Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Link in Email angeklickt durch gehackten Mail account

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.12.2012, 18:31   #1
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Hallo Ihr,

meine Freundin hat einen Link angegklickt, welchen Sie von einer Freundin bekommen hat per Mail. Ihr Acoount wurde gehackt und verschickt an alle diesen Link. Auf diesen ist meine Freundin raufgegangen. Es kam ein Fehler 404. Wir haben die Befürchtung, das irgendetwas nicht in Ordnung sei. Wir machen auch Online Banking mit diesem Laptop. Unten folgen meine Berichte von Malwarebytes und OTL.

Danke im Voraus für eure Hilfe

Gruß Markus

Zitat:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.16.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Natalia :: NATALIA-PC [Administrator]

16.12.2012 20:59:27
mbam-log-2012-12-16 (20-59-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344592
Laufzeit: 2 Stunde(n), 20 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Zitat:
OTL Extras logfile created on: 17.12.2012 18:31:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Natalia\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,23% Memory free
6,24 Gb Paging File | 4,73 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 61,57 Gb Free Space | 55,19% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 62,62 Gb Free Space | 56,14% Space Free | Partition Type: NTFS
Drive E: | 12,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: NATALIA-PC | User Name: Natalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2900981624-3102439825-3810540778-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35589FAB-B032-4B08-A362-26A4BEA76A13}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9F00ACC3-2AE1-449A-8F67-7D9885C0B0CD}" = lport=54925 | protocol=17 | dir=in | name=drucker |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C277F5-1A56-4B4C-BD94-3ABC049A167E}" = protocol=17 | dir=in | app=c:\windows\acer crystal eye webcam.exe |
"{19B37E62-D431-440B-882E-3EB5C74576F2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{564355A6-403D-459B-86D6-31169CF100BF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5B038589-6440-4C88-9962-40B412634803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C768CDE-6AF5-45B5-A6B2-80F27155C585}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{82E40CBB-6D1A-42C3-B5E7-DDEB6D6E4B3F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85ECA836-4DD4-4272-975D-11C5A1C74E9F}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{A77A4FF9-1EA2-4B91-974C-677751EDABAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D5D5B047-93AC-401A-AFC3-E32702DECDF3}" = protocol=6 | dir=in | app=c:\windows\acer crystal eye webcam.exe |
"{D8B40A3D-2FCA-4532-8FAD-E0EE92BD24A9}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{05224574-45E6-529E-D28F-58517A0D014D}" = Catalyst Control Center Localization Thai
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16F3EF00-887C-0DEC-2C94-A3469A48DE68}" = Catalyst Control Center Localization Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{251629BE-4EC9-DA91-E793-20AF9C28E63C}" = ATI Catalyst Install Manager
"{28751D09-32C3-F547-7984-1B6631FE4A2B}" = Catalyst Control Center Localization Korean
"{2B85EE0A-C326-4E77-5086-C532D7C2AB87}" = Catalyst Control Center Core Implementation
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7460DN
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42A30805-0210-8A51-2B37-8FB44F056190}" = Catalyst Control Center Localization Hungarian
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{46EE4F34-8C50-29A1-392F-86FCDA197789}" = Catalyst Control Center Localization Finnish
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{62E056C9-E8AC-6956-C6D9-98A82E3CE0CB}" = Catalyst Control Center Graphics Light
"{645DEF6F-B828-915C-F655-84D733124870}" = Catalyst Control Center Localization Japanese
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BFAE410-1130-23D8-C42B-B46AF9B8559D}" = Catalyst Control Center Localization Italian
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{71B2C49D-2ECC-8C4C-0DF8-76FBFD7804A1}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AB6BF4-C06D-8395-6F72-87F2481DE614}" = Catalyst Control Center Localization Swedish
"{781E64C7-FC5B-2F60-9882-1EF78D586819}" = Catalyst Control Center Localization Chinese Traditional
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{805F40F4-BF12-9054-4348-5ADA0CF77F3D}" = ccc-utility
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B510F99-7B01-CFAE-E38A-EE8EE39DB797}" = Catalyst Control Center Localization Greek
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFAD767-D3F0-BB77-3E9B-A5B309413A57}" = Catalyst Control Center Localization Russian
"{A101FC46-E7C0-5C41-1410-5248E02CAAE9}" = Catalyst Control Center Localization Polish
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2A2514E-AC03-92AA-A1E1-F3A9F057AFB9}" = Catalyst Control Center Localization Dutch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9308129-4971-BCF4-A826-987AD611A5ED}" = Catalyst Control Center Localization Turkish
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C069B072-651F-4CB1-A3F0-0048F9D07B30}" = Duden-Rechtschreibprüfung kompakt
"{C7309F41-B01A-E8C9-6BBE-7AEC25D3FA13}" = Catalyst Control Center Localization Chinese Standard
"{CAA2EEB2-BE79-4FA6-3D77-7147E25A0DE9}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D03B4662-6EC5-98D3-CEE9-FC6D149F17EC}" = Catalyst Control Center Localization Spanish
"{D6521078-106E-5583-5BF3-031FD2CF4FC4}" = Catalyst Control Center Localization Norwegian
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.21.0001
"{E148ABC2-5199-CB3D-04EF-533CFEFFD4B9}" = Catalyst Control Center Localization Czech
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC24097F-F9CF-A7A5-27F5-67DF0E9E27DF}" = Catalyst Control Center Localization Portuguese
"{FFE34BB9-02CD-0328-D578-200ABBFAF746}" = Catalyst Control Center Localization French
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"ElsterFormular 13.0.0.8055p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Free Window Registry Repair" = Free Window Registry Repair
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Desktop" = Google Desktop
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02.12.2012 17:06:57 | Computer Name = Natalia-PC | Source = WinMgmt | ID = 10
Description =

Error - 03.12.2012 15:37:34 | Computer Name = Natalia-PC | Source = WinMgmt | ID = 10
Description =

Error - 03.12.2012 17:44:35 | Computer Name = Natalia-PC | Source = EventSystem | ID = 4621
Description =

Error - 04.12.2012 16:52:18 | Computer Name = Natalia-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.12.2012 13:23:23 | Computer Name = Natalia-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2012 18:19:04 | Computer Name = Natalia-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2012 19:00:42 | Computer Name = Natalia-PC | Source = EventSystem | ID = 4621
Description =

Error - 08.12.2012 08:08:57 | Computer Name = Natalia-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.12.2012 09:16:28 | Computer Name = Natalia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 08.12.2012 09:55:42 | Computer Name = Natalia-PC | Source = EventSystem | ID = 4621
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 17.12.2012 13:19:02 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 17.12.2012 13:19:02 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1051 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 17.12.2012 13:19:02 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 17.12.2012 13:19:02 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport:ostConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 17.12.2012 13:19:11 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
1051 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
-31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 17.12.2012 13:19:11 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 17.12.2012 13:19:11 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1175 Invoked Function: CSocketTransport:ostConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

Error - 17.12.2012 13:19:11 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1019 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 17.12.2012 13:19:11 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 17.12.2012 13:19:11 | Computer Name = Natalia-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

[ System Events ]
Error - 05.04.2012 01:55:53 | Computer Name = Natalia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05.04.2012 01:56:23 | Computer Name = Natalia-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 05.04.2012 01:56:54 | Computer Name = Natalia-PC | Source = DCOM | ID = 10016
Description =

Error - 05.04.2012 11:09:56 | Computer Name = Natalia-PC | Source = HTTP | ID = 15016
Description =

Error - 05.04.2012 11:10:06 | Computer Name = Natalia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05.04.2012 11:11:09 | Computer Name = Natalia-PC | Source = DCOM | ID = 10016
Description =

Error - 05.04.2012 16:07:21 | Computer Name = Natalia-PC | Source = HTTP | ID = 15016
Description =

Error - 05.04.2012 16:07:29 | Computer Name = Natalia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06.04.2012 01:39:46 | Computer Name = Natalia-PC | Source = HTTP | ID = 15016
Description =

Error - 06.04.2012 01:39:53 | Computer Name = Natalia-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Zitat:
OTL logfile created on: 17.12.2012 18:31:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Natalia\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,23% Memory free
6,24 Gb Paging File | 4,73 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 61,57 Gb Free Space | 55,19% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 62,62 Gb Free Space | 56,14% Space Free | Partition Type: NTFS
Drive E: | 12,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: NATALIA-PC | User Name: Natalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Natalia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Natalia\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
PRC - C:\Programme\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2990.37154__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Programme\Duden\Duden-Rechtschreibprüfung\MBControls.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=travelmate_5520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=travelmate_5520
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=220512_53ctrl&babsrc=HP_ss&mntrId=240e99d1000000000000001d7232f585
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\..\SearchScopes,DefaultScope = {1F7FB6AB-4605-44BB-8A2E-C9D89F42EAEF}
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=220512_53ctrl&babsrc=SP_ss&mntrId=240e99d1000000000000001d7232f585
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\..\SearchScopes\{1F7FB6AB-4605-44BB-8A2E-C9D89F42EAEF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE454DE454
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\..\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}: "URL" = ${SRCH_SCP_URL}
IE - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q="
FF - prefs.js..network.proxy.ftp: "proxy.uni-hamburg.de"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy.uni-hamburg.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks: "proxy.uni-hamburg.de"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.uni-hamburg.de"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.08 14:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.08 14:16:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.10.18 11:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalia\AppData\Roaming\mozilla\Extensions
[2012.12.12 21:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natalia\AppData\Roaming\mozilla\Firefox\Profiles\o8272jmx.default\extensions
[2012.10.06 12:25:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Natalia\AppData\Roaming\mozilla\Firefox\Profiles\o8272jmx.default\extensions\ich@maltegoetz.de
[2012.12.12 21:06:33 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Natalia\AppData\Roaming\mozilla\firefox\profiles\o8272jmx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.06.01 16:24:57 | 000,002,060 | ---- | M] () -- C:\Users\Natalia\AppData\Roaming\mozilla\firefox\profiles\o8272jmx.default\searchplugins\softonic.xml
[2012.12.08 14:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.08 14:16:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.08 14:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com
[2012.12.08 14:16:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.13 21:56:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 17:40:12 | 000,002,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.11.19 20:44:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.13 21:56:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.13 21:56:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.13 21:56:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.13 21:56:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Natalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2900981624-3102439825-3810540778-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CE20C23-99AF-4F6A-88C7-8068A20E0B80}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Fotos\2011\Singapur Malaysia Thailand\Koh Lipe\Originale\P1030353.JPG
O24 - Desktop BackupWallPaper: D:\Fotos\2011\Singapur Malaysia Thailand\Koh Lipe\Originale\P1030353.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.17 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.12.16 21:06:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Natalia\Desktop\OTL.exe
[2012.12.13 20:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.13 20:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.12 20:49:15 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\hochzeit
[2012.12.11 22:24:10 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\Karolinas Junggesellinnenabschied 08.12.2012
[2012.12.11 21:51:50 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\Filip
[2012.12.11 21:49:58 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\MUSIK bday
[2012.12.09 18:49:37 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\Neuer Ordner (5)
[2012.12.09 18:45:39 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\Neuer Ordner (4)
[2012.12.09 15:45:34 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\Karo&Sebastian
[2012.12.08 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.07 23:40:54 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\Neuer Ordner (2)
[2012.12.07 23:39:00 | 000,000,000 | ---D | C] -- C:\Users\Natalia\Desktop\Neuer Ordner

========== Files - Modified Within 30 Days ==========

[2012.12.17 18:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.17 18:22:40 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.17 18:22:40 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.17 18:22:40 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.17 18:22:40 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.17 18:16:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.17 18:16:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 18:16:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 18:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 18:16:35 | 3219,243,008 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.16 23:24:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.16 21:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Natalia\Desktop\OTL.exe
[2012.12.16 20:56:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.15 19:51:33 | 000,242,994 | ---- | M] () -- C:\Users\Natalia\Desktop\gem. Konto.pdf
[2012.12.15 14:10:07 | 001,890,469 | ---- | M] () -- C:\Users\Natalia\Desktop\neuekontoverb_sportspass.pdf
[2012.12.15 14:07:02 | 001,890,889 | ---- | M] () -- C:\Users\Natalia\Desktop\neuekontoverb_ ADAC.pdf
[2012.12.15 14:01:32 | 001,890,897 | ---- | M] () -- C:\Users\Natalia\Desktop\neuekontoverb_1.pdf
[2012.12.13 21:43:47 | 000,024,064 | ---- | M] () -- C:\Users\Natalia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.12 14:55:52 | 004,337,585 | ---- | M] () -- C:\Users\Natalia\Desktop\P1060282.JPG
[2012.12.12 14:55:44 | 003,999,042 | ---- | M] () -- C:\Users\Natalia\Desktop\P1060281.JPG
[2012.12.11 20:51:27 | 000,062,998 | ---- | M] () -- C:\Users\Natalia\Desktop\72371_4081346277301_178290689_n.jpg
[2012.12.01 20:01:11 | 010,659,852 | ---- | M] () -- C:\Users\Natalia\Desktop\Luca 09.2012.zip
[2012.11.25 15:47:28 | 000,242,932 | ---- | M] () -- C:\Users\Natalia\Desktop\Kontoeröffnung ing diba.pdf

========== Files Created - No Company Name ==========

[2012.12.15 19:51:33 | 000,242,994 | ---- | C] () -- C:\Users\Natalia\Desktop\gem. Konto.pdf
[2012.12.15 14:10:07 | 001,890,469 | ---- | C] () -- C:\Users\Natalia\Desktop\neuekontoverb_sportspass.pdf
[2012.12.15 14:07:02 | 001,890,889 | ---- | C] () -- C:\Users\Natalia\Desktop\neuekontoverb_ ADAC.pdf
[2012.12.15 14:01:32 | 001,890,897 | ---- | C] () -- C:\Users\Natalia\Desktop\neuekontoverb_1.pdf
[2012.12.12 14:55:52 | 004,337,585 | ---- | C] () -- C:\Users\Natalia\Desktop\P1060282.JPG
[2012.12.12 14:55:44 | 003,999,042 | ---- | C] () -- C:\Users\Natalia\Desktop\P1060281.JPG
[2012.12.11 20:51:26 | 000,062,998 | ---- | C] () -- C:\Users\Natalia\Desktop\72371_4081346277301_178290689_n.jpg
[2012.11.25 15:47:28 | 000,242,932 | ---- | C] () -- C:\Users\Natalia\Desktop\Kontoeröffnung ing diba.pdf
[2012.08.16 14:47:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.02.02 18:27:19 | 000,000,246 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.02.02 18:27:19 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.02.02 18:24:04 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.02.02 18:24:03 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.10.18 03:35:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.18 03:35:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.10.18 03:25:30 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011.10.18 03:24:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011.10.18 03:24:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.10.18 03:24:54 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.18 03:24:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2011.10.17 19:25:42 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2011.10.17 19:25:42 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2011.10.17 19:24:56 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2011.10.17 19:24:13 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2011.10.17 19:18:25 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011.10.17 19:18:25 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.10.17 19:18:25 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2011.10.17 18:57:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.17 18:34:19 | 000,024,064 | ---- | C] () -- C:\Users\Natalia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.06.01 17:40:05 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\Babylon
[2012.02.02 19:30:44 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\ControlCenter4
[2012.02.26 21:28:16 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\Duden
[2012.02.29 22:57:30 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\DVDVideoSoft
[2012.02.22 14:47:21 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.25 14:55:13 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\elsterformular
[2011.10.18 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\Fighters
[2012.06.01 17:27:56 | 000,000,000 | ---D | M] -- C:\Users\Natalia\AppData\Roaming\Softland

========== Purity Check ==========



< End of report >

Alt 18.12.2012, 18:36   #2
markusg
/// Malware-holic
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



hi
Freundin informieren bitte, sie möge sich hier melden.
Ihr macht onlinebanking, und das System hat nicht mal windows updates bekommen?
Das ist sehr fahrlässig...
Hier ist grad mal vista servicepack 1 drauf, aktuell sp2
Internet explorer 7, aktuell währe ie9

Öffnet bitte Avira, Verwaltung, Quarantäne, postet, evtl. vorhandene Fundmeldungen, mit Pfadangabe.
Öffnet Malwarebytes, Logdateien, falls vorhanden, postet Logs mit Funden.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________

__________________

Alt 18.12.2012, 21:38   #3
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Danke für die schnelle Bearbeitung.
Im folgenden Poste ich:

2 Funde von Antivir aus der quarantäne

1 Fund Malwarebytes

Und die Funde von TDSS.

Meine Freundin liest mit. Ich poste.


Zitat:
Typ: Datei
Quelle: C:\Users\Natalia\Downloads\RichText_exe.zip
Status: Infiziert
Quarantäne-Objekt: 49cb5df7.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.34
Virendefinitionsdatei: 7.11.26.142
Meldung: TR/Spy.256000.2
Datum/Uhrzeit: 31.03.2012, 14:47



Typ: Datei
Quelle: C:\Users\Natalia\AppData\Local\Temp\Temp1_RichText_exe.zip\Programme\tools\RichText.exe
Status: Infiziert
Quarantäne-Objekt: 49961441.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.14
Virendefinitionsdatei: 7.11.25.08
Meldung: TR/Spy.256000.2
Datum/Uhrzeit: 10.03.2012, 21:20
Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Natalia :: NATALIA-PC [Administrator]

01.06.2012 10:13:36
mbam-log-2012-06-01 (10-13-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193772
Laufzeit: 6 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Natalia\Downloads\SoftonicDownloader_fuer_free-window-registry-repair.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Zitat:
22:18:22.0971 3436 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:18:23.0848 3436 ============================================================
22:18:23.0848 3436 Current date / time: 2012/12/18 22:18:23.0848
22:18:23.0848 3436 SystemInfo:
22:18:23.0848 3436
22:18:23.0848 3436 OS Version: 6.0.6001 ServicePack: 1.0
22:18:23.0848 3436 Product type: Workstation
22:18:23.0848 3436 ComputerName: NATALIA-PC
22:18:23.0848 3436 UserName: Natalia
22:18:23.0848 3436 Windows directory: C:\Windows
22:18:23.0848 3436 System windows directory: C:\Windows
22:18:23.0848 3436 Processor architecture: Intel x86
22:18:23.0848 3436 Number of processors: 2
22:18:23.0848 3436 Page size: 0x1000
22:18:23.0848 3436 Boot type: Normal boot
22:18:23.0848 3436 ============================================================
22:18:25.0863 3436 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:18:25.0863 3436 ============================================================
22:18:25.0863 3436 \Device\Harddisk0\DR0:
22:18:25.0863 3436 MBR partitions:
22:18:25.0863 3436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
22:18:25.0863 3436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
22:18:25.0863 3436 ============================================================
22:18:25.0903 3436 C: <-> \Device\Harddisk0\DR0\Partition1
22:18:25.0953 3436 D: <-> \Device\Harddisk0\DR0\Partition2
22:18:25.0953 3436 ============================================================
22:18:25.0953 3436 Initialize success
22:18:25.0953 3436 ============================================================
22:19:58.0179 0504 ============================================================
22:19:58.0179 0504 Scan started
22:19:58.0179 0504 Mode: Manual; SigCheck; TDLFS;
22:19:58.0179 0504 ============================================================
22:19:59.0309 0504 ================ Scan system memory ========================
22:19:59.0309 0504 System memory - ok
22:19:59.0309 0504 ================ Scan services =============================
22:19:59.0509 0504 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
22:19:59.0789 0504 ACPI - ok
22:19:59.0939 0504 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:19:59.0969 0504 AdobeARMservice - ok
22:20:00.0039 0504 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:20:00.0099 0504 adp94xx - ok
22:20:00.0139 0504 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:20:00.0189 0504 adpahci - ok
22:20:00.0219 0504 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:20:00.0249 0504 adpu160m - ok
22:20:00.0289 0504 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:20:00.0319 0504 adpu320 - ok
22:20:00.0379 0504 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:20:00.0539 0504 AeLookupSvc - ok
22:20:00.0579 0504 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
22:20:00.0669 0504 AFD - ok
22:20:00.0719 0504 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:20:00.0749 0504 agp440 - ok
22:20:00.0789 0504 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:20:00.0819 0504 aic78xx - ok
22:20:00.0839 0504 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:20:01.0009 0504 ALG - ok
22:20:01.0029 0504 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:20:01.0059 0504 aliide - ok
22:20:01.0099 0504 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:20:01.0129 0504 amdagp - ok
22:20:01.0149 0504 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:20:01.0179 0504 amdide - ok
22:20:01.0209 0504 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:20:01.0309 0504 AmdK7 - ok
22:20:01.0339 0504 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:20:01.0419 0504 AmdK8 - ok
22:20:01.0509 0504 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:20:01.0539 0504 AntiVirSchedulerService - ok
22:20:01.0589 0504 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:20:01.0609 0504 AntiVirService - ok
22:20:01.0659 0504 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:20:01.0719 0504 Appinfo - ok
22:20:01.0759 0504 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:20:01.0789 0504 arc - ok
22:20:01.0819 0504 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:20:01.0849 0504 arcsas - ok
22:20:01.0879 0504 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:20:01.0979 0504 AsyncMac - ok
22:20:02.0009 0504 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
22:20:02.0039 0504 atapi - ok
22:20:02.0089 0504 [ B886D349AFAD502DE4F6EA0C64B1CC4D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:20:02.0219 0504 Ati External Event Utility - ok
22:20:02.0399 0504 [ 8AE1745BFC7D383DAA3F82FE8D7BE7C0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:20:02.0859 0504 atikmdag - ok
22:20:02.0909 0504 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:20:02.0959 0504 AtiPcie - ok
22:20:03.0039 0504 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:20:03.0129 0504 AudioEndpointBuilder - ok
22:20:03.0159 0504 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:20:03.0249 0504 Audiosrv - ok
22:20:03.0279 0504 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:20:03.0399 0504 avgntflt - ok
22:20:03.0459 0504 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:20:03.0489 0504 avipbb - ok
22:20:03.0539 0504 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:20:03.0579 0504 avkmgr - ok
22:20:03.0639 0504 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:20:03.0749 0504 b57nd60x - ok
22:20:03.0849 0504 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
22:20:03.0979 0504 BCM43XV - ok
22:20:04.0049 0504 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:20:04.0159 0504 BCM43XX - ok
22:20:04.0209 0504 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:20:04.0309 0504 Beep - ok
22:20:04.0369 0504 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
22:20:04.0489 0504 BFE - ok
22:20:04.0549 0504 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
22:20:04.0679 0504 BITS - ok
22:20:04.0719 0504 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:20:04.0799 0504 blbdrive - ok
22:20:04.0849 0504 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:20:04.0919 0504 bowser - ok
22:20:04.0969 0504 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:20:05.0029 0504 BrFiltLo - ok
22:20:05.0069 0504 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:20:05.0139 0504 BrFiltUp - ok
22:20:05.0179 0504 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:20:05.0279 0504 Browser - ok
22:20:05.0319 0504 [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
22:20:05.0369 0504 BrSerIb - ok
22:20:05.0409 0504 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:20:05.0679 0504 Brserid - ok
22:20:05.0719 0504 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:20:05.0859 0504 BrSerWdm - ok
22:20:05.0879 0504 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:20:06.0029 0504 BrUsbMdm - ok
22:20:06.0059 0504 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:20:06.0199 0504 BrUsbSer - ok
22:20:06.0229 0504 [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
22:20:06.0259 0504 BrUsbSIb - ok
22:20:06.0309 0504 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
22:20:06.0369 0504 BthEnum - ok
22:20:06.0401 0504 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:20:06.0557 0504 BTHMODEM - ok
22:20:06.0572 0504 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:20:06.0666 0504 BthPan - ok
22:20:06.0713 0504 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:20:06.0759 0504 BTHPORT - ok
22:20:06.0791 0504 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
22:20:06.0869 0504 BthServ - ok
22:20:06.0900 0504 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:20:06.0931 0504 BTHUSB - ok
22:20:06.0978 0504 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:20:07.0071 0504 cdfs - ok
22:20:07.0103 0504 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:20:07.0181 0504 cdrom - ok
22:20:07.0227 0504 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
22:20:07.0331 0504 CertPropSvc - ok
22:20:07.0351 0504 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
22:20:07.0441 0504 circlass - ok
22:20:07.0481 0504 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
22:20:07.0511 0504 CLFS - ok
22:20:07.0581 0504 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:07.0611 0504 clr_optimization_v2.0.50727_32 - ok
22:20:07.0711 0504 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:07.0731 0504 clr_optimization_v4.0.30319_32 - ok
22:20:07.0771 0504 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:20:07.0851 0504 CmBatt - ok
22:20:07.0871 0504 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:20:07.0901 0504 cmdide - ok
22:20:07.0921 0504 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:20:07.0951 0504 Compbatt - ok
22:20:07.0971 0504 COMSysApp - ok
22:20:08.0001 0504 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:20:08.0021 0504 crcdisk - ok
22:20:08.0051 0504 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:20:08.0141 0504 Crusoe - ok
22:20:08.0201 0504 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:20:08.0321 0504 CryptSvc - ok
22:20:08.0421 0504 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:20:08.0531 0504 DcomLaunch - ok
22:20:08.0581 0504 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:20:08.0631 0504 DfsC - ok
22:20:08.0771 0504 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
22:20:09.0001 0504 DFSR - ok
22:20:09.0051 0504 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:20:09.0181 0504 Dhcp - ok
22:20:09.0241 0504 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
22:20:09.0271 0504 disk - ok
22:20:09.0331 0504 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
22:20:09.0361 0504 DKbFltr - ok
22:20:09.0402 0504 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:20:09.0480 0504 Dnscache - ok
22:20:09.0511 0504 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
22:20:09.0589 0504 dot3svc - ok
22:20:09.0621 0504 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:20:09.0714 0504 DPS - ok
22:20:09.0745 0504 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:20:09.0792 0504 drmkaud - ok
22:20:09.0855 0504 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:20:09.0964 0504 DXGKrnl - ok
22:20:10.0011 0504 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:20:10.0104 0504 E1G60 - ok
22:20:10.0135 0504 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:20:10.0198 0504 EapHost - ok
22:20:10.0260 0504 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:20:10.0291 0504 Ecache - ok
22:20:10.0416 0504 [ 668DCA122FFC7F10BECA6055E15FFABD ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
22:20:10.0463 0504 eDataSecurity Service - ok
22:20:10.0525 0504 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:20:10.0572 0504 ehRecvr - ok
22:20:10.0603 0504 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
22:20:10.0681 0504 ehSched - ok
22:20:10.0713 0504 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
22:20:10.0744 0504 ehstart - ok
22:20:10.0837 0504 [ E28516FED46251119ADDAF4CF33BA401 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
22:20:10.0837 0504 eLockService ( UnsignedFile.Multi.Generic ) - warning
22:20:10.0837 0504 eLockService - detected UnsignedFile.Multi.Generic (1)
22:20:10.0884 0504 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:20:10.0947 0504 elxstor - ok
22:20:11.0008 0504 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:20:11.0118 0504 EMDMgmt - ok
22:20:11.0178 0504 [ 66F31FBBF96C8E10CFBB03384CCA455E ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
22:20:11.0198 0504 eNet Service ( UnsignedFile.Multi.Generic ) - warning
22:20:11.0208 0504 eNet Service - detected UnsignedFile.Multi.Generic (1)
22:20:11.0258 0504 [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
22:20:11.0278 0504 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
22:20:11.0288 0504 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
22:20:11.0308 0504 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:20:11.0398 0504 ErrDev - ok
22:20:11.0458 0504 [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
22:20:11.0478 0504 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
22:20:11.0478 0504 eSettingsService - detected UnsignedFile.Multi.Generic (1)
22:20:11.0528 0504 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
22:20:11.0578 0504 EventSystem - ok
22:20:11.0628 0504 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
22:20:11.0738 0504 exfat - ok
22:20:11.0768 0504 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:20:11.0858 0504 fastfat - ok
22:20:11.0888 0504 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:20:11.0978 0504 fdc - ok
22:20:12.0018 0504 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:20:12.0078 0504 fdPHost - ok
22:20:12.0108 0504 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:20:12.0248 0504 FDResPub - ok
22:20:12.0298 0504 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:20:12.0328 0504 FileInfo - ok
22:20:12.0358 0504 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:20:12.0448 0504 Filetrace - ok
22:20:12.0478 0504 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:20:12.0558 0504 flpydisk - ok
22:20:12.0588 0504 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:20:12.0628 0504 FltMgr - ok
22:20:12.0698 0504 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:20:12.0738 0504 FontCache3.0.0.0 - ok
22:20:12.0778 0504 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:20:12.0848 0504 Fs_Rec - ok
22:20:12.0868 0504 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:20:12.0898 0504 gagp30kx - ok
22:20:12.0948 0504 [ 6FD7F370817F16B5E1F08B91BADAA2EE ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:20:12.0968 0504 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - warning
22:20:12.0968 0504 GoogleDesktopManager-080708-050100 - detected UnsignedFile.Multi.Generic (1)
22:20:13.0028 0504 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
22:20:13.0153 0504 gpsvc - ok
22:20:13.0215 0504 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:20:13.0231 0504 gupdate - ok
22:20:13.0262 0504 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:20:13.0277 0504 gupdatem - ok
22:20:13.0324 0504 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:20:13.0355 0504 gusvc - ok
22:20:13.0402 0504 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:20:13.0589 0504 HdAudAddService - ok
22:20:13.0667 0504 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:20:13.0745 0504 HDAudBus - ok
22:20:13.0761 0504 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:20:13.0901 0504 HidBth - ok
22:20:13.0948 0504 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:20:14.0089 0504 HidIr - ok
22:20:14.0120 0504 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
22:20:14.0260 0504 hidserv - ok
22:20:14.0307 0504 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:20:14.0385 0504 HidUsb - ok
22:20:14.0416 0504 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:20:14.0510 0504 hkmsvc - ok
22:20:14.0525 0504 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:20:14.0557 0504 HpCISSs - ok
22:20:14.0603 0504 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:20:14.0681 0504 HSFHWAZL - ok
22:20:14.0775 0504 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:20:14.0915 0504 HSF_DPV - ok
22:20:14.0947 0504 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:20:14.0978 0504 HSXHWAZL - ok
22:20:15.0040 0504 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:20:15.0149 0504 HTTP - ok
22:20:15.0181 0504 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:20:15.0196 0504 i2omp - ok
22:20:15.0274 0504 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:20:15.0337 0504 i8042prt - ok
22:20:15.0368 0504 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:20:15.0415 0504 iaStorV - ok
22:20:15.0493 0504 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:20:15.0695 0504 idsvc - ok
22:20:15.0727 0504 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:20:15.0742 0504 iirsp - ok
22:20:15.0805 0504 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
22:20:15.0929 0504 IKEEXT - ok
22:20:15.0961 0504 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
22:20:16.0007 0504 int15 - ok
22:20:16.0132 0504 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:20:16.0335 0504 IntcAzAudAddService - ok
22:20:16.0397 0504 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
22:20:16.0429 0504 intelide - ok
22:20:16.0475 0504 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:20:16.0553 0504 intelppm - ok
22:20:16.0600 0504 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:20:16.0694 0504 IPBusEnum - ok
22:20:16.0725 0504 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:20:16.0803 0504 IpFilterDriver - ok
22:20:16.0850 0504 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:20:16.0912 0504 iphlpsvc - ok
22:20:16.0928 0504 IpInIp - ok
22:20:16.0975 0504 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:20:17.0053 0504 IPMIDRV - ok
22:20:17.0084 0504 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:20:17.0162 0504 IPNAT - ok
22:20:17.0193 0504 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
22:20:17.0271 0504 irda - ok
22:20:17.0302 0504 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:20:17.0365 0504 IRENUM - ok
22:20:17.0396 0504 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
22:20:17.0552 0504 Irmon - ok
22:20:17.0661 0504 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:20:17.0692 0504 isapnp - ok
22:20:17.0712 0504 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:20:17.0752 0504 iScsiPrt - ok
22:20:17.0772 0504 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:20:17.0802 0504 iteatapi - ok
22:20:17.0842 0504 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:20:17.0862 0504 iteraid - ok
22:20:17.0892 0504 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:20:17.0912 0504 kbdclass - ok
22:20:17.0932 0504 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:20:18.0012 0504 kbdhid - ok
22:20:18.0052 0504 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
22:20:18.0112 0504 KeyIso - ok
22:20:18.0162 0504 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:20:18.0222 0504 KSecDD - ok
22:20:18.0272 0504 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:20:18.0382 0504 KtmRm - ok
22:20:18.0432 0504 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:20:18.0492 0504 LanmanServer - ok
22:20:18.0532 0504 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:20:18.0602 0504 LanmanWorkstation - ok
22:20:18.0662 0504 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:20:18.0702 0504 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:20:18.0702 0504 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:20:18.0742 0504 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:20:18.0822 0504 lltdio - ok
22:20:18.0872 0504 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:20:18.0952 0504 lltdsvc - ok
22:20:18.0982 0504 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:20:19.0112 0504 lmhosts - ok
22:20:19.0152 0504 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:20:19.0182 0504 LSI_FC - ok
22:20:19.0212 0504 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:20:19.0242 0504 LSI_SAS - ok
22:20:19.0272 0504 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:20:19.0302 0504 LSI_SCSI - ok
22:20:19.0332 0504 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:20:19.0402 0504 luafv - ok
22:20:19.0452 0504 MBAMSwissArmy - ok
22:20:19.0492 0504 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:20:19.0542 0504 Mcx2Svc - ok
22:20:19.0582 0504 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:20:19.0602 0504 mdmxsdk - ok
22:20:19.0642 0504 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:20:19.0672 0504 megasas - ok
22:20:19.0742 0504 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:20:19.0802 0504 MegaSR - ok
22:20:19.0922 0504 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:20:19.0972 0504 Microsoft Office Groove Audit Service - ok
22:20:20.0022 0504 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:20:20.0102 0504 MMCSS - ok
22:20:20.0172 0504 MobilityService - ok
22:20:20.0232 0504 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:20:20.0312 0504 Modem - ok
22:20:20.0352 0504 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:20:20.0432 0504 monitor - ok
22:20:20.0472 0504 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:20:20.0492 0504 mouclass - ok
22:20:20.0522 0504 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:20:20.0592 0504 mouhid - ok
22:20:20.0622 0504 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:20:20.0642 0504 MountMgr - ok
22:20:20.0712 0504 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:20:20.0772 0504 MozillaMaintenance - ok
22:20:20.0822 0504 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:20:20.0852 0504 mpio - ok
22:20:20.0872 0504 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:20:20.0942 0504 mpsdrv - ok
22:20:20.0992 0504 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
22:20:21.0102 0504 MpsSvc - ok
22:20:21.0132 0504 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:20:21.0152 0504 Mraid35x - ok
22:20:21.0182 0504 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:20:21.0232 0504 MRxDAV - ok
22:20:21.0282 0504 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:20:21.0342 0504 mrxsmb - ok
22:20:21.0392 0504 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:20:21.0442 0504 mrxsmb10 - ok
22:20:21.0472 0504 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:20:21.0522 0504 mrxsmb20 - ok
22:20:21.0562 0504 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
22:20:21.0592 0504 msahci - ok
22:20:21.0612 0504 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:20:21.0642 0504 msdsm - ok
22:20:21.0682 0504 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:20:21.0762 0504 MSDTC - ok
22:20:21.0832 0504 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:20:21.0912 0504 Msfs - ok
22:20:21.0942 0504 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:20:21.0972 0504 msisadrv - ok
22:20:22.0002 0504 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:20:22.0082 0504 MSiSCSI - ok
22:20:22.0092 0504 msiserver - ok
22:20:22.0132 0504 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:20:22.0212 0504 MSKSSRV - ok
22:20:22.0242 0504 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:20:22.0312 0504 MSPCLOCK - ok
22:20:22.0352 0504 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:20:22.0432 0504 MSPQM - ok
22:20:22.0462 0504 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:20:22.0502 0504 MsRPC - ok
22:20:22.0532 0504 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:20:22.0562 0504 mssmbios - ok
22:20:22.0612 0504 MSSQL$MSSMLBIZ - ok
22:20:22.0672 0504 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
22:20:22.0732 0504 MSSQLServerADHelper - ok
22:20:22.0812 0504 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:20:22.0882 0504 MSTEE - ok
22:20:22.0902 0504 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
22:20:22.0932 0504 Mup - ok
22:20:22.0992 0504 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
22:20:23.0102 0504 napagent - ok
22:20:23.0162 0504 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:20:23.0202 0504 NativeWifiP - ok
22:20:23.0262 0504 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:20:23.0342 0504 NDIS - ok
22:20:23.0372 0504 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:20:23.0442 0504 NdisTapi - ok
22:20:23.0472 0504 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:20:23.0542 0504 Ndisuio - ok
22:20:23.0572 0504 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:23.0652 0504 NdisWan - ok
22:20:23.0682 0504 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:20:23.0752 0504 NDProxy - ok
22:20:23.0782 0504 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:20:23.0862 0504 NetBIOS - ok
22:20:23.0892 0504 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:20:23.0982 0504 netbt - ok
22:20:24.0002 0504 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
22:20:24.0042 0504 Netlogon - ok
22:20:24.0112 0504 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:20:24.0232 0504 Netman - ok
22:20:24.0282 0504 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:20:24.0362 0504 netprofm - ok
22:20:24.0412 0504 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:24.0472 0504 NetTcpPortSharing - ok
22:20:24.0522 0504 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:20:24.0552 0504 nfrd960 - ok
22:20:24.0582 0504 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:20:24.0662 0504 NlaSvc - ok
22:20:24.0692 0504 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:20:24.0772 0504 Npfs - ok
22:20:24.0802 0504 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
22:20:24.0872 0504 NSCIRDA - ok
22:20:24.0902 0504 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:20:25.0002 0504 nsi - ok
22:20:25.0022 0504 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:20:25.0102 0504 nsiproxy - ok
22:20:25.0172 0504 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:20:25.0332 0504 Ntfs - ok
22:20:25.0372 0504 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
22:20:25.0402 0504 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
22:20:25.0402 0504 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
22:20:25.0432 0504 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:20:25.0572 0504 ntrigdigi - ok
22:20:25.0592 0504 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:20:25.0692 0504 Null - ok
22:20:25.0722 0504 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:20:25.0752 0504 nvraid - ok
22:20:25.0772 0504 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:20:25.0802 0504 nvstor - ok
22:20:25.0822 0504 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:20:25.0852 0504 nv_agp - ok
22:20:25.0872 0504 NwlnkFlt - ok
22:20:25.0902 0504 NwlnkFwd - ok
22:20:25.0942 0504 [ 36ED541FF0AD27D7F1C1E8F86F026309 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
22:20:26.0002 0504 O2MDRDR - ok
22:20:26.0022 0504 [ F3D467025D365A96B5E51C6229562716 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
22:20:26.0082 0504 O2SDRDR - ok
22:20:26.0172 0504 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:20:26.0302 0504 odserv - ok
22:20:26.0352 0504 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:20:26.0432 0504 ohci1394 - ok
22:20:26.0472 0504 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:26.0512 0504 ose - ok
22:20:26.0592 0504 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:20:26.0712 0504 p2pimsvc - ok
22:20:26.0762 0504 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
22:20:26.0842 0504 p2psvc - ok
22:20:26.0882 0504 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:20:27.0032 0504 Parport - ok
22:20:27.0062 0504 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:20:27.0092 0504 partmgr - ok
22:20:27.0112 0504 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:20:27.0252 0504 Parvdm - ok
22:20:27.0282 0504 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:20:27.0332 0504 PcaSvc - ok
22:20:27.0362 0504 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
22:20:27.0392 0504 pci - ok
22:20:27.0422 0504 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
22:20:27.0442 0504 pciide - ok
22:20:27.0492 0504 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:20:27.0522 0504 pcmcia - ok
22:20:27.0592 0504 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:20:27.0802 0504 PEAUTH - ok
22:20:28.0012 0504 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:20:28.0172 0504 pla - ok
22:20:28.0222 0504 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:20:28.0332 0504 PlugPlay - ok
22:20:28.0382 0504 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:20:28.0442 0504 PNRPAutoReg - ok
22:20:28.0482 0504 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:20:28.0562 0504 PNRPsvc - ok
22:20:28.0642 0504 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:20:28.0762 0504 PolicyAgent - ok
22:20:28.0812 0504 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:20:28.0892 0504 PptpMiniport - ok
22:20:28.0952 0504 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
22:20:29.0042 0504 Processor - ok
22:20:29.0072 0504 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
22:20:29.0162 0504 ProfSvc - ok
22:20:29.0192 0504 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:20:29.0222 0504 ProtectedStorage - ok
22:20:29.0272 0504 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:20:29.0322 0504 PSched - ok
22:20:29.0352 0504 [ 18DE162F9B83079C24CD96F59292F5ED ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
22:20:29.0372 0504 PSDFilter - ok
22:20:29.0422 0504 [ BC1457A28E76AB3106D43802AC22A627 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
22:20:29.0442 0504 PSDNServ - ok
22:20:29.0472 0504 [ AC151E5B0943304E368C98EC78B5FC4F ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
22:20:29.0492 0504 psdvdisk - ok
22:20:29.0582 0504 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:20:29.0762 0504 ql2300 - ok
22:20:29.0792 0504 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:20:29.0822 0504 ql40xx - ok
22:20:29.0872 0504 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:20:29.0952 0504 QWAVE - ok
22:20:29.0972 0504 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:20:30.0012 0504 QWAVEdrv - ok
22:20:30.0042 0504 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:20:30.0132 0504 RasAcd - ok
22:20:30.0162 0504 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:20:30.0252 0504 RasAuto - ok
22:20:30.0282 0504 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:20:30.0352 0504 Rasl2tp - ok
22:20:30.0392 0504 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
22:20:30.0482 0504 RasMan - ok
22:20:30.0502 0504 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:20:30.0582 0504 RasPppoe - ok
22:20:30.0602 0504 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:20:30.0672 0504 RasSstp - ok
22:20:30.0712 0504 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:20:30.0792 0504 rdbss - ok
22:20:30.0822 0504 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:20:30.0902 0504 RDPCDD - ok
22:20:30.0932 0504 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:20:31.0022 0504 rdpdr - ok
22:20:31.0032 0504 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:20:31.0122 0504 RDPENCDD - ok
22:20:31.0162 0504 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:20:31.0272 0504 RDPWD - ok
22:20:31.0312 0504 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:20:31.0382 0504 RemoteAccess - ok
22:20:31.0422 0504 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:20:31.0502 0504 RemoteRegistry - ok
22:20:31.0532 0504 [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:20:31.0602 0504 RFCOMM - ok
22:20:31.0642 0504 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:20:31.0702 0504 RpcLocator - ok
22:20:31.0752 0504 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
22:20:31.0812 0504 RpcSs - ok
22:20:31.0842 0504 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:20:31.0918 0504 rspndr - ok
22:20:31.0933 0504 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
22:20:31.0980 0504 SamSs - ok
22:20:32.0011 0504 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:20:32.0043 0504 sbp2port - ok
22:20:32.0074 0504 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:20:32.0152 0504 SCardSvr - ok
22:20:32.0214 0504 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
22:20:32.0308 0504 Schedule - ok
22:20:32.0339 0504 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
22:20:32.0401 0504 SCPolicySvc - ok
22:20:32.0448 0504 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:20:32.0526 0504 sdbus - ok
22:20:32.0542 0504 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:20:32.0620 0504 SDRSVC - ok
22:20:32.0651 0504 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:20:32.0807 0504 secdrv - ok
22:20:32.0838 0504 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:20:32.0916 0504 seclogon - ok
22:20:33.0041 0504 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
22:20:33.0135 0504 SENS - ok
22:20:33.0181 0504 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:20:33.0306 0504 Serenum - ok
22:20:33.0337 0504 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
22:20:33.0478 0504 Serial - ok
22:20:33.0509 0504 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:20:33.0571 0504 sermouse - ok
22:20:33.0618 0504 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:20:33.0696 0504 SessionEnv - ok
22:20:33.0743 0504 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:20:33.0805 0504 sffdisk - ok
22:20:33.0837 0504 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:20:33.0915 0504 sffp_mmc - ok
22:20:33.0930 0504 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:20:34.0008 0504 sffp_sd - ok
22:20:34.0039 0504 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:20:34.0165 0504 sfloppy - ok
22:20:34.0215 0504 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:20:34.0295 0504 SharedAccess - ok
22:20:34.0345 0504 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:20:34.0425 0504 ShellHWDetection - ok
22:20:34.0465 0504 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:20:34.0485 0504 sisagp - ok
22:20:34.0515 0504 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:20:34.0545 0504 SiSRaid2 - ok
22:20:34.0575 0504 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:20:34.0605 0504 SiSRaid4 - ok
22:20:34.0675 0504 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:20:34.0705 0504 SkypeUpdate - ok
22:20:34.0835 0504 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
22:20:35.0115 0504 slsvc - ok
22:20:35.0155 0504 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:20:35.0235 0504 SLUINotify - ok
22:20:35.0275 0504 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:20:35.0345 0504 Smb - ok
22:20:35.0395 0504 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:20:35.0425 0504 SNMPTRAP - ok
22:20:35.0455 0504 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:20:35.0485 0504 spldr - ok
22:20:35.0525 0504 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
22:20:35.0595 0504 Spooler - ok
22:20:35.0645 0504 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:20:35.0705 0504 SQLBrowser - ok
22:20:35.0735 0504 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:20:35.0785 0504 SQLWriter - ok
22:20:35.0835 0504 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:20:35.0895 0504 srv - ok
22:20:35.0945 0504 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:20:36.0015 0504 srv2 - ok
22:20:36.0075 0504 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:20:36.0115 0504 srvnet - ok
22:20:36.0165 0504 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:20:36.0245 0504 SSDPSRV - ok
22:20:36.0285 0504 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:20:36.0305 0504 ssmdrv - ok
22:20:36.0355 0504 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:20:36.0425 0504 SstpSvc - ok
22:20:36.0485 0504 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
22:20:36.0565 0504 stisvc - ok
22:20:36.0605 0504 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:20:36.0635 0504 swenum - ok
22:20:36.0665 0504 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
22:20:36.0765 0504 swprv - ok
22:20:36.0805 0504 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:20:36.0825 0504 Symc8xx - ok
22:20:36.0855 0504 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:20:36.0885 0504 Sym_hi - ok
22:20:36.0905 0504 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:20:36.0925 0504 Sym_u3 - ok
22:20:36.0975 0504 [ C5F25D490D0915732508FD421BF76D93 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:20:37.0005 0504 SynTP - ok
22:20:37.0055 0504 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
22:20:37.0183 0504 SysMain - ok
22:20:37.0230 0504 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:20:37.0292 0504 TabletInputService - ok
22:20:37.0333 0504 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:20:37.0453 0504 TapiSrv - ok
22:20:37.0483 0504 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:20:37.0563 0504 TBS - ok
22:20:37.0633 0504 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:20:37.0753 0504 Tcpip - ok
22:20:37.0823 0504 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:20:37.0913 0504 Tcpip6 - ok
22:20:37.0963 0504 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:20:38.0033 0504 tcpipreg - ok
22:20:38.0063 0504 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:20:38.0153 0504 TDPIPE - ok
22:20:38.0173 0504 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:20:38.0253 0504 TDTCP - ok
22:20:38.0283 0504 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:20:38.0383 0504 tdx - ok
22:20:38.0403 0504 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:20:38.0433 0504 TermDD - ok
22:20:38.0493 0504 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
22:20:38.0623 0504 TermService - ok
22:20:38.0663 0504 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
22:20:38.0713 0504 Themes - ok
22:20:38.0733 0504 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:20:38.0803 0504 THREADORDER - ok
22:20:38.0833 0504 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:20:38.0923 0504 TrkWks - ok
22:20:38.0983 0504 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:20:39.0053 0504 TrustedInstaller - ok
22:20:39.0133 0504 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:20:39.0243 0504 tssecsrv - ok
22:20:39.0283 0504 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:20:39.0333 0504 tunmp - ok
22:20:39.0375 0504 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:20:39.0406 0504 tunnel - ok
22:20:39.0453 0504 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:20:39.0468 0504 uagp35 - ok
22:20:39.0515 0504 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:20:39.0593 0504 udfs - ok
22:20:39.0640 0504 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:20:39.0733 0504 UI0Detect - ok
22:20:39.0765 0504 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:20:39.0796 0504 uliagpkx - ok
22:20:39.0827 0504 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:20:39.0858 0504 uliahci - ok
22:20:39.0889 0504 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:20:39.0919 0504 UlSata - ok
22:20:39.0939 0504 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:20:39.0969 0504 ulsata2 - ok
22:20:39.0999 0504 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:20:40.0069 0504 umbus - ok
22:20:40.0099 0504 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:20:40.0209 0504 upnphost - ok
22:20:40.0259 0504 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:20:40.0309 0504 usbccgp - ok
22:20:40.0339 0504 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:20:40.0469 0504 usbcir - ok
22:20:40.0579 0504 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:20:40.0659 0504 usbehci - ok
22:20:40.0699 0504 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:20:40.0789 0504 usbhub - ok
22:20:40.0809 0504 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:20:40.0889 0504 usbohci - ok
22:20:40.0929 0504 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:20:41.0019 0504 usbprint - ok
22:20:41.0059 0504 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:20:41.0119 0504 usbscan - ok
22:20:41.0179 0504 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:20:41.0259 0504 USBSTOR - ok
22:20:41.0289 0504 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:20:41.0359 0504 usbuhci - ok
22:20:41.0399 0504 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:20:41.0479 0504 usbvideo - ok
22:20:41.0519 0504 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
22:20:41.0609 0504 UxSms - ok
22:20:41.0659 0504 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
22:20:41.0759 0504 vds - ok
22:20:41.0789 0504 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:20:41.0869 0504 vga - ok
22:20:41.0909 0504 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:20:41.0989 0504 VgaSave - ok
22:20:42.0019 0504 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:20:42.0049 0504 viaagp - ok
22:20:42.0069 0504 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:20:42.0149 0504 ViaC7 - ok
22:20:42.0179 0504 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:20:42.0209 0504 viaide - ok
22:20:42.0239 0504 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:20:42.0259 0504 volmgr - ok
22:20:42.0299 0504 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:20:42.0349 0504 volmgrx - ok
22:20:42.0379 0504 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:20:42.0429 0504 volsnap - ok
22:20:42.0529 0504 [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
22:20:42.0599 0504 vpnagent - ok
22:20:42.0649 0504 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
22:20:42.0699 0504 vpnva - ok
22:20:42.0729 0504 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:20:42.0789 0504 vsmraid - ok
22:20:42.0859 0504 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
22:20:43.0039 0504 VSS - ok
22:20:43.0079 0504 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
22:20:43.0189 0504 W32Time - ok
22:20:43.0229 0504 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:20:43.0379 0504 WacomPen - ok
22:20:43.0409 0504 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:20:43.0509 0504 Wanarp - ok
22:20:43.0519 0504 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:20:43.0579 0504 Wanarpv6 - ok
22:20:43.0619 0504 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:20:43.0689 0504 wcncsvc - ok
22:20:43.0719 0504 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:20:43.0789 0504 WcsPlugInService - ok
22:20:43.0839 0504 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:20:43.0879 0504 Wd - ok
22:20:43.0939 0504 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:20:44.0019 0504 Wdf01000 - ok
22:20:44.0039 0504 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:20:44.0119 0504 WdiServiceHost - ok
22:20:44.0139 0504 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:20:44.0219 0504 WdiSystemHost - ok
22:20:44.0249 0504 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
22:20:44.0319 0504 WebClient - ok
22:20:44.0409 0504 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:20:44.0489 0504 Wecsvc - ok
22:20:44.0519 0504 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:20:44.0589 0504 wercplsupport - ok
22:20:44.0629 0504 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
22:20:44.0689 0504 WerSvc - ok
22:20:44.0749 0504 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:20:44.0829 0504 winachsf - ok
22:20:44.0889 0504 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:20:44.0929 0504 WinDefend - ok
22:20:44.0979 0504 WinHttpAutoProxySvc - ok
22:20:45.0059 0504 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:20:45.0189 0504 Winmgmt - ok
22:20:45.0289 0504 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:20:45.0469 0504 WinRM - ok
22:20:45.0559 0504 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:20:45.0659 0504 Wlansvc - ok
22:20:45.0689 0504 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:20:45.0759 0504 WmiAcpi - ok
22:20:45.0819 0504 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:20:45.0899 0504 wmiApSrv - ok
22:20:45.0979 0504 [ C8F8AAC50B5B0BF821AB7D7126056B30 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
22:20:46.0009 0504 WMIService ( UnsignedFile.Multi.Generic ) - warning
22:20:46.0009 0504 WMIService - detected UnsignedFile.Multi.Generic (1)
22:20:46.0079 0504 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:20:46.0199 0504 WMPNetworkSvc - ok
22:20:46.0229 0504 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:20:46.0299 0504 WPCSvc - ok
22:20:46.0329 0504 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:20:46.0409 0504 WPDBusEnum - ok
22:20:46.0449 0504 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:20:46.0529 0504 WpdUsb - ok
22:20:46.0659 0504 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:20:46.0739 0504 WPFFontCache_v0400 - ok
22:20:46.0789 0504 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:20:46.0869 0504 ws2ifsl - ok
22:20:46.0909 0504 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
22:20:46.0959 0504 wscsvc - ok
22:20:46.0999 0504 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:20:47.0049 0504 WSDPrintDevice - ok
22:20:47.0079 0504 WSearch - ok
22:20:47.0199 0504 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
22:20:47.0409 0504 wuauserv - ok
22:20:47.0449 0504 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:47.0539 0504 WUDFRd - ok
22:20:47.0559 0504 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:20:47.0649 0504 wudfsvc - ok
22:20:47.0669 0504 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
22:20:47.0719 0504 XAudio - ok
22:20:47.0769 0504 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
22:20:47.0819 0504 XAudioService - ok
22:20:47.0889 0504 [ 7927E830ECDE6DB3682CC319BAD26984 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
22:20:47.0989 0504 yukonwlh - ok
22:20:48.0039 0504 ================ Scan global ===============================
22:20:48.0079 0504 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:20:48.0139 0504 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
22:20:48.0189 0504 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
22:20:48.0229 0504 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
22:20:48.0239 0504 [Global] - ok
22:20:48.0249 0504 ================ Scan MBR ==================================
22:20:48.0269 0504 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
22:20:57.0406 0504 \Device\Harddisk0\DR0 - ok
22:20:57.0406 0504 ================ Scan VBR ==================================
22:20:57.0426 0504 [ C41FA18DEDEC7D3E30F3881297CB79EB ] \Device\Harddisk0\DR0\Partition1
22:20:57.0426 0504 \Device\Harddisk0\DR0\Partition1 - ok
22:20:57.0456 0504 [ 339A9E70A62FF21C2199D6B9569520DC ] \Device\Harddisk0\DR0\Partition2
22:20:57.0466 0504 \Device\Harddisk0\DR0\Partition2 - ok
22:20:57.0466 0504 ============================================================
22:20:57.0466 0504 Scan finished
22:20:57.0466 0504 ============================================================
22:20:57.0516 0968 Detected object count: 8
22:20:57.0516 0968 Actual detected object count: 8
22:28:41.0656 0968 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0656 0968 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:41.0671 0968 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0671 0968 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:41.0671 0968 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0671 0968 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:41.0687 0968 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0687 0968 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:41.0687 0968 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0687 0968 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:41.0702 0968 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0702 0968 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:41.0702 0968 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0702 0968 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:41.0718 0968 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:41.0718 0968 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________

Alt 19.12.2012, 16:41   #4
markusg
/// Malware-holic
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



hi
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Wenn du fertig bist, melden bitte.
Prüfe unter Rechtsklick auf Computer, eigenschaften, ob das Servicepack2 (sp2) instaliert ist
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.12.2012, 17:37   #5
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Moin Moin,

Router ist abgeschmiert, deswegen antworte ich erst jetzt.
Updates und sp2installiert nach Anweisung.

Dürfen wir jetzt online Banking machen?

Gruß

Markus


Alt 27.12.2012, 17:21   #6
markusg
/// Malware-holic
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Hi,
wir haben noch ein Bissel zu tun.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Link in Email angeklickt durch gehackten Mail account

Alt 28.12.2012, 18:03   #7
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account





Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-28.02 - Natalia 28.12.2012  18:51:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1813 [GMT 1:00]
ausgeführt von:: c:\users\Natalia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\log.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-28 bis 2012-12-28  ))))))))))))))))))))))))))))))
.
.
2012-12-28 17:57 . 2012-12-28 17:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-28 17:42 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8378D2EF-E445-4A70-A4EA-904D2998E87F}\mpengine.dll
2012-12-22 14:52 . 2012-12-22 14:52	--------	d-----w-	c:\program files\Windows Portable Devices
2012-12-22 14:09 . 2012-02-29 15:11	5120	----a-w-	c:\windows\system32\wmi.dll
2012-12-22 14:09 . 2012-02-29 15:09	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-12-22 14:09 . 2012-02-29 13:32	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-12-22 13:37 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-22 13:37 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-22 13:37 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-22 13:37 . 2009-07-14 12:12	16896	----a-w-	c:\windows\system32\winusb.dll
2012-12-22 13:37 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-22 13:37 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-22 13:37 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-22 13:37 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-22 13:37 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-22 13:37 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-22 13:37 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-22 13:28 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 13:28 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 13:27 . 2011-07-29 16:01	293376	----a-w-	c:\windows\system32\psisdecd.dll
2012-12-22 13:27 . 2011-07-29 16:01	217088	----a-w-	c:\windows\system32\psisrndr.ax
2012-12-22 13:27 . 2011-07-29 16:00	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2012-12-22 13:27 . 2011-07-29 16:00	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2012-12-22 13:27 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-12-22 13:27 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-12-22 13:27 . 2012-11-13 01:36	2048000	----a-w-	c:\windows\system32\win32k.sys
2012-12-22 13:25 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2012-12-22 13:25 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-12-22 13:25 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-12-22 13:22 . 2012-11-13 01:29	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-22 13:22 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-12-22 13:22 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-12-22 13:22 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-12-22 13:21 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-12-22 13:21 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-12-22 13:21 . 2012-03-01 14:46	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-12-22 13:21 . 2012-03-01 14:46	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-12-22 13:21 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-12-22 13:21 . 2012-02-29 13:44	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-12-22 13:21 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2012-12-22 13:21 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2012-12-22 13:21 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2012-12-22 13:21 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2012-12-22 13:19 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-12-22 13:19 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-12-22 13:19 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-12-22 13:19 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-12-22 13:19 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-12-22 13:18 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-12-22 13:18 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-12-22 13:18 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-12-22 13:18 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-12-22 13:18 . 2012-05-01 14:03	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-12-22 13:17 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-12-22 13:17 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-12-22 13:17 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-12-22 13:17 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-22 13:17 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-12-22 13:17 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-12-22 13:17 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-12-22 13:16 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2012-12-22 13:16 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2012-12-22 13:09 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-12-22 12:47 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-12-22 12:47 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-12-22 12:47 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-12-22 12:47 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-12-22 12:46 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-12-22 12:46 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-12-22 12:46 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-12-22 12:46 . 2012-06-02 14:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-12-22 12:46 . 2012-06-02 14:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-12-19 11:26 . 2012-12-19 11:26	98816	----a-w-	c:\windows\system32\mfps.dll
2012-12-19 11:23 . 2012-12-19 11:23	519680	----a-w-	c:\windows\system32\d3d11.dll
2012-12-19 11:23 . 2012-12-19 11:23	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2012-12-19 11:23 . 2012-12-19 11:23	252928	----a-w-	c:\windows\system32\dxdiag.exe
2012-12-19 11:23 . 2012-12-19 11:23	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2012-12-19 11:23 . 2012-12-19 11:23	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2012-12-19 11:23 . 2012-12-19 11:23	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2012-12-19 11:23 . 2012-12-19 11:23	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2012-12-19 11:05 . 2012-12-19 11:06	--------	d-----w-	c:\windows\system32\ca-ES
2012-12-19 11:05 . 2012-12-19 11:06	--------	d-----w-	c:\windows\system32\eu-ES
2012-12-19 11:05 . 2012-12-19 11:06	--------	d-----w-	c:\windows\system32\vi-VN
2012-12-19 11:01 . 2012-12-19 11:01	--------	d-----w-	c:\windows\system32\SPReview
2012-12-19 10:51 . 2009-04-10 22:28	928768	----a-w-	c:\windows\system32\scavenge.dll
2012-12-19 10:49 . 2009-04-10 22:32	149480	----a-w-	c:\windows\system32\drivers\pci.sys
2012-12-19 10:48 . 2009-04-10 22:28	47104	----a-w-	c:\program files\Windows Journal\NBMapTIP.dll
2012-12-19 10:47 . 2009-04-10 22:28	324608	----a-w-	c:\program files\Windows NT\TableTextService\TableTextService.dll
2012-12-19 10:44 . 2012-12-19 10:44	--------	d-----w-	c:\windows\system32\EventProviders
2012-12-13 19:50 . 2012-12-13 19:50	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 11:23 . 2012-12-19 11:23	4096	----a-w-	c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2012-09-30 15:17 . 2012-09-30 15:17	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-30 15:17 . 2011-10-21 09:21	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2011-10-18 08:29	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-08 13:16 . 2012-12-08 13:16	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00	39472	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-17 68856]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-12 249856]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-04 332432]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-10-17 24064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-09-06 162408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-04 332432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-28 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 10:38	153232	---ha-w-	c:\programdata\Duden\DKReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{07e84f41-11d5-4615-aaf6-368df0762b41}]
2011-07-01 10:38	153232	---ha-w-	c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-02 20:59]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-02 20:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=109958&tt=220512_53ctrl&babsrc=HP_ss&mntrId=240e99d1000000000000001d7232f585
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=travelmate_5520
IE: Free YouTube to MP3 Converter - c:\users\Natalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - c:\users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\o8272jmx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - prefs.js: network.proxy.ftp - proxy.uni-hamburg.de
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - proxy.uni-hamburg.de
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.uni-hamburg.de
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.uni-hamburg.de
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.hpOld - 
FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic.dspOld - 
FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 240e99d1000000000000001d7232f585
FF - user.js: extensions.Softonic.instlDay - 15492
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.317:25
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=220512_53ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 240e99d1000000000000001d7232f585
FF - user.js: extensions.BabylonToolbar_i.hardId - 240e99d1000000000000001d7232f585
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-28 18:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-12-28  19:00:37
ComboFix-quarantined-files.txt  2012-12-28 18:00
.
Vor Suchlauf: 9 Verzeichnis(se), 65.429.782.528 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 65.610.760.192 Bytes frei
.
- - End Of File - - 1EB542DBA79F6067CCE767F4CA58A19C
         
--- --- ---

Alt 03.01.2013, 16:13   #8
markusg
/// Malware-holic
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Hi gesundes neues, sorry für lange Wartezeit
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.01.2013, 09:49   #9
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Dir auch ein frohes und gesundes neues Jahr.

Danke für deine Unterstützung.

Zitat:
2007 Microsoft Office system Microsoft Corporation 28.03.2008 490MB 12.0.6215.1000 notwendig
Acer Crystal Eye Webcam 2.0.9.2 SuYin 17.10.2011 3,04MB 2.0.9.2notwendig
Acer eDataSecurity Management Egis Inc. 17.10.2011 63,2MB 2.8.4354notwendig
Acer eLock Management Acer Inc. 17.10.2011 13,3MB 2.5.4302notwendig
Acer Empowering Technology Acer Inc. 28.03.2008 215MB 2.5.4301notwendig
Acer eNet Management Acer Inc. 17.10.2011 8,71MB 2.6.4304notwendig
Acer ePower Management Acer Inc. 17.10.2011 16,0MB 2.5.4309notwendig
Acer ePresentation Management Acer Inc. 17.10.2011 3,53MB 2.5.4300notwendig
Acer eSettings Management Acer Inc. 17.10.2011 13,1MB 2.5.4302notwendig
Acer Mobility Center Plug-In Acer Inc. 17.10.2011 4,12MB 1.0.4301notwendig
Acer ScreenSaver Acer Inc. 28.03.2008 2.11.20071207notwendig
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 17.10.2011 14,0MB unbekannt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 30.09.2012 11.4.402.278notwendig
Adobe Flash Player ActiveX Adobe Systems Incorporated 17.10.2011 9.0.115.0notwendig
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 09.01.2013 120MB 10.1.5notwendig
ATI Catalyst Install Manager ATI Technologies, Inc. 17.10.2011 13,8MB 3.0.664.0notwendig
Avira Free Antivirus Avira 14.11.2012 153MB 12.1.9.1236notwendig
Brother BRAdmin Light 1.21.0001 Brother 02.02.2012 1,21MB 1.21.0001notwendig
Brother MFL-Pro Suite MFC-7460DN Brother Industries, Ltd. 02.02.2012 6,50MB 1.0.7.0notwendig
Business Contact Manager für Outlook 2007 SP1 Microsoft Corporation 28.03.2008 31,4MB 3.0.6912.0 unnötig
Catalyst Control Center - Branding ATI 17.10.2011 431KB 1.00.0000 notwendig
CCleaner Piriform 19.12.2012 5,08MB 3.26 notwendig
Cisco AnyConnect VPN Client Cisco Systems, Inc. 25.02.2012 4,80MB 2.5.3054 notwendig
Duden-Rechtschreibprüfung kompakt Bibliographisches Institut GmbH 10.07.2012 585MB 8.0 notwendig
ElsterFormular Landesfinanzdirektion Thüringen 25.01.2012 159MB 13.0.0.8055p notwendig
Free Audio CD to MP3 Converter version 1.3.12.908 DVDVideoSoft Ltd. 29.02.2012 4,90MB notwendig
Free Window Registry Repair 18.10.2011 1,99MB unbekannt
Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 22.02.2012 14,6MB notwendig
Google Desktop Google 17.10.2011 30,2MB 5.7.0808.07150 unbekannt
Google Toolbar for Internet Explorer Google Inc. 16.12.2012 34,8MB 7.4.3607.2246 Firefox wird benutzt.
HDAUDIO Soft Data Fax Modem with SmartCP 17.10.2011 724KB unbekannt
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 16.12.2012 6,76MB 1.65.1.1000 notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 19.10.2011 36,9MB unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 17.10.2011 36,9MB unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.10.2011 120MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.10.2011 24,5MB 4.0.30319 unbekannt
Microsoft Office 2003 Web Components Microsoft Corporation 28.03.2008 21,7MB 11.0.8003.0 unbekannt
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 28.03.2008 7,23MB 12.0.4518.1014 unbekannt
Microsoft Office Enterprise 2007 Microsoft Corporation 20.10.2011 614MB 12.0.4518.1014 unbekannt
Microsoft Office Small Business Connectivity Components Microsoft Corporation 28.03.2008 158KB 2.0.7024.0 unbekannt
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Corporation 07.06.2012 132KB 12.0.4518.1014 notwendig
Microsoft SQL Server 2005 Microsoft Corporation 28.03.2008 42,6MB unbekannt
Microsoft SQL Server Native Client Microsoft Corporation 28.03.2008 2,58MB 9.00.2047.00 unbekannt
Microsoft SQL Server VSS Writer Microsoft Corporation 28.03.2008 699KB 9.00.2047.00 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.02.2012 2,68MB 8.0.59193 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25.01.2012 594KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 11,1MB 10.0.40219 unbekannt
Mozilla Firefox 18.0 (x86 de) Mozilla 11.01.2013 47,7MB 18.0 notwendig
Mozilla Maintenance Service Mozilla 11.01.2013 340KB 18.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.10.2011 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.10.2011 1,34MB 4.20.9876.0 unbekannt
NTI Backup NOW! 4.7 NewTech Infosystems 28.03.2008 7,22MB 1.00.0000 unbekannt
NTI CD & DVD-Maker NewTech Infosystems 28.03.2008 40,0MB 7 unbekannt
NTI Shadow NewTech Infosystems 17.10.2011 7,33MB 3.7.6.37 unbekannt
PDF24 Creator 5.2.0 PDF24.org 09.01.2013 35,4MB notwendig
PowerDVD CyberLink Corporation 17.10.2011 59,3MB 7.32.3704d.0 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.03.2008 15,9MB 6.0.1.5543 unbekannt
Skype Click to Call Skype Technologies S.A. 16.04.2012 12,6MB 5.9.9216 unbekannt
Skype™ 6.0 Skype Technologies S.A. 13.12.2012 20,3MB 6.0.126 notwendig
Synaptics Pointing Device Driver Synaptics 28.03.2008 13,6MB 10.0.15.0 unbekannt
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 28.03.2008 23,2MB 9.00.2047.00 unbekannt
VLC media player 1.1.11 VideoLAN 26.12.2011 82,1MB 1.1.11 notwendig

Alt 14.01.2013, 15:07   #10
markusg
/// Malware-holic
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



hi
bitte nich die Beschreibungen ans programm klatschen, kann man schlecht lesen, bearbeiten bitte und posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.01.2013, 19:31   #11
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Icon17

Link in Email angeklickt durch gehackten Mail account



Hallo,

tut mirleid, aber ich verstehe deine Arbeitsanweisung nicht.
Soll ich die Beschreibung (Datum, Größe, Version) löschen?
Soll ich notwendig, unnötig und unbekannt eine Zelie drunter schreiben?

Gib doch mal bitte ein Besipiel.

Gruß Markus

Alt 14.01.2013, 20:12   #12
markusg
/// Malware-holic
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



schreibs dahinter zb
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.01.2013, 21:59   #13
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Dahinter steht doch, ob es notwendig ist oder nicht
Ich habe zu jedem prog mein kommentar geschrieben!


Gruss Markus

Alt 16.01.2013, 16:45   #14
markusg
/// Malware-holic
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



deinstaliere:
Adobe Flash Player alle
Adobe - Install Adobe Flash Player
neueste version laden, instalieren.
adobe reader:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner bereits instaliert ist, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.01.2013, 19:39   #15
markus1986
 
Link in Email angeklickt durch gehackten Mail account - Standard

Link in Email angeklickt durch gehackten Mail account



Hallo Markus,

tut mir leid, dass du lange nichts mehr gehört hast. Freizeitstress

Ich habe alles nach Anweisung gemacht. und der letzte Punkt die Liste

Zitat:
2007 Microsoft Office system notwendig
Acer Crystal Eye Webcam 2.0.9.2 unbekannt
Acer eDataSecurity Management unbekannt
Acer eLock Management unbekannt
Acer Empowering Technology unbekannt
Acer eNet Management unbekannt
Acer ePower Management unbekannt
Acer ePresentation Management unbekannt
Acer eSettings Management unbekannt
Acer Mobility Center Plug-In unbekannt
Acer ScreenSaver unbekannt
Activation Assistant for the 2007 Microsoft Office suites unbekannt
Adobe Flash Player 11 Plugin notwendig
Adobe Reader X (10.1.5) - Deutsch notwendig
ATI Catalyst Install Manager notwendig
Avira Free Antivirus Avira notwendig
Brother BRAdmin Light 1.21.0001 notwendig
Brother MFL-Pro Suite MFC-7460DN notwendig
Catalyst Control Center - Branding notwendig
CCleaner Piriform notwendig
Cisco AnyConnect VPN Client notwendig
Duden-Rechtschreibprüfung kompakt notwendig
ElsterFormular Landesfinanzdirektion Thüringen notwendig
Free Audio CD to MP3 Converter version 1.3.12.908 notwendig
Free YouTube to MP3 Converter version 3.10.15.1228 notwendig
HDAUDIO Soft Data Fax Modem with SmartCP unbekannt
Malwarebytes Anti-Malware Version 1.65.1.1000 notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU unbekannt
Microsoft .NET Framework 3.5 SP1 unbekannt
Microsoft .NET Framework 4 Client Profile unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack unbekannt
Microsoft Office 2003 Web Components unbekannt
Microsoft Office 2007 Primary Interop Assemblies unbekannt
Microsoft Office Enterprise 2007 unbekannt
Microsoft Office Small Business Connectivity Components Microsoft Corporation unbekannt
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs unbekannt
Microsoft SQL Server Native Client Microsoft Corporation 28.03.2008 unbekannt
Microsoft SQL Server VSS Writer Microsoft Corporation 28.03.2008 699KB unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 unbekannt
Mozilla Firefox 18.0.1 (x86 de) notwendig
Mozilla Maintenance Service unbekannt
MSXML 4.0 SP2 (KB954430) unbekannt
MSXML 4.0 SP2 (KB973688) unbekannt
NTI Backup NOW! 4.7 NewTech Infosystems unbekannt
NTI CD & DVD-Maker NewTech Infosystems unbekannt
NTI Shadow NewTech Infosystems unbekannt
PDF24 Creator 5.2.0 notwendig
PowerDVD notwendig
Realtek High Definition Audio Driver unbekannt
Skype Click to Call Skype Technologies S.A. unbekannt
Skype™ 6.0 Skype Technologies S.A. notwendig
Synaptics Pointing Device Driver unbekannt
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) unbekannt
VLC media player 1.1.11 VideoLAN notwendig

Antwort

Themen zu Link in Email angeklickt durch gehackten Mail account
autorun, avira, bho, converter, email, error, excel, fehler, flash player, format, google, home, install.exe, intranet, launch, logfile, malaysia, microsoft office 2003, mozilla, mp3, office 2007, popup, realtek, registry, rundll, scan, security, senden, server, software, vista



Ähnliche Themen: Link in Email angeklickt durch gehackten Mail account


  1. Hab leider einen Link in einer Email angeklickt
    Plagegeister aller Art und deren Bekämpfung - 17.08.2015 (9)
  2. DHL Mail Link angeklickt
    Log-Analyse und Auswertung - 27.05.2015 (18)
  3. Phishing Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (13)
  4. Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (9)
  5. DHL Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (7)
  6. DHL Fake Email - Phishing Link leider angeklickt
    Plagegeister aller Art und deren Bekämpfung - 08.03.2015 (5)
  7. DHL Fake Email - Phishing Link leider angeklickt
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (8)
  8. Link in verdächtiger Email angeklickt
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (13)
  9. Link angeklickt der von einer gehackten EMail Adresse kam und auf dann auf Seite mit Werbung weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 15.09.2014 (9)
  10. Linux Ubuntu: Link in email angeklickt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2014 (3)
  11. Link in E-mail angeklickt
    Log-Analyse und Auswertung - 15.04.2014 (8)
  12. Spam Mail Link angeklickt
    Log-Analyse und Auswertung - 05.03.2014 (10)
  13. Link in GMX-Mail angeklickt - Folgen???
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (15)
  14. Link in Email angeklickt. PC mit Malware infiziert?
    Log-Analyse und Auswertung - 10.11.2012 (8)
  15. email link angeklickt - ist PC jetzt infiziert?
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (11)
  16. Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (17)
  17. Link in eMail angeklickt: PC infiziert?
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (5)

Zum Thema Link in Email angeklickt durch gehackten Mail account - Hallo Ihr, meine Freundin hat einen Link angegklickt, welchen Sie von einer Freundin bekommen hat per Mail. Ihr Acoount wurde gehackt und verschickt an alle diesen Link. Auf diesen ist - Link in Email angeklickt durch gehackten Mail account...
Archiv
Du betrachtest: Link in Email angeklickt durch gehackten Mail account auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.