Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: SMTP-Aktivität ohne Auslösung durch User

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.12.2012, 17:24   #1
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Hallo liebe Leute,

ich weiß nicht genau, ob ich mir den richtigen Ort für meinen Post ausgesucht habe, hoffe aber schon.
Nachdem Ihr mir beim letzten Problem mit dem Laptop meiner Eltern schon so hervorragend weitergeholfen habt, möchte ich hier nun mein neues Problem, diesmal auf meinem eigenen Rechner, schildern:

Seit einigen Tagen bemerke ich eine stark erhöhte Latenz (Ping).
Dies ist nicht dauerhaft der Fall sondern tritt +- alle 40 Minuten (habe mitgeschrieben) auf und bleibt dann für 6-11 Minuten so.
Bemerkt habe ich es durch Spielen eines Online-Spiels, wobei ich mich auf einmal nicht mehr bewegen konnte und auch ein Verbindungsverlust angezeigt wurde.
Jetzt habe ich schon einiges gegooglet, mich mit der Telekom beraten, Leitung messen lassen etc.
Alles brachte nichts.
Habe im Forum der Telekom (Telekom hilft hxxp://feedback.telekom-hilft.de/questions/latenz-ping-in-regelmassigen-abstanden-zu-hoch) einen Post hinterlassen, da ich der Meinung war, das eventuell was mit einem Server / Backbone, über den ich geroutet werde nicht stimmt.
Nach Auswertung mit "tracert" habe ich festgestellt, dass der Ping allerdings schon ab dem ersten Hop sehr hoch ist und es folglich irgendwo an meinem Netzwerk liegen muss (korrigiert mich).
Danach habe ich zum Test nochmals gespielt und eine Aufzeichnung des kompletten Traffics über den Router gemacht.
Dabei habe ich notiert, zu welchem Zeitpunkt die Ausfälle auftreten.
In "wireshark" habe ich mir dann die Zeiträume angesehen und siehe da: SMTP-Aktivität.
Die Vermutung lag also nahe, dass ich mir, unerklärlicherweise, einen Trojaner eingefangen habe.
Avast, Kaspersky, MBAM und bitdefender sagen aber etwas anderes.
Alle Programme finden nichts.

Habe ein paar tracert-Daten kopiert und auch das Log vom Mitschnitt.
Stelle ich gerne zur Verfügung, wenn benötigt.

Ich würde auf jeden Fall gerne mal Eure Meinung wissen, ob ich mir was gefangen habe oder eben nicht und ich eventuell nur die Netzwerkkarte tauschen muss o.ä.
Ich komme auf jeden Fall alleine nicht dahinter ...


Im Voraus schon einmal besten Dank für Eure Mühen!

Alt 17.12.2012, 18:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Wenn du deinen Rechner analysieren lassen willst, bist du in diesem Subforum eigentlich falsch. Soll ich verschieben oder willst du auf etwas anderes hinaus?

Zitat:
ob ich mir was gefangen habe oder eben nicht und ich eventuell nur die Netzwerkkarte tauschen muss o.ä.
Das kann man rel. schnell ausschließen bzw. feststellen indem man den betroffenen Rechner von einem Live-Linux bootet. Ich glaub aber kaum, dass dort eine periodische SMTP-Aktivität ist
__________________

__________________

Alt 17.12.2012, 19:32   #3
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Servus,

kannst gerne schieben.
Mir stellt sich eben die Frage, ob das überhaupt Malware ist oder eventuell ein normaler Prozess, der mir als Laie eben nur in Auge gesprungen ist ...
Wahrscheinlich bin ich bei einer Analyse tatsächlich besser aufgehoben.

Also bitte: schiebi-schiebi-mache
__________________

Alt 17.12.2012, 19:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Ok, hab schiebi gemacht

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2012, 20:24   #5
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Hallo,

hier die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 17.12.2012 20:12:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ralf Wedel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,07% Memory free
15,96 Gb Paging File | 13,83 Gb Available in Paging File | 86,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 0,72 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive D: | 449,09 Gb Total Space | 435,01 Gb Free Space | 96,87% Space Free | Partition Type: NTFS
Drive E: | 482,42 Gb Total Space | 304,08 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
 
Computer Name: RALFWEDEL-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.17 20:10:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf Wedel\Desktop\OTL.exe
PRC - [2012.12.17 10:26:43 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\RALFWE~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012.12.03 21:39:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2011.10.17 17:59:13 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2011.10.17 17:58:06 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2011.03.31 04:37:10 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe
PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.15 12:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.08 14:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009.05.04 18:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.17 10:26:43 | 000,697,884 | ---- | M] () -- C:\Users\RALFWE~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0016\~df394b.tmp
MOD - [2012.12.17 10:26:43 | 000,592,896 | ---- | M] () -- C:\Users\RALFWE~1\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0016\~de6248.tmp
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll
MOD - [2011.03.31 04:37:10 | 000,491,520 | ---- | M] () -- C:\Windows\system\cmau106.dll
MOD - [2011.03.31 04:37:10 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe
MOD - [2009.04.20 10:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.15 21:47:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.03 21:39:43 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2011.10.17 17:59:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.10.17 17:59:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.10.17 17:59:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.08 20:44:43 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011.10.17 17:58:06 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.03.31 04:37:23 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.01.16 21:00:42 | 000,013,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\.DEFAULT\..\SearchScopes\{387B71AB-63BE-495f-AB16-2138C14CEF57}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
IE - HKU\.DEFAULT\..\SearchScopes\{5020147F-054C-49cd-A2F2-D97160CF9C14}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-18\..\SearchScopes\{387B71AB-63BE-495f-AB16-2138C14CEF57}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
IE - HKU\S-1-5-18\..\SearchScopes\{5020147F-054C-49cd-A2F2-D97160CF9C14}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=6a2002de000000000000002522cc5fb3
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 5E 1C E6 E6 8C CC 01  [binary data]
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=6a2002de000000000000002522cc5fb3
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{26B4244B-C442-4b77-A41E-0547AF0D044A}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\..\SearchScopes\{61C28394-F303-4c40-97DC-EF17DC50784B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 8E D5 63 12 DA CD 01  [binary data]
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes,DefaultScope = {06C4E017-6066-4ca6-BBA6-073E405C3296}
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{06C4E017-6066-4ca6-BBA6-073E405C3296}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms}
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{3C43DBF3-F4EF-40CD-AC85-004A8A8700E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=975BC462-0215-4E04-85A7-18BA4BE5B297&apn_sauid=82AA2D18-0A96-437C-86AF-945E92F1EE3C
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{4C96CEE1-01E4-42da-B325-C53A9BBB10FC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\SearchScopes\{6ED25BBE-3D67-42c1-AF28-C7FB20CA7DB7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.06 20:22:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.16 21:55:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.18 20:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.03 16:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.23 12:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.06 20:22:55 | 000,000,000 | ---D | M]
 
[2012.03.06 22:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.26 22:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.03.06 22:35:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.29 08:17:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.07 20:12:10 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: Google Drive = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DealPly = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Mail = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SmartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" File not found
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2006095363-1618975956-3749406713-1004..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Kerstin Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2748BC59-DAB4-45B7-91A0-F7A04EE3144E}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 16:18:59 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Malwarebytes
[2012.12.17 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 16:18:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.16 21:56:18 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Google
[2012.12.16 21:55:47 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.12.16 21:55:47 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.12.16 21:55:47 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.12.16 21:55:47 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.12.16 21:55:47 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.12.16 21:55:47 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.12.16 21:55:47 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.12.16 21:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.12.16 21:55:39 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.12.16 21:55:39 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.12.16 21:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.12.16 21:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.16 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.12.16 17:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.12.14 16:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.12.14 16:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.12.07 14:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDUSA NX
[2012.12.07 14:55:54 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM106.dll
[2012.12.07 14:55:49 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa106.dll
[2012.12.07 14:55:46 | 001,307,648 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10664.sys
[2012.12.07 14:55:46 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr106.dll
[2012.12.04 17:03:51 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
[2012.12.04 16:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.03 20:42:09 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.12.03 20:40:25 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\PunkBuster
[2012.12.03 16:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.12.03 15:49:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.12.02 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.27 13:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.21 20:18:34 | 000,000,000 | ---D | C] -- C:\temp
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 19:51:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2006095363-1618975956-3749406713-1000UA.job
[2012.12.17 19:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.17 16:20:12 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 15:51:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2006095363-1618975956-3749406713-1000Core.job
[2012.12.17 14:45:54 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.17 14:45:54 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.17 14:44:22 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.17 10:33:40 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 10:33:40 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 10:30:44 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.17 10:30:44 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.17 10:30:44 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.17 10:30:44 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.17 10:30:44 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 10:26:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 10:26:31 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.16 21:55:47 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.16 21:55:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.12.16 21:04:43 | 583,264,448 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.14 16:47:54 | 000,001,156 | ---- | M] () -- C:\Users\ADMIN\Desktop\Splashtop Connect aktivieren.lnk
[2012.12.14 10:21:42 | 000,294,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.07 14:55:57 | 000,001,782 | ---- | M] () -- C:\Users\ADMIN\Desktop\MEDUSA NX USB 5.1 Gaming Headset.lnk
[2012.12.07 14:55:57 | 000,000,604 | ---- | M] () -- C:\Windows\Cm106.ini.cfl
[2012.12.07 14:55:49 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012.12.07 14:55:48 | 000,001,085 | ---- | M] () -- C:\Windows\Cm106.ini.imi
[2012.12.07 14:55:43 | 000,001,034 | ---- | M] () -- C:\Windows\System\Cm106.ini
[2012.12.04 17:03:51 | 000,000,774 | ---- | M] () -- C:\Users\ADMIN\Desktop\EVGA Precision.lnk
[2012.12.03 21:39:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.03 20:42:09 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.03 16:12:39 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.17 16:18:49 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 21:55:47 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.16 21:55:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.12.15 21:21:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.14 16:48:57 | 000,000,649 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.12.13 12:29:54 | 583,264,448 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.07 14:55:57 | 000,001,782 | ---- | C] () -- C:\Users\ADMIN\Desktop\MEDUSA NX USB 5.1 Gaming Headset.lnk
[2012.12.07 14:55:56 | 000,491,520 | ---- | C] () -- C:\Windows\System\cmau106.dll
[2012.12.07 14:55:56 | 000,221,184 | ---- | C] () -- C:\Windows\System\cm106eye.exe
[2012.12.07 14:55:56 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2012.12.07 14:55:56 | 000,013,782 | ---- | C] () -- C:\Windows\logoSPLK.bmp
[2012.12.07 14:55:55 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM106.cpl
[2012.12.07 14:55:49 | 000,000,604 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2012.12.07 14:55:48 | 000,804,352 | ---- | C] () -- C:\Windows\SysNative\Cmeau106.exe
[2012.12.07 14:55:48 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012.12.07 14:55:43 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012.12.07 14:55:43 | 000,003,059 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2012.12.07 14:55:43 | 000,001,085 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.12.04 17:03:51 | 000,000,774 | ---- | C] () -- C:\Users\ADMIN\Desktop\EVGA Precision.lnk
[2012.12.03 21:30:33 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.03 21:30:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.03 21:30:32 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.12.03 20:42:09 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.12.03 16:12:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.03 16:12:39 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.07.06 20:21:45 | 000,245,316 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.07.06 20:21:45 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.05.20 15:33:58 | 000,245,485 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012.05.20 15:28:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.10.17 17:59:58 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2011.10.17 17:59:58 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011.10.17 17:59:58 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011.10.17 17:59:48 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.10.17 17:59:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.03.31 04:37:10 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.28 12:06:21 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Splashtop
[2012.02.22 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\Kerstin Wedel\AppData\Roaming\OpenOffice.org
[2011.11.01 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Kerstin Wedel\AppData\Roaming\Splashtop
[2011.11.01 18:30:40 | 000,000,000 | ---D | M] -- C:\Users\Kerstin Wedel\AppData\Roaming\Thunderbird
[2011.12.07 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Babylon
[2011.10.17 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\DeviceVm
[2012.01.29 01:30:10 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\OpenOffice.org
[2012.11.30 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Origin
[2012.12.17 10:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\QuickScan
[2011.10.17 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Splashtop
[2011.10.23 12:33:43 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Thunderbird
[2012.03.12 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\TS3Client
[2012.12.15 14:22:26 | 000,000,000 | ---D | M] -- C:\Users\Ralf Wedel\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.28 12:06:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.12.16 21:55:46 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.17 17:49:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.10.17 17:53:45 | 000,000,000 | ---D | M] -- C:\Intel
[2012.11.21 08:48:21 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.16 21:55:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.16 21:59:07 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.17 16:18:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.17 17:49:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.17 17:49:38 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.17 20:13:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.21 20:18:34 | 000,000,000 | ---D | M] -- C:\temp
[2012.06.28 12:06:09 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.16 21:55:39 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.06 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Adobe
[2012.07.07 12:04:22 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\HP
[2012.07.06 20:36:59 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\HpUpdate
[2012.06.28 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Identities
[2012.07.06 20:34:42 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Macromedia
[2012.12.17 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Media Center Programs
[2012.12.03 15:53:01 | 000,000,000 | --SD | M] -- C:\Users\ADMIN\AppData\Roaming\Microsoft
[2012.06.28 12:06:21 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Splashtop
[2012.07.06 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\ADMIN\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
Und hier noch die ebenfalls geöffnete Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 17.12.2012 20:12:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ralf Wedel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,07% Memory free
15,96 Gb Paging File | 13,83 Gb Available in Paging File | 86,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 0,72 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive D: | 449,09 Gb Total Space | 435,01 Gb Free Space | 96,87% Space Free | Partition Type: NTFS
Drive E: | 482,42 Gb Total Space | 304,08 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
 
Computer Name: RALFWEDEL-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BBDB49-11C1-4D3D-AE75-3853C8F75ABB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0A17FB93-5A02-4154-B416-1AF8572FAE30}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{0E5E35F4-2098-47CC-8C32-D0F59FB3B2D5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F16A7A0-E58E-4ECE-87B6-8227C033808B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{14098F68-0F63-43DD-87C7-D330391E4821}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{1671F303-9596-4B71-B2ED-6693138FA307}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{226D4BF4-D354-4BC0-A9DD-7E8DF360BE41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{3087CE7D-69AF-4BA9-A379-E450A5C782DB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{3C1F51D4-34E3-4F8E-82D2-30E114233F0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{47A801AD-C19A-455C-BB89-DF507FCC535D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4BEF22B3-9008-4E76-AC2D-14B0BF0C93AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{50E0BCB4-E326-4FE7-B2AB-174A3CA10638}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{5133E067-D461-4BB1-995D-A27265990E56}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{5C779E04-7DC3-44AD-A440-C50799C2FE70}" = protocol=6 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs36e6\hppiw.exe | 
"{63A45FD1-7FF5-4FCF-A885-C1053737D767}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{67041AF1-7FAF-4492-8BBB-ADA434D982F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{6A24727A-01AE-4FFB-977F-C46C818A2D68}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{7DF60815-837A-4557-B71C-145533F9F029}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{829221A4-86A4-46C2-869E-DD85ADB89EDD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{85D7079F-D062-43F0-A203-2B5B6CDF25BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{99EC12B1-7284-4579-BC93-7FFD62AC9C63}" = protocol=17 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs39d2\hppiw.exe | 
"{9E6969F3-DEA1-44FF-96F1-5EA3584BABAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{B2919292-77CA-426C-B302-2C04D85EE3A9}" = protocol=17 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs36e6\hppiw.exe | 
"{B36BECCB-BD84-4DA1-9219-A0FA5A3EC9A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{C22DC5DA-7A9E-4287-BA1F-343494412405}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{C874B801-31D0-42B0-B990-1F24EA18EAB4}" = protocol=6 | dir=in | app=c:\users\kerstin wedel\appdata\local\temp\7zs39d2\hppiw.exe | 
"{CEF19EA1-53AF-40D4-8275-A422DC0A7ADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{D70CCFA4-08BB-4793-A233-2AA5DDAE8587}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{D76751F9-1BB0-4F97-8F1C-F34BE60E4297}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{E0130FAD-E717-4526-94F9-BB6CBC2E122C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{E3137623-98F5-4DC7-BD86-4EE7FB5D4693}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{E42A8F36-EC34-4B28-8C04-F64DA0F2261C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E452BA73-3ED5-4F57-874F-8A2933DD5B87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{E9E37C7D-9EF0-4DAD-8CC4-181856BD1A10}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F192D1AF-9CBA-4DCC-9652-417C567C1757}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{F8B5F3D1-FB0C-4646-8D64-375D21097070}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"TCP Query User{9CB1B32D-72BF-4774-9E7B-D1A94E653C78}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{F853E47C-F808-485A-8526-49B65EC7E14E}C:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{FE5B127F-45FF-4C24-8BEE-7729C77CF5DA}D:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{9339C68B-44DF-43FF-8965-1C7D26E92356}D:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{9E74E796-3C4C-4DC2-AD74-1C8D7C4596CC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{A7D2583B-C320-48C6-851D-8A3502FC7032}C:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ralf wedel\appdata\local\google\chrome\application\chrome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"C-Media CM106 Like Sound Driver" = MEDUSA NX USB 5.1 Gaming Headset
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}" = Splashtop Connect IE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.54
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DealPly" = DealPly
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Precision" = EVGA Precision 2.1.2
"PunkBusterSvc" = PunkBuster Services
"SystemRequirementsLab" = System Requirements Lab
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.4 (64-bit)
"XFastUsb" = XFastUsb
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2006095363-1618975956-3749406713-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2012 10:58:43 | Computer Name = RalfWedel-PC | Source = MsiInstaller | ID = 11601
Description = 
 
Error - 03.12.2012 10:58:44 | Computer Name = RalfWedel-PC | Source = MsiInstaller | ID = 11601
Description = 
 
Error - 04.12.2012 08:02:48 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1360    Startzeit:
 01cdd216564f5752    Endzeit: 304    Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
 3\bf3.exe    Berichts-ID:   
 
Error - 10.12.2012 06:28:44 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x508b5457  Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1070, Zeitstempel:
 0x50b9768b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008521  ID des fehlerhaften Prozesses:
 0x102c  Startzeit der fehlerhaften Anwendung: 0x01cdd6bed275e24b  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\nvwgf2um.dll  Berichtskennung: 5f206391-42b4-11e2-bf8a-002522cc5fb3
 
Error - 13.12.2012 09:45:35 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x508b5457  Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1070, Zeitstempel:
 0x50b9768b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001f05af  ID des fehlerhaften Prozesses:
 0xe90  Startzeit der fehlerhaften Anwendung: 0x01cdd935e27ed4dd  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\nvwgf2um.dll  Berichtskennung: 5e41b245-452b-11e2-a314-002522cc5fb3
 
Error - 13.12.2012 10:49:37 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x508b5457  Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1070, Zeitstempel:
 0x50b9768b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00103a7d  ID des fehlerhaften Prozesses:
 0xe74  Startzeit der fehlerhaften Anwendung: 0x01cdd93b9aa7206d  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\nvwgf2um.dll  Berichtskennung: 503efe3b-4534-11e2-a314-002522cc5fb3
 
Error - 15.12.2012 16:33:49 | Computer Name = RalfWedel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x508b5457  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x1340  Startzeit der fehlerhaften Anwendung: 0x01cddb01b660692c  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: baa573a2-46f6-11e2-b318-002522cc5fb3
 
Error - 16.12.2012 17:42:51 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1180    Startzeit:
 01cddbd608b36af6    Endzeit: 29    Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
 3\bf3.exe    Berichts-ID:   
 
Error - 16.12.2012 17:45:54 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dbc    Startzeit: 
01cddbd66bccfb2f    Endzeit: 22    Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
 3\bf3.exe    Berichts-ID:   
 
Error - 17.12.2012 06:57:25 | Computer Name = RalfWedel-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 88c    Startzeit: 
01cddc44d6fef626    Endzeit: 23    Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
 3\bf3.exe    Berichts-ID:   
 
[ System Events ]
Error - 12.12.2012 06:10:00 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.12.2012 07:29:55 | Computer Name = RalfWedel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?12.?2012 um 12:28:50 unerwartet heruntergefahren.
 
Error - 13.12.2012 07:30:10 | Computer Name = RalfWedel-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 13.12.2012 07:31:15 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 15.12.2012 15:01:53 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 16.12.2012 14:00:07 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 16.12.2012 16:04:45 | Computer Name = RalfWedel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?12.?2012 um 21:02:59 unerwartet heruntergefahren.
 
Error - 16.12.2012 16:04:51 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 16.12.2012 16:04:54 | Computer Name = RalfWedel-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 16.12.2012 17:43:29 | Computer Name = RalfWedel-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
Klarname kann ruhig drin bleiben.
Wer will schon was damit


Alt 17.12.2012, 20:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Code:
ATTFilter
64bit- Professional Service Pack 1
         
Wieso ein Windows Professional?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
--> SMTP-Aktivität ohne Auslösung durch User

Alt 17.12.2012, 20:43   #7
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Hi,

nein, ist mein privater Rechner.
Habe die Pro-Version, da die der Verkäufer günstig übrig hatte.

Alt 17.12.2012, 23:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2012, 10:32   #9
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



zu 1.) Es wurden keine Definitionen geladen oder abgefragt, ob etwas geladen werden soll.
Den Scan habe ich trotzdem laufen lassen:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-18 10:24:20
-----------------------------
10:24:20.797    OS Version: Windows x64 6.1.7601 Service Pack 1
10:24:20.797    Number of processors: 8 586 0x2A07
10:24:20.798    ComputerName: RALFWEDEL-PC  UserName: ADMIN
10:24:20.931    Initialize success
10:24:20.975    AVAST engine defs: 12121702
10:25:18.796    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:25:18.800    Disk 0 Vendor: OCZ-AGILITY3 2.13 Size: 57241MB BusType: 3
10:25:18.808    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:25:18.812    Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3
10:25:18.826    Disk 0 MBR read successfully
10:25:18.830    Disk 0 MBR scan
10:25:18.833    Disk 0 Windows 7 default MBR code
10:25:18.837    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:25:18.841    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        57139 MB offset 206848
10:25:18.847    Disk 0 scanning C:\Windows\system32\drivers
10:25:20.182    Service scanning
10:25:23.201    Modules scanning
10:25:23.210    Disk 0 trace - called modules:
10:25:23.218    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
10:25:23.225    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007239790]
10:25:23.230    3 CLASSPNP.SYS[fffff8800197943f] -> nt!IofCallDriver -> [0xfffffa8007042520]
10:25:23.235    5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007003060]
10:25:23.376    AVAST engine scan C:\Windows
10:25:23.674    AVAST engine scan C:\Windows\system32
10:25:44.725    AVAST engine scan C:\Windows\system32\drivers
10:25:46.098    AVAST engine scan C:\Users\ADMIN
10:25:51.716    AVAST engine scan C:\ProgramData
10:25:56.098    Scan finished successfully
10:26:15.068    Disk 0 MBR has been saved successfully to "C:\Users\Ralf Wedel\Desktop\MBR.dat"
10:26:15.071    The log file has been saved successfully to "C:\Users\Ralf Wedel\Desktop\aswMBR.txt"
         

zu 2.)

Code:
ATTFilter
10:26:53.0809 4744  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:26:54.0029 4744  ============================================================
10:26:54.0029 4744  Current date / time: 2012/12/18 10:26:54.0029
10:26:54.0029 4744  SystemInfo:
10:26:54.0029 4744  
10:26:54.0029 4744  OS Version: 6.1.7601 ServicePack: 1.0
10:26:54.0029 4744  Product type: Workstation
10:26:54.0029 4744  ComputerName: RALFWEDEL-PC
10:26:54.0030 4744  UserName: ADMIN
10:26:54.0030 4744  Windows directory: C:\Windows
10:26:54.0030 4744  System windows directory: C:\Windows
10:26:54.0030 4744  Running under WOW64
10:26:54.0030 4744  Processor architecture: Intel x64
10:26:54.0030 4744  Number of processors: 8
10:26:54.0030 4744  Page size: 0x1000
10:26:54.0030 4744  Boot type: Normal boot
10:26:54.0030 4744  ============================================================
10:26:54.0177 4744  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:26:54.0186 4744  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:26:54.0199 4744  ============================================================
10:26:54.0199 4744  \Device\Harddisk0\DR0:
10:26:54.0199 4744  MBR partitions:
10:26:54.0199 4744  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:26:54.0199 4744  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
10:26:54.0199 4744  \Device\Harddisk1\DR1:
10:26:54.0199 4744  MBR partitions:
10:26:54.0199 4744  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3822E000
10:26:54.0199 4744  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3822E800, BlocksNum 0x3C4D7800
10:26:54.0199 4744  ============================================================
10:26:54.0200 4744  C: <-> \Device\Harddisk0\DR0\Partition2
10:26:54.0225 4744  D: <-> \Device\Harddisk1\DR1\Partition1
10:26:54.0256 4744  E: <-> \Device\Harddisk1\DR1\Partition2
10:26:54.0256 4744  ============================================================
10:26:54.0256 4744  Initialize success
10:26:54.0256 4744  ============================================================
10:27:11.0562 1324  ============================================================
10:27:11.0562 1324  Scan started
10:27:11.0562 1324  Mode: Manual; 
10:27:11.0562 1324  ============================================================
10:27:11.0691 1324  ================ Scan system memory ========================
10:27:11.0691 1324  System memory - ok
10:27:11.0692 1324  ================ Scan services =============================
10:27:11.0727 1324  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:27:11.0731 1324  1394ohci - ok
10:27:11.0740 1324  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:27:11.0745 1324  ACPI - ok
10:27:11.0748 1324  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:27:11.0750 1324  AcpiPmi - ok
10:27:11.0755 1324  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:11.0756 1324  AdobeARMservice - ok
10:27:11.0782 1324  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:27:11.0786 1324  AdobeFlashPlayerUpdateSvc - ok
10:27:11.0798 1324  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:27:11.0806 1324  adp94xx - ok
10:27:11.0815 1324  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:27:11.0820 1324  adpahci - ok
10:27:11.0826 1324  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:27:11.0830 1324  adpu320 - ok
10:27:11.0836 1324  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:27:11.0837 1324  AeLookupSvc - ok
10:27:11.0846 1324  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:27:11.0852 1324  AFD - ok
10:27:11.0857 1324  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:27:11.0858 1324  agp440 - ok
10:27:11.0862 1324  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:27:11.0863 1324  ALG - ok
10:27:11.0867 1324  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:27:11.0867 1324  aliide - ok
10:27:11.0871 1324  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:27:11.0872 1324  amdide - ok
10:27:11.0876 1324  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:27:11.0877 1324  AmdK8 - ok
10:27:11.0881 1324  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:27:11.0882 1324  AmdPPM - ok
10:27:11.0887 1324  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:27:11.0888 1324  amdsata - ok
10:27:11.0895 1324  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:27:11.0896 1324  amdsbs - ok
10:27:11.0900 1324  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:27:11.0901 1324  amdxata - ok
10:27:11.0906 1324  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:27:11.0906 1324  AppID - ok
10:27:11.0910 1324  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:27:11.0911 1324  AppIDSvc - ok
10:27:11.0916 1324  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:27:11.0917 1324  Appinfo - ok
10:27:11.0921 1324  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:27:11.0922 1324  AppMgmt - ok
10:27:11.0926 1324  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:27:11.0926 1324  arc - ok
10:27:11.0928 1324  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:27:11.0930 1324  arcsas - ok
10:27:11.0932 1324  [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
10:27:11.0932 1324  AsrAppCharger - ok
10:27:11.0935 1324  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
10:27:11.0935 1324  aswFsBlk - ok
10:27:11.0937 1324  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:27:11.0938 1324  aswMonFlt - ok
10:27:11.0941 1324  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
10:27:11.0941 1324  aswRdr - ok
10:27:11.0951 1324  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
10:27:11.0955 1324  aswSnx - ok
10:27:11.0961 1324  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:27:11.0962 1324  aswSP - ok
10:27:11.0965 1324  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
10:27:11.0966 1324  aswTdi - ok
10:27:11.0967 1324  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:11.0967 1324  AsyncMac - ok
10:27:11.0970 1324  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:27:11.0971 1324  atapi - ok
10:27:11.0980 1324  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:27:11.0987 1324  AudioEndpointBuilder - ok
10:27:11.0996 1324  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:27:12.0000 1324  AudioSrv - ok
10:27:12.0003 1324  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:27:12.0005 1324  avast! Antivirus - ok
10:27:12.0007 1324  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:27:12.0008 1324  AxInstSV - ok
10:27:12.0016 1324  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:27:12.0021 1324  b06bdrv - ok
10:27:12.0026 1324  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:27:12.0027 1324  b57nd60a - ok
10:27:12.0032 1324  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:27:12.0032 1324  BDESVC - ok
10:27:12.0035 1324  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:27:12.0035 1324  Beep - ok
10:27:12.0045 1324  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:27:12.0052 1324  BFE - ok
10:27:12.0063 1324  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:27:12.0077 1324  BITS - ok
10:27:12.0082 1324  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:27:12.0082 1324  blbdrive - ok
10:27:12.0087 1324  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:27:12.0088 1324  bowser - ok
10:27:12.0092 1324  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:27:12.0093 1324  BrFiltLo - ok
10:27:12.0096 1324  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:27:12.0097 1324  BrFiltUp - ok
10:27:12.0102 1324  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:27:12.0103 1324  Browser - ok
10:27:12.0111 1324  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:27:12.0113 1324  Brserid - ok
10:27:12.0117 1324  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:12.0120 1324  BrSerWdm - ok
10:27:12.0122 1324  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:12.0123 1324  BrUsbMdm - ok
10:27:12.0127 1324  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:12.0127 1324  BrUsbSer - ok
10:27:12.0130 1324  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:27:12.0130 1324  BTHMODEM - ok
10:27:12.0135 1324  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:27:12.0135 1324  bthserv - ok
10:27:12.0137 1324  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:27:12.0138 1324  cdfs - ok
10:27:12.0142 1324  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
10:27:12.0143 1324  cdrom - ok
10:27:12.0147 1324  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:27:12.0147 1324  CertPropSvc - ok
10:27:12.0151 1324  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:27:12.0151 1324  circlass - ok
10:27:12.0157 1324  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:27:12.0162 1324  CLFS - ok
10:27:12.0168 1324  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:12.0170 1324  clr_optimization_v2.0.50727_32 - ok
10:27:12.0173 1324  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:27:12.0175 1324  clr_optimization_v2.0.50727_64 - ok
10:27:12.0177 1324  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:12.0177 1324  CmBatt - ok
10:27:12.0180 1324  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:27:12.0180 1324  cmdide - ok
10:27:12.0186 1324  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:27:12.0192 1324  CNG - ok
10:27:12.0195 1324  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:27:12.0195 1324  Compbatt - ok
10:27:12.0197 1324  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:27:12.0197 1324  CompositeBus - ok
10:27:12.0200 1324  COMSysApp - ok
10:27:12.0202 1324  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:27:12.0202 1324  crcdisk - ok
10:27:12.0205 1324  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
10:27:12.0206 1324  Creative ALchemy AL6 Licensing Service - ok
10:27:12.0208 1324  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:27:12.0210 1324  Creative Audio Engine Licensing Service - ok
10:27:12.0213 1324  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:27:12.0215 1324  CryptSvc - ok
10:27:12.0223 1324  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
10:27:12.0231 1324  CSC - ok
10:27:12.0247 1324  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
10:27:12.0258 1324  CscService - ok
10:27:12.0268 1324  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
10:27:12.0272 1324  CTAudSvcService - ok
10:27:12.0286 1324  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:27:12.0297 1324  DcomLaunch - ok
10:27:12.0305 1324  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:27:12.0310 1324  defragsvc - ok
10:27:12.0315 1324  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:27:12.0317 1324  DfsC - ok
10:27:12.0325 1324  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:27:12.0330 1324  Dhcp - ok
10:27:12.0333 1324  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:27:12.0335 1324  discache - ok
10:27:12.0338 1324  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:27:12.0340 1324  Disk - ok
10:27:12.0346 1324  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:27:12.0348 1324  Dnscache - ok
10:27:12.0356 1324  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:27:12.0361 1324  dot3svc - ok
10:27:12.0366 1324  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
10:27:12.0367 1324  Dot4 - ok
10:27:12.0372 1324  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:27:12.0372 1324  Dot4Print - ok
10:27:12.0376 1324  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
10:27:12.0377 1324  dot4usb - ok
10:27:12.0382 1324  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:27:12.0385 1324  DPS - ok
10:27:12.0388 1324  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:27:12.0388 1324  drmkaud - ok
10:27:12.0407 1324  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:27:12.0415 1324  DXGKrnl - ok
10:27:12.0421 1324  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:27:12.0422 1324  EapHost - ok
10:27:12.0475 1324  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:27:12.0523 1324  ebdrv - ok
10:27:12.0528 1324  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:27:12.0532 1324  EFS - ok
10:27:12.0548 1324  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:27:12.0560 1324  ehRecvr - ok
10:27:12.0565 1324  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:27:12.0566 1324  ehSched - ok
10:27:12.0577 1324  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:27:12.0585 1324  elxstor - ok
10:27:12.0588 1324  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:27:12.0588 1324  ErrDev - ok
10:27:12.0595 1324  [ DF2F6C1E55F6E81CFC7F688380D85816 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
10:27:12.0595 1324  EtronHub3 - ok
10:27:12.0600 1324  [ E093ABFB67A4B9D94F80611A7D0A8BB9 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
10:27:12.0600 1324  EtronXHCI - ok
10:27:12.0611 1324  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:27:12.0617 1324  EventSystem - ok
10:27:12.0625 1324  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:27:12.0627 1324  exfat - ok
10:27:12.0633 1324  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:27:12.0637 1324  fastfat - ok
10:27:12.0650 1324  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:27:12.0661 1324  Fax - ok
10:27:12.0665 1324  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:27:12.0666 1324  fdc - ok
10:27:12.0670 1324  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:27:12.0671 1324  fdPHost - ok
10:27:12.0675 1324  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:27:12.0677 1324  FDResPub - ok
10:27:12.0681 1324  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:27:12.0682 1324  FileInfo - ok
10:27:12.0686 1324  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:27:12.0687 1324  Filetrace - ok
10:27:12.0690 1324  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:12.0691 1324  flpydisk - ok
10:27:12.0697 1324  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:27:12.0700 1324  FltMgr - ok
10:27:12.0703 1324  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
10:27:12.0703 1324  FNETTBOH_305 - ok
10:27:12.0706 1324  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
10:27:12.0706 1324  FNETURPX - ok
10:27:12.0720 1324  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
10:27:12.0735 1324  FontCache - ok
10:27:12.0740 1324  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:27:12.0741 1324  FontCache3.0.0.0 - ok
10:27:12.0746 1324  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:27:12.0746 1324  FsDepends - ok
10:27:12.0750 1324  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:27:12.0751 1324  Fs_Rec - ok
10:27:12.0757 1324  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:27:12.0760 1324  fvevol - ok
10:27:12.0762 1324  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:27:12.0763 1324  gagp30kx - ok
10:27:12.0773 1324  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:27:12.0781 1324  gpsvc - ok
10:27:12.0783 1324  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:27:12.0785 1324  hcw85cir - ok
10:27:12.0792 1324  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:27:12.0797 1324  HdAudAddService - ok
10:27:12.0802 1324  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:27:12.0803 1324  HDAudBus - ok
10:27:12.0807 1324  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:27:12.0808 1324  HidBatt - ok
10:27:12.0815 1324  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:27:12.0816 1324  HidBth - ok
10:27:12.0818 1324  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:27:12.0820 1324  HidIr - ok
10:27:12.0822 1324  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:27:12.0823 1324  hidserv - ok
10:27:12.0825 1324  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:27:12.0826 1324  HidUsb - ok
10:27:12.0828 1324  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:27:12.0831 1324  hkmsvc - ok
10:27:12.0836 1324  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:27:12.0840 1324  HomeGroupListener - ok
10:27:12.0843 1324  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:27:12.0847 1324  HomeGroupProvider - ok
10:27:12.0856 1324  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:27:12.0858 1324  hpqcxs08 - ok
10:27:12.0861 1324  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:27:12.0862 1324  hpqddsvc - ok
10:27:12.0866 1324  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:27:12.0866 1324  HpSAMD - ok
10:27:12.0878 1324  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:27:12.0887 1324  HPSLPSVC - ok
10:27:12.0900 1324  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:27:12.0908 1324  HTTP - ok
10:27:12.0911 1324  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:27:12.0911 1324  hwpolicy - ok
10:27:12.0915 1324  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:27:12.0916 1324  i8042prt - ok
10:27:12.0922 1324  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:27:12.0926 1324  iaStorV - ok
10:27:12.0938 1324  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:27:12.0948 1324  idsvc - ok
10:27:12.0951 1324  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:27:12.0952 1324  iirsp - ok
10:27:12.0963 1324  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:27:12.0973 1324  IKEEXT - ok
10:27:13.0007 1324  [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:27:13.0017 1324  IntcAzAudAddService - ok
10:27:13.0021 1324  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:27:13.0021 1324  intelide - ok
10:27:13.0025 1324  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:27:13.0025 1324  intelppm - ok
10:27:13.0027 1324  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:27:13.0028 1324  IPBusEnum - ok
10:27:13.0032 1324  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:13.0032 1324  IpFilterDriver - ok
10:27:13.0040 1324  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:27:13.0045 1324  iphlpsvc - ok
10:27:13.0047 1324  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:27:13.0048 1324  IPMIDRV - ok
10:27:13.0051 1324  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:27:13.0052 1324  IPNAT - ok
10:27:13.0053 1324  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:27:13.0055 1324  IRENUM - ok
10:27:13.0056 1324  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:27:13.0056 1324  isapnp - ok
10:27:13.0061 1324  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:27:13.0063 1324  iScsiPrt - ok
10:27:13.0066 1324  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:13.0066 1324  kbdclass - ok
10:27:13.0068 1324  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:27:13.0068 1324  kbdhid - ok
10:27:13.0070 1324  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:27:13.0071 1324  KeyIso - ok
10:27:13.0075 1324  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:27:13.0075 1324  KSecDD - ok
10:27:13.0078 1324  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:27:13.0080 1324  KSecPkg - ok
10:27:13.0086 1324  [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
10:27:13.0087 1324  KSS - ok
10:27:13.0088 1324  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:27:13.0090 1324  ksthunk - ok
10:27:13.0096 1324  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:27:13.0101 1324  KtmRm - ok
10:27:13.0105 1324  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:27:13.0108 1324  LanmanServer - ok
10:27:13.0111 1324  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:27:13.0113 1324  LanmanWorkstation - ok
10:27:13.0117 1324  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:27:13.0117 1324  lltdio - ok
10:27:13.0121 1324  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:27:13.0125 1324  lltdsvc - ok
10:27:13.0126 1324  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:27:13.0127 1324  lmhosts - ok
10:27:13.0131 1324  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:27:13.0131 1324  LSI_FC - ok
10:27:13.0135 1324  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:27:13.0136 1324  LSI_SAS - ok
10:27:13.0137 1324  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:27:13.0138 1324  LSI_SAS2 - ok
10:27:13.0141 1324  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:27:13.0142 1324  LSI_SCSI - ok
10:27:13.0145 1324  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:27:13.0146 1324  luafv - ok
10:27:13.0150 1324  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
10:27:13.0152 1324  McComponentHostService - ok
10:27:13.0155 1324  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:27:13.0156 1324  Mcx2Svc - ok
10:27:13.0158 1324  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:27:13.0158 1324  megasas - ok
10:27:13.0163 1324  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:27:13.0166 1324  MegaSR - ok
10:27:13.0168 1324  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:27:13.0168 1324  MEIx64 - ok
10:27:13.0171 1324  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:27:13.0172 1324  MMCSS - ok
10:27:13.0175 1324  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:27:13.0175 1324  Modem - ok
10:27:13.0178 1324  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:27:13.0180 1324  monitor - ok
10:27:13.0183 1324  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:27:13.0185 1324  mouclass - ok
10:27:13.0188 1324  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:27:13.0188 1324  mouhid - ok
10:27:13.0193 1324  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:27:13.0195 1324  mountmgr - ok
10:27:13.0201 1324  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:27:13.0202 1324  mpio - ok
10:27:13.0207 1324  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:27:13.0208 1324  mpsdrv - ok
10:27:13.0223 1324  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:27:13.0237 1324  MpsSvc - ok
10:27:13.0252 1324  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:27:13.0255 1324  MRxDAV - ok
10:27:13.0260 1324  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:13.0262 1324  mrxsmb - ok
10:27:13.0268 1324  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:13.0272 1324  mrxsmb10 - ok
10:27:13.0277 1324  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:13.0280 1324  mrxsmb20 - ok
10:27:13.0283 1324  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:27:13.0283 1324  msahci - ok
10:27:13.0290 1324  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:27:13.0291 1324  msdsm - ok
10:27:13.0296 1324  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:27:13.0301 1324  MSDTC - ok
10:27:13.0306 1324  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:27:13.0307 1324  Msfs - ok
10:27:13.0311 1324  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:27:13.0311 1324  mshidkmdf - ok
10:27:13.0315 1324  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:27:13.0316 1324  msisadrv - ok
10:27:13.0321 1324  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:27:13.0325 1324  MSiSCSI - ok
10:27:13.0327 1324  msiserver - ok
10:27:13.0331 1324  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:27:13.0332 1324  MSKSSRV - ok
10:27:13.0336 1324  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:13.0336 1324  MSPCLOCK - ok
10:27:13.0340 1324  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:27:13.0340 1324  MSPQM - ok
10:27:13.0348 1324  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:27:13.0353 1324  MsRPC - ok
10:27:13.0360 1324  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:27:13.0361 1324  mssmbios - ok
10:27:13.0365 1324  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:27:13.0366 1324  MSTEE - ok
10:27:13.0370 1324  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:27:13.0370 1324  MTConfig - ok
10:27:13.0373 1324  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:27:13.0375 1324  Mup - ok
10:27:13.0385 1324  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:27:13.0395 1324  napagent - ok
10:27:13.0402 1324  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:27:13.0406 1324  NativeWifiP - ok
10:27:13.0425 1324  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:27:13.0441 1324  NDIS - ok
10:27:13.0445 1324  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:13.0446 1324  NdisCap - ok
10:27:13.0450 1324  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:13.0450 1324  NdisTapi - ok
10:27:13.0455 1324  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:13.0455 1324  Ndisuio - ok
10:27:13.0461 1324  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:13.0463 1324  NdisWan - ok
10:27:13.0467 1324  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:27:13.0468 1324  NDProxy - ok
10:27:13.0475 1324  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:27:13.0476 1324  Net Driver HPZ12 - ok
10:27:13.0478 1324  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:27:13.0478 1324  NetBIOS - ok
10:27:13.0485 1324  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:27:13.0487 1324  NetBT - ok
10:27:13.0490 1324  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:27:13.0491 1324  Netlogon - ok
10:27:13.0497 1324  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:27:13.0502 1324  Netman - ok
10:27:13.0510 1324  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:27:13.0516 1324  netprofm - ok
10:27:13.0518 1324  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:27:13.0520 1324  NetTcpPortSharing - ok
10:27:13.0523 1324  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:27:13.0523 1324  nfrd960 - ok
10:27:13.0530 1324  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:27:13.0533 1324  NlaSvc - ok
10:27:13.0537 1324  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
10:27:13.0538 1324  NPF - ok
10:27:13.0540 1324  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:27:13.0541 1324  Npfs - ok
10:27:13.0542 1324  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:27:13.0545 1324  nsi - ok
10:27:13.0546 1324  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:27:13.0547 1324  nsiproxy - ok
10:27:13.0571 1324  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:27:13.0590 1324  Ntfs - ok
10:27:13.0592 1324  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:27:13.0592 1324  Null - ok
10:27:13.0596 1324  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:27:13.0597 1324  NVHDA - ok
10:27:13.0706 1324  [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:27:13.0743 1324  nvlddmkm - ok
10:27:13.0750 1324  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:27:13.0750 1324  nvraid - ok
10:27:13.0753 1324  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:27:13.0755 1324  nvstor - ok
10:27:13.0763 1324  [ 3341D2C91989BC87C3C0BAA97C27253B ] NVSvc           C:\Windows\system32\nvvsvc.exe
10:27:13.0771 1324  NVSvc - ok
10:27:13.0782 1324  [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:27:13.0787 1324  nvUpdatusService - ok
10:27:13.0791 1324  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:27:13.0792 1324  nv_agp - ok
10:27:13.0795 1324  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:27:13.0796 1324  ohci1394 - ok
10:27:13.0801 1324  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:27:13.0805 1324  p2pimsvc - ok
10:27:13.0811 1324  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:27:13.0817 1324  p2psvc - ok
10:27:13.0820 1324  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:27:13.0820 1324  Parport - ok
10:27:13.0822 1324  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:27:13.0823 1324  partmgr - ok
10:27:13.0827 1324  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:27:13.0830 1324  PcaSvc - ok
10:27:13.0833 1324  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:27:13.0836 1324  pci - ok
10:27:13.0837 1324  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:27:13.0837 1324  pciide - ok
10:27:13.0841 1324  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:27:13.0842 1324  pcmcia - ok
10:27:13.0845 1324  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:27:13.0845 1324  pcw - ok
10:27:13.0853 1324  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:27:13.0860 1324  PEAUTH - ok
10:27:13.0872 1324  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:27:13.0882 1324  PeerDistSvc - ok
10:27:13.0905 1324  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:27:13.0907 1324  PerfHost - ok
10:27:13.0926 1324  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:27:13.0941 1324  pla - ok
10:27:13.0947 1324  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:27:13.0953 1324  PlugPlay - ok
10:27:13.0958 1324  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:27:13.0961 1324  Pml Driver HPZ12 - ok
10:27:13.0966 1324  PnkBstrA - ok
10:27:13.0970 1324  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:27:13.0973 1324  PNRPAutoReg - ok
10:27:13.0982 1324  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:27:13.0987 1324  PNRPsvc - ok
10:27:13.0998 1324  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:27:14.0007 1324  PolicyAgent - ok
10:27:14.0015 1324  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:27:14.0020 1324  Power - ok
10:27:14.0025 1324  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:27:14.0026 1324  PptpMiniport - ok
10:27:14.0031 1324  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:27:14.0031 1324  Processor - ok
10:27:14.0038 1324  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
10:27:14.0043 1324  ProfSvc - ok
10:27:14.0047 1324  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:27:14.0050 1324  ProtectedStorage - ok
10:27:14.0055 1324  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:27:14.0057 1324  Psched - ok
10:27:14.0085 1324  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:27:14.0107 1324  ql2300 - ok
10:27:14.0111 1324  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:27:14.0113 1324  ql40xx - ok
10:27:14.0118 1324  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:27:14.0123 1324  QWAVE - ok
10:27:14.0126 1324  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:27:14.0126 1324  QWAVEdrv - ok
10:27:14.0128 1324  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:27:14.0128 1324  RasAcd - ok
10:27:14.0132 1324  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:27:14.0132 1324  RasAgileVpn - ok
10:27:14.0136 1324  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:27:14.0138 1324  RasAuto - ok
10:27:14.0143 1324  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:14.0145 1324  Rasl2tp - ok
10:27:14.0150 1324  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:27:14.0155 1324  RasMan - ok
10:27:14.0158 1324  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:27:14.0160 1324  RasPppoe - ok
10:27:14.0162 1324  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:27:14.0163 1324  RasSstp - ok
10:27:14.0170 1324  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:27:14.0173 1324  rdbss - ok
10:27:14.0176 1324  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:27:14.0176 1324  rdpbus - ok
10:27:14.0178 1324  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:27:14.0178 1324  RDPCDD - ok
10:27:14.0185 1324  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:27:14.0186 1324  RDPDR - ok
10:27:14.0188 1324  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:27:14.0188 1324  RDPENCDD - ok
10:27:14.0192 1324  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:27:14.0192 1324  RDPREFMP - ok
10:27:14.0196 1324  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:27:14.0197 1324  RDPWD - ok
10:27:14.0201 1324  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:27:14.0203 1324  rdyboost - ok
10:27:14.0206 1324  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:27:14.0207 1324  RemoteAccess - ok
10:27:14.0211 1324  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:27:14.0213 1324  RemoteRegistry - ok
10:27:14.0217 1324  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
10:27:14.0218 1324  rpcapd - ok
10:27:14.0221 1324  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:27:14.0222 1324  RpcEptMapper - ok
10:27:14.0225 1324  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:27:14.0226 1324  RpcLocator - ok
10:27:14.0233 1324  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:27:14.0236 1324  RpcSs - ok
10:27:14.0242 1324  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:27:14.0242 1324  rspndr - ok
10:27:14.0250 1324  [ 515C75D77C64909690C18C08EF3FC310 ] RTCore64        D:\Program Files (x86)\EVGA Precision\RTCore64.sys
10:27:14.0250 1324  RTCore64 - ok
10:27:14.0257 1324  [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:27:14.0260 1324  RTL8167 - ok
10:27:14.0263 1324  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:27:14.0265 1324  s3cap - ok
10:27:14.0268 1324  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:27:14.0271 1324  SamSs - ok
10:27:14.0275 1324  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:27:14.0277 1324  sbp2port - ok
10:27:14.0283 1324  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:27:14.0288 1324  SCardSvr - ok
10:27:14.0300 1324  [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService   C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
10:27:14.0305 1324  SCBackService - ok
10:27:14.0310 1324  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:27:14.0311 1324  scfilter - ok
10:27:14.0327 1324  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:27:14.0342 1324  Schedule - ok
10:27:14.0346 1324  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:27:14.0347 1324  SCPolicySvc - ok
10:27:14.0352 1324  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:27:14.0358 1324  SDRSVC - ok
10:27:14.0362 1324  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:27:14.0363 1324  secdrv - ok
10:27:14.0367 1324  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:27:14.0371 1324  seclogon - ok
10:27:14.0376 1324  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:27:14.0380 1324  SENS - ok
10:27:14.0383 1324  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:27:14.0388 1324  SensrSvc - ok
10:27:14.0392 1324  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:27:14.0392 1324  Serenum - ok
10:27:14.0398 1324  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:27:14.0400 1324  Serial - ok
10:27:14.0403 1324  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:27:14.0405 1324  sermouse - ok
10:27:14.0411 1324  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:27:14.0413 1324  SessionEnv - ok
10:27:14.0416 1324  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:27:14.0416 1324  sffdisk - ok
10:27:14.0418 1324  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:27:14.0418 1324  sffp_mmc - ok
10:27:14.0420 1324  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:27:14.0421 1324  sffp_sd - ok
10:27:14.0422 1324  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:27:14.0423 1324  sfloppy - ok
10:27:14.0428 1324  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:27:14.0432 1324  SharedAccess - ok
10:27:14.0438 1324  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:27:14.0442 1324  ShellHWDetection - ok
10:27:14.0445 1324  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:27:14.0446 1324  SiSRaid2 - ok
10:27:14.0448 1324  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:27:14.0448 1324  SiSRaid4 - ok
10:27:14.0450 1324  SmartViewService - ok
10:27:14.0455 1324  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:27:14.0455 1324  Smb - ok
10:27:14.0458 1324  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:27:14.0460 1324  SNMPTRAP - ok
10:27:14.0463 1324  [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
10:27:14.0463 1324  Sound Blaster X-Fi MB Licensing Service - ok
10:27:14.0466 1324  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:27:14.0466 1324  spldr - ok
10:27:14.0473 1324  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
10:27:14.0481 1324  Spooler - ok
10:27:14.0525 1324  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:27:14.0580 1324  sppsvc - ok
10:27:14.0586 1324  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:27:14.0591 1324  sppuinotify - ok
10:27:14.0601 1324  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:27:14.0607 1324  srv - ok
10:27:14.0617 1324  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:27:14.0625 1324  srv2 - ok
10:27:14.0631 1324  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:27:14.0633 1324  srvnet - ok
10:27:14.0640 1324  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:27:14.0646 1324  SSDPSRV - ok
10:27:14.0650 1324  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:27:14.0655 1324  SstpSvc - ok
10:27:14.0663 1324  [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:27:14.0667 1324  Stereo Service - ok
10:27:14.0672 1324  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:27:14.0672 1324  stexstor - ok
10:27:14.0683 1324  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:27:14.0691 1324  stisvc - ok
10:27:14.0695 1324  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:27:14.0695 1324  storflt - ok
10:27:14.0697 1324  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
10:27:14.0700 1324  StorSvc - ok
10:27:14.0702 1324  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:27:14.0702 1324  storvsc - ok
10:27:14.0705 1324  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:27:14.0706 1324  swenum - ok
10:27:14.0713 1324  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:27:14.0722 1324  swprv - ok
10:27:14.0740 1324  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:27:14.0755 1324  SysMain - ok
10:27:14.0758 1324  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:27:14.0762 1324  TabletInputService - ok
10:27:14.0767 1324  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:27:14.0772 1324  TapiSrv - ok
10:27:14.0775 1324  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:27:14.0777 1324  TBS - ok
10:27:14.0795 1324  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:27:14.0817 1324  Tcpip - ok
10:27:14.0838 1324  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:27:14.0847 1324  TCPIP6 - ok
10:27:14.0852 1324  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:27:14.0853 1324  tcpipreg - ok
10:27:14.0857 1324  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:27:14.0857 1324  TDPIPE - ok
10:27:14.0859 1324  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:27:14.0859 1324  TDTCP - ok
10:27:14.0863 1324  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:27:14.0863 1324  tdx - ok
10:27:14.0866 1324  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:27:14.0866 1324  TermDD - ok
10:27:14.0874 1324  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:27:14.0882 1324  TermService - ok
10:27:14.0884 1324  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:27:14.0887 1324  Themes - ok
10:27:14.0890 1324  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:27:14.0891 1324  THREADORDER - ok
10:27:14.0894 1324  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:27:14.0896 1324  TrkWks - ok
10:27:14.0900 1324  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:27:14.0902 1324  TrustedInstaller - ok
10:27:14.0905 1324  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:27:14.0905 1324  tssecsrv - ok
10:27:14.0908 1324  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:27:14.0908 1324  TsUsbFlt - ok
10:27:14.0911 1324  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:27:14.0912 1324  tunnel - ok
10:27:14.0915 1324  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:27:14.0916 1324  uagp35 - ok
10:27:14.0921 1324  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:27:14.0924 1324  udfs - ok
10:27:14.0928 1324  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:27:14.0930 1324  UI0Detect - ok
10:27:14.0933 1324  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:27:14.0934 1324  uliagpkx - ok
10:27:14.0936 1324  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:27:14.0936 1324  umbus - ok
10:27:14.0939 1324  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:27:14.0939 1324  UmPass - ok
10:27:14.0944 1324  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
10:27:14.0947 1324  UmRdpService - ok
10:27:14.0953 1324  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:27:14.0958 1324  upnphost - ok
10:27:14.0962 1324  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:27:14.0963 1324  usbaudio - ok
10:27:14.0966 1324  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:27:14.0967 1324  usbccgp - ok
10:27:14.0970 1324  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:27:14.0970 1324  usbcir - ok
10:27:14.0973 1324  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:27:14.0973 1324  usbehci - ok
10:27:14.0979 1324  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
10:27:14.0981 1324  usbhub - ok
10:27:14.0994 1324  [ F9B3054339A71F16430F6585EBC8BE96 ] USBMULCD        C:\Windows\system32\drivers\CM10664.sys
10:27:15.0003 1324  USBMULCD - ok
10:27:15.0006 1324  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:27:15.0006 1324  usbohci - ok
10:27:15.0008 1324  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:27:15.0009 1324  usbprint - ok
10:27:15.0011 1324  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:27:15.0012 1324  usbscan - ok
10:27:15.0015 1324  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:27:15.0015 1324  USBSTOR - ok
10:27:15.0017 1324  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:27:15.0018 1324  usbuhci - ok
10:27:15.0020 1324  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:27:15.0022 1324  UxSms - ok
10:27:15.0024 1324  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:27:15.0025 1324  VaultSvc - ok
10:27:15.0027 1324  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:27:15.0027 1324  vdrvroot - ok
10:27:15.0034 1324  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:27:15.0041 1324  vds - ok
10:27:15.0043 1324  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:27:15.0044 1324  vga - ok
10:27:15.0046 1324  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:27:15.0046 1324  VgaSave - ok
10:27:15.0050 1324  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:27:15.0052 1324  vhdmp - ok
10:27:15.0054 1324  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:27:15.0054 1324  viaide - ok
10:27:15.0058 1324  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:27:15.0061 1324  vmbus - ok
10:27:15.0063 1324  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:27:15.0063 1324  VMBusHID - ok
10:27:15.0066 1324  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:27:15.0067 1324  volmgr - ok
10:27:15.0073 1324  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:27:15.0077 1324  volmgrx - ok
10:27:15.0081 1324  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:27:15.0084 1324  volsnap - ok
10:27:15.0088 1324  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:27:15.0089 1324  vsmraid - ok
10:27:15.0106 1324  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:27:15.0122 1324  VSS - ok
10:27:15.0125 1324  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:27:15.0126 1324  vwifibus - ok
10:27:15.0132 1324  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:27:15.0137 1324  W32Time - ok
10:27:15.0140 1324  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:27:15.0140 1324  WacomPen - ok
10:27:15.0143 1324  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:27:15.0144 1324  WANARP - ok
10:27:15.0146 1324  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:27:15.0146 1324  Wanarpv6 - ok
10:27:15.0168 1324  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:27:15.0188 1324  WatAdminSvc - ok
10:27:15.0215 1324  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:27:15.0242 1324  wbengine - ok
10:27:15.0249 1324  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:27:15.0256 1324  WbioSrvc - ok
10:27:15.0265 1324  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:27:15.0274 1324  wcncsvc - ok
10:27:15.0278 1324  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:27:15.0283 1324  WcsPlugInService - ok
10:27:15.0293 1324  [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
10:27:15.0297 1324  WCUService_STC_IE - ok
10:27:15.0302 1324  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:27:15.0303 1324  Wd - ok
10:27:15.0314 1324  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:27:15.0323 1324  Wdf01000 - ok
10:27:15.0328 1324  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:27:15.0334 1324  WdiServiceHost - ok
10:27:15.0337 1324  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:27:15.0340 1324  WdiSystemHost - ok
10:27:15.0346 1324  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:27:15.0351 1324  WebClient - ok
10:27:15.0356 1324  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:27:15.0360 1324  Wecsvc - ok
10:27:15.0363 1324  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:27:15.0366 1324  wercplsupport - ok
10:27:15.0369 1324  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:27:15.0371 1324  WerSvc - ok
10:27:15.0373 1324  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:27:15.0374 1324  WfpLwf - ok
10:27:15.0375 1324  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:27:15.0376 1324  WIMMount - ok
10:27:15.0377 1324  WinDefend - ok
10:27:15.0380 1324  WinHttpAutoProxySvc - ok
10:27:15.0388 1324  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:27:15.0391 1324  Winmgmt - ok
10:27:15.0412 1324  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:27:15.0439 1324  WinRM - ok
10:27:15.0458 1324  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:27:15.0471 1324  Wlansvc - ok
10:27:15.0473 1324  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:27:15.0474 1324  WmiAcpi - ok
10:27:15.0479 1324  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:27:15.0482 1324  wmiApSrv - ok
10:27:15.0484 1324  WMPNetworkSvc - ok
10:27:15.0487 1324  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:27:15.0490 1324  WPCSvc - ok
10:27:15.0494 1324  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:27:15.0497 1324  WPDBusEnum - ok
10:27:15.0500 1324  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:27:15.0501 1324  ws2ifsl - ok
10:27:15.0505 1324  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:27:15.0508 1324  wscsvc - ok
10:27:15.0511 1324  WSearch - ok
10:27:15.0546 1324  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:27:15.0586 1324  wuauserv - ok
10:27:15.0592 1324  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:27:15.0594 1324  WudfPf - ok
10:27:15.0600 1324  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:27:15.0602 1324  WUDFRd - ok
10:27:15.0607 1324  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:27:15.0612 1324  wudfsvc - ok
10:27:15.0619 1324  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:27:15.0626 1324  WwanSvc - ok
10:27:15.0630 1324  ================ Scan global ===============================
10:27:15.0633 1324  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:27:15.0639 1324  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
10:27:15.0650 1324  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
10:27:15.0658 1324  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:27:15.0669 1324  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:27:15.0674 1324  [Global] - ok
10:27:15.0674 1324  ================ Scan MBR ==================================
10:27:15.0676 1324  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:27:15.0780 1324  \Device\Harddisk0\DR0 - ok
10:27:15.0783 1324  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:27:15.0792 1324  \Device\Harddisk1\DR1 - ok
10:27:15.0792 1324  ================ Scan VBR ==================================
10:27:15.0794 1324  [ D4290853C200BE700DDA39E630761AD3 ] \Device\Harddisk0\DR0\Partition1
10:27:15.0796 1324  \Device\Harddisk0\DR0\Partition1 - ok
10:27:15.0798 1324  [ B23D0A909B68EA8C159D5665A6E3017F ] \Device\Harddisk0\DR0\Partition2
10:27:15.0799 1324  \Device\Harddisk0\DR0\Partition2 - ok
10:27:15.0801 1324  [ 9550598ACF1A61CDDD0C0E3A6FAAA016 ] \Device\Harddisk1\DR1\Partition1
10:27:15.0806 1324  \Device\Harddisk1\DR1\Partition1 - ok
10:27:15.0809 1324  [ 7FCAF5481902C10123F433460370DFBB ] \Device\Harddisk1\DR1\Partition2
10:27:15.0810 1324  \Device\Harddisk1\DR1\Partition2 - ok
10:27:15.0811 1324  ============================================================
10:27:15.0811 1324  Scan finished
10:27:15.0811 1324  ============================================================
10:27:15.0818 0136  Detected object count: 0
10:27:15.0818 0136  Actual detected object count: 0
         

Alt 18.12.2012, 22:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Ist unauffällig.
Konntest du an Hand des Wireshark-Mitschnitts die Ursache bzw. Quelle der SMTP-Aktivität eingrenzen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2012, 22:21   #11
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Unauffällig ist schon mal gut
Ich kann das leider nicht wirklich gut analysieren.
Mich hat eben nur diese Aktivität beunruhigt.
Außerdem ist es nervig, dass das wirklich +- alle 40 Minuten auftritt und somit alles was einen geringen Ping erfordert unmöglich macht.
Kann ich hier ne ".cap" Datei anhängen und würdest Du freundlicherweise mal drauf schauen?

Alt 18.12.2012, 22:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Wie groß ist die CAP-Datei denn gepackt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2012, 22:29   #13
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



OK, hast ja Recht ...
Können wir vergessen - selbst gepackt noch 63 MB.
Ich könnte nach "smtp" filtern und nen Screenshot posten.
Hilft das?

Edit: alternativ kann ich Dich per Teamviewer auf mein System zugreifen lassen und Du schaust Dir die Datei hier an ...

Geändert von MorkVomOrk (18.12.2012 um 22:36 Uhr)

Alt 18.12.2012, 22:50   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Mach einen Screenshot von den SMTP-Einträgen oder filter nur nach SMTP und pack es dann in ein Log oder so
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2012, 23:37   #15
MorkVomOrk
 
SMTP-Aktivität ohne Auslösung durch User - Standard

SMTP-Aktivität ohne Auslösung durch User



Hi,

hier ein paar Screenshots, die eventuell exemplarisch weiter helfen.
Anhand der fortlaufenden Nummern (vorne) sieht man ja ganz gut, wie viel Traffic erzeugt wird.
Man sieht ja auch, dass das ganze von 15:54 - 15:58 läuft, wobei web.de dann die Verbindung unterbindet.
Selbes Spiel 16:27 - 16:31.
Miniaturansicht angehängter Grafiken
-pktdump-1.jpg   -pktdump-2.jpg   -pktdump-3.jpg   -pktdump-4.jpg   -pktdump-5.jpg  

Antwort

Themen zu SMTP-Aktivität ohne Auslösung durch User
auswertung, bitdefender, defender, festgestellt, forum, kaspersky, lag, laptop, leute, log, mbam, netzwerk, netzwerkkarte, neues, nicht mehr, problem, programme, rechner, router, server, spiele, spielen, telekom, test, trojaner, wireshark



Ähnliche Themen: SMTP-Aktivität ohne Auslösung durch User


  1. Unerwünschte automatische Aktivität durch Aufruf einer Webseite
    Plagegeister aller Art und deren Bekämpfung - 12.05.2015 (15)
  2. Windows 7 - Firefox 24.0 - Nach unbestimmter Zeit ohne Aktivität öffnen sich ungewollte Werbeseiten
    Log-Analyse und Auswertung - 09.10.2013 (3)
  3. eMail - Freie Accounts ohne Werbung mit Pop3 oder SMTP-Server
    Überwachung, Datenschutz und Spam - 31.08.2013 (15)
  4. ständig neue Trojaner-Funde in C:User/user/AppData
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (31)
  5. Viren OHNE Dateiübertragung durch Chatten mit msn ?
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (1)
  6. Gomeo Virus oder User dummheit durch ComboFix ? Windows startet nur Systemstartreperatur!
    Plagegeister aller Art und deren Bekämpfung - 30.06.2011 (1)
  7. Win7 frisch aufgesetzt, 6-9 mal iexplore.exe laufen ohne aktivität
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (1)
  8. Habe folgendes problem <System>=>C:\Dokumente und Einstellungen\user\Cookies\user@adviva[1].txt
    Log-Analyse und Auswertung - 30.07.2010 (18)
  9. Zig Verbindungen bei netstat, alle :smtp
    Log-Analyse und Auswertung - 12.01.2010 (8)
  10. Möglichkeit der IP-Erkennung durch Foren-User?
    Überwachung, Datenschutz und Spam - 05.05.2009 (12)
  11. Rechner startet ohne Startknopf, bootet aber nicht durch...
    Netzwerk und Hardware - 15.03.2009 (1)
  12. Massig augehende SMTP Connections
    Log-Analyse und Auswertung - 01.07.2008 (1)
  13. 'pop before smtp' - welche mailclients können das?
    Alles rund um Windows - 26.03.2005 (2)
  14. thunderbird und auth.smtp
    Alles rund um Windows - 14.01.2005 (2)
  15. Mailwurm gegen SMTP-Lücke von OE?
    Plagegeister aller Art und deren Bekämpfung - 30.03.2003 (26)

Zum Thema SMTP-Aktivität ohne Auslösung durch User - Hallo liebe Leute, ich weiß nicht genau, ob ich mir den richtigen Ort für meinen Post ausgesucht habe, hoffe aber schon. Nachdem Ihr mir beim letzten Problem mit dem Laptop - SMTP-Aktivität ohne Auslösung durch User...
Archiv
Du betrachtest: SMTP-Aktivität ohne Auslösung durch User auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.