D91-7DD2-630D-4366FA9D7BCF}" = CCC Help Thai
"{0AB51E62-5AA1-5ECC-F836-F9485DD487C3}" = Catalyst Control Center Localization All
"{0B94CF00-3A9C-AEBF-265D-EABF6EC11CEA}" = Catalyst Control Center InstallProxy
"{0C0F9C71-1185-7A98-DBE3-BC26CD85352E}" = CCC Help Korean
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205534F9-935B-4F67-6CA1-0356441E78F9}" = CCC Help Dutch
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C15735B-1EBA-5719-4ADD-F457205F1BA6}" = Catalyst Control Center Graphics Previews Common
"{2CA51DE4-4B69-EF24-841E-32363DE7D374}" = CCC Help Japanese
"{2E7A3D47-285C-AA71-5F43-7AD3C45A24C1}" = CCC Help English
"{2FE0023B-3858-3D60-DC15-E325E7BBBCE0}" = CCC Help Greek
"{3C12C57B-8BD0-25E0-57C6-63DBB96AF447}" = CCC Help German
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5CD0CFB1-3FE9-600A-36E4-03E1523C4989}" = CCC Help Swedish
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6E209506-FD15-E2CC-AF7E-D1B9C5C83DC3}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{7E5B60E2-32F4-1052-8471-708EF7965167}" = Catalyst Control Center Profiles Desktop
"{81D34549-684B-86FC-B25F-AA948D831194}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9400B65A-43D5-9A1F-9A94-28126CB7F684}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FF1B47E-957E-DE11-6610-799DD98BAD42}" = CCC Help Czech
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE1A891D-68BF-0BE5-A51D-7EF7187230D4}" = CCC Help French
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C66B45D6-0A09-0F9A-39EC-06AE4B2C1DB5}" = CCC Help Portuguese
"{C82EB045-FD47-F4F9-2527-F0195DEE1637}" = CCC Help Danish
"{CE0EF487-4B1D-7800-2BCE-CC931A6DEE3E}" = CCC Help Spanish
"{D85DCD8F-2FED-306F-0BF4-9508722A1D92}" = CCC Help Chinese Traditional
"{e05859e4-7455-4d01-a9dc-1da760a5d903}" = Ad-Aware Antivirus
"{EB0B4C36-0171-73BF-B119-11FE8E641F6E}" = ccc-core-static
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F39B1FAE-1E05-E275-2594-C22F91D585F0}" = CCC Help Hungarian
"{F67958D5-BF91-56EF-3792-363A555155B3}" = CCC Help Polish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"adawaretb" = Ad-Aware Security Add-on
"Avira AntiVir Desktop" = Avira Free Antivirus
"Civilization V" = Sid Meier's Civilization V
"Diablo III" = Diablo III
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Star Trek Online" = Star Trek Online
"Starcraft" = Starcraft
"Steam App 400" = Portal
"Steam App 49520" = Borderlands 2
"Steam App 50130" = Mafia II
"Steam App 50300" = Spec Ops: The Line
"Steam App 50620" = Darksiders
"Steam App 57900" = Duke Nukem Forever
"Steam App 8930" = Sid Meier's Civilization V
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.03.2012 11:34:35 | Computer Name = *** | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 25.03.2012 11:36:05 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.03.2012 13:16:06 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 29.03.2012 16:01:56 | Computer Name = *** | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 29.03.2012 16:03:13 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.04.2012 12:49:15 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 05.04.2012 00:45:53 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.04.2012 07:51:44 | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.04.2012 08:31:53 | Computer Name = *** | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 06.04.2012 08:33:22 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 02.12.2012 12:48:47 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 02.12.2012 12:48:47 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 03.12.2012 01:32:16 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.12.2012 01:32:16 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 03.12.2012 13:09:55 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.12.2012 13:09:55 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 03.12.2012 14:12:38 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.12.2012 14:12:38 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 03.12.2012 14:37:45 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.12.2012 14:37:45 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
 
< End of report >
         
Auszüge aus den Headern
Code:
ATTFilter
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"x44195725797@pol.com":
domain has no mail exchangers



--- The header of the original message is following. ---

Received: from tjudezaci ([113.240.220.125]) by smtp.web.de (mrweb101) with
 ESMTPA (Nemesis) id 0MAdx1-1TVPNq3Hb9-00BWEM for <x44195725797@pol.com>; Mon,
 03 Dec 2012 17:05:30 +0100
Message-ID: <C564AA159D70A42BB9405BCAA73EB12D@tjudezaci>
From: "WOW"
To: <x44195725797@pol.com>
Subject: =?utf-8?B?4piFPDU3NTQ3ND7imIVXT1dnb2xkX18x?=
	=?utf-8?B?M1VTRD0xMEsgUHJvbWlzZSA1TUk=?=
	=?utf-8?B?TlMgZGVsaXZlcnkh?=
Date: Tue, 4 Dec 2012 00:05:23 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0291_015BE0F3.17BFBCC0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Sender: XXX.XXX@web.de
X-Provags-ID: V02:K0:XN19+LEzJneBirPOmvw4glKt5Nme3zmUoJqvPRWeX8o
 EE+eAHBxBn9ibdqWATLLX+O/ugHoyFt8BVR0JTvrBHDwVhMqLf
 0kdWKspJOCQVL2mCLh0Z6Ivv72puUOqKBzspKx96+gTDCn7Jdw
 SNpZEWGQTyNb4adK1iVJ/ulKNm1B+mqdxwTZODd6A7f6QUklW/
 Tfl+8kRilLsTHY/vtgNlA==
         
Code:
ATTFilter
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"gdx@yahoo.co.uk":
SMTP error from remote server after transfer of mail text:
host: mx-eu.mail.am0.yahoodns.net
delivery error: dd This user doesn't have a yahoo.co.uk account (gdx@yahoo.co.uk) [-5] - mta1084.mail.ukl.yahoo.com


--- The header of the original message is following. ---

Received: from qtjrfy ([113.240.220.125]) by smtp.web.de (mrweb101) with
 ESMTPA (Nemesis) id 0MRU72-1Tlyxm2nua-00TLrV for <gdx@yahoo.co.uk>; Mon, 03
 Dec 2012 07:21:00 +0100
Message-ID: <38A6AE75E8008EE192D8548CD0997F29@qtjrfy>
From: "WOW"
To: <gdx@yahoo.co.uk>
Subject: =?utf-8?B?4piFPDIyNDMwNz7imIVXT1dnb2xkX18x?=
	=?utf-8?B?M1VTRD0xMEsgUHJvbWlzZSA1TUk=?=
	=?utf-8?B?TlMgZGVsaXZlcnkh?=
Date: Mon, 3 Dec 2012 14:20:49 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0F0C_019453A6.1880AE60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Sender: XXX.XXX@web.de
X-Provags-ID: V02:K0:BXpkJtWW2j7prPd7SNY1yXoqh34OFIOZfWU19dk2Dc6
 ZanTNASADQwo/cNsYqy39cTXYI9bJ9TvX9JXRnqWj7yjZ0L3wc
 zFw+vD/IZH8Ym7k66GWf6cM3VHvUKg5Z0cTSMNReMKaHtmUIB5
 4F837uKylXc91a741ztDjGKMWWtdvT6QtfZVlft0yKTP84VBmq
 JmRXUU/C2wr50YOcQc3MA==
         
Code:
ATTFilter
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"aznkooldude2009@yahoo.com":
delivery attempt aborted after too many errors



--- The header of the original message is following. ---

Received: from broc ([113.240.220.125]) by smtp.web.de (mrweb003) with ESMTPA
 (Nemesis) id 0MRCoR-1TnVS93JkN-00UG92 for <aznkooldude2009@yahoo.com>; Thu,
 29 Nov 2012 04:35:56 +0100
Message-ID: <ED5DE27692D43F87BA4C0173337BBA36@broc>
From: "WOW"
To: <aznkooldude2009@yahoo.com>
Subject: =?utf-8?B?4piFV09XR09MROKYhV9fMTAwMDBHPTEw?=
	=?utf-8?B?VVNEIFRvZGF54piFOTYzODY=?=
Date: Thu, 29 Nov 2012 11:35:52 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_066B_0149780A.1AF25370"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Sender: XXX.XXX@web.de
X-Provags-ID: V02:K0:IcECKPYq/izCphQhzakEX/8+2NxLbZALm4CT6ye5GYd
 P/2JcSv9KX2A7Mt/44h2jUtODfI7oaelv72NlyGPTHCZK4rbPW
 oNS3ggPqEIRl4gbAoFLIhVKLAIL7dINPnhvewoKrc3HvhOZruE
 BiPdb/URGzVhN2QUZN2PPsOG7S/LAZd5qaSpdowYdKpnwursDP
 MRc/z7gu6RV+rOvZDdGSQ==
         

Ich hoffe, jemand kann mir hierbei helfen oder zumindest bestätigen, dass sich bei mir kein Wurm oder so im System befindet.

MfG

Alt 03.12.2012, 19:20   #2
markusg
/// Malware-holic
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Hi
passwörter erst am ende ändern.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 03.12.2012, 19:31   #3
Jo.Ro
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Hi,

OK, dann PW noch nicht reseten.

Anbei das Logfile.
2 Medium Funde mit Skip bestätigt.

Code:
ATTFilter
20:28:27.0677 1820  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:28:27.0983 1820  ============================================================
20:28:27.0984 1820  Current date / time: 2012/12/03 20:28:27.0983
20:28:27.0984 1820  SystemInfo:
20:28:27.0984 1820  
20:28:27.0984 1820  OS Version: 6.1.7601 ServicePack: 1.0
20:28:27.0984 1820  Product type: Workstation
20:28:27.0984 1820  ComputerName: ***
20:28:27.0984 1820  UserName: ***
20:28:27.0984 1820  Windows directory: C:\Windows
20:28:27.0984 1820  System windows directory: C:\Windows
20:28:27.0984 1820  Running under WOW64
20:28:27.0984 1820  Processor architecture: Intel x64
20:28:27.0984 1820  Number of processors: 2
20:28:27.0984 1820  Page size: 0x1000
20:28:27.0984 1820  Boot type: Normal boot
20:28:27.0984 1820  ============================================================
20:28:28.0827 1820  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:28:28.0856 1820  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:28:28.0859 1820  ============================================================
20:28:28.0859 1820  \Device\Harddisk1\DR1:
20:28:28.0859 1820  MBR partitions:
20:28:28.0859 1820  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:28:28.0859 1820  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:28:28.0859 1820  \Device\Harddisk0\DR0:
20:28:28.0860 1820  MBR partitions:
20:28:28.0860 1820  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
20:28:28.0860 1820  ============================================================
20:28:28.0883 1820  C: <-> \Device\Harddisk1\DR1\Partition2
20:28:28.0913 1820  D: <-> \Device\Harddisk0\DR0\Partition1
20:28:28.0913 1820  ============================================================
20:28:28.0913 1820  Initialize success
20:28:28.0913 1820  ============================================================
20:28:33.0121 3428  ============================================================
20:28:33.0121 3428  Scan started
20:28:33.0121 3428  Mode: Manual; SigCheck; TDLFS; 
20:28:33.0121 3428  ============================================================
20:28:33.0748 3428  ================ Scan system memory ========================
20:28:33.0748 3428  System memory - ok
20:28:33.0749 3428  ================ Scan services =============================
20:28:33.0883 3428  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:28:33.0926 3428  1394ohci - ok
20:28:33.0951 3428  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:28:33.0963 3428  ACPI - ok
20:28:33.0987 3428  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:28:33.0998 3428  AcpiPmi - ok
20:28:34.0100 3428  [ AAD408B6A66595432405C97F73D6FF00 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
20:28:34.0125 3428  Ad-Aware Service - ok
20:28:34.0161 3428  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:28:34.0175 3428  adp94xx - ok
20:28:34.0194 3428  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:28:34.0206 3428  adpahci - ok
20:28:34.0218 3428  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:28:34.0228 3428  adpu320 - ok
20:28:34.0253 3428  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:28:34.0279 3428  AeLookupSvc - ok
20:28:34.0317 3428  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:28:34.0330 3428  AFD - ok
20:28:34.0360 3428  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:28:34.0370 3428  agp440 - ok
20:28:34.0383 3428  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:28:34.0394 3428  ALG - ok
20:28:34.0413 3428  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:28:34.0423 3428  aliide - ok
20:28:34.0437 3428  [ DCEEE24E57E8176115207312F827C130 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:28:34.0450 3428  AMD External Events Utility - ok
20:28:34.0465 3428  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:28:34.0473 3428  amdide - ok
20:28:34.0491 3428  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:28:34.0501 3428  AmdK8 - ok
20:28:34.0657 3428  [ F6640D83AF0FD74C50E23E68548EA9A0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:28:34.0727 3428  amdkmdag - ok
20:28:34.0753 3428  [ 20B63276A1920B41E1C56720B395049B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:28:34.0762 3428  amdkmdap - ok
20:28:34.0772 3428  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:28:34.0781 3428  AmdPPM - ok
20:28:34.0816 3428  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:28:34.0825 3428  amdsata - ok
20:28:34.0838 3428  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:28:34.0849 3428  amdsbs - ok
20:28:34.0861 3428  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:28:34.0870 3428  amdxata - ok
20:28:34.0924 3428  [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:28:34.0934 3428  AntiVirSchedulerService - ok
20:28:34.0976 3428  [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:28:34.0987 3428  AntiVirService - ok
20:28:35.0023 3428  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:28:35.0059 3428  AppID - ok
20:28:35.0069 3428  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:28:35.0097 3428  AppIDSvc - ok
20:28:35.0118 3428  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:28:35.0143 3428  Appinfo - ok
20:28:35.0180 3428  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:28:35.0190 3428  AppMgmt - ok
20:28:35.0206 3428  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:28:35.0215 3428  arc - ok
20:28:35.0223 3428  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:28:35.0233 3428  arcsas - ok
20:28:35.0313 3428  [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
20:28:35.0322 3428  AsIO - ok
20:28:35.0351 3428  Aspi32 - ok
20:28:35.0363 3428  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:28:35.0401 3428  AsyncMac - ok
20:28:35.0423 3428  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:28:35.0432 3428  atapi - ok
20:28:35.0485 3428  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:28:35.0512 3428  athr - ok
20:28:35.0546 3428  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:28:35.0553 3428  AtiHDAudioService - ok
20:28:35.0711 3428  [ F6640D83AF0FD74C50E23E68548EA9A0 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:28:35.0781 3428  atikmdag - ok
20:28:35.0821 3428  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:28:35.0850 3428  AudioEndpointBuilder - ok
20:28:35.0871 3428  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:28:35.0900 3428  AudioSrv - ok
20:28:35.0923 3428  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:28:35.0931 3428  avgntflt - ok
20:28:35.0948 3428  [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:28:35.0956 3428  avipbb - ok
20:28:35.0986 3428  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:28:35.0994 3428  avkmgr - ok
20:28:36.0021 3428  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:28:36.0034 3428  AxInstSV - ok
20:28:36.0058 3428  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:28:36.0070 3428  b06bdrv - ok
20:28:36.0098 3428  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:28:36.0109 3428  b57nd60a - ok
20:28:36.0125 3428  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:28:36.0135 3428  BDESVC - ok
20:28:36.0153 3428  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:28:36.0179 3428  Beep - ok
20:28:36.0226 3428  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:28:36.0262 3428  BFE - ok
20:28:36.0293 3428  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:28:36.0325 3428  BITS - ok
20:28:36.0333 3428  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:28:36.0343 3428  blbdrive - ok
20:28:36.0367 3428  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:28:36.0376 3428  bowser - ok
20:28:36.0385 3428  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:28:36.0396 3428  BrFiltLo - ok
20:28:36.0407 3428  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:28:36.0418 3428  BrFiltUp - ok
20:28:36.0440 3428  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:28:36.0450 3428  Browser - ok
20:28:36.0462 3428  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:28:36.0473 3428  Brserid - ok
20:28:36.0487 3428  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:28:36.0498 3428  BrSerWdm - ok
20:28:36.0508 3428  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:28:36.0518 3428  BrUsbMdm - ok
20:28:36.0529 3428  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:28:36.0538 3428  BrUsbSer - ok
20:28:36.0550 3428  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:28:36.0561 3428  BTHMODEM - ok
20:28:36.0572 3428  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:28:36.0598 3428  bthserv - ok
20:28:36.0611 3428  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:28:36.0638 3428  cdfs - ok
20:28:36.0672 3428  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:28:36.0682 3428  cdrom - ok
20:28:36.0709 3428  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:28:36.0734 3428  CertPropSvc - ok
20:28:36.0760 3428  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:28:36.0772 3428  circlass - ok
20:28:36.0795 3428  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:28:36.0807 3428  CLFS - ok
20:28:36.0854 3428  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:36.0866 3428  clr_optimization_v2.0.50727_32 - ok
20:28:36.0908 3428  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:28:36.0920 3428  clr_optimization_v2.0.50727_64 - ok
20:28:36.0955 3428  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:36.0968 3428  clr_optimization_v4.0.30319_32 - ok
20:28:37.0021 3428  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:28:37.0033 3428  clr_optimization_v4.0.30319_64 - ok
20:28:37.0048 3428  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:28:37.0062 3428  CmBatt - ok
20:28:37.0088 3428  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:28:37.0101 3428  cmdide - ok
20:28:37.0139 3428  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:28:37.0166 3428  CNG - ok
20:28:37.0171 3428  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:28:37.0181 3428  Compbatt - ok
20:28:37.0197 3428  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:28:37.0208 3428  CompositeBus - ok
20:28:37.0220 3428  COMSysApp - ok
20:28:37.0224 3428  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:28:37.0233 3428  crcdisk - ok
20:28:37.0255 3428  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:28:37.0265 3428  CryptSvc - ok
20:28:37.0292 3428  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:28:37.0305 3428  CSC - ok
20:28:37.0335 3428  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:28:37.0349 3428  CscService - ok
20:28:37.0418 3428  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:28:37.0427 3428  DAUpdaterSvc - ok
20:28:37.0454 3428  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:28:37.0491 3428  DcomLaunch - ok
20:28:37.0511 3428  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:28:37.0539 3428  defragsvc - ok
20:28:37.0573 3428  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:28:37.0598 3428  DfsC - ok
20:28:37.0656 3428  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:28:37.0673 3428  Dhcp - ok
20:28:37.0690 3428  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:28:37.0716 3428  discache - ok
20:28:37.0751 3428  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:28:37.0761 3428  Disk - ok
20:28:37.0844 3428  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:28:37.0855 3428  Dnscache - ok
20:28:37.0899 3428  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:28:37.0927 3428  dot3svc - ok
20:28:37.0954 3428  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:28:37.0981 3428  DPS - ok
20:28:38.0005 3428  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:28:38.0017 3428  drmkaud - ok
20:28:38.0070 3428  [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
20:28:38.0074 3428  DTSRVC ( UnsignedFile.Multi.Generic ) - warning
20:28:38.0074 3428  DTSRVC - detected UnsignedFile.Multi.Generic (1)
20:28:38.0113 3428  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:28:38.0133 3428  DXGKrnl - ok
20:28:38.0144 3428  EagleX64 - ok
20:28:38.0162 3428  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:28:38.0198 3428  EapHost - ok
20:28:38.0267 3428  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:28:38.0303 3428  ebdrv - ok
20:28:38.0324 3428  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:28:38.0334 3428  EFS - ok
20:28:38.0374 3428  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:28:38.0390 3428  ehRecvr - ok
20:28:38.0412 3428  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:28:38.0423 3428  ehSched - ok
20:28:38.0448 3428  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:28:38.0462 3428  elxstor - ok
20:28:38.0495 3428  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:28:38.0504 3428  ErrDev - ok
20:28:38.0536 3428  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:28:38.0568 3428  EventSystem - ok
20:28:38.0580 3428  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:28:38.0609 3428  exfat - ok
20:28:38.0623 3428  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:28:38.0653 3428  fastfat - ok
20:28:38.0691 3428  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:28:38.0705 3428  Fax - ok
20:28:38.0718 3428  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:28:38.0727 3428  fdc - ok
20:28:38.0739 3428  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:28:38.0766 3428  fdPHost - ok
20:28:38.0778 3428  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:28:38.0805 3428  FDResPub - ok
20:28:38.0814 3428  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:28:38.0823 3428  FileInfo - ok
20:28:38.0834 3428  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:28:38.0860 3428  Filetrace - ok
20:28:38.0867 3428  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:28:38.0877 3428  flpydisk - ok
20:28:38.0908 3428  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:28:38.0919 3428  FltMgr - ok
20:28:38.0962 3428  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:28:38.0980 3428  FontCache - ok
20:28:39.0019 3428  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:28:39.0026 3428  FontCache3.0.0.0 - ok
20:28:39.0030 3428  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:28:39.0040 3428  FsDepends - ok
20:28:39.0059 3428  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:28:39.0069 3428  Fs_Rec - ok
20:28:39.0096 3428  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:28:39.0109 3428  fvevol - ok
20:28:39.0125 3428  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:28:39.0134 3428  gagp30kx - ok
20:28:39.0187 3428  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
20:28:39.0197 3428  gfibto - ok
20:28:39.0236 3428  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:28:39.0280 3428  gpsvc - ok
20:28:39.0337 3428  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:28:39.0349 3428  gupdate - ok
20:28:39.0362 3428  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:28:39.0370 3428  gupdatem - ok
20:28:39.0377 3428  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:28:39.0386 3428  hcw85cir - ok
20:28:39.0422 3428  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:28:39.0436 3428  HdAudAddService - ok
20:28:39.0456 3428  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:28:39.0467 3428  HDAudBus - ok
20:28:39.0471 3428  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:28:39.0481 3428  HidBatt - ok
20:28:39.0491 3428  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:28:39.0502 3428  HidBth - ok
20:28:39.0515 3428  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:28:39.0527 3428  HidIr - ok
20:28:39.0543 3428  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:28:39.0569 3428  hidserv - ok
20:28:39.0605 3428  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:28:39.0619 3428  HidUsb - ok
20:28:39.0645 3428  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:28:39.0674 3428  hkmsvc - ok
20:28:39.0708 3428  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:28:39.0720 3428  HomeGroupListener - ok
20:28:39.0753 3428  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:28:39.0764 3428  HomeGroupProvider - ok
20:28:39.0801 3428  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:28:39.0811 3428  HpSAMD - ok
20:28:39.0855 3428  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:28:39.0886 3428  HTTP - ok
20:28:39.0912 3428  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:28:39.0921 3428  hwpolicy - ok
20:28:39.0947 3428  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:28:39.0957 3428  i8042prt - ok
20:28:40.0004 3428  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:28:40.0017 3428  iaStorV - ok
20:28:40.0050 3428  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:28:40.0066 3428  idsvc - ok
20:28:40.0079 3428  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:28:40.0090 3428  iirsp - ok
20:28:40.0132 3428  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:28:40.0164 3428  IKEEXT - ok
20:28:40.0172 3428  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:28:40.0181 3428  intelide - ok
20:28:40.0200 3428  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:28:40.0210 3428  intelppm - ok
20:28:40.0216 3428  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:28:40.0244 3428  IPBusEnum - ok
20:28:40.0267 3428  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:28:40.0293 3428  IpFilterDriver - ok
20:28:40.0327 3428  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:28:40.0346 3428  iphlpsvc - ok
20:28:40.0362 3428  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:28:40.0372 3428  IPMIDRV - ok
20:28:40.0384 3428  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:28:40.0411 3428  IPNAT - ok
20:28:40.0424 3428  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:28:40.0436 3428  IRENUM - ok
20:28:40.0467 3428  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:28:40.0476 3428  isapnp - ok
20:28:40.0489 3428  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:28:40.0500 3428  iScsiPrt - ok
20:28:40.0512 3428  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:28:40.0521 3428  kbdclass - ok
20:28:40.0544 3428  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:28:40.0554 3428  kbdhid - ok
20:28:40.0565 3428  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:28:40.0575 3428  KeyIso - ok
20:28:40.0600 3428  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:28:40.0609 3428  KSecDD - ok
20:28:40.0633 3428  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:28:40.0643 3428  KSecPkg - ok
20:28:40.0667 3428  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:28:40.0694 3428  ksthunk - ok
20:28:40.0717 3428  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:28:40.0745 3428  KtmRm - ok
20:28:40.0779 3428  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:28:40.0806 3428  LanmanServer - ok
20:28:40.0832 3428  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:28:40.0859 3428  LanmanWorkstation - ok
20:28:40.0938 3428  [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:28:40.0951 3428  LBTServ - ok
20:28:40.0975 3428  [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:28:40.0984 3428  LHidFilt - ok
20:28:41.0008 3428  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:28:41.0046 3428  lltdio - ok
20:28:41.0070 3428  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:28:41.0099 3428  lltdsvc - ok
20:28:41.0102 3428  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:28:41.0129 3428  lmhosts - ok
20:28:41.0146 3428  [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:28:41.0153 3428  LMouFilt - ok
20:28:41.0167 3428  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:28:41.0176 3428  LSI_FC - ok
20:28:41.0188 3428  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:28:41.0197 3428  LSI_SAS - ok
20:28:41.0205 3428  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:28:41.0214 3428  LSI_SAS2 - ok
20:28:41.0229 3428  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:28:41.0238 3428  LSI_SCSI - ok
20:28:41.0259 3428  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:28:41.0285 3428  luafv - ok
20:28:41.0302 3428  [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
20:28:41.0309 3428  LUsbFilt - ok
20:28:41.0333 3428  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:28:41.0344 3428  Mcx2Svc - ok
20:28:41.0357 3428  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:28:41.0366 3428  megasas - ok
20:28:41.0381 3428  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:28:41.0393 3428  MegaSR - ok
20:28:41.0414 3428  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:28:41.0441 3428  MMCSS - ok
20:28:41.0448 3428  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:28:41.0474 3428  Modem - ok
20:28:41.0487 3428  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:28:41.0498 3428  monitor - ok
20:28:41.0540 3428  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:28:41.0548 3428  mouclass - ok
20:28:41.0554 3428  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:28:41.0563 3428  mouhid - ok
20:28:41.0617 3428  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:28:41.0630 3428  mountmgr - ok
20:28:41.0694 3428  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:28:41.0706 3428  MozillaMaintenance - ok
20:28:41.0730 3428  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:28:41.0745 3428  mpio - ok
20:28:41.0759 3428  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:28:41.0797 3428  mpsdrv - ok
20:28:41.0833 3428  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:28:41.0864 3428  MpsSvc - ok
20:28:41.0892 3428  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:28:41.0906 3428  MRxDAV - ok
20:28:41.0932 3428  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:41.0942 3428  mrxsmb - ok
20:28:41.0970 3428  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:41.0983 3428  mrxsmb10 - ok
20:28:41.0993 3428  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:42.0007 3428  mrxsmb20 - ok
20:28:42.0021 3428  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:28:42.0033 3428  msahci - ok
20:28:42.0046 3428  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:28:42.0061 3428  msdsm - ok
20:28:42.0087 3428  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:28:42.0103 3428  MSDTC - ok
20:28:42.0124 3428  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:28:42.0160 3428  Msfs - ok
20:28:42.0170 3428  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:28:42.0195 3428  mshidkmdf - ok
20:28:42.0218 3428  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:28:42.0226 3428  msisadrv - ok
20:28:42.0252 3428  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:28:42.0279 3428  MSiSCSI - ok
20:28:42.0282 3428  msiserver - ok
20:28:42.0299 3428  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:28:42.0325 3428  MSKSSRV - ok
20:28:42.0343 3428  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:28:42.0369 3428  MSPCLOCK - ok
20:28:42.0378 3428  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:28:42.0404 3428  MSPQM - ok
20:28:42.0431 3428  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:28:42.0443 3428  MsRPC - ok
20:28:42.0453 3428  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:28:42.0462 3428  mssmbios - ok
20:28:42.0475 3428  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:28:42.0501 3428  MSTEE - ok
20:28:42.0505 3428  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:28:42.0515 3428  MTConfig - ok
20:28:42.0537 3428  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:28:42.0543 3428  MTsensor - ok
20:28:42.0567 3428  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:28:42.0576 3428  Mup - ok
20:28:42.0609 3428  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:28:42.0650 3428  napagent - ok
20:28:42.0677 3428  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:28:42.0692 3428  NativeWifiP - ok
20:28:42.0739 3428  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:28:42.0762 3428  NDIS - ok
20:28:42.0776 3428  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:28:42.0802 3428  NdisCap - ok
20:28:42.0814 3428  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:28:42.0840 3428  NdisTapi - ok
20:28:42.0868 3428  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:28:42.0892 3428  Ndisuio - ok
20:28:42.0946 3428  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:42.0983 3428  NdisWan - ok
20:28:43.0005 3428  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:28:43.0030 3428  NDProxy - ok
20:28:43.0046 3428  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:28:43.0072 3428  NetBIOS - ok
20:28:43.0099 3428  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:28:43.0125 3428  NetBT - ok
20:28:43.0132 3428  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:28:43.0142 3428  Netlogon - ok
20:28:43.0170 3428  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:28:43.0201 3428  Netman - ok
20:28:43.0216 3428  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:28:43.0248 3428  netprofm - ok
20:28:43.0267 3428  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:28:43.0275 3428  NetTcpPortSharing - ok
20:28:43.0287 3428  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:28:43.0296 3428  nfrd960 - ok
20:28:43.0319 3428  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:28:43.0332 3428  NlaSvc - ok
20:28:43.0338 3428  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:28:43.0366 3428  Npfs - ok
20:28:43.0386 3428  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:28:43.0414 3428  nsi - ok
20:28:43.0420 3428  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:28:43.0448 3428  nsiproxy - ok
20:28:43.0498 3428  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:28:43.0525 3428  Ntfs - ok
20:28:43.0537 3428  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:28:43.0563 3428  Null - ok
20:28:43.0590 3428  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:28:43.0600 3428  nvraid - ok
20:28:43.0627 3428  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:28:43.0637 3428  nvstor - ok
20:28:43.0672 3428  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:28:43.0682 3428  nv_agp - ok
20:28:43.0705 3428  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:28:43.0715 3428  ohci1394 - ok
20:28:43.0778 3428  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:28:43.0789 3428  ose - ok
20:28:43.0952 3428  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:28:44.0021 3428  osppsvc - ok
20:28:44.0039 3428  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:28:44.0051 3428  p2pimsvc - ok
20:28:44.0066 3428  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:28:44.0079 3428  p2psvc - ok
20:28:44.0098 3428  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:28:44.0107 3428  Parport - ok
20:28:44.0124 3428  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:28:44.0134 3428  partmgr - ok
20:28:44.0147 3428  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:28:44.0162 3428  PcaSvc - ok
20:28:44.0170 3428  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:28:44.0180 3428  pci - ok
20:28:44.0208 3428  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:28:44.0217 3428  pciide - ok
20:28:44.0236 3428  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:28:44.0247 3428  pcmcia - ok
20:28:44.0259 3428  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:28:44.0268 3428  pcw - ok
20:28:44.0294 3428  [ FD1BB23371EE2E5E3076D7B0D8B33E91 ] PdiPorts        C:\Windows\system32\DRIVERS\PdiPorts.sys
20:28:44.0300 3428  PdiPorts - ok
20:28:44.0325 3428  [ A1F1260AD7AEABA9D53724E66AA274BA ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
20:28:44.0328 3428  PdiService ( UnsignedFile.Multi.Generic ) - warning
20:28:44.0328 3428  PdiService - detected UnsignedFile.Multi.Generic (1)
20:28:44.0350 3428  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:28:44.0381 3428  PEAUTH - ok
20:28:44.0422 3428  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:28:44.0442 3428  PeerDistSvc - ok
20:28:44.0509 3428  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:28:44.0522 3428  PerfHost - ok
20:28:44.0573 3428  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:28:44.0617 3428  pla - ok
20:28:44.0643 3428  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:28:44.0656 3428  PlugPlay - ok
20:28:44.0666 3428  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:28:44.0676 3428  PNRPAutoReg - ok
20:28:44.0689 3428  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:28:44.0701 3428  PNRPsvc - ok
20:28:44.0726 3428  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:28:44.0754 3428  PolicyAgent - ok
20:28:44.0777 3428  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:28:44.0804 3428  Power - ok
20:28:44.0821 3428  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:28:44.0846 3428  PptpMiniport - ok
20:28:44.0864 3428  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:28:44.0873 3428  Processor - ok
20:28:44.0901 3428  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:28:44.0912 3428  ProfSvc - ok
20:28:44.0923 3428  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:28:44.0933 3428  ProtectedStorage - ok
20:28:44.0960 3428  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:28:44.0985 3428  Psched - ok
20:28:45.0020 3428  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:28:45.0045 3428  ql2300 - ok
20:28:45.0063 3428  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:28:45.0073 3428  ql40xx - ok
20:28:45.0091 3428  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:28:45.0106 3428  QWAVE - ok
20:28:45.0121 3428  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:28:45.0135 3428  QWAVEdrv - ok
20:28:45.0141 3428  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:28:45.0168 3428  RasAcd - ok
20:28:45.0186 3428  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:28:45.0213 3428  RasAgileVpn - ok
20:28:45.0219 3428  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:28:45.0248 3428  RasAuto - ok
20:28:45.0285 3428  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:28:45.0312 3428  Rasl2tp - ok
20:28:45.0344 3428  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:28:45.0373 3428  RasMan - ok
20:28:45.0387 3428  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:28:45.0417 3428  RasPppoe - ok
20:28:45.0429 3428  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:28:45.0456 3428  RasSstp - ok
20:28:45.0484 3428  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:28:45.0512 3428  rdbss - ok
20:28:45.0526 3428  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:28:45.0537 3428  rdpbus - ok
20:28:45.0547 3428  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:28:45.0574 3428  RDPCDD - ok
20:28:45.0607 3428  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:28:45.0621 3428  RDPDR - ok
20:28:45.0643 3428  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:28:45.0675 3428  RDPENCDD - ok
20:28:45.0685 3428  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:28:45.0711 3428  RDPREFMP - ok
20:28:45.0743 3428  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:28:45.0753 3428  RDPWD - ok
20:28:45.0773 3428  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:28:45.0783 3428  rdyboost - ok
20:28:45.0799 3428  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:28:45.0826 3428  RemoteAccess - ok
20:28:45.0844 3428  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:28:45.0872 3428  RemoteRegistry - ok
20:28:45.0892 3428  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:28:45.0919 3428  RpcEptMapper - ok
20:28:45.0937 3428  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:28:45.0947 3428  RpcLocator - ok
20:28:45.0978 3428  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:28:46.0008 3428  RpcSs - ok
20:28:46.0022 3428  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:28:46.0049 3428  rspndr - ok
20:28:46.0064 3428  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:28:46.0075 3428  RTL8167 - ok
20:28:46.0094 3428  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:28:46.0103 3428  s3cap - ok
20:28:46.0115 3428  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:28:46.0125 3428  SamSs - ok
20:28:46.0238 3428  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
20:28:46.0291 3428  SBAMSvc - ok
20:28:46.0331 3428  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:28:46.0340 3428  sbp2port - ok
20:28:46.0365 3428  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:28:46.0393 3428  SCardSvr - ok
20:28:46.0413 3428  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:28:46.0438 3428  scfilter - ok
20:28:46.0480 3428  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:28:46.0522 3428  Schedule - ok
20:28:46.0550 3428  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:28:46.0575 3428  SCPolicySvc - ok
20:28:46.0602 3428  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:28:46.0613 3428  SDRSVC - ok
20:28:46.0631 3428  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:28:46.0657 3428  secdrv - ok
20:28:46.0674 3428  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:28:46.0700 3428  seclogon - ok
20:28:46.0707 3428  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:28:46.0734 3428  SENS - ok
20:28:46.0746 3428  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:28:46.0757 3428  SensrSvc - ok
20:28:46.0781 3428  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:28:46.0791 3428  Serenum - ok
20:28:46.0802 3428  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:28:46.0811 3428  Serial - ok
20:28:46.0844 3428  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:28:46.0853 3428  sermouse - ok
20:28:46.0875 3428  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:28:46.0902 3428  SessionEnv - ok
20:28:46.0932 3428  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:28:46.0941 3428  sffdisk - ok
20:28:46.0952 3428  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:28:46.0961 3428  sffp_mmc - ok
20:28:46.0974 3428  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:28:46.0985 3428  sffp_sd - ok
20:28:46.0993 3428  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:28:47.0002 3428  sfloppy - ok
20:28:47.0027 3428  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:28:47.0056 3428  SharedAccess - ok
20:28:47.0078 3428  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:28:47.0107 3428  ShellHWDetection - ok
20:28:47.0119 3428  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:28:47.0128 3428  SiSRaid2 - ok
20:28:47.0137 3428  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:28:47.0147 3428  SiSRaid4 - ok
20:28:47.0285 3428  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:28:47.0336 3428  Skype C2C Service - ok
20:28:47.0395 3428  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:28:47.0406 3428  SkypeUpdate - ok
20:28:47.0423 3428  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:28:47.0456 3428  Smb - ok
20:28:47.0484 3428  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:28:47.0499 3428  SNMPTRAP - ok
20:28:47.0508 3428  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:28:47.0520 3428  spldr - ok
20:28:47.0550 3428  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:28:47.0564 3428  Spooler - ok
20:28:47.0650 3428  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:28:47.0712 3428  sppsvc - ok
20:28:47.0723 3428  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:28:47.0752 3428  sppuinotify - ok
20:28:47.0796 3428  [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd            C:\Windows\System32\Drivers\sptd.sys
20:28:47.0812 3428  sptd - ok
20:28:47.0847 3428  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:28:47.0859 3428  srv - ok
20:28:47.0880 3428  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:28:47.0892 3428  srv2 - ok
20:28:47.0902 3428  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:28:47.0912 3428  srvnet - ok
20:28:47.0933 3428  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:28:47.0962 3428  SSDPSRV - ok
20:28:47.0980 3428  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:28:48.0010 3428  SstpSvc - ok
20:28:48.0063 3428  Steam Client Service - ok
20:28:48.0122 3428  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:28:48.0135 3428  stexstor - ok
20:28:48.0180 3428  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:28:48.0206 3428  stisvc - ok
20:28:48.0232 3428  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:28:48.0246 3428  storflt - ok
20:28:48.0266 3428  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
20:28:48.0280 3428  StorSvc - ok
20:28:48.0289 3428  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:28:48.0303 3428  storvsc - ok
20:28:48.0333 3428  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:28:48.0344 3428  swenum - ok
20:28:48.0364 3428  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:28:48.0405 3428  swprv - ok
20:28:48.0452 3428  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:28:48.0480 3428  SysMain - ok
20:28:48.0503 3428  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:28:48.0518 3428  TabletInputService - ok
20:28:48.0543 3428  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:28:48.0570 3428  TapiSrv - ok
20:28:48.0584 3428  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:28:48.0610 3428  TBS - ok
20:28:48.0663 3428  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:28:48.0702 3428  Tcpip - ok
20:28:48.0755 3428  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:28:48.0786 3428  TCPIP6 - ok
20:28:48.0807 3428  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:28:48.0817 3428  tcpipreg - ok
20:28:48.0826 3428  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:28:48.0834 3428  TDPIPE - ok
20:28:48.0865 3428  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:28:48.0874 3428  TDTCP - ok
20:28:48.0904 3428  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:28:48.0930 3428  tdx - ok
20:28:48.0943 3428  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:28:48.0952 3428  TermDD - ok
20:28:48.0983 3428  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:28:49.0013 3428  TermService - ok
20:28:49.0025 3428  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:28:49.0038 3428  Themes - ok
20:28:49.0056 3428  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:28:49.0082 3428  THREADORDER - ok
20:28:49.0097 3428  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:28:49.0124 3428  TrkWks - ok
20:28:49.0161 3428  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:28:49.0187 3428  TrustedInstaller - ok
20:28:49.0209 3428  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:28:49.0234 3428  tssecsrv - ok
20:28:49.0263 3428  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:28:49.0272 3428  TsUsbFlt - ok
20:28:49.0316 3428  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:28:49.0342 3428  tunnel - ok
20:28:49.0355 3428  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:28:49.0365 3428  uagp35 - ok
20:28:49.0395 3428  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:28:49.0424 3428  udfs - ok
20:28:49.0441 3428  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:28:49.0453 3428  UI0Detect - ok
20:28:49.0464 3428  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:28:49.0474 3428  uliagpkx - ok
20:28:49.0500 3428  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:28:49.0510 3428  umbus - ok
20:28:49.0517 3428  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:28:49.0526 3428  UmPass - ok
20:28:49.0551 3428  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:28:49.0562 3428  UmRdpService - ok
20:28:49.0580 3428  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:28:49.0609 3428  upnphost - ok
20:28:49.0635 3428  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:28:49.0645 3428  usbccgp - ok
20:28:49.0682 3428  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:28:49.0697 3428  usbcir - ok
20:28:49.0720 3428  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:28:49.0733 3428  usbehci - ok
20:28:49.0766 3428  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:28:49.0782 3428  usbhub - ok
20:28:49.0793 3428  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:28:49.0806 3428  usbohci - ok
20:28:49.0822 3428  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:28:49.0834 3428  usbprint - ok
20:28:49.0846 3428  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:28:49.0857 3428  usbscan - ok
20:28:49.0870 3428  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:28:49.0879 3428  USBSTOR - ok
20:28:49.0906 3428  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:28:49.0915 3428  usbuhci - ok
20:28:49.0925 3428  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:28:49.0952 3428  UxSms - ok
20:28:49.0957 3428  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:28:49.0967 3428  VaultSvc - ok
20:28:49.0974 3428  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:28:49.0983 3428  vdrvroot - ok
20:28:50.0012 3428  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:28:50.0042 3428  vds - ok
20:28:50.0051 3428  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:28:50.0062 3428  vga - ok
20:28:50.0070 3428  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:28:50.0096 3428  VgaSave - ok
20:28:50.0111 3428  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:28:50.0121 3428  vhdmp - ok
20:28:50.0161 3428  [ 574B29F436C4C63D37020C6E570A7528 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:28:50.0179 3428  VIAHdAudAddService - ok
20:28:50.0206 3428  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:28:50.0214 3428  viaide - ok
20:28:50.0244 3428  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:28:50.0255 3428  vmbus - ok
20:28:50.0281 3428  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:28:50.0290 3428  VMBusHID - ok
20:28:50.0316 3428  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:28:50.0326 3428  volmgr - ok
20:28:50.0354 3428  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:28:50.0366 3428  volmgrx - ok
20:28:50.0381 3428  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:28:50.0392 3428  volsnap - ok
20:28:50.0405 3428  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:28:50.0416 3428  vsmraid - ok
20:28:50.0468 3428  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:28:50.0507 3428  VSS - ok
20:28:50.0520 3428  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:28:50.0532 3428  vwifibus - ok
20:28:50.0550 3428  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:28:50.0563 3428  vwififlt - ok
20:28:50.0585 3428  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:28:50.0615 3428  W32Time - ok
20:28:50.0625 3428  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:28:50.0635 3428  WacomPen - ok
20:28:50.0658 3428  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:28:50.0684 3428  WANARP - ok
20:28:50.0688 3428  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:28:50.0713 3428  Wanarpv6 - ok
20:28:50.0761 3428  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:28:50.0784 3428  wbengine - ok
20:28:50.0795 3428  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:28:50.0811 3428  WbioSrvc - ok
20:28:50.0839 3428  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:28:50.0857 3428  wcncsvc - ok
20:28:50.0863 3428  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:28:50.0874 3428  WcsPlugInService - ok
20:28:50.0883 3428  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:28:50.0892 3428  Wd - ok
20:28:50.0932 3428  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:28:50.0950 3428  Wdf01000 - ok
20:28:50.0962 3428  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:28:50.0976 3428  WdiServiceHost - ok
20:28:50.0980 3428  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:28:50.0994 3428  WdiSystemHost - ok
20:28:51.0024 3428  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:28:51.0039 3428  WebClient - ok
20:28:51.0053 3428  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:28:51.0083 3428  Wecsvc - ok
20:28:51.0093 3428  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:28:51.0122 3428  wercplsupport - ok
20:28:51.0145 3428  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:28:51.0175 3428  WerSvc - ok
20:28:51.0183 3428  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:28:51.0212 3428  WfpLwf - ok
20:28:51.0220 3428  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:28:51.0229 3428  WIMMount - ok
20:28:51.0236 3428  WinDefend - ok
20:28:51.0241 3428  WinHttpAutoProxySvc - ok
20:28:51.0288 3428  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:28:51.0317 3428  Winmgmt - ok
20:28:51.0377 3428  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:28:51.0419 3428  WinRM - ok
20:28:51.0446 3428  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:28:51.0457 3428  WinUsb - ok
20:28:51.0489 3428  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:28:51.0509 3428  Wlansvc - ok
20:28:51.0553 3428  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:28:51.0566 3428  WmiAcpi - ok
20:28:51.0595 3428  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:28:51.0611 3428  wmiApSrv - ok
20:28:51.0616 3428  WMPNetworkSvc - ok
20:28:51.0623 3428  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:28:51.0637 3428  WPCSvc - ok
20:28:51.0665 3428  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:28:51.0682 3428  WPDBusEnum - ok
20:28:51.0692 3428  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:28:51.0719 3428  ws2ifsl - ok
20:28:51.0732 3428  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:28:51.0746 3428  wscsvc - ok
20:28:51.0749 3428  WSearch - ok
20:28:51.0816 3428  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:28:51.0860 3428  wuauserv - ok
20:28:51.0892 3428  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:28:51.0901 3428  WudfPf - ok
20:28:51.0933 3428  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:51.0943 3428  WUDFRd - ok
20:28:51.0962 3428  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:28:51.0973 3428  wudfsvc - ok
20:28:51.0982 3428  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:28:51.0997 3428  WwanSvc - ok
20:28:52.0003 3428  ================ Scan global ===============================
20:28:52.0018 3428  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:28:52.0038 3428  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:28:52.0046 3428  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:28:52.0065 3428  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:28:52.0087 3428  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:28:52.0089 3428  [Global] - ok
20:28:52.0090 3428  ================ Scan MBR ==================================
20:28:52.0103 3428  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:28:52.0347 3428  \Device\Harddisk1\DR1 - ok
20:28:52.0365 3428  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:28:52.0432 3428  \Device\Harddisk0\DR0 - ok
20:28:52.0435 3428  ================ Scan VBR ==================================
20:28:52.0438 3428  [ 9B8A76F2F30B6891CE78D2B1069941FE ] \Device\Harddisk1\DR1\Partition1
20:28:52.0440 3428  \Device\Harddisk1\DR1\Partition1 - ok
20:28:52.0460 3428  [ 2EFB015AD4C9871918E1B1ABA6752038 ] \Device\Harddisk1\DR1\Partition2
20:28:52.0462 3428  \Device\Harddisk1\DR1\Partition2 - ok
20:28:52.0491 3428  [ 7093F3991813465D229B0691D8368E36 ] \Device\Harddisk0\DR0\Partition1
20:28:52.0492 3428  \Device\Harddisk0\DR0\Partition1 - ok
20:28:52.0492 3428  ============================================================
20:28:52.0492 3428  Scan finished
20:28:52.0492 3428  ============================================================
20:28:52.0503 2496  Detected object count: 2
20:28:52.0503 2496  Actual detected object count: 2
20:29:34.0869 2496  DTSRVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:34.0869 2496  DTSRVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:29:34.0870 2496  PdiService ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:34.0870 2496  PdiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 04.12.2012, 12:53   #4
markusg
/// Malware-holic
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.12.2012, 16:41   #5
Jo.Ro
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Abend

Code:
ATTFilter
ComboFix 12-12-02.01 - *** 04.12.2012  17:32:50.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2477 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-04 bis 2012-12-04  ))))))))))))))))))))))))))))))
.
.
2012-12-04 16:36 . 2012-12-04 16:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-03 18:34 . 2012-12-03 18:34	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-12-03 18:34 . 2012-12-03 18:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-03 18:34 . 2012-12-03 18:34	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-03 18:34 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-03 18:30 . 2012-12-03 18:30	--------	d-----w-	c:\users\***\AppData\Roaming\LavasoftStatistics
2012-12-03 18:30 . 2012-12-03 18:30	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2012-12-03 18:24 . 2012-12-03 18:38	--------	d-----w-	c:\program files (x86)\Ad-Aware Antivirus
2012-12-03 18:24 . 2012-12-03 18:24	47496	----a-w-	c:\windows\system32\sbbd.exe
2012-12-03 18:24 . 2012-12-03 18:24	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2012-12-03 18:24 . 2012-12-03 18:24	--------	d-----w-	c:\users\***\AppData\Local\adawarebp
2012-12-03 18:24 . 2012-12-03 18:24	--------	d-----w-	c:\programdata\blekko toolbars
2012-12-03 18:23 . 2012-12-03 18:24	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2012-12-03 18:23 . 2012-12-03 18:23	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2012-12-03 18:23 . 2012-12-03 18:24	--------	d-----w-	c:\program files (x86)\adawaretb
2012-12-03 18:23 . 2012-12-03 18:39	--------	d-----w-	c:\users\***\AppData\Roaming\Ad-Aware Antivirus
2012-11-17 09:46 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-17 09:46 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 09:46 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 09:46 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 09:39 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 09:39 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 09:39 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 09:39 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 09:39 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 09:39 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-17 09:39 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-11 17:29 . 2012-11-11 17:29	--------	d-----w-	c:\programdata\Remedy
2012-11-11 09:43 . 2012-11-11 09:43	--------	d-----w-	c:\users\***\AppData\Local\My Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 09:39 . 2011-01-22 10:52	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-14 17:13 . 2012-11-03 11:53	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-14 17:13 . 2012-11-03 11:53	98888	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-29 18:53 . 2012-10-29 18:53	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-27 21:51	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:51	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:51	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-13 19:57 . 2012-10-13 19:50	967	----a-w-	c:\windows\ScUnin.pif
2012-10-13 19:57 . 2012-10-13 19:50	69632	----a-w-	c:\windows\ScUnin.exe
2012-10-12 07:19 . 2012-11-03 11:08	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB308BB8-A8BB-4B4F-BD76-60CBE8CBF94A}\mpengine.dll
2012-09-24 22:16 . 2012-07-02 15:42	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-24 22:16 . 2011-01-25 20:12	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-24 08:58 . 2012-11-03 11:53	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-14 19:19 . 2012-10-09 18:13	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 18:13	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41	87448	----a-w-	c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-12-03 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-01-22 2252800]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-27 384800]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-21 1236368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-18 868848]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-03 14456]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-27 85280]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-04 90112]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-01-22 1235968]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 15:16]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 15:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\
FF - ExtSQL: 2012-10-14 13:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-03 19:23; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-12-03 19:23; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rvwflitq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-4StoryPrePatch - d:\4story_de\PrePatch.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-366956087-2911594179-3411153771-1000\Software\SecuROM\License information*]
"datasecu"=hex:44,f4,b3,80,e9,5f,d6,52,fe,0b,82,33,d5,81,ae,55,9b,cd,e2,34,f5,
   d7,12,b7,1e,32,4b,94,d6,6b,ac,ed,8b,3f,6e,a9,ef,27,55,25,d6,86,4f,80,a3,31,\
"rkeysecu"=hex:e8,e5,e1,c0,9c,d2,46,57,c9,ac,c8,da,66,a9,9c,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-04  17:38:29
ComboFix-quarantined-files.txt  2012-12-04 16:38
.
Vor Suchlauf: 8 Verzeichnis(se), 422.213.017.600 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 421.883.322.368 Bytes frei
.
- - End Of File - - EF15E26674568580F68AE1844698D38F
         


Alt 04.12.2012, 18:36   #6
markusg
/// Malware-holic
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender

Alt 04.12.2012, 20:17   #7
Jo.Ro
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Hi

Anbei der Code. Anmerkung: Web.de hat meinen Account heute aus Sicherheitsgründen einmal gesperrt (Hinweis: Unbefugte haben kürzlich auf Ihr Postfach zugegriffen. Um Sie und Ihre Daten zu schützen, haben wir Ihr Postfach daher gesperrt.). Ich lasse es erst einmal gesperrt.

Code:
ATTFilter
Acer eDisplay Management	Portrait Displays, Inc.	22.01.2011		1.20.011 notwendig
Ad-Aware Antivirus	Lavasoft	03.12.2012	37,5MB	10.4.43.4155 unnötig
Ad-Aware Security Add-on	Lavasoft	03.12.2012		2.2.0.17 unnötig
ATI Catalyst Install Manager	ATI Technologies, Inc.	22.01.2011	22,4MB	3.0.804.0 notwendig
Avira Free Antivirus	Avira	27.11.2012	124MB	13.0.0.2832 notwendig
Borderlands	2K Games	22.01.2011	6,88GB	1.0.295 notwendig
Borderlands 2	Gearbox Software	25.11.2012		 notwendig
CCleaner	Piriform	25.11.2012		3.25 notwendig
Darksiders	Vigil Games	28.09.2011 notwendig		
DarksidersInstaller	Ihr Firmenname	28.09.2011	143MB	1.00.1000 notwendig
Diablo III	Blizzard Entertainment	02.12.2012		1.0.6.13300 notwendig
Dragon Age: Origins	Electronic Arts, Inc.	28.03.2011	24,2GB	1.04 notwendig
Duke Nukem Forever	Gearbox Software	25.11.2012 notwendig		
FreePDF (Remove only)		01.05.2011 notwendig		
Google Chrome	Google Inc.	04.12.2012		23.0.1271.95 unnötig
Google Earth Plug-in	Google	17.11.2011	40,8MB	6.1.0.5001 unnötig
GPL Ghostscript	Artifex Software Inc.	01.05.2011		9.02 notwendig
Logitech SetPoint 6.20	Logitech	13.03.2011	39,0MB	6.20.64 notwendig
Mafia II	2K Czech	01.09.2012 notwendig		
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	03.12.2012	19,4MB	1.65.1.1000 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.09.2012	38,8MB	4.0.30320 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.09.2012	2,93MB	4.0.30320 unbekannt
Microsoft Office Home and Student 2010	Microsoft Corporation	21.07.2012		14.0.6029.1000 notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.11.2012	2,38MB	8.0.59193 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	13.03.2011	788KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	21.07.2012	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	25.11.2012	1,41MB	9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	22.01.2011	240KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	22.01.2011	596KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	10.03.2012	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	21.07.2012	12,2MB	10.0.40219 unbekannt
Morrowind		26.12.2011 notwendig		
Mozilla Firefox 16.0.2 (x86 de)	Mozilla	31.10.2012	43,6MB	16.0.2 notwendig
Mozilla Maintenance Service	Mozilla	31.10.2012	329KB	16.0.2 unbekannt
Mozilla Thunderbird 16.0.2 (x86 de)	Mozilla	31.10.2012	40,8MB	16.0.2 notwendig
NVIDIA PhysX	NVIDIA Corporation	28.10.2012	78,9MB	9.10.0513 notwendig
PDFCreator	Frank Heindörfer, Philip Chinery	19.07.2012		1.4.2 notwendig
Portal	Valve	17.09.2011 notwendig		
Realtek 8136 8168 8169 Ethernet Driver	Realtek	22.01.2011		1.00.0005 notwendig
RedMon - Redirection Port Monitor		01.05.2011 unbekannt		
Sid Meier's Civilization V	2K Games, Inc.	20.11.2012		 notwendig
Skype Click to Call	Skype Technologies S.A.	04.11.2012	46,7MB	6.3.11079 unbekannt
Skype™ 5.10	Skype Technologies S.A.	11.09.2012	19,3MB	5.10.116 notwendig
Spec Ops: The Line	YAGER	21.07.2012 notwendig		
Spellforce 2 Gold	JoWooD Productions Software AG	07.08.2011		1.00.0000 notwendig
Spybot - Search & Destroy	Safer Networking Limited	13.03.2011		1.6.2 unnötig
Star Trek Online	Cryptic Studios	13.05.2012 unnötig		
Starcraft		13.10.2012 unnötig		
Steam	Valve Corporation	17.09.2011	35,4MB	1.0.0.0 notwendig
TES Construction Set		26.12.2011		 unnötig
Trillian		22.01.2011 notwendig		
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	22.01.2011	2,61MB	1.34 notwendig
VLC media player 1.1.10	VideoLAN	15.07.2011		1.1.10 notwendig
Winamp	Nullsoft, Inc	22.01.2011		5.601 notwendig
Winamp Erkennungs-Plug-in	Nullsoft, Inc	22.01.2011	75,0KB	1.0.0.1 unbekannt
WinRAR		22.01.2011		notwendig
         

Geändert von Jo.Ro (04.12.2012 um 20:52 Uhr)

Alt 05.12.2012, 21:34   #8
markusg
/// Malware-holic
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Deinstaliere:
Ad-Aware : alle
Google : alle
Spybot
Star Trek
Starcraft
TES

Öffne otl, bereinigen, PC startet neu, löscht Remover.
Öffne CCleaner, analysieren, starten, PC neustarten.
Wenn der pc läuft, wie gewohnt, absichern.
Ändere dann alle Passwörter, und Passwort vergessen Abfragen.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.74

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.12.2012, 06:10   #9
Jo.Ro
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Guten Morgen,

danke für die ausführliche Anleitung. Ich werde erst einmal Avast AntiVir zu nutzen.

Stehe aktuelle bei
Zitat:
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.
und will hier weiterhin Firefox nutzen.

Wenn du die Beschreibung angepasst hast, werde ich ab dieser Stelle weiter machen

Alt 06.12.2012, 16:15   #10
markusg
/// Malware-holic
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Hi
schon mal Chrome angesehen, er bietet einige Sicherheitsfunktionen mehr, und sollte auch schneller sein.

Anmerkung, bin ab Morgen, bis Mittwoch im Urlaub
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.12.2012, 05:55   #11
Jo.Ro
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Moin,

habe mir Chrome angesehen und gefällt mir ganz gut. Danke für den Tipp. Werde ihn auch beibehalten.
Wie sollte ich Chrome und Avast konfigkurieren?

Alt 13.12.2012, 18:10   #12
markusg
/// Malware-holic
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



hi,
adblock für chrome:
http://filepony.de/download-ghostery_chrome/
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online


Avast:
http://www.trojaner-board.de/127580-...tml#post964496
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 10:50   #13
Jo.Ro
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Besten Dank. Ich glaube, jetzt kann ich wieder ruhig surfen ;-)
Die Spamflut ist nach den ganzen Maßnahmen und Passwort Reset auch verschwunden.

Alt 16.12.2012, 16:28   #14
markusg
/// Malware-holic
 
Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Standard

Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender



Hi,
wenn dir der Chrome zusagt, FF deinstalieren.
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
- passwort manager instaliert.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender
ad-aware, antivir, antivirus, avira, battle.net, bho, browser, error, excel, failed, frage, helper, home, install.exe, logfile, mail delivery, nemesis, popup, problem, realtek, registry, returning message to sender, richtlinie, scan, security, senden, software, svchost.exe, updates, vdeck.exe, windows, wurm



Ähnliche Themen: Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender


  1. bis zu 50 x am Tag: mail delivery failed: Returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 23.11.2015 (25)
  2. mailer-daemon@gmx.de; Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (1)
  3. keineantwortadresse@web.de/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (6)
  4. Mail delivery failed: returning message to sender (adressen stimmten)
    Log-Analyse und Auswertung - 17.08.2014 (5)
  5. Mail delivery failed: returning message to sender
    Überwachung, Datenschutz und Spam - 16.07.2014 (3)
  6. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (9)
  7. Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 06.12.2013 (7)
  8. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (11)
  9. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  10. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (9)
  11. mail delivery failed: returning message to sender im gmx account
    Log-Analyse und Auswertung - 12.07.2013 (5)
  12. Mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  13. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (3)
  14. mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (11)
  16. mail delivery failed: returning message to sender im web.de account
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  17. Mail Delivery Failed: Returning Message to Sender
    Alles rund um Windows - 10.10.2012 (1)

Zum Thema Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender - Hallo zusammen, ich bin anscheinend nicht der einzige, der das Problem hat, aber ich dachte, ich frage besser einmal nach, wie ihr die Lage hier einschätzt. Seit ca. einer Woche - Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender...
Archiv
Du betrachtest: Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.