Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Passwörter wurden ausspioniert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.02.2013, 12:43   #1
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Hallo erst mal zusammen,

war zum letzten Mal am 30.09.2010 hier bei euch im Bord, nun hat es das Notebook der Frau erwischt, aber zuerst mal die Fakten:

Was ist sehr wahrscheinlich passiert:

- E-Mail Anhang geöffnet

Was viel auf:

- Pc hing zeitweise oder wurde langsam
- T-Online sendete per Mail "das Konto wurde gehackt" und E-Mail Account gesperrt

Was ich bisher gemacht habe:

- Notebook sofort aus dem Netz genommen
- Diverse Software z.B. nicht genutzte deinstalliert
- System mit Antivir, Kaspersky, G-Data und Spybot überprüft und gereinigt
- Auffällige Ports geprüft und gegoogelt (dafür war der Rechner kurz im Netz)
- Java aktualisiert (dafür war der Rechner kurz im Netz)
- Neue Zugangsdaten T-Online im Router hinterlegt
- ALLE Passwörter für Onlineanwendungen und Lokale Anwendungen geändert (jetzt jede Anwendung ein anders Passwort)
- Benutzerkonto eingerichtet (keine Admin Rechte)
- HiJack- File erstellt


So, ich brauche nun nochmal Hilfe von euch bei dieser HiJackFile, ist das soweit ok?

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:32, on 04.02.2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
F:\XXXX Virensuche\Programme\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.bing.com/search?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://xxx.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.bing.com/search?q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O15 - ESC Trusted Zone: h**p://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup-Dienst (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 9655 bytes
         
Gruß dante

Alt 04.02.2013, 13:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Hallo,


Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!


Zitat:
Zitat von Larusso Beitrag anzeigen
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke
__________________

__________________

Alt 04.02.2013, 16:21   #3
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Hallo noch mal zusammen,

war zum letzten Mal am 30.09.2010 hier bei euch im Bord, nun hat es das Notebook der Frau erwischt, aber zuerst mal die Fakten:

Was ist sehr wahrscheinlich passiert:

- E-Mail Anhang geöffnet

Was viel auf:

- Pc hing zeitweise oder wurde langsam
- T-Online sendete per Mail "das Konto wurde gehackt" und E-Mail Account gesperrt

Was ich bisher gemacht habe:

- Notebook sofort aus dem Netz genommen
- Diverse Software z.B. nicht genutzte deinstalliert
- System mit Antivir, Kaspersky, G-Data und Spybot überprüft und gereinigt
- Auffällige Ports geprüft und gegoogelt (dafür war der Rechner kurz im Netz)
- Java aktualisiert (dafür war der Rechner kurz im Netz)
- Neue Zugangsdaten T-Online im Router hinterlegt
- ALLE Passwörter für Onlineanwendungen und Lokale Anwendungen geändert (jetzt jede Anwendung ein anders Passwort)
- Benutzerkonto eingerichtet (keine Admin Rechte)


was kann ich tun?
__________________

Alt 04.02.2013, 16:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Warum postest du den Text nochmal?
Hinweise hab ich dir eben gepostet. Nicht gelesen?

Zitat:
- System mit Antivir, Kaspersky, G-Data und Spybot überprüft und gereinigt
Zudem davon bitte alle Logs nachreichen, siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2013, 17:56   #5
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



...doch, schon ... was war denn falsch?

habe es so verstanden, dass ich erst mal hier schreiben soll was das problem ist und nicht gleich irgendeine selbstdiagnose oder sogar eine file.

deshalb habe ich der ordnung wegen nochmal von vorne begonnen.


also, was soll ich denn nun genau hier machen?


Alt 04.02.2013, 21:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Stand doch im geposteten Lesestoff, Hinweis, dass HijackThis unbrauchbar ist und was du stattdessen lesen und umsetzen solltest, nochmal das wiederholen was sowieso im ersten Posting steht ist da ein wenig sinnfrei, naja...

Außerdem solltest du alle Logs von den Virenscannern nachreichen, hast du das auch nicht gelesen? Also bitte reiche sie im nächsten Posting nach.

Zudem das hier bitte beachten und umsetzen:

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> Passwörter wurden ausspioniert

Alt 12.02.2013, 13:07   #7
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Hallo cosinus,


sollen wir hier weitermachen?


Gruß dante

Alt 12.02.2013, 14:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Ja dann fang doch mal langsam an. Ansonsten einfach mal posten was du jetzt willst, ich kann nicht in dein Kopf sehen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.02.2013, 09:34   #9
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



... bevor du mir in den Kopf schaust fange ich einfach mal langsam an

Ergebnis OTL:
Code:
ATTFilter
OTL logfile created on: 13.02.2013 09:14:36 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop\12.02.2013_23Uhr
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,37% Memory free
5,99 Gb Paging File | 4,64 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,24 Gb Total Space | 23,25 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\12.02.2013_23Uhr\OTL.exe (OldTimer Tools)
PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL File not found
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (GDScan) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (SGDrv) -- C:\Windows\System32\drivers\SGDrv.sys (Phoenix Technologies Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (RTL8192cu) -- C:\Windows\System32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sparkasse-donnersberg.d [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 5F 40 57 B1 66 CD 01  [binary data]
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes,DefaultScope = {D9980A29-828C-40F1-BB67-33A377943064}
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{6D5CDEFB-E9D5-43B6-AD82-AB49A83BA510}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=57B18066-1B7A-4F7F-8EBC-00009A96EF15&apn_sauid=AF125CFB-62D1-4F8C-AF52-4F337E37220A
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{D9980A29-828C-40F1-BB67-33A377943064}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/|hxxp://www.sparkasse-donnersberg.de/|hxxp://www.amazon.de/|hxxp://www.google.de/|hxxp://www.androidpit.de/|hxxp://www.youtube.com/|hxxp://www.otto.de/|hxxp://www.chefkoch.de/"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=57B18066-1B7A-4F7F-8EBC-00009A96EF15&apn_ptnrs=U3&apn_sauid=AF125CFB-62D1-4F8C-AF52-4F337E37220A&apn_dtid=OSJ000YYDE&&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
 
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
 
[2012.09.18 19:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2013.01.04 15:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\5wwtk2d4.default\extensions
[2012.10.29 15:58:36 | 000,002,308 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\5wwtk2d4.default\searchplugins\askcom.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Browser Companion Helper = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kolgnaidildmdbfgdnoapjdianbpajne\1.0.5_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8237144-1CFB-47A0-9C7F-0F988FA1A754}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d27b381d-45f9-11e2-a2bd-0002721a8cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{d27b381d-45f9-11e2-a2bd-0002721a8cb0}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 09:15:36 | 000,000,000 | ---D | C] -- C:\b731505b1df3d393d1f735520c30ed00
[2013.02.13 09:00:41 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\12.02.2013_23Uhr
[2013.02.09 20:52:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.02.09 20:38:03 | 000,015,600 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys
[2013.02.09 20:35:47 | 000,030,416 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2013.02.09 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Secunia PSI
[2013.02.09 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013.02.02 12:51:13 | 000,011,240 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.de.dll
[2013.02.02 12:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013
[2013.02.02 12:35:44 | 000,051,616 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2013.02.02 12:32:55 | 000,050,080 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2013.02.02 12:32:11 | 000,093,600 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2013.02.02 12:31:57 | 000,042,016 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2013.02.02 12:31:41 | 000,054,256 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2013.02.02 12:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.02 12:20:58 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.02.02 12:20:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.02 12:19:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.02 12:19:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.02 12:19:42 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.27 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{419F525A-09C7-471E-8544-D28A9446676E}
[2013.01.26 21:15:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\HpUpdate
[2013.01.26 21:15:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013.01.26 20:40:04 | 000,000,000 | R--D | C] -- C:\Backup
[2013.01.26 20:36:43 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2013.01.26 20:36:43 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2013.01.26 20:36:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013.01.26 20:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.26 20:03:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{333BE956-A077-4F27-A6FD-0A16C79D1BF6}
[2013.01.26 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2013.01.26 18:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.26 17:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.26 17:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.26 17:59:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs
[2013.01.26 17:36:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{469B57C5-0D55-47D2-A6C6-20C478E322E9}
[2013.01.25 12:31:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{BE7D14CE-59E9-438B-8D66-85DFBF2DA942}
[2013.01.24 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{58A625A3-68DA-4BDD-B82E-E3F6385458FF}
[2013.01.24 21:24:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Diagnostics
[2013.01.24 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0E6DC8BD-DF5F-49B8-86D8-B626F4383D2A}
[2013.01.24 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Virensuche
[2013.01.24 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E22891F8-ACF9-4A98-AC48-F1570939BD8B}
[2013.01.23 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4B80E70B-7FF9-448A-BD60-1045499006CC}
[2013.01.22 08:50:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0775A2A8-620D-4D5D-8D87-6A27DEF2FBCB}
[2013.01.21 13:12:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7F1A629B-1309-418A-93BF-552B804841AE}
[2013.01.19 11:07:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{275B37AF-DDBA-4D0F-B6F7-F5A94DCFBC28}
[2013.01.18 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{354B22C8-203F-4509-BDD8-964C00C1AE12}
[2013.01.18 10:44:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DB236B57-7AE0-48C7-94BA-5F25569ECB4F}
[2013.01.17 22:43:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7239AA8A-5AB0-432F-856A-1D47ED58623F}
[2013.01.17 10:43:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{30E94A3C-73B2-4246-9176-6716628620A3}
[2013.01.16 15:35:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{12BDB702-C24E-421F-8365-41937C862C49}
[2013.01.15 12:35:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{EA92736F-F75E-4487-B381-819814249AAA}
[2013.01.15 00:35:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F9ED22E5-3E48-45DC-B50F-EADA86EA3853}
[2013.01.14 12:34:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9ABFDBD8-5571-4989-A472-9196E38F1B48}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.13 09:17:58 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.13 09:17:58 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.13 09:17:58 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.13 09:17:58 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.13 09:06:53 | 000,978,154 | ---- | M] () -- C:\Windows\System32\sig.bin
[2013.02.13 09:06:53 | 000,052,028 | ---- | M] () -- C:\Windows\System32\nmp.map
[2013.02.13 09:06:22 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 09:06:22 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 08:59:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 08:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 08:59:04 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 23:48:36 | 000,001,203 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.02.10 15:50:18 | 000,000,680 | RHS- | M] () -- C:\Users\*****\ntuser.pol
[2013.02.10 15:45:20 | 000,297,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.09 20:38:03 | 000,015,600 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys
[2013.02.09 20:35:47 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2013.02.09 20:32:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.02 12:53:23 | 000,051,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2013.02.02 12:51:37 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2013.02.02 12:51:19 | 000,093,600 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2013.02.02 12:51:19 | 000,042,016 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2013.02.02 12:51:13 | 000,054,256 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2013.02.02 12:19:06 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.02 12:19:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.02 12:19:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.02 12:19:05 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.02 12:19:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.02 12:19:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.26 20:40:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2013.01.26 20:11:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.01.17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.02.12 23:48:36 | 000,001,203 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.02.10 15:48:30 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol
[2013.02.09 20:31:55 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.02.04 09:07:59 | 000,978,154 | ---- | C] () -- C:\Windows\System32\sig.bin
[2013.02.04 09:07:59 | 000,052,028 | ---- | C] () -- C:\Windows\System32\nmp.map
[2013.02.02 12:21:03 | 000,002,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.26 20:40:07 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2013.01.01 15:25:54 | 000,235,153 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2013.01.01 15:25:54 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.05.27 13:29:09 | 000,008,192 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.17 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.05.17 18:09:11 | 000,000,412 | ---- | C] () -- C:\Users\*****\AppData\Roaming\All CPU Meter_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Ergebnis Extras:
Code:
ATTFilter
OTL Extras logfile created on: 13.02.2013 09:14:36 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop\12.02.2013_23Uhr
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,37% Memory free
5,99 Gb Paging File | 4,64 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,24 Gb Total Space | 23,25 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A84420F-B04C-4087-A047-27D00A8A9764}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{11F0EA6F-9778-4460-B578-8FBFF8B7E234}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{137D6561-0BB8-4158-BA2A-48202B5F14BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1B452893-888A-4E9C-9BA7-2D8D6C89433F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2B3BFC16-722B-4F67-AC6A-71A8F8FF205A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3BBEFB7D-363B-4BDA-9C3C-16E4AC4377EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52410FC5-69F3-4958-8AB5-58ED285A7130}" = rport=137 | protocol=17 | dir=out | app=system | 
"{56A007D6-1B31-4FD2-8EE6-E1856981F27A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{600DC1FE-2FCF-4B12-BD7A-9D73B9EE06D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{60320153-7FB4-43B6-BA0C-747C36C91CB6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B74E9B7-B0F5-4966-80B3-DDDFF2702C9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FA232FD-09A1-4441-8B36-7DBDE80AAF83}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7821DC69-AF78-434F-910C-3F147A7D408A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7A56CB1D-DF8D-44F4-B808-A46C8450A4ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7E86921C-109F-4421-BC0B-5E78A488F807}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9CC84DC0-A7ED-4FAC-B19E-86BD003D5BAE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A22D4EE3-661F-4F95-A555-1CBB9B36DB73}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A56F50FF-1DC8-4093-BBB4-95D943FA5648}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AE19FE74-F3C4-491C-8915-6C939306279E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B63981ED-7765-463E-9CD7-D868F2BDE1E2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C2E5FC89-2CD6-4F3E-988B-0A6AD927DF73}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D1D91DB5-41D9-444A-8B56-D4E386AAA6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E063D58E-A535-4657-AA2C-D876227DBFB9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{E726C57E-2A7B-448D-95D3-A1B5046AF0C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE4BB067-0018-4F47-8F3C-ADB03920A0B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF2BADAB-3098-4FF6-BC86-B2AF867D3BBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE2EF37-1C59-4DDD-B09C-A21EE7235751}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{108FF9AB-6524-45DF-8E8C-A7F82DFC2461}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{142C24BB-FADF-4E49-9EDA-4EDB0E7E96BC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{1A0B6CEB-1ECB-43C3-B277-831C288BA366}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{2030B3E7-1920-44E0-810E-83EBC21602C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{26D809E2-DA29-457A-A3AC-1E120C83E470}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{29932379-7596-4EF6-AC50-80C70A4916AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{36D9C0CF-FFEA-4E00-A7A0-AD59B0561585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A910840-2A13-46CB-B63A-1041B8C7BF7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{3AFC0E9A-9246-4413-BC19-33D30BA6F5B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3BED2BF4-DC6A-4572-BC5C-DA10A5E5C08C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{413FE9F2-F6C6-40C1-AA7A-C08E5965CF8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4210D9D6-7929-4285-8301-E43E81156DB6}" = dir=in | app=c:\users\*****\appdata\local\temp\7zs09d9\setup\hpznui01.exe | 
"{4235E927-C2AA-46D5-914F-EFB132216FA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{49644D6A-1329-4046-A6D5-78B592538738}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{50903C2D-0D5F-45CA-AB1E-37F098713F05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{5316E9B3-67BE-42B0-8751-0634653FFF72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{537BFE40-B67A-4D25-A320-F2F8337D99DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{568A4EF4-C2BA-4BB3-BB78-E780738A59EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{5ACFB9A6-BEC4-4C69-8A93-C690D270F665}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5C6007A2-AD45-40D6-9D94-D8EA5895ED18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{604C6807-CA45-4ABF-9577-E64FA1E080D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{635CC938-D1BB-4682-B116-F24FF387B304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{6C90B9E2-23C3-4C0B-9082-F77F82EBEE52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{700D8122-422B-4077-A77E-D167A0FF23CB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{715BB109-54FB-44A4-85C5-C6B083819F0F}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{717F60AD-2B64-45AB-BB60-3499DD53253C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{7629CF9C-522B-46D0-96DF-59DB5F262987}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{7BF2B8E6-945C-4323-8CB3-9493A19645EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{7D1B6132-E5C3-47C1-BA8B-64BD04ADF852}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{8659745D-90D5-433A-8EFE-0579BC58B3B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B03BABE-36C1-4304-A7C2-CA9BB9700B41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{946A9EED-BE68-4D4C-A684-BA8B7A3A7FA6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{94D83CFD-9156-4F4C-A58F-4E37DBF98197}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{956B1363-7367-44F9-A06B-9B816241F611}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{97F6D864-4F68-4A6D-8318-6036938DA508}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B4ECFCAF-C924-4F87-9D15-985F5212BD78}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B8124FCC-11D3-46AF-BAAE-68F9BFB4A7AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{BA773D34-4FE4-488E-B4F6-ED744B4E290C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{BD1A4A52-4A3F-4CD0-98CB-56E6B8E1C819}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{BF0416CC-F8C9-40C0-BD6D-4BD97E564BEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C044AF74-34CE-4A39-9492-44498A116EA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C261FAD8-AD18-47F1-8573-6C47700F7D36}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C5B23440-7CE9-4DB5-8B1A-D089453F9CD4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{C6E27D6F-938E-4566-BB58-BB5CBB9CB0A7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{CE0EC241-56B3-4094-9BBE-E8208B8D7AFB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{D7870A47-3499-42B6-ABBD-EBB675E42448}" = protocol=6 | dir=out | app=system | 
"{D9D563F8-5EBF-495D-8C53-DCDBF4E9F3C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E01CB880-89DA-4DFB-8EFD-1A46680854C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{EDD9C10D-32A3-408D-B4AC-544FE3789867}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"TCP Query User{068893AA-65A6-439F-8E90-28256D7F7B30}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{1A45C8D5-14F1-4A19-A416-7DE613177E76}C:\program files\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files\amazon\utilities\amazon music importer\amazon music importer.exe | 
"TCP Query User{543A16C7-F6EB-4EB7-960D-48D23ED01E59}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{A955192C-C0D3-4BAB-A14B-6A84F8693F4F}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{BA3B5180-A581-4CC2-BC89-085B2D930E17}C:\program files\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files\amazon\utilities\amazon music importer\amazon music importer.exe | 
"UDP Query User{F3797955-6237-49ED-8BAA-C9541D4FD70B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"AudibleManager" = AudibleManager
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"com.amazon.music.uploader" = Amazon Music Importer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MPE" = MyPhoneExplorer
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
"NVIDIA Drivers" = NVIDIA Drivers
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.01.2013 07:09:23 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.01.2013 06:07:52 | Computer Name = *****-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 27.01.2013 06:08:22 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310
Description = 
 
Error - 27.01.2013 08:48:50 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.01.2013 10:57:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.01.2013 13:19:05 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DrvInst.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc04d  Name des fehlerhaften Moduls: hpzids01.dll, Version: 13.0.338.0,
 Zeitstempel: 0x4a1cc51a  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0002641a  ID des fehlerhaften
 Prozesses: 0x874  Startzeit der fehlerhaften Anwendung: 0x01cdfcb23464e4d5  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\DrvInst.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\hpzids01.dll  Berichtskennung: a69a6a1b-68a5-11e2-8f30-0013776f6455
 
Error - 09.02.2013 15:37:08 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
 Zeitstempel: 0x4fd2d1d9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b1f3  ID des fehlerhaften
 Prozesses: 0xc14  Startzeit der fehlerhaften Anwendung: 0x01ce06fbd5306a78  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
 169dd464-72f0-11e2-b6dd-0013776f6455
 
Error - 09.02.2013 15:37:12 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc015000f  Fehleroffset: 0x00083fbe  ID des fehlerhaften
 Prozesses: 0xc14  Startzeit der fehlerhaften Anwendung: 0x01ce06fbd5306a78  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 1903f76b-72f0-11e2-b6dd-0013776f6455
 
Error - 09.02.2013 15:37:25 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
 Zeitstempel: 0x4fd2d1d9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004b1f3  ID des fehlerhaften
 Prozesses: 0x1cb0  Startzeit der fehlerhaften Anwendung: 0x01ce06fcdd762649  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
 211d45fa-72f0-11e2-b6dd-0013776f6455
 
Error - 09.02.2013 15:37:29 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc015000f  Fehleroffset: 0x00083fbe  ID des fehlerhaften
 Prozesses: 0x1cb0  Startzeit der fehlerhaften Anwendung: 0x01ce06fcdd762649  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 23516c1b-72f0-11e2-b6dd-0013776f6455
 
[ Media Center Events ]
Error - 19.06.2012 09:49:58 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:49:57 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 09:50:02 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:49:59 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 10:51:23 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:23 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 10:51:26 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:25 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 10:51:28 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:27 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 10:51:29 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:51:29 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 11:52:50 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:50 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 11:52:53 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:52 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 11:52:54 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:53 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 19.06.2012 11:52:56 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:52:55 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ Spybot - Search and Destroy Events ]
Error - 26.01.2013 13:21:06 | Computer Name = *****-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 02.02.2013 08:16:21 | Computer Name = *****-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 16.11.2012 17:08:10 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.11.2012 17:12:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 20.11.2012 12:26:27 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.11.2012 13:28:55 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 26.11.2012 15:49:33 | Computer Name = *****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.12.2012 12:32:31 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Alt 13.02.2013, 10:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 01:07   #11
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Ergebnis GMER:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-14 00:40:13
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Kingston_SSDNow_V_Series_128GB rev.B090522a 119,24GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwloipoc.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntoskrnl.exe!ZwRollbackEnlistment + 1401                                                                                          830519A9 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                            830714D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  peauth.sys                                                                                                                        9F946C9D 28 Bytes  [55, 4E, EE, D5, EA, C1, 27, ...]
.text  peauth.sys                                                                                                                        9F946CC1 28 Bytes  [55, 4E, EE, D5, EA, C1, 27, ...]

---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] kernel32.dll!CreateThread                                                   7593DCC2 5 Bytes  JMP 693375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!EnableWindow                                                     75B98D02 5 Bytes  JMP 69379EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!GetAsyncKeyState                                                 75B9A256 5 Bytes  JMP 6931DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CallNextHookEx                                                   75B9ABE1 5 Bytes  JMP 69397FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!UnhookWindowsHookEx                                              75B9ADF9 5 Bytes  JMP 693BED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DefWindowProcA                                                   75B9BB1C 7 Bytes  JMP 6933980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateWindowExA                                                  75B9BF40 5 Bytes  JMP 69343643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SetWindowsHookExW                                                75B9E30C 5 Bytes  JMP 693725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateWindowExW                                                  75B9EC7C 5 Bytes  JMP 693A03DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!GetKeyState                                                      75BA2B4D 5 Bytes  JMP 6931DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!IsDialogMessageW                                                 75BA4104 5 Bytes  JMP 694C99FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DefWindowProcW                                                   75BA507D 7 Bytes  JMP 69398054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogParamA                                               75BB1F42 5 Bytes  JMP 694C9268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!IsDialogMessage                                                  75BB2019 5 Bytes  JMP 694C99D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxParamW                                                  75BB3B9B 5 Bytes  JMP 692D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogIndirectParamA                                       75BB721D 5 Bytes  JMP 694C92D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogIndirectParamW                                       75BBEA10 5 Bytes  JMP 694C9310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxIndirectParamW                                          75BC3B7F 5 Bytes  JMP 694C8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!EndDialog                                                        75BC3BA3 5 Bytes  JMP 694C9CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateDialogParamW                                               75BC5630 5 Bytes  JMP 694C92A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SetKeyboardState                                                 75BC695A 5 Bytes  JMP 694CA2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SendInput                                                        75BC7019 5 Bytes  JMP 694CA269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!SetCursorPos                                                     75BDC1B0 5 Bytes  JMP 694CA342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxParamA                                                  75BDCF42 5 Bytes  JMP 694C8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxIndirectParamA                                          75BDD274 5 Bytes  JMP 694C8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxIndirectA                                              75BEE869 5 Bytes  JMP 694C8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxIndirectW                                              75BEE963 5 Bytes  JMP 694C8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxExA                                                    75BEE9C9 5 Bytes  JMP 694C8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxExW                                                    75BEE9ED 5 Bytes  JMP 694C8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!keybd_event                                                      75BEEC3B 5 Bytes  JMP 694CA226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] SHELL32.dll!RealDriveType + 173D                                            762EFE30 4 Bytes  [CF, 01, 48, 6A] {IRET ; ADD [EAX+0x6a], ECX}
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] SHELL32.dll!RealDriveType + 1745                                            762EFE38 8 Bytes  [E0, 61, 47, 6A, 79, F7, 47, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[2396] ole32.dll!OleLoadFromStream                                                 76FC6143 5 Bytes  JMP 694C9704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!EnableWindow                                                     75B98D02 5 Bytes  JMP 69379EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxParamW                                                  75BB3B9B 5 Bytes  JMP 692D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxIndirectParamW                                          75BC3B7F 5 Bytes  JMP 694C8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxParamA                                                  75BDCF42 5 Bytes  JMP 694C8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!DialogBoxIndirectParamA                                          75BDD274 5 Bytes  JMP 694C8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxIndirectA                                              75BEE869 5 Bytes  JMP 694C8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxIndirectW                                              75BEE963 5 Bytes  JMP 694C8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxExA                                                    75BEE9C9 5 Bytes  JMP 694C8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6116] USER32.dll!MessageBoxExW                                                    75BEE9ED 5 Bytes  JMP 694C8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] kernel32.dll!CreateThread                                                   7593DCC2 5 Bytes  JMP 693375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!EnableWindow                                                     75B98D02 5 Bytes  JMP 69379EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!GetAsyncKeyState                                                 75B9A256 5 Bytes  JMP 6931DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CallNextHookEx                                                   75B9ABE1 5 Bytes  JMP 69397FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!UnhookWindowsHookEx                                              75B9ADF9 5 Bytes  JMP 693BED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DefWindowProcA                                                   75B9BB1C 7 Bytes  JMP 6933980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateWindowExA                                                  75B9BF40 5 Bytes  JMP 69343643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SetWindowsHookExW                                                75B9E30C 5 Bytes  JMP 693725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateWindowExW                                                  75B9EC7C 5 Bytes  JMP 693A03DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!GetKeyState                                                      75BA2B4D 5 Bytes  JMP 6931DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!IsDialogMessageW                                                 75BA4104 5 Bytes  JMP 694C99FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DefWindowProcW                                                   75BA507D 7 Bytes  JMP 69398054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogParamA                                               75BB1F42 5 Bytes  JMP 694C9268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!IsDialogMessage                                                  75BB2019 5 Bytes  JMP 694C99D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxParamW                                                  75BB3B9B 5 Bytes  JMP 692D1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogIndirectParamA                                       75BB721D 5 Bytes  JMP 694C92D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogIndirectParamW                                       75BBEA10 5 Bytes  JMP 694C9310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxIndirectParamW                                          75BC3B7F 5 Bytes  JMP 694C8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!EndDialog                                                        75BC3BA3 5 Bytes  JMP 694C9CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!CreateDialogParamW                                               75BC5630 5 Bytes  JMP 694C92A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SetKeyboardState                                                 75BC695A 5 Bytes  JMP 694CA2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SendInput                                                        75BC7019 5 Bytes  JMP 694CA269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!SetCursorPos                                                     75BDC1B0 5 Bytes  JMP 694CA342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxParamA                                                  75BDCF42 5 Bytes  JMP 694C8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!DialogBoxIndirectParamA                                          75BDD274 5 Bytes  JMP 694C8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxIndirectA                                              75BEE869 5 Bytes  JMP 694C8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxIndirectW                                              75BEE963 5 Bytes  JMP 694C8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxExA                                                    75BEE9C9 5 Bytes  JMP 694C8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!MessageBoxExW                                                    75BEE9ED 5 Bytes  JMP 694C8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] USER32.dll!keybd_event                                                      75BEEC3B 5 Bytes  JMP 694CA226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] SHELL32.dll!RealDriveType + 173D                                            762EFE30 4 Bytes  [CF, 01, 48, 6A] {IRET ; ADD [EAX+0x6a], ECX}
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] SHELL32.dll!RealDriveType + 1745                                            762EFE38 8 Bytes  [E0, 61, 47, 6A, 79, F7, 47, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6968] ole32.dll!OleLoadFromStream                                                 76FC6143 5 Bytes  JMP 694C9704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress]  [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\crypt32.dll [KERNEL32.dll!GetProcAddress]   [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2388] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress]   [7531FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@50566368a4e3                                          0xCE 0xFA 0xE4 0x52 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@5056638792b6                                          0xA6 0x3C 0x32 0xC2 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@c884470438e5                                          0x5E 0xFA 0x53 0xD0 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721a8cb0@b462934a06f4                                          0xAC 0xA9 0x6A 0xBC ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0 (not active ControlSet)                                   
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@50566368a4e3                                              0xCE 0xFA 0xE4 0x52 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@5056638792b6                                              0xA6 0x3C 0x32 0xC2 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@c884470438e5                                              0x5E 0xFA 0x53 0xD0 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721a8cb0@b462934a06f4                                              0xAC 0xA9 0x6A 0xBC ...

---- EOF - GMER 2.0 ----
         
Ergebnis MailwareBytes:
Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.261000 GHz
Memory total: 3215572992, free: 2212777984

------------ Kernel report ------------
     02/14/2013 00:53:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\GDBehave.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\MiniIcpt.sys
\??\C:\Windows\system32\drivers\HookCentre.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\GRD.sys
\SystemRoot\system32\drivers\gdwfpcd32.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\SGdrv.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
\??\C:\Windows\system32\drivers\PktIcpt.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff864d0030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff86041908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.02.13.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff864d0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff864d2f00, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff864d1c90, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff864d1020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff864cf078, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff864d0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86041908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffff9ed47688, 0xffffffff864d0030, 0xffffffff85e50600
Lower DeviceData: 0xffffffffb61261b0, 0xffffffff86041908, 0xffffffff85d52518
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DB96B4A7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 250064896
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
         

Alt 14.02.2013, 09:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Du hast das falsche Log von MBAR gepostet
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 09:54   #13
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Zitat:
Zitat von cosinus Beitrag anzeigen
Du hast das falsche Log von MBAR gepostet
Hier nun das Richtige, war gestern schon spät...
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.13.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-PC [administrator]

14.02.2013 01:01:08
mbar-log-2013-02-14 (01-01-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28049
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 14.02.2013, 10:15   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




2. TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 10:45   #15
dante1
 
Passwörter wurden ausspioniert - Standard

Passwörter wurden ausspioniert



Ergebnis aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 10:25:17
-----------------------------
10:25:17.812    OS Version: Windows 6.1.7601 Service Pack 1
10:25:17.812    Number of processors: 2 586 0x1706
10:25:17.812    ComputerName: *****-PC  UserName: *****
10:25:30.230    Initialize success
10:29:07.236    AVAST engine defs: 13021304
10:29:16.096    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:29:16.096    Disk 0 Vendor: Kingston_SSDNow_V_Series_128GB B090522a Size: 122104MB BusType: 11
10:29:16.096    Disk 0 MBR read successfully
10:29:16.096    Disk 0 MBR scan
10:29:16.190    Disk 0 Windows 7 default MBR code
10:29:16.190    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       122102 MB offset 2048
10:29:16.206    Disk 0 scanning sectors +250066944
10:29:16.237    Disk 0 scanning C:\Windows\system32\drivers
10:29:23.678    Service scanning
10:29:39.652    Modules scanning
10:29:41.821    Disk 0 trace - called modules:
10:29:41.821    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
10:29:41.836    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864d1a40]
10:29:41.836    3 CLASSPNP.SYS[8c41559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86039908]
10:29:42.663    AVAST engine scan C:\Windows
10:29:43.724    AVAST engine scan C:\Windows\system32
10:32:06.683    AVAST engine scan C:\Windows\system32\drivers
10:32:14.966    AVAST engine scan C:\Users\*****
10:40:16.528    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\14.02.2013_11Uhr\MBR.dat"
10:40:16.544    The log file has been saved successfully to "C:\Users\*****\Desktop\14.02.2013_11Uhr\aswMBR.txt"
         
Ergebnis TDSSKiller:
Code:
ATTFilter
10:40:43.0931 4124  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:40:45.0585 4124  ============================================================
10:40:45.0585 4124  Current date / time: 2013/02/14 10:40:45.0585
10:40:45.0585 4124  SystemInfo:
10:40:45.0585 4124  
10:40:45.0585 4124  OS Version: 6.1.7601 ServicePack: 1.0
10:40:45.0585 4124  Product type: Workstation
10:40:45.0585 4124  ComputerName: *****-PC
10:40:45.0585 4124  UserName: *****
10:40:45.0585 4124  Windows directory: C:\Windows
10:40:45.0585 4124  System windows directory: C:\Windows
10:40:45.0585 4124  Processor architecture: Intel x86
10:40:45.0585 4124  Number of processors: 2
10:40:45.0585 4124  Page size: 0x1000
10:40:45.0585 4124  Boot type: Normal boot
10:40:45.0585 4124  ============================================================
10:40:46.0801 4124  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:40:46.0801 4124  ============================================================
10:40:46.0801 4124  \Device\Harddisk0\DR0:
10:40:46.0801 4124  MBR partitions:
10:40:46.0801 4124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
10:40:46.0801 4124  ============================================================
10:40:46.0817 4124  C: <-> \Device\Harddisk0\DR0\Partition1
10:40:46.0817 4124  ============================================================
10:40:46.0817 4124  Initialize success
10:40:46.0817 4124  ============================================================
10:40:54.0196 5504  ============================================================
10:40:54.0196 5504  Scan started
10:40:54.0196 5504  Mode: Manual; 
10:40:54.0196 5504  ============================================================
10:40:54.0835 5504  ================ Scan system memory ========================
10:40:54.0835 5504  System memory - ok
10:40:54.0835 5504  ================ Scan services =============================
10:40:54.0929 5504  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:40:54.0945 5504  1394ohci - ok
10:40:54.0945 5504  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:40:54.0960 5504  ACPI - ok
10:40:54.0960 5504  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:40:54.0960 5504  AcpiPmi - ok
10:40:54.0991 5504  [ 49C47EBF1C9EF2C5D4988450D79FD544 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
10:40:54.0991 5504  AcrSch2Svc - ok
10:40:55.0007 5504  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:40:55.0023 5504  adp94xx - ok
10:40:55.0023 5504  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:40:55.0069 5504  adpahci - ok
10:40:55.0069 5504  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:40:55.0069 5504  adpu320 - ok
10:40:55.0085 5504  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:40:55.0085 5504  AeLookupSvc - ok
10:40:55.0101 5504  [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
10:40:55.0132 5504  afcdp - ok
10:40:55.0179 5504  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
10:40:55.0225 5504  afcdpsrv - ok
10:40:55.0241 5504  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
10:40:55.0241 5504  AFD - ok
10:40:55.0241 5504  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:40:55.0257 5504  agp440 - ok
10:40:55.0257 5504  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
10:40:55.0257 5504  aic78xx - ok
10:40:55.0272 5504  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
10:40:55.0272 5504  ALG - ok
10:40:55.0288 5504  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:40:55.0303 5504  aliide - ok
10:40:55.0319 5504  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:40:55.0319 5504  amdagp - ok
10:40:55.0335 5504  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:40:55.0335 5504  amdide - ok
10:40:55.0350 5504  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:40:55.0381 5504  AmdK8 - ok
10:40:55.0381 5504  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:40:55.0381 5504  AmdPPM - ok
10:40:55.0397 5504  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:40:55.0397 5504  amdsata - ok
10:40:55.0413 5504  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:40:55.0413 5504  amdsbs - ok
10:40:55.0444 5504  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:40:55.0459 5504  amdxata - ok
10:40:55.0459 5504  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
10:40:55.0475 5504  AppID - ok
10:40:55.0475 5504  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:40:55.0475 5504  AppIDSvc - ok
10:40:55.0491 5504  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
10:40:55.0491 5504  Appinfo - ok
10:40:55.0522 5504  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:40:55.0537 5504  AppMgmt - ok
10:40:55.0553 5504  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:40:55.0553 5504  arc - ok
10:40:55.0569 5504  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:40:55.0569 5504  arcsas - ok
10:40:55.0584 5504  [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
10:40:55.0600 5504  aswKbd - ok
10:40:55.0600 5504  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:55.0615 5504  AsyncMac - ok
10:40:55.0631 5504  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
10:40:55.0631 5504  atapi - ok
10:40:55.0647 5504  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:40:55.0662 5504  AudioEndpointBuilder - ok
10:40:55.0662 5504  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:40:55.0678 5504  Audiosrv - ok
10:40:55.0709 5504  [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy        C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
10:40:55.0725 5504  AVKProxy - ok
10:40:55.0740 5504  [ 68F93849B4197243E8454E704B063F9B ] AVKService      C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
10:40:55.0740 5504  AVKService - ok
10:40:55.0771 5504  [ 0D82622BF14D167EAA26DDF69F81B187 ] AVKWCtl         C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
10:40:55.0803 5504  AVKWCtl - ok
10:40:55.0803 5504  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:40:55.0803 5504  AxInstSV - ok
10:40:55.0818 5504  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
10:40:55.0849 5504  b06bdrv - ok
10:40:55.0849 5504  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:40:55.0865 5504  b57nd60x - ok
10:40:55.0881 5504  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:40:55.0881 5504  BDESVC - ok
10:40:55.0896 5504  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:40:55.0896 5504  Beep - ok
10:40:55.0912 5504  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
10:40:55.0927 5504  BFE - ok
10:40:55.0943 5504  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
10:40:55.0943 5504  BITS - ok
10:40:55.0943 5504  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:55.0974 5504  blbdrive - ok
10:40:55.0974 5504  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:40:55.0974 5504  bowser - ok
10:40:56.0005 5504  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:40:56.0005 5504  BrFiltLo - ok
10:40:56.0021 5504  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:40:56.0021 5504  BrFiltUp - ok
10:40:56.0052 5504  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
10:40:56.0052 5504  Browser - ok
10:40:56.0068 5504  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:40:56.0083 5504  Brserid - ok
10:40:56.0099 5504  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:56.0099 5504  BrSerWdm - ok
10:40:56.0302 5504  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:56.0317 5504  BrUsbMdm - ok
10:40:56.0333 5504  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:56.0333 5504  BrUsbSer - ok
10:40:56.0349 5504  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:40:56.0349 5504  BthEnum - ok
10:40:56.0364 5504  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:40:56.0364 5504  BTHMODEM - ok
10:40:56.0380 5504  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:40:56.0380 5504  BthPan - ok
10:40:56.0395 5504  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:40:56.0395 5504  BTHPORT - ok
10:40:56.0411 5504  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
10:40:56.0411 5504  bthserv - ok
10:40:56.0427 5504  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:40:56.0442 5504  BTHUSB - ok
10:40:56.0458 5504  [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
10:40:56.0458 5504  btwaudio - ok
10:40:56.0473 5504  [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
10:40:56.0473 5504  btwavdt - ok
10:40:56.0489 5504  [ 7CAA4410C25026B9BEE85F6C7F86B19B ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:40:56.0505 5504  btwdins - ok
10:40:56.0520 5504  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
10:40:56.0520 5504  btwl2cap - ok
10:40:56.0536 5504  [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
10:40:56.0536 5504  btwrchid - ok
10:40:56.0551 5504  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:40:56.0551 5504  cdfs - ok
10:40:56.0567 5504  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:40:56.0567 5504  cdrom - ok
10:40:56.0583 5504  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:40:56.0583 5504  CertPropSvc - ok
10:40:56.0614 5504  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:40:56.0614 5504  circlass - ok
10:40:56.0645 5504  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
10:40:56.0645 5504  CLFS - ok
10:40:56.0661 5504  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:56.0661 5504  clr_optimization_v2.0.50727_32 - ok
10:40:56.0676 5504  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:56.0692 5504  clr_optimization_v4.0.30319_32 - ok
10:40:56.0692 5504  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:40:56.0692 5504  CmBatt - ok
10:40:56.0707 5504  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:40:56.0723 5504  cmdide - ok
10:40:56.0739 5504  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:40:56.0739 5504  CNG - ok
10:40:56.0754 5504  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:40:56.0754 5504  Compbatt - ok
10:40:56.0770 5504  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:40:56.0770 5504  CompositeBus - ok
10:40:56.0785 5504  COMSysApp - ok
10:40:56.0817 5504  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:40:56.0832 5504  crcdisk - ok
10:40:56.0863 5504  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:40:56.0863 5504  CryptSvc - ok
10:40:56.0879 5504  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
10:40:56.0895 5504  CSC - ok
10:40:56.0910 5504  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
10:40:56.0910 5504  CscService - ok
10:40:56.0926 5504  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:40:56.0941 5504  DcomLaunch - ok
10:40:56.0957 5504  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:40:56.0957 5504  defragsvc - ok
10:40:56.0973 5504  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:40:56.0973 5504  DfsC - ok
10:40:56.0988 5504  [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:40:56.0988 5504  dg_ssudbus - ok
10:40:57.0004 5504  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:40:57.0019 5504  Dhcp - ok
10:40:57.0035 5504  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
10:40:57.0035 5504  discache - ok
10:40:57.0051 5504  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:40:57.0051 5504  Disk - ok
10:40:57.0066 5504  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:40:57.0082 5504  Dnscache - ok
10:40:57.0097 5504  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:40:57.0097 5504  dot3svc - ok
10:40:57.0113 5504  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
10:40:57.0129 5504  Dot4 - ok
10:40:57.0144 5504  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:40:57.0144 5504  Dot4Print - ok
10:40:57.0160 5504  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
10:40:57.0175 5504  dot4usb - ok
10:40:57.0175 5504  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
10:40:57.0175 5504  DPS - ok
10:40:57.0191 5504  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:40:57.0191 5504  drmkaud - ok
10:40:57.0222 5504  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:40:57.0238 5504  DXGKrnl - ok
10:40:57.0253 5504  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
10:40:57.0253 5504  EapHost - ok
10:40:57.0300 5504  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
10:40:57.0378 5504  ebdrv - ok
10:40:57.0378 5504  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
10:40:57.0378 5504  EFS - ok
10:40:57.0394 5504  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:40:57.0409 5504  ehRecvr - ok
10:40:57.0409 5504  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
10:40:57.0409 5504  ehSched - ok
10:40:57.0425 5504  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:40:57.0425 5504  elxstor - ok
10:40:57.0441 5504  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:40:57.0441 5504  ErrDev - ok
10:40:57.0456 5504  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
10:40:57.0456 5504  EventSystem - ok
10:40:57.0456 5504  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
10:40:57.0487 5504  exfat - ok
10:40:57.0487 5504  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:40:57.0503 5504  fastfat - ok
10:40:57.0503 5504  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
10:40:57.0519 5504  Fax - ok
10:40:57.0519 5504  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:40:57.0534 5504  fdc - ok
10:40:57.0550 5504  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
10:40:57.0550 5504  fdPHost - ok
10:40:57.0550 5504  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
10:40:57.0550 5504  FDResPub - ok
10:40:57.0565 5504  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:40:57.0581 5504  FileInfo - ok
10:40:57.0581 5504  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:40:57.0581 5504  Filetrace - ok
10:40:57.0581 5504  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:57.0581 5504  flpydisk - ok
10:40:57.0597 5504  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:40:57.0628 5504  FltMgr - ok
10:40:57.0643 5504  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
10:40:57.0659 5504  FontCache - ok
10:40:57.0675 5504  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:40:57.0675 5504  FontCache3.0.0.0 - ok
10:40:57.0675 5504  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:40:57.0690 5504  FsDepends - ok
10:40:57.0706 5504  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:40:57.0706 5504  Fs_Rec - ok
10:40:57.0721 5504  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:40:57.0721 5504  fvevol - ok
10:40:57.0721 5504  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:40:57.0737 5504  gagp30kx - ok
10:40:57.0737 5504  [ A68E0A837461A558905688968F0285BD ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
10:40:57.0737 5504  GDBehave - ok
10:40:57.0768 5504  [ 803A7B7A4CE932582AE39EF3247BF57D ] GDFwSvc         C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
10:40:57.0799 5504  GDFwSvc - ok
10:40:57.0799 5504  [ 4CE604412EBC18BEA302FAB474CCF74C ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
10:40:57.0799 5504  GDMnIcpt - ok
10:40:57.0815 5504  [ EEAAE600C3025D7D693B3A159F103561 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
10:40:57.0815 5504  GDPkIcpt - ok
10:40:57.0831 5504  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
10:40:57.0831 5504  GDScan - ok
10:40:57.0846 5504  [ 3383007F653980C6E26D803B6F404B3C ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd32.sys
10:40:57.0846 5504  gdwfpcd - ok
10:40:57.0862 5504  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:40:57.0862 5504  gpsvc - ok
10:40:57.0877 5504  [ 6D92D51B56A893D72786C9E260B36DA2 ] GRD             C:\Windows\system32\drivers\GRD.sys
10:40:57.0877 5504  GRD - ok
10:40:57.0877 5504  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:57.0877 5504  gupdate - ok
10:40:57.0893 5504  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:57.0893 5504  gupdatem - ok
10:40:57.0893 5504  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:40:57.0893 5504  hcw85cir - ok
10:40:57.0909 5504  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:40:57.0909 5504  HdAudAddService - ok
10:40:57.0924 5504  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:40:57.0924 5504  HDAudBus - ok
10:40:57.0924 5504  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:40:57.0940 5504  HidBatt - ok
10:40:57.0955 5504  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:40:57.0955 5504  HidBth - ok
10:40:57.0955 5504  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:40:57.0955 5504  HidIr - ok
10:40:57.0971 5504  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
10:40:57.0971 5504  hidserv - ok
10:40:57.0971 5504  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:40:57.0971 5504  HidUsb - ok
10:40:57.0987 5504  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:40:57.0987 5504  hkmsvc - ok
10:40:57.0987 5504  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:40:58.0002 5504  HomeGroupListener - ok
10:40:58.0002 5504  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:40:58.0002 5504  HomeGroupProvider - ok
10:40:58.0018 5504  [ 584D01D20F1BC377313AF55671DE8147 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
10:40:58.0033 5504  HookCentre - ok
10:40:58.0049 5504  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:40:58.0049 5504  hpqcxs08 - ok
10:40:58.0065 5504  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:40:58.0080 5504  HpSAMD - ok
10:40:58.0080 5504  HPSLPSVC - ok
10:40:58.0080 5504  [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:40:58.0111 5504  HTCAND32 - ok
10:40:58.0111 5504  [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
10:40:58.0111 5504  htcnprot - ok
10:40:58.0127 5504  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:40:58.0127 5504  HTTP - ok
10:40:58.0143 5504  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:40:58.0143 5504  hwpolicy - ok
10:40:58.0143 5504  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:40:58.0143 5504  i8042prt - ok
10:40:58.0158 5504  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:40:58.0174 5504  iaStorV - ok
10:40:58.0189 5504  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:40:58.0205 5504  idsvc - ok
10:40:58.0205 5504  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:40:58.0205 5504  iirsp - ok
10:40:58.0221 5504  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:40:58.0236 5504  IKEEXT - ok
10:40:58.0236 5504  IntcAzAudAddService - ok
10:40:58.0236 5504  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:40:58.0252 5504  intelide - ok
10:40:58.0252 5504  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:40:58.0252 5504  intelppm - ok
10:40:58.0252 5504  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:40:58.0267 5504  IPBusEnum - ok
10:40:58.0267 5504  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:58.0267 5504  IpFilterDriver - ok
10:40:58.0283 5504  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:40:58.0283 5504  iphlpsvc - ok
10:40:58.0299 5504  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:40:58.0314 5504  IPMIDRV - ok
10:40:58.0314 5504  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:40:58.0330 5504  IPNAT - ok
10:40:58.0330 5504  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:40:58.0330 5504  IRENUM - ok
10:40:58.0330 5504  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:40:58.0345 5504  isapnp - ok
10:40:58.0345 5504  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:40:58.0345 5504  iScsiPrt - ok
10:40:58.0361 5504  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:40:58.0361 5504  kbdclass - ok
10:40:58.0361 5504  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:40:58.0361 5504  kbdhid - ok
10:40:58.0377 5504  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
10:40:58.0377 5504  KeyIso - ok
10:40:58.0377 5504  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:40:58.0377 5504  KSecDD - ok
10:40:58.0392 5504  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:40:58.0392 5504  KSecPkg - ok
10:40:58.0408 5504  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:40:58.0408 5504  KtmRm - ok
10:40:58.0423 5504  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:40:58.0423 5504  LanmanServer - ok
10:40:58.0423 5504  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:40:58.0439 5504  LanmanWorkstation - ok
10:40:58.0439 5504  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:40:58.0439 5504  lltdio - ok
10:40:58.0455 5504  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:40:58.0455 5504  lltdsvc - ok
10:40:58.0455 5504  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:40:58.0470 5504  lmhosts - ok
10:40:58.0470 5504  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:40:58.0486 5504  LSI_FC - ok
10:40:58.0501 5504  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:40:58.0501 5504  LSI_SAS - ok
10:40:58.0501 5504  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:40:58.0501 5504  LSI_SAS2 - ok
10:40:58.0517 5504  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:40:58.0517 5504  LSI_SCSI - ok
10:40:58.0517 5504  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
10:40:58.0517 5504  luafv - ok
10:40:58.0533 5504  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:40:58.0533 5504  Mcx2Svc - ok
10:40:58.0533 5504  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:40:58.0548 5504  megasas - ok
10:40:58.0548 5504  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:40:58.0564 5504  MegaSR - ok
10:40:58.0579 5504  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
10:40:58.0579 5504  MMCSS - ok
10:40:58.0579 5504  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
10:40:58.0579 5504  Modem - ok
10:40:58.0595 5504  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:40:58.0595 5504  monitor - ok
10:40:58.0595 5504  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:40:58.0595 5504  mouclass - ok
10:40:58.0611 5504  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:40:58.0626 5504  mouhid - ok
10:40:58.0626 5504  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:40:58.0642 5504  mountmgr - ok
10:40:58.0657 5504  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:40:58.0657 5504  mpio - ok
10:40:58.0657 5504  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:40:58.0673 5504  mpsdrv - ok
10:40:58.0673 5504  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:40:58.0689 5504  MpsSvc - ok
10:40:58.0689 5504  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:40:58.0720 5504  MRxDAV - ok
10:40:58.0720 5504  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:58.0720 5504  mrxsmb - ok
10:40:58.0735 5504  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:58.0735 5504  mrxsmb10 - ok
10:40:58.0751 5504  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:58.0751 5504  mrxsmb20 - ok
10:40:58.0751 5504  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
10:40:58.0751 5504  msahci - ok
10:40:58.0767 5504  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:40:58.0767 5504  msdsm - ok
10:40:58.0767 5504  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
10:40:58.0782 5504  MSDTC - ok
10:40:58.0782 5504  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:40:58.0782 5504  Msfs - ok
10:40:58.0798 5504  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:40:58.0798 5504  mshidkmdf - ok
10:40:58.0798 5504  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:40:58.0798 5504  msisadrv - ok
10:40:58.0813 5504  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:40:58.0813 5504  MSiSCSI - ok
10:40:58.0813 5504  msiserver - ok
10:40:58.0829 5504  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:40:58.0829 5504  MSKSSRV - ok
10:40:58.0829 5504  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:58.0829 5504  MSPCLOCK - ok
10:40:58.0829 5504  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:40:58.0845 5504  MSPQM - ok
10:40:58.0860 5504  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:40:58.0860 5504  MsRPC - ok
10:40:58.0860 5504  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:40:58.0876 5504  mssmbios - ok
10:40:58.0876 5504  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:40:58.0876 5504  MSTEE - ok
10:40:58.0876 5504  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:40:58.0891 5504  MTConfig - ok
10:40:58.0891 5504  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:40:58.0891 5504  Mup - ok
10:40:58.0907 5504  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
10:40:58.0907 5504  napagent - ok
10:40:58.0923 5504  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:40:58.0923 5504  NativeWifiP - ok
10:40:58.0938 5504  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:40:58.0954 5504  NDIS - ok
10:40:58.0954 5504  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:58.0969 5504  NdisCap - ok
10:40:58.0969 5504  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:58.0969 5504  NdisTapi - ok
10:40:58.0985 5504  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:58.0985 5504  Ndisuio - ok
10:40:58.0985 5504  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:59.0001 5504  NdisWan - ok
10:40:59.0001 5504  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:40:59.0016 5504  NDProxy - ok
10:40:59.0016 5504  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:40:59.0032 5504  Net Driver HPZ12 - ok
10:40:59.0032 5504  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:40:59.0032 5504  NetBIOS - ok
10:40:59.0047 5504  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:40:59.0047 5504  NetBT - ok
10:40:59.0047 5504  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
10:40:59.0047 5504  Netlogon - ok
10:40:59.0063 5504  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
10:40:59.0063 5504  Netman - ok
10:40:59.0079 5504  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
10:40:59.0079 5504  netprofm - ok
10:40:59.0094 5504  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:40:59.0094 5504  NetTcpPortSharing - ok
10:40:59.0219 5504  [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32        C:\Windows\system32\DRIVERS\NETw5s32.sys
10:40:59.0359 5504  NETw5s32 - ok
10:40:59.0422 5504  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
10:40:59.0562 5504  netw5v32 - ok
10:40:59.0562 5504  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:40:59.0578 5504  nfrd960 - ok
10:40:59.0578 5504  [ 37260A293B6A89373AE76791E6CC5A12 ] nhcDriverDevice C:\Windows\system32\drivers\nhcDriver.sys
10:40:59.0593 5504  nhcDriverDevice - ok
10:40:59.0593 5504  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:40:59.0593 5504  NlaSvc - ok
10:40:59.0609 5504  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:40:59.0609 5504  Npfs - ok
10:40:59.0609 5504  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
10:40:59.0609 5504  nsi - ok
10:40:59.0625 5504  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:40:59.0640 5504  nsiproxy - ok
10:40:59.0656 5504  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:40:59.0718 5504  Ntfs - ok
10:40:59.0734 5504  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
10:40:59.0734 5504  Null - ok
10:40:59.0734 5504  [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
10:40:59.0734 5504  NVHDA - ok
10:40:59.0905 5504  [ 519D5E6B7FA9542C42437B2DFDCFAFD1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:41:00.0061 5504  nvlddmkm - ok
10:41:00.0077 5504  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:41:00.0077 5504  nvraid - ok
10:41:00.0077 5504  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:41:00.0093 5504  nvstor - ok
10:41:00.0093 5504  [ D9295D59E8C69537B87D0DC638F61B76 ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:41:00.0108 5504  nvsvc - ok
10:41:00.0108 5504  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:41:00.0124 5504  nv_agp - ok
10:41:00.0139 5504  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:41:00.0139 5504  ohci1394 - ok
10:41:00.0139 5504  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:41:00.0155 5504  p2pimsvc - ok
10:41:00.0155 5504  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:41:00.0171 5504  p2psvc - ok
10:41:00.0171 5504  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:41:00.0186 5504  Parport - ok
10:41:00.0202 5504  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:41:00.0217 5504  partmgr - ok
10:41:00.0217 5504  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
10:41:00.0217 5504  Parvdm - ok
10:41:00.0233 5504  [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
10:41:00.0233 5504  PassThru Service - ok
10:41:00.0233 5504  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:41:00.0233 5504  PcaSvc - ok
10:41:00.0249 5504  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
10:41:00.0280 5504  pci - ok
10:41:00.0280 5504  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
10:41:00.0280 5504  pciide - ok
10:41:00.0295 5504  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:41:00.0295 5504  pcmcia - ok
10:41:00.0295 5504  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
10:41:00.0295 5504  pcw - ok
10:41:00.0311 5504  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:41:00.0327 5504  PEAUTH - ok
10:41:00.0342 5504  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:41:00.0358 5504  PeerDistSvc - ok
10:41:00.0405 5504  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
10:41:00.0467 5504  pla - ok
10:41:00.0467 5504  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:41:00.0483 5504  PlugPlay - ok
10:41:00.0483 5504  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:41:00.0483 5504  Pml Driver HPZ12 - ok
10:41:00.0498 5504  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:41:00.0498 5504  PNRPAutoReg - ok
10:41:00.0514 5504  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:41:00.0514 5504  PNRPsvc - ok
10:41:00.0514 5504  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
10:41:00.0514 5504  Point32 - ok
10:41:00.0529 5504  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:41:00.0529 5504  PolicyAgent - ok
10:41:00.0545 5504  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
10:41:00.0545 5504  Power - ok
10:41:00.0561 5504  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:41:00.0576 5504  PptpMiniport - ok
10:41:00.0576 5504  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:41:00.0576 5504  Processor - ok
10:41:00.0592 5504  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
10:41:00.0592 5504  ProfSvc - ok
10:41:00.0592 5504  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:41:00.0592 5504  ProtectedStorage - ok
10:41:00.0607 5504  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:41:00.0607 5504  Psched - ok
10:41:00.0623 5504  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
10:41:00.0623 5504  PSI - ok
10:41:00.0639 5504  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:41:00.0670 5504  ql2300 - ok
10:41:00.0670 5504  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:41:00.0685 5504  ql40xx - ok
10:41:00.0701 5504  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
10:41:00.0701 5504  QWAVE - ok
10:41:00.0717 5504  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:41:00.0717 5504  QWAVEdrv - ok
10:41:00.0717 5504  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:41:00.0717 5504  RasAcd - ok
10:41:00.0717 5504  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:41:00.0732 5504  RasAgileVpn - ok
10:41:00.0732 5504  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
10:41:00.0732 5504  RasAuto - ok
10:41:00.0748 5504  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:00.0748 5504  Rasl2tp - ok
10:41:00.0748 5504  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
10:41:00.0763 5504  RasMan - ok
10:41:00.0763 5504  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:00.0763 5504  RasPppoe - ok
10:41:00.0779 5504  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:41:00.0779 5504  RasSstp - ok
10:41:00.0795 5504  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:41:00.0795 5504  rdbss - ok
10:41:00.0795 5504  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:41:00.0810 5504  rdpbus - ok
10:41:00.0826 5504  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:00.0826 5504  RDPCDD - ok
10:41:00.0826 5504  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:41:00.0841 5504  RDPDR - ok
10:41:00.0841 5504  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:41:00.0841 5504  RDPENCDD - ok
10:41:00.0841 5504  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:41:00.0857 5504  RDPREFMP - ok
10:41:00.0857 5504  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:41:00.0857 5504  RdpVideoMiniport - ok
10:41:00.0873 5504  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:41:00.0873 5504  RDPWD - ok
10:41:00.0873 5504  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:41:00.0888 5504  rdyboost - ok
10:41:00.0888 5504  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:41:00.0888 5504  RemoteAccess - ok
10:41:00.0904 5504  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:41:00.0904 5504  RemoteRegistry - ok
10:41:00.0919 5504  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:41:00.0919 5504  RFCOMM - ok
10:41:00.0919 5504  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:41:00.0919 5504  RpcEptMapper - ok
10:41:00.0935 5504  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
10:41:00.0935 5504  RpcLocator - ok
10:41:00.0935 5504  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
10:41:00.0951 5504  RpcSs - ok
10:41:00.0951 5504  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:41:00.0966 5504  rspndr - ok
10:41:00.0982 5504  [ 2D4705361D73E83BD55FC7D9CACBF7BA ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
10:41:00.0997 5504  RTL8192cu - ok
10:41:00.0997 5504  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:41:00.0997 5504  s3cap - ok
10:41:01.0013 5504  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\Windows\system32\Drivers\SABI.sys
10:41:01.0013 5504  SABI - ok
10:41:01.0013 5504  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
10:41:01.0013 5504  SamSs - ok
10:41:01.0029 5504  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:41:01.0029 5504  sbp2port - ok
10:41:01.0029 5504  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:41:01.0044 5504  SCardSvr - ok
10:41:01.0044 5504  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:41:01.0060 5504  scfilter - ok
10:41:01.0075 5504  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
10:41:01.0091 5504  Schedule - ok
10:41:01.0091 5504  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:41:01.0091 5504  SCPolicySvc - ok
10:41:01.0107 5504  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:41:01.0107 5504  SDRSVC - ok
10:41:01.0138 5504  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
10:41:01.0153 5504  SDScannerService - ok
10:41:01.0169 5504  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:41:01.0200 5504  SDUpdateService - ok
10:41:01.0200 5504  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:41:01.0200 5504  SDWSCService - ok
10:41:01.0216 5504  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:41:01.0216 5504  secdrv - ok
10:41:01.0216 5504  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
10:41:01.0216 5504  seclogon - ok
10:41:01.0247 5504  [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
10:41:01.0263 5504  Secunia PSI Agent - ok
10:41:01.0278 5504  [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
10:41:01.0294 5504  Secunia Update Agent - ok
10:41:01.0294 5504  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
10:41:01.0309 5504  SENS - ok
10:41:01.0309 5504  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:41:01.0309 5504  SensrSvc - ok
10:41:01.0325 5504  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:41:01.0325 5504  Serenum - ok
10:41:01.0325 5504  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:41:01.0341 5504  Serial - ok
10:41:01.0341 5504  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:41:01.0341 5504  sermouse - ok
10:41:01.0356 5504  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:41:01.0356 5504  SessionEnv - ok
10:41:01.0372 5504  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:41:01.0372 5504  sffdisk - ok
10:41:01.0387 5504  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:41:01.0387 5504  sffp_mmc - ok
10:41:01.0387 5504  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:41:01.0387 5504  sffp_sd - ok
10:41:01.0403 5504  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:41:01.0403 5504  sfloppy - ok
10:41:01.0403 5504  [ 02C41EF0DA7C662C4301F86F2CAA1FCB ] SGDrv           C:\Windows\system32\DRIVERS\SGdrv.sys
10:41:01.0403 5504  SGDrv - ok
10:41:01.0419 5504  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:41:01.0419 5504  SharedAccess - ok
10:41:01.0434 5504  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:41:01.0434 5504  ShellHWDetection - ok
10:41:01.0450 5504  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:41:01.0450 5504  sisagp - ok
10:41:01.0450 5504  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:41:01.0465 5504  SiSRaid2 - ok
10:41:01.0481 5504  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:41:01.0481 5504  SiSRaid4 - ok
10:41:01.0481 5504  [ C44DA62FBCAE62803EA95600FC263065 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:41:01.0497 5504  SkypeUpdate - ok
10:41:01.0497 5504  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:41:01.0497 5504  Smb - ok
10:41:01.0512 5504  [ EB49860E776CE860DC3CFB9EDB1BA517 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
10:41:01.0512 5504  snapman - ok
10:41:01.0528 5504  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:41:01.0528 5504  SNMPTRAP - ok
10:41:01.0528 5504  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:41:01.0543 5504  spldr - ok
10:41:01.0543 5504  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
10:41:01.0559 5504  Spooler - ok
10:41:01.0606 5504  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
10:41:01.0653 5504  sppsvc - ok
10:41:01.0668 5504  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:41:01.0668 5504  sppuinotify - ok
10:41:01.0668 5504  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:41:01.0715 5504  srv - ok
10:41:01.0715 5504  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:41:01.0731 5504  srv2 - ok
10:41:01.0731 5504  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:41:01.0731 5504  srvnet - ok
10:41:01.0746 5504  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:41:01.0746 5504  SSDPSRV - ok
10:41:01.0762 5504  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:41:01.0762 5504  SstpSvc - ok
10:41:01.0762 5504  [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
10:41:01.0777 5504  ssudmdm - ok
10:41:01.0777 5504  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:41:01.0777 5504  stexstor - ok
10:41:01.0777 5504  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:41:01.0793 5504  StillCam - ok
10:41:01.0793 5504  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:41:01.0809 5504  StiSvc - ok
10:41:01.0809 5504  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:41:01.0824 5504  storflt - ok
10:41:01.0840 5504  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
10:41:01.0840 5504  StorSvc - ok
10:41:01.0840 5504  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:41:01.0855 5504  storvsc - ok
10:41:01.0855 5504  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:41:01.0855 5504  swenum - ok
10:41:01.0871 5504  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
10:41:01.0871 5504  swprv - ok
10:41:01.0887 5504  [ 069E5728E565BD401347CB94732C4733 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:41:01.0887 5504  SynTP - ok
10:41:01.0902 5504  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
10:41:01.0933 5504  SysMain - ok
10:41:01.0933 5504  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:41:01.0933 5504  TabletInputService - ok
10:41:01.0949 5504  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:41:01.0949 5504  TapiSrv - ok
10:41:01.0965 5504  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
10:41:01.0965 5504  TBS - ok
10:41:01.0980 5504  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:41:02.0011 5504  Tcpip - ok
10:41:02.0027 5504  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:41:02.0043 5504  TCPIP6 - ok
10:41:02.0043 5504  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:41:02.0058 5504  tcpipreg - ok
10:41:02.0058 5504  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:41:02.0058 5504  TDPIPE - ok
10:41:02.0074 5504  [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
10:41:02.0121 5504  tdrpman273 - ok
10:41:02.0121 5504  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:41:02.0136 5504  TDTCP - ok
10:41:02.0136 5504  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:41:02.0136 5504  tdx - ok
10:41:02.0199 5504  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
10:41:02.0277 5504  TeamViewer8 - ok
10:41:02.0292 5504  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:41:02.0308 5504  TermDD - ok
10:41:02.0323 5504  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
10:41:02.0323 5504  TermService - ok
10:41:02.0339 5504  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
10:41:02.0339 5504  Themes - ok
10:41:02.0339 5504  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
10:41:02.0339 5504  THREADORDER - ok
10:41:02.0355 5504  [ A34D7024BB7140EC785C86BC065D4F60 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
10:41:02.0370 5504  timounter - ok
10:41:02.0370 5504  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
10:41:02.0386 5504  TrkWks - ok
10:41:02.0386 5504  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:41:02.0386 5504  TrustedInstaller - ok
10:41:02.0401 5504  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:02.0401 5504  tssecsrv - ok
10:41:02.0401 5504  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:41:02.0417 5504  TsUsbFlt - ok
10:41:02.0448 5504  [ AF5F31156EE89D35AD6EC3179A805D23 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
10:41:02.0464 5504  TuneUp.UtilitiesSvc - ok
10:41:02.0464 5504  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
10:41:02.0479 5504  TuneUpUtilitiesDrv - ok
10:41:02.0479 5504  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:41:02.0479 5504  tunnel - ok
10:41:02.0495 5504  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:41:02.0495 5504  uagp35 - ok
10:41:02.0495 5504  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:41:02.0511 5504  udfs - ok
10:41:02.0511 5504  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:41:02.0511 5504  UI0Detect - ok
10:41:02.0526 5504  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:41:02.0542 5504  uliagpkx - ok
10:41:02.0542 5504  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
10:41:02.0557 5504  umbus - ok
10:41:02.0557 5504  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:41:02.0557 5504  UmPass - ok
10:41:02.0557 5504  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:41:02.0573 5504  UmRdpService - ok
10:41:02.0573 5504  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
10:41:02.0589 5504  upnphost - ok
10:41:02.0589 5504  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:02.0604 5504  usbccgp - ok
10:41:02.0620 5504  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:41:02.0635 5504  usbcir - ok
10:41:02.0635 5504  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:41:02.0635 5504  usbehci - ok
10:41:02.0651 5504  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:41:02.0651 5504  usbhub - ok
10:41:02.0667 5504  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:41:02.0667 5504  usbohci - ok
10:41:02.0667 5504  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:41:02.0667 5504  usbprint - ok
10:41:02.0682 5504  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:41:02.0682 5504  usbscan - ok
10:41:02.0682 5504  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:41:02.0698 5504  USBSTOR - ok
10:41:02.0713 5504  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:41:02.0713 5504  usbuhci - ok
10:41:02.0729 5504  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:41:02.0729 5504  usbvideo - ok
10:41:02.0729 5504  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
10:41:02.0745 5504  UxSms - ok
10:41:02.0745 5504  [ 6275822AC454A8A831D063841A4DBB5D ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
10:41:02.0745 5504  UxTuneUp - ok
10:41:02.0760 5504  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
10:41:02.0760 5504  VaultSvc - ok
10:41:02.0760 5504  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:41:02.0776 5504  vdrvroot - ok
10:41:02.0791 5504  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
10:41:02.0791 5504  vds - ok
10:41:02.0807 5504  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:02.0807 5504  vga - ok
10:41:02.0807 5504  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:41:02.0807 5504  VgaSave - ok
10:41:02.0823 5504  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:41:02.0823 5504  vhdmp - ok
10:41:02.0838 5504  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:41:02.0838 5504  viaagp - ok
10:41:02.0838 5504  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
10:41:02.0838 5504  ViaC7 - ok
10:41:02.0854 5504  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
10:41:02.0869 5504  viaide - ok
10:41:02.0869 5504  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:41:02.0869 5504  vmbus - ok
10:41:02.0885 5504  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:41:02.0885 5504  VMBusHID - ok
10:41:02.0885 5504  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:41:02.0885 5504  volmgr - ok
10:41:02.0901 5504  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:41:02.0901 5504  volmgrx - ok
10:41:02.0916 5504  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:41:02.0916 5504  volsnap - ok
10:41:02.0932 5504  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:41:02.0932 5504  vsmraid - ok
10:41:02.0947 5504  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
10:41:02.0979 5504  VSS - ok
10:41:02.0979 5504  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:41:02.0994 5504  vwifibus - ok
10:41:02.0994 5504  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:41:03.0025 5504  vwififlt - ok
10:41:03.0025 5504  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:41:03.0041 5504  vwifimp - ok
10:41:03.0041 5504  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
10:41:03.0057 5504  W32Time - ok
10:41:03.0057 5504  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:41:03.0057 5504  WacomPen - ok
10:41:03.0072 5504  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:41:03.0088 5504  WANARP - ok
10:41:03.0088 5504  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:41:03.0088 5504  Wanarpv6 - ok
10:41:03.0119 5504  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
10:41:03.0135 5504  wbengine - ok
10:41:03.0150 5504  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:41:03.0150 5504  WbioSrvc - ok
10:41:03.0166 5504  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:41:03.0166 5504  wcncsvc - ok
10:41:03.0166 5504  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:41:03.0181 5504  WcsPlugInService - ok
10:41:03.0181 5504  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:41:03.0181 5504  Wd - ok
10:41:03.0197 5504  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:41:03.0213 5504  Wdf01000 - ok
10:41:03.0213 5504  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:41:03.0213 5504  WdiServiceHost - ok
10:41:03.0213 5504  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:41:03.0228 5504  WdiSystemHost - ok
10:41:03.0228 5504  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
10:41:03.0244 5504  WebClient - ok
10:41:03.0244 5504  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:41:03.0259 5504  Wecsvc - ok
10:41:03.0275 5504  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:41:03.0275 5504  wercplsupport - ok
10:41:03.0275 5504  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:41:03.0275 5504  WerSvc - ok
10:41:03.0291 5504  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:41:03.0306 5504  WfpLwf - ok
10:41:03.0306 5504  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:41:03.0322 5504  WIMMount - ok
10:41:03.0337 5504  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:41:03.0353 5504  WinDefend - ok
10:41:03.0353 5504  WinHttpAutoProxySvc - ok
10:41:03.0369 5504  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:41:03.0369 5504  Winmgmt - ok
10:41:03.0400 5504  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
10:41:03.0415 5504  WinRM - ok
10:41:03.0415 5504  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:41:03.0431 5504  WinUsb - ok
10:41:03.0447 5504  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:41:03.0462 5504  Wlansvc - ok
10:41:03.0493 5504  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:41:03.0509 5504  wlidsvc - ok
10:41:03.0525 5504  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:41:03.0525 5504  WmiAcpi - ok
10:41:03.0540 5504  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:41:03.0540 5504  wmiApSrv - ok
10:41:03.0556 5504  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:41:03.0571 5504  WMPNetworkSvc - ok
10:41:03.0587 5504  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:41:03.0587 5504  WPCSvc - ok
10:41:03.0587 5504  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:41:03.0603 5504  WPDBusEnum - ok
10:41:03.0603 5504  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:41:03.0618 5504  ws2ifsl - ok
10:41:03.0618 5504  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:41:03.0618 5504  wscsvc - ok
10:41:03.0634 5504  WSearch - ok
10:41:03.0665 5504  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
10:41:03.0696 5504  wuauserv - ok
10:41:03.0696 5504  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:41:03.0712 5504  WudfPf - ok
10:41:03.0712 5504  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:41:03.0712 5504  WUDFRd - ok
10:41:03.0727 5504  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:41:03.0727 5504  wudfsvc - ok
10:41:03.0743 5504  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:41:03.0743 5504  WwanSvc - ok
10:41:03.0759 5504  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
10:41:03.0759 5504  yukonw7 - ok
10:41:03.0774 5504  ================ Scan global ===============================
10:41:03.0790 5504  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:41:03.0790 5504  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:41:03.0805 5504  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
10:41:03.0805 5504  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:41:03.0821 5504  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:41:03.0821 5504  [Global] - ok
10:41:03.0821 5504  ================ Scan MBR ==================================
10:41:03.0821 5504  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:41:04.0055 5504  \Device\Harddisk0\DR0 - ok
10:41:04.0055 5504  ================ Scan VBR ==================================
10:41:04.0055 5504  [ F4125CF4385A528A6AC745104F2449CB ] \Device\Harddisk0\DR0\Partition1
10:41:04.0055 5504  \Device\Harddisk0\DR0\Partition1 - ok
10:41:04.0055 5504  ============================================================
10:41:04.0055 5504  Scan finished
10:41:04.0055 5504  ============================================================
10:41:04.0071 4836  Detected object count: 0
10:41:04.0071 4836  Actual detected object count: 0
10:41:17.0065 4964  Deinitialize success
         

Antwort

Themen zu Passwörter wurden ausspioniert
acrobat update, adobe, antivir, antivirus, ausspioniert, bho, e-mail, e-mail anhang, explorer, firewall, flash player, g-data, google, hijackthis, internet, internet explorer, kaspersky, logfile, nvidia, object, programme, rundll, security, smartbar, software, system, windows



Ähnliche Themen: Passwörter wurden ausspioniert


  1. Werde ich ausspioniert?
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (7)
  2. Smartphones: Passwörter und Fingerabdrücke mittels eingebauter Kamera ausspioniert
    Nachrichten - 02.07.2014 (0)
  3. beide ebay Passwörter die in meinem Firefox gespeichert waren wurden "geknackt"
    Log-Analyse und Auswertung - 27.10.2013 (12)
  4. Ich werde ausspioniert!
    Überwachung, Datenschutz und Spam - 29.07.2012 (15)
  5. ausspioniert: pc + internetaktivität :(
    Log-Analyse und Auswertung - 26.02.2012 (3)
  6. Server der Bundespolizei ausspioniert
    Nachrichten - 11.07.2011 (1)
  7. Werde ich ausspioniert?
    Log-Analyse und Auswertung - 08.05.2011 (11)
  8. Werden die E-Mails ausspioniert?
    Log-Analyse und Auswertung - 26.11.2010 (16)
  9. Werde ich ausspioniert?
    Überwachung, Datenschutz und Spam - 02.06.2010 (12)
  10. Passwörter ausspioniert
    Log-Analyse und Auswertung - 18.05.2010 (9)
  11. Konto wird ausspioniert
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (28)
  12. PC wird ausspioniert
    Überwachung, Datenschutz und Spam - 13.12.2009 (1)
  13. Wurden meine Passwörter geklaut ? imrec.exe
    Plagegeister aller Art und deren Bekämpfung - 30.05.2009 (2)
  14. Email ausspioniert?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2009 (9)
  15. Werde ich ausspioniert?
    Log-Analyse und Auswertung - 22.03.2009 (4)
  16. Ich will nicht ausspioniert werden =)
    Mülltonne - 12.01.2009 (1)
  17. Wir werden ausspioniert
    Plagegeister aller Art und deren Bekämpfung - 27.12.2005 (1)

Zum Thema Passwörter wurden ausspioniert - Hallo erst mal zusammen, war zum letzten Mal am 30.09.2010 hier bei euch im Bord, nun hat es das Notebook der Frau erwischt, aber zuerst mal die Fakten: Was ist - Passwörter wurden ausspioniert...
Archiv
Du betrachtest: Passwörter wurden ausspioniert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.