| |
| |||||||
Überwachung, Datenschutz und Spam: Dauerhafte "Mail Delivery System"-MailsWindows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
10.03.2013, 13:31
| #1 |
 |  Dauerhafte "Mail Delivery System"-Mails Moin, ich kriege seit einiger Zeit regelmäßig Mails auf mein Mailkonto die besagen, dass eine von mir verschickte Mail nicht zugestellt werden konnte, bzw dass der Adressent nicht existiert. Die Mails sehen genauso aus wie die "echten" Mail Delivery System-Mails, insofern gehe ich davon aus, dass ich mir 'nen Trojaner oder sowas eingefangen habe, der automatisch Spam-Mails verschickt. Eigentlich wollte ich mit BB-Code 'nen Spoiler mit der Mail einfügen, aber irgendwie funktioniert das nicht? Es ist jedenfalls freenet-Mail-Konto. Ich habe zwei Systeme, mit denen ich auf dieses Konto zugreife, ein Tower und ein Netbook, beide Windows 7 (Rechner 64 Bit, Netbook 32 Bit). Die Logfiles sind alle vom Tower-System. OTL.txt: OTL logfile created on: 10.03.2013 12:19:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free 11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe PRC - [2013.03.06 13:12:24 | 001,752,576 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.09 11:15:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\VPN Client\cvpnd.exe PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2013.03.06 13:11:54 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Last.fm\listener.dll MOD - [2013.03.06 13:11:50 | 000,757,248 | ---- | M] () -- C:\Program Files (x86)\Last.fm\unicorn.dll MOD - [2013.03.06 13:11:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Last.fm\logger.dll MOD - [2013.03.05 13:25:40 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Last.fm\lastfm.dll MOD - [2013.01.18 11:49:56 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll MOD - [2013.01.18 11:39:50 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\phonon.dll MOD - [2012.12.13 00:13:36 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlccore.dll MOD - [2012.12.13 00:13:32 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll MOD - [2012.12.13 00:12:58 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlc.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.02.27 21:43:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.09.14 16:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009.09.14 16:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008.11.25 10:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.08 16:51:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:51:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.02 11:27:37 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.04.02 11:27:37 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.28 20:11:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.10.22 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.05.05 16:10:44 | 001,119,072 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 92 EE 48 94 E6 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.28 20:18:23 | 000,000,000 | ---D | M] [2012.03.31 19:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2012.03.08 16:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.08 16:54:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Simple Adblock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.6_0\ CHR - Extension: Better Pop Up Blocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ CHR - Extension: YouTube Unblocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.3.2_0\ CHR - Extension: Google Mail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{016E9268-C477-43E7-981C-F9CE181897CB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3E39A52-7EBC-43A2-A399-0CA0B3A30664}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.11.21 18:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell - "" = AutoRun O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\install\command - "" = F:\Setup.exe O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell - "" = AutoRun O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006.02.27 16:17:52 | 001,662,976 | R--- | M] (Bethesda Softworks) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.10 12:19:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.09 15:20:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut [2013.03.09 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter [2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter [2013.03.06 22:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.06 20:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [2013.02.21 23:30:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.11 18:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2013.02.11 18:57:32 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll [2013.02.11 18:57:32 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll [2013.02.11 18:57:32 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll [2013.02.11 18:57:32 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll [2013.02.11 18:57:32 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll [2013.02.11 18:57:32 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll [2013.02.11 18:57:32 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll [2013.02.11 18:57:32 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll [2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack [2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter ========== Files - Modified Within 30 Days ========== [2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.10 12:18:53 | 000,000,000 | ---- | M] () -- C:\Users\Alex\defogger_reenable [2013.03.10 12:17:45 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Desktop\Defogger.exe [2013.03.10 11:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001UA.job [2013.03.10 11:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 10:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.10 10:15:43 | 534,945,791 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 11:26:07 | 004,706,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 11:26:07 | 001,909,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 11:26:07 | 001,400,238 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 11:26:07 | 001,242,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 11:26:07 | 000,007,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.21 23:52:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001Core.job [2013.02.16 15:40:10 | 000,001,051 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.15 21:03:24 | 000,034,213 | ---- | M] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf [2013.02.14 09:39:14 | 000,349,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.10 12:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Alex\defogger_reenable [2013.03.10 12:17:44 | 000,050,477 | ---- | C] () -- C:\Users\Alex\Desktop\Defogger.exe [2013.02.16 15:40:10 | 000,001,051 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.15 21:03:24 | 000,034,213 | ---- | C] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf [2013.02.11 18:57:32 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx [2013.02.11 18:57:31 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.10.09 18:17:11 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.09.12 20:18:28 | 000,000,384 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.05.31 13:03:38 | 000,191,488 | ---- | C] () -- C:\Users\Alex\Part1.par [2012.05.09 11:24:01 | 000,000,054 | ---- | C] () -- C:\Users\Alex\pc-client.properties [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.12 20:25:50 | 000,007,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.29 15:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canneverbe Limited [2012.01.29 12:02:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite [2012.05.06 12:15:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp [2013.03.10 10:18:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox [2012.04.21 10:59:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Epson [2013.02.11 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack [2013.01.02 23:53:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ [2012.12.04 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LibreOffice [2013.03.09 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut [2012.02.15 16:54:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2012.12.21 12:18:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUp Software [2012.05.01 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unigraphics Solutions ========== Purity Check ========== < End of report > Extras.txt: OTL Extras logfile created on: 10.03.2013 12:19:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free 11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035C8E57-7E34-451E-96BA-077739A97701}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{10279BEE-426E-433C-A39E-E1A5E77F1F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{11CC1D5B-CE96-4D45-BB83-5B46F76C132D}" = lport=138 | protocol=17 | dir=in | app=system | "{19141097-B7C2-40EC-8AC1-4E442532E396}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1D13254D-6A55-4271-B665-F50070A57108}" = rport=10243 | protocol=6 | dir=out | app=system | "{1F6CF8E4-B0B7-4112-9D88-15427BA1360E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{33817499-48CA-42C2-874B-7BB9C433557C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3D601141-50FA-4D29-9093-B01F8BF2394A}" = lport=139 | protocol=6 | dir=in | app=system | "{45ACD6D2-A6B7-4C91-BBBE-14374C430C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{49F4BE51-7E92-4008-B490-AE44254DC9AF}" = lport=2869 | protocol=6 | dir=in | app=system | "{71587648-8195-44D1-A139-508E3C54D5EC}" = lport=445 | protocol=6 | dir=in | app=system | "{750DFB21-1CCE-41EE-90B7-06923ACF37B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D729746-6E9C-4395-BD2C-92A57715E00D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{7FCF9266-76F5-4BAC-8F3C-F58991AAB1E3}" = rport=139 | protocol=6 | dir=out | app=system | "{9B424F3B-DCA5-456E-8E11-293EF8F3BE94}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3B1EEB6-5D61-4BBA-BD44-608C36BB620A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD47F954-C815-49E1-9DEE-D8E23FB48934}" = lport=10243 | protocol=6 | dir=in | app=system | "{B451ED79-A4F5-4C3B-A851-796EB1907690}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BDC5CE5C-7D6D-4E27-8609-E1562BDF409D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAF223CD-2F87-4C17-9975-C01896622610}" = rport=138 | protocol=17 | dir=out | app=system | "{CD47F851-D7FB-4B5F-BB74-0AC0010C2660}" = rport=137 | protocol=17 | dir=out | app=system | "{D7F81496-725C-4C93-A83D-34CEF63E7A58}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F2276F67-803A-4D66-A27E-CB677B9AA9E4}" = rport=445 | protocol=6 | dir=out | app=system | "{FD296664-A704-4F83-852C-D1905FE25D85}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03BCCCD8-A454-428E-96B6-CB9CBF51586F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{05F08800-AA07-4663-B2DA-519E6D5E483F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DD0564D-8816-4916-8C6F-61CD7390F896}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1A033EC4-1466-4E0A-AB69-387A7B293730}" = protocol=6 | dir=out | app=system | "{1E020B7B-E5AB-46F4-8023-67FDC77B51AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{25396856-A3F3-4207-B578-BC6EB01FD6AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2F38CDAF-3C31-44A8-92F7-EF220E475718}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2F6B63BF-A43A-4665-8E2D-21B0F8FB13DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{32E5FB50-3313-4DC7-B74B-7B4DEB7FFA92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{34FC8203-55CD-439F-B68C-BE391CFCFDC1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{3B3462A8-6AE0-43FE-9D9E-0A0628DA0245}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{41FAAC1C-FEEE-4BB8-B5FA-1D4DED402729}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51E8AB91-E5FA-466D-8D82-3BEBB5D46C45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5217F238-78E2-4867-BCCD-7F5CB1251798}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{5E6440E9-1F49-4AF7-A71C-FCABD4D05DC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{620CAF7F-AF06-4E38-B8BE-32E75FF5D0C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{65F19662-041F-4EA2-B165-B5BA33F45389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68A51B9B-A7E1-497D-BD59-A2595C64AE33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A4FFF35-16B0-4E5F-88FA-6B6B819AB0F2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{6BC4DD46-A613-49BC-9408-B409105E86C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7786627E-034D-4B1E-9916-35ACD52B0E2E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{85B1BE83-0237-4A66-AF0A-1ED1C69E2C55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8A046FFD-F0C4-4036-A378-7960CD587F5A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{99C7B0BC-414C-43BF-AD52-123C02A33A38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A8FD89A3-07F3-464E-B13A-55E085596189}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B306C194-6FD8-4A8B-AB6F-B1002D10650F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{BAA93C0B-7466-49C2-BC38-E83FC8F37C05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BD50F0ED-4640-4536-AB55-AC94D1906C03}" = protocol=58 | dir=in | app=system | "{C095609B-1717-4051-A2E3-F9993B50B0F0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C353B347-09F2-41ED-B3A6-AE1D2DDD89B1}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{C9768FBA-CFFE-450E-8F60-7B4A6C107FE5}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{CD41EB04-2250-4EDF-BC3B-E8BAFE2A1034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CEBF3E0B-9C3D-4993-AAA0-84EF8C7BA53E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{D7E5775C-3381-4957-99D7-F8991C8C062C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E3B32679-1EF8-4C58-944F-3FC15414CE30}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{FE080CD7-47C0-426A-9D2B-105A3D803F42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FE3B8FE5-FABB-492F-82E6-C68EF2C839FA}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{FF1910C8-74E1-4777-9165-680240186E50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{05562021-9415-453A-8247-D818DC262FE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{3057B31B-A8CF-4267-A1FC-4C7BCBC141DA}D:\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\torchlight ii\torchlight2.exe | "TCP Query User{8049F02D-2992-4F3A-B41D-6D57B98192C6}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "TCP Query User{F290DADA-0047-4EC1-8CB7-C39FFDD4A2A5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{5F61BBAC-C42F-4331-AEFC-4A077D4486EC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{6E4875A9-3886-4059-BA13-E488DDE43854}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "UDP Query User{75E340C6-FFEA-4A02-8B85-978E89EC2814}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{B84B4C3B-5CAE-4A4D-B613-B1B4B40219DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{F7CDB217-B97F-47B9-AA6D-59CC46B24476}D:\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\torchlight ii\torchlight2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.10 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{10209B87-55D6-493E-A30A-12A265AA324E}" = TQ Defiler "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{30D81BE6-916F-4B57-9EB5-87C1868D9489}" = SciTE Text Editor "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0 "{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05) "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0 "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6 "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02 "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "Diablo II" = Diablo II "EPSON Scanner" = EPSON Scan "EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "LastFM_is1" = Last.fm Scrobbler 2.1.35 "LogMeIn Hamachi" = LogMeIn Hamachi "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "PaperCut NG Client_is1" = PaperCut NG Client 10.7 "SSC Service Utility_is1" = SSC Service Utility v4.30 "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 03.10.2012 15:08:58 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0x390 Startzeit der fehlerhaften Anwendung: 0x01cda19a3c19bffb Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: c860d14d-0d8d-11e2-b20b-1c6f6584924d Error - 03.10.2012 15:11:17 | Computer Name = RaptorJesus | Source = Application Hang | ID = 1002 Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7bc Startzeit: 01cda19aaf22568d Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe Berichts-ID: 19b485d1-0d8e-11e2-b20b-1c6f6584924d Error - 03.10.2012 15:48:34 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0xdc0 Startzeit der fehlerhaften Anwendung: 0x01cda19a8adbe398 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 506d9662-0d93-11e2-b20b-1c6f6584924d Error - 03.10.2012 15:52:08 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0x1180 Startzeit der fehlerhaften Anwendung: 0x01cda1a012e43b55 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: cff8d9cc-0d93-11e2-b20b-1c6f6584924d Error - 04.10.2012 05:08:46 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0x394 Startzeit der fehlerhaften Anwendung: 0x01cda20f94197ec2 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 1a05266f-0e03-11e2-96a6-1c6f6584924d Error - 04.10.2012 08:06:01 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0xd8c Startzeit der fehlerhaften Anwendung: 0x01cda20fdc80fc0d Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: dcc204ef-0e1b-11e2-96a6-1c6f6584924d Error - 04.10.2012 08:09:35 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0xa2c Startzeit der fehlerhaften Anwendung: 0x01cda2289f3b6984 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 5c525a3b-0e1c-11e2-96a6-1c6f6584924d [ OSession Events ] Error - 12.11.2012 18:51:31 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1821 seconds with 1500 seconds of active time. This session ended with a crash. Error - 12.11.2012 19:12:19 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1226 seconds with 1020 seconds of active time. This session ended with a crash. Error - 13.11.2012 10:47:23 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1980 seconds with 1140 seconds of active time. This session ended with a crash. [ System Events ] Error - 09.03.2013 09:03:55 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:04:50 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:05:51 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:06:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:07:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:08:54 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 18:26:14 | Computer Name = RaptorJesus | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2667402) Error - 10.03.2013 05:15:43 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 10.03.2013 05:15:52 | Computer Name = RaptorJesus | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 10.03.2013 06:30:18 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = < End of report > Gmer.txt: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-10 13:26:20 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Alex\AppData\Local\Temp\uflyraow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 .text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:1420] 00000000777d2e3e Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2208] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2212] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2216] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2220] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2224] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2228] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2364] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2368] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2372] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2376] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2380] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2384] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2388] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2392] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2396] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2400] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2404] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2416] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2420] 00000000777d3e59 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2436] 00000000715a1c2f Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2500] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2524] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3032] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3036] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:4088] 00000000777d3e59 ---- EOF - GMER 2.1 ---- Eine der Mail Delivery System-Mails: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: crusnikoo2@aol.com SMTP error from remote mail server after end of data: host mailin-04.mx.aol.com [205.188.146.194]: 521 5.2.1 : (RLY:SN) hxxp://postmaster.info.aol.com/errors/554rlysn.html ------ This is a copy of the message, including all the headers. ------ Return-path: <****@freenet.de> Received: from [195.4.92.141] (helo=mjail1.freenet.de) by mout0.freenet.de with esmtpa (ID ****@freenet.de) (port 25) (Exim 4.80.1 #2) id 1UEQuD-0000Ct-4b for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100 Received: from localhost ([::1]:45339 helo=mjail1.freenet.de) by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2) id 1UEQuC-00084X-Vr for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100 Received: from [195.4.92.24] (port=60049 helo=14.mx.freenet.de) by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2) id 1UEQqh-00021l-JL for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100 Received: from [123.5.165.187] (port=2596 helo=dzau) by 14.mx.freenet.de with esmtpsa (ID ****@freenet.de) (TLSv1  HE-RSA-AES256-SHA:256) (port 25) (Exim4.80.1 #2) id 1UEQqg-0006Rr-F1 for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100 Reply-To: noreply@battle.com Message-ID: <E66836BACDE2A5AB85AF0A02B40CBF6A@dzau> From: "noreply@emailwow.blizzard.com" <crusnikoo2@aol.com> To: <crusnikoo2@aol.com> Subject: Exploitative Activity---Unauthorized Cheat Programs ("Hacks")(crusnikoo2@aol.com) Date: Sun, 10 Mar 2013 04:58:30 +0800 Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_064F_01326C62.16FA9AA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-purgate-ID: 149285::1362862715-00000747-3E0787A2/0-0/0-0 This is a multi-part message in MIME format. ------=_NextPart_000_064F_01326C62.16FA9AA0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 R3JlZXRpbmdzISBqb25uY2tqaXNrZnduaG82NTE4NjQ1NjE3MTcxMTg5MjgxOQ0KMTQ1MzA5NjUz NzM4MTU1MDIyMjk0NzU5MHRsaTJ0bXVreXhuNHhrbg0KbnFrdXFhYWJsdmV0eGF0NDY5MjM3NjUw OTM4NjA1bmRnY2phZWJ1eQ0KSXQgaGFzIGNvbWUgdG8gb3VyIGF0dGVudGlvbiB0aGF0IHlvdSBh cmUgdHJ5aW5nIHRvIHNlbGwvdHJhZGUgeW91ciBwZXJzb25hbCBXb3JsZCBvZiBXYXJjcmFmdCBh Y2NvdW50LiBBcyB5b3UgbWF5IG9yIG1heSBub3QgYmUgYXdhcmUgb2YsIHRoaXMgY29uZmxpY3Rz IHdpdGggdGhlIEVVTEEgYW5kIFRlcm1zIG9mIEFncmVlbWVudC4gSWYgdGhpcyBwcm92ZXMgdG8g YmUgdHJ1ZSwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBkaXNhYmxlZC4gSXQgd2lsbCBi ZSBvbmdvaW5nIGZvciBmdXJ0aGVyIGludmVzdGlnYXRpb24gYnkgQmxpenphcmQgRW50ZXJ0YWlu bWVudCdzIGVtcGxveWVlcy4NCjZkZXA2ZDN6bTY1MzY4OTk4MjYyOTExNzd2a3RlcGR4aWhtDQpj bm9mZmZyd2hvbHR6ZXhhaHJqZTk5NjkxMDM1ODYyOTAwNA0KU28gd2UgaGF2ZSByZXZpZXdlZCBv dXIgbG9ncyBvZiB5b3VyIGFjY291bnQsIGFuZCB3ZSB3ZXJlIGFibGUgdG8gZGV0ZXJtaW5lIHRo ZSBmb2xsb3dpbmc6DQo3NTg1NTI3NTkyNzIwMjBhYW92MXBoY3ZxOXVtMGltcm9wYnVwbHcyaXNr aGxnc2FmYmduanh4DQoqQmF0dGxlLk5ldCBBY2NvdW50IE5hbWU6IGNydXNuaWtvbzJAYW9sLmNv bSB0cWp6cw0Kb3Q1bjRqZDNmZzQ1ODcyMTAwMDc4NzQwNjMxNjE5MTE2Njc0dWlzMncyZHN2aTV1 aGI1aG9xcA0KKkJhdHRsZS5OZXQgQWNjb3VudCBBY3Rpb246NDkgSG91ciBTdXNwZW5zaW9uDQph eGdqOGlvZTZ2MTg3MDYzNzU2MjcyNTU1cm5meXNiMnpqbmQya25iDQo1NzIzMTc5MDE3NDI5NDVo MXBrZ3R3eHlzdW14ZmtyeG5udw0KV2UgaGF2ZSBmb3VuZCB0aGlzIGJlaGF2aW9yIGlzIG1hbnkg dGltZXMgZGlyZWN0bHkgcmVsYXRlZCB0byBncm91cHMgcmVzcG9uc2libGUgZm9yIGNvbXByb21p c2luZyBXb3JsZCBvZiBXYXJjcmFmdCBhY2NvdW50czsgd2UgdGFrZSB0aGVzZSBpc3N1ZXMgdmVy eSBzZXJpb3VzbHkuIFlvdSBzaG91bGQgZ28gdG8gdGhlIGFjY291bnQgbWFuYWdlbWVudCB3ZWJz aXRlIHRvIHN1Ym1pdCB5b3VyIGFjY291bnQgaW5mb3JtYXRpb24gc3RhdHVzIGFzIHNvb24gYXMg cG9zc2libGUgOmh0dHBzOi8vd3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54 bWxyZWY9aHR0cHMyRnVzLmJhdHRsZS5uZXQlMkZhY2NvdW50JSV6c2p2d3RldXRvaDV6M3l0ZXdi ZA0KaGZncHV2cmR0ejVhczJkaWRydHh6cG5sZjQ0OTQ4NDU0NTENCjQ5MDcxNzA0OTg2MjY3NG9l anBmbmtmbHQ4NzUzMjE4ODkwDQpQbGVhc2UgYmUgYXdhcmUgdGhhdCBpZiB1bmF1dGhvcml6ZWQg YWNjZXNzIHRvIHRoaXMgYWNjb3VudCwgaXQgbWF5IGxlYWQgdG8gZnVydGhlciBhY3Rpb24gYWdh aW5zdCB0aGUgYWNjb3VudC4gV2UgbXVzdCBhc2sgdGhhdCBubyBhZGRpdGlvbmFsIGVtYWlscyBi ZSBzdWJtaXR0ZWQgcmVnYXJkaW5nIHRoaXMgaXNzdWUsIGFzIGFkZGl0aW9uYWwgZW1haWxzIHdp bGwgdWx0aW1hdGVseSByZXN1bHQgaW4gdW5kdWUgZGVsYXlzIGluIHJlc3BvbnNlIHRpbWUuDQo3 Y21meWxla3R3Z25udnd1ZGNneDg5MjM4NDQxNDU2ODY3Ng0KMzgxMTQ3NTM2NDkxNDI4MjA4ODI2 NDM2MXFzdWIxcjc0aXoNClNpbmNlcmVseSw8YnI+IDxicj5UaGUgQmF0dGxlLm5ldCBBY2NvdW50 IFRlYW08YnI+DQpvcTQ5bnpyZnlpZmhodGM2NTg3MjQ2MDgxMDU2NzFvdnZoaWJicGNxDQozNTY4 MzMzMjY1MzY5MjRkbGdxdWlmdmFzZ3lrbGINCm55dWphcWdzb2MyNTczOTAyMDAzdWh4ZWprYnZv YWlzd2hvDQpycWx6d2t0Zmd3bnVidXEzMDI1NDExNDAzampjcWJvZ2pycmpldHV2DQpvcGl1cnZu ZGtpdHp5dmh5a3V2czgzNDgxMzYyOTE2Mjc0NQ== ------=_NextPart_000_064F_01326C62.16FA9AA0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA2LjAw LjI5MDAuNjMzMiIgbmFtZT1HRU5FUkFUT1I+PC9IRUFEPg0KPEJPRFk+DQo8UD5HcmVldGluZ3Mh IDxGT05UIA0KY29sb3I9d2hpdGU+bmVnenNsempmbHN4ZGx0OTAzNjYyMTcyMDE2OTU4NDYxOTY8 QlI+ODE1OTk2MjE2NDE0ODc4ODAyMTAyNzU3OHd2YW9xeW93a2poeDdpaDxCUj5tbmp2Z3V0YXlv ZXdqZmw3NzYyMTkyNDY5NjEwNzhwbGNxbmZnb3JzPEJSPjwvRk9OVD5UaGlzIHN1c3BlbnNpb24g aGFwcGVuZWQgYmVjYXVzZSBvbmUgb3IgbW9yZSBjaGFyYWN0ZXJzIG9uIHRoZSBhY2NvdW50IHdl cmUgaWRlbnRpZmllZCBleGNoYW5naW5nLCBvciBjb250cmlidXRpbmcgdG8gdGhlIGV4Y2hhbmdl IG9mLCBpbi1nYW1lIHByb3BlcnR5IChpdGVtcyBvciBnb2xkKSBmb3IgInJlYWwtd29ybGQiIGN1 cnJlbmN5LiBUaGlzIGV4Y2hhbmdlIHByb2Nlc3MgbmVnYXRpdmVseSBpbXBhY3RzIHRoZSBXb3Js ZCBvZiBXYXJjcmFmdCBnYW1lIGVudmlyb25tZW50IGJ5IGRldHJhY3RpbmcgZnJvbSB0aGUgdmFs dWUgb2YgdGhlIGluLWdhbWUgZWNvbm9teS48QlI+PEZPTlQgDQpjb2xvcj13aGl0ZT54aXFxY3N0 aWloNTUzNjAwMDA2OTc2NTg4ZGl4aHNoYm56bzxCUj5mdnhhZ2RucGVvcHRpdGNsaHlpeDc3NzY1 NTgxODkwMjU2MjxCUj48L0ZPTlQ+U28gDQp3ZSBoYXZlIHJldmlld2VkIG91ciBsb2dzIG9mIHlv dXIgYWNjb3VudCwgYW5kIHdlIHdlcmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIA0KZm9sbG93aW5n OjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPjc5NTQ0MTAxMTA4OTkyODlodWxydGd3d2I3b3NnMGp4 ZGRtNmM1czZjbXFzaGZwbWRud3F5cnY8QlI+PC9GT05UPipCYXR0bGUuTmV0IA0KQWNjb3VudCBO YW1lOiBjcnVzbmlrb28yQGFvbC5jb20gPEZPTlQgDQpjb2xvcj13aGl0ZT5yZ2VxYjxCUj48L0ZP TlQ+PEZPTlQgDQpjb2xvcj13aGl0ZT5nb2VzYmRpdnZtMzQwMDEzMTIwNDQ3NTIwODI4NDg3MjUw MXF1cmphd3JvazBydWlneTRiMWxlPEJSPjwvRk9OVD4qQmF0dGxlLk5ldCANCkFjY291bnQgQWN0 aW9uOjQ5IEhvdXIgU3VzcGVuc2lvbjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPm1maWVxbnNmZnk3 MzMxMTgzOTQzNTUxNTN1eWRoOXlsZmJkcHdhcXQ8QlI+NzgxODA5Mzc5Njg3MzI3dXBnbDF5dzJ0 c3JieG5rYXBocmg8QlI+PC9GT05UPkluIG9yZGVyIHRvIGd1YXJhbnRlZSB0aGUgbGVnaXRpbWFj eSBvZiB5b3VyIGFjY291bnQsIHNvIHdlIGhhdmUgaXNzdWVkIHRoaXMgd2FybmluZyBsZXR0ZXJz IHRvIHlvdS5Zb3Ugc2hvdWxkIGdvIHRvIHRoZSBhY2NvdW50IG1hbmFnZW1lbnQgd2Vic2l0ZSB0 byBzdWJtaXQgeW91ciBhY2NvdW50IGluZm9ybWF0aW9uIGFzIHNvb24gYXMgcG9zc2libGUgOjxB IA0KaHJlZj0iaHR0cDovL2RpYWJsbzMuYmxpenphcmQubmV0Lndhcm5pbmcuZ3NvemVrLmFkbWlu LmFkbWludWJlLmluZm8vZXhwZy9pbmRleC5waHA/cmVmPWh0dHBzJTNBJTJGJTJGdXMuYmF0dGxl Lm5ldCUyRmFjY291bnQlMkZtYW5hZ2VtZW50JTJGaW5kZXgueG1sJmFwcD1iYW0iPmh0dHBzOi8v d3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54bWxyZWY9aHR0cHMyRnVzLmJh dHRsZS5uZXQlMkZhY2NvdW50JSV0YXZieGpoZXF6NmE3c25ta2VtdDxCUj48L0E+PEZPTlQgDQpj b2xvcj13aGl0ZT5seXZkZWVia3BxYmg1ZWFsb2M2dzR4bm9qMzUzMjU5MDAxMTxCUj41ODQwMDY4 MjY0Mjc2ODdob250a3Nndnl5MzA1NjU5ODgwNTxCUj48L0ZPTlQ+SWYgeW91IGlnbm9yZSB0aGlz IG1haWwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBjbG9zZWQgcGVybWFuZW50bHkuIFBs ZWFzZSBiZSBhd2FyZSB0aGF0IGlmIHVuYXV0aG9yaXplZCBhY2Nlc3MgdG8gdGhpcyBhY2NvdW50 LCBpdCBtYXkgbGVhZCB0byBmdXJ0aGVyIGFjdGlvbiBhZ2FpbnN0IHRoZSBhY2NvdW50LjxCUj48 Rk9OVCANCmNvbG9yPXdoaXRlPjUyYm4xaTZpeG52aHNweGV3aXRuOTk1NjE3MTk3NDk3NTUwPEJS PjIwMzI5MTI1ODExOTU3OTAxMjM0NzI0ODlueGl2a2l6ZnV1PEJSPjwvRk9OVD5SZWdhcmRzLDxi cj4gPGJyPkJsaXp6YXJkIEVudGVydGFpbm1lbnQ8YnI+PEJSPjxGT05UIA0KY29sb3I9d2hpdGU+ dHdld2NxbHN4anJvY21jMjY2MzQxMjkzODExNDIzY2F0cm9kemttdjxCUj42ODg3MDkwOTk0OTkw MDJyeGZpdmtmZmF4bnd1emk8QlI+eWtuaXlhYXZjbjU5MjczOTQ2MTRqcmJpeGtianRreWR4eXM8 QlI+bXpjaWhwbmF0a2N0d213MDQ0ODA5NDg2NHRhZWF1c2l6YnppeWR2aDxCUj5tcmhrY3p0eGdk YmZ4dGZraGxvaTIxMTMyNTAyOTQwNDM1NjwvRk9OVD48L1A+PC9CT0RZPjwvSFRNTD4NCg== ------=_NextPart_000_064F_01326C62.16FA9AA0-- |
|
10.03.2013, 22:19
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Dauerhafte "Mail Delivery System"-Mails Hallo und
__________________ Wurde das Passwort von Mailkonto schon geändert? Wenn nicht bitte unbedingt jetzt tun! Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.03.2013, 09:00
| #3 | ||
| | Dauerhafte "Mail Delivery System"-MailsZitat:
Zitat:
Sorry, dass ich die Codes vergessen hatte. Ich dachte, ich hätte mich durch alle "vor-dem-Posten-lesen!"-Einträge durchgearbeitet.^^ Soll ich die Logs nochmal posten, diesmal im Code? |
|
11.03.2013, 10:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dauerhafte "Mail Delivery System"-Mails Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.03.2013, 15:56
| #5 |
| | Dauerhafte "Mail Delivery System"-Mails Sorry, hat ein bisschen gedauert, war ein paar Tage nicht zu Hause. Mbar hat nichts gefunden: Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 6439886848, free: 4606488576
------------ Kernel report ------------
03/14/2013 15:10:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006134060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-5\
Lower Device Object: 0xfffffa8005bd4060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.14.06
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006134060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006133570, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006134060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005be2580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005bd4060, DeviceName: \Device\Ide\IdeDeviceP1T1L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0045c71e0, 0xfffffa8006134060, 0xfffffa8005762790
Lower DeviceData: 0xfffff8a004de4bf0, 0xfffffa8005bd4060, 0xfffffa80057bb320
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 32938ACC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 306995200
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 307202048 Numsec = 1646319616
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 6439886848, free: 5004812288
=======================================
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-14 15:23:12
-----------------------------
15:23:12.395 OS Version: Windows x64 6.1.7600
15:23:12.395 Number of processors: 2 586 0x603
15:23:12.395 ComputerName: RAPTORJESUS UserName: Alex
15:23:12.884 Initialize success
15:25:32.250 AVAST engine defs: 13031401
15:27:46.681 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
15:27:46.687 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
15:27:46.702 Disk 0 MBR read successfully
15:27:46.708 Disk 0 MBR scan
15:27:46.719 Disk 0 Windows 7 default MBR code
15:27:46.733 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:27:46.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149900 MB offset 206848
15:27:46.777 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 803867 MB offset 307202048
15:27:46.822 Disk 0 scanning C:\Windows\system32\drivers
15:27:56.098 Service scanning
15:28:16.596 Modules scanning
15:28:16.613 Disk 0 trace - called modules:
15:28:16.635 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:28:16.975 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006134060]
15:28:16.980 3 CLASSPNP.SYS[fffff88000dc043f] -> nt!IofCallDriver -> [0xfffffa8005be2580]
15:28:16.984 5 ACPI.sys[fffff88000efa781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa8005bd4060]
15:28:17.800 AVAST engine scan C:\Windows
15:28:19.613 AVAST engine scan C:\Windows\system32
15:30:51.467 AVAST engine scan C:\Windows\system32\drivers
15:30:59.769 AVAST engine scan C:\Users\Alex
15:34:37.588 AVAST engine scan C:\ProgramData
15:35:57.261 Scan finished successfully
15:42:54.081 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
15:42:54.096 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
Code:
ATTFilter 15:43:47.0861 2500 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:43:47.0921 2500 ============================================================
15:43:47.0921 2500 Current date / time: 2013/03/14 15:43:47.0921
15:43:47.0921 2500 SystemInfo:
15:43:47.0921 2500
15:43:47.0921 2500 OS Version: 6.1.7600 ServicePack: 0.0
15:43:47.0921 2500 Product type: Workstation
15:43:47.0921 2500 ComputerName: RAPTORJESUS
15:43:47.0921 2500 UserName: Alex
15:43:47.0921 2500 Windows directory: C:\Windows
15:43:47.0921 2500 System windows directory: C:\Windows
15:43:47.0922 2500 Running under WOW64
15:43:47.0922 2500 Processor architecture: Intel x64
15:43:47.0922 2500 Number of processors: 2
15:43:47.0922 2500 Page size: 0x1000
15:43:47.0922 2500 Boot type: Normal boot
15:43:47.0922 2500 ============================================================
15:43:49.0152 2500 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:43:49.0156 2500 ============================================================
15:43:49.0156 2500 \Device\Harddisk0\DR0:
15:43:49.0156 2500 MBR partitions:
15:43:49.0156 2500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:43:49.0156 2500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000
15:43:49.0156 2500 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x6220D800
15:43:49.0156 2500 ============================================================
15:43:49.0195 2500 C: <-> \Device\Harddisk0\DR0\Partition2
15:43:49.0231 2500 D: <-> \Device\Harddisk0\DR0\Partition3
15:43:49.0232 2500 ============================================================
15:43:49.0232 2500 Initialize success
15:43:49.0232 2500 ============================================================
15:44:05.0978 1916 ============================================================
15:44:05.0978 1916 Scan started
15:44:05.0978 1916 Mode: Manual; SigCheck; TDLFS;
15:44:05.0978 1916 ============================================================
15:44:07.0029 1916 ================ Scan system memory ========================
15:44:07.0029 1916 System memory - ok
15:44:07.0030 1916 ================ Scan services =============================
15:44:07.0204 1916 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:44:07.0322 1916 1394ohci - ok
15:44:07.0420 1916 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
15:44:07.0461 1916 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
15:44:07.0507 1916 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:44:07.0542 1916 ACPI - ok
15:44:07.0559 1916 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:44:07.0600 1916 AcpiPmi - ok
15:44:07.0654 1916 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:44:07.0675 1916 AdobeARMservice - ok
15:44:07.0792 1916 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:07.0817 1916 AdobeFlashPlayerUpdateSvc - ok
15:44:07.0850 1916 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:44:07.0872 1916 adp94xx - ok
15:44:07.0884 1916 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:44:07.0898 1916 adpahci - ok
15:44:07.0913 1916 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:44:07.0924 1916 adpu320 - ok
15:44:07.0958 1916 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:44:08.0059 1916 AeLookupSvc - ok
15:44:08.0100 1916 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
15:44:08.0135 1916 AFD - ok
15:44:08.0147 1916 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:44:08.0158 1916 agp440 - ok
15:44:08.0170 1916 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:44:08.0211 1916 ALG - ok
15:44:08.0237 1916 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:44:08.0251 1916 aliide - ok
15:44:08.0277 1916 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:44:08.0309 1916 AMD External Events Utility - ok
15:44:08.0399 1916 AMD FUEL Service - ok
15:44:08.0490 1916 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:44:08.0519 1916 amdide - ok
15:44:08.0545 1916 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
15:44:08.0770 1916 amdiox64 - ok
15:44:08.0784 1916 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:44:08.0819 1916 AmdK8 - ok
15:44:09.0013 1916 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:44:09.0208 1916 amdkmdag - ok
15:44:09.0238 1916 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:44:09.0310 1916 amdkmdap - ok
15:44:09.0399 1916 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:44:09.0485 1916 AmdPPM - ok
15:44:09.0615 1916 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:44:09.0644 1916 amdsata - ok
15:44:09.0660 1916 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:44:09.0678 1916 amdsbs - ok
15:44:09.0690 1916 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:44:09.0704 1916 amdxata - ok
15:44:09.0805 1916 [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf C:\Windows\system32\DRIVERS\anodlwfx.sys
15:44:09.0861 1916 anodlwf - ok
15:44:10.0004 1916 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:44:10.0032 1916 AntiVirSchedulerService - ok
15:44:10.0068 1916 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:44:10.0080 1916 AntiVirService - ok
15:44:10.0105 1916 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:44:10.0117 1916 AODDriver4.01 - ok
15:44:10.0142 1916 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:44:10.0152 1916 AODDriver4.2 - ok
15:44:10.0179 1916 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:44:10.0206 1916 AppID - ok
15:44:10.0244 1916 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:44:10.0344 1916 AppIDSvc - ok
15:44:10.0373 1916 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:44:10.0410 1916 Appinfo - ok
15:44:10.0461 1916 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:44:10.0474 1916 Apple Mobile Device - ok
15:44:10.0487 1916 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:44:10.0502 1916 arc - ok
15:44:10.0528 1916 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:44:10.0537 1916 arcsas - ok
15:44:10.0663 1916 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:44:10.0689 1916 aspnet_state - ok
15:44:10.0705 1916 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:10.0776 1916 AsyncMac - ok
15:44:10.0786 1916 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:44:10.0795 1916 atapi - ok
15:44:10.0838 1916 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:44:10.0866 1916 AtiHDAudioService - ok
15:44:10.0893 1916 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
15:44:10.0907 1916 atksgt - ok
15:44:10.0926 1916 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:44:10.0969 1916 AudioEndpointBuilder - ok
15:44:10.0978 1916 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:44:11.0010 1916 AudioSrv - ok
15:44:11.0018 1916 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:44:11.0028 1916 avgntflt - ok
15:44:11.0037 1916 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:44:11.0047 1916 avipbb - ok
15:44:11.0050 1916 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:44:11.0058 1916 avkmgr - ok
15:44:11.0083 1916 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
15:44:11.0091 1916 avmeject - ok
15:44:11.0119 1916 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:44:11.0161 1916 AxInstSV - ok
15:44:11.0201 1916 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:44:11.0242 1916 b06bdrv - ok
15:44:11.0273 1916 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:44:11.0293 1916 b57nd60a - ok
15:44:11.0333 1916 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
15:44:11.0365 1916 BCMH43XX - ok
15:44:11.0400 1916 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:44:11.0430 1916 BDESVC - ok
15:44:11.0456 1916 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:44:11.0521 1916 Beep - ok
15:44:11.0568 1916 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:44:11.0651 1916 BFE - ok
15:44:11.0682 1916 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
15:44:11.0726 1916 BITS - ok
15:44:11.0743 1916 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:44:11.0760 1916 blbdrive - ok
15:44:11.0811 1916 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:44:11.0838 1916 Bonjour Service - ok
15:44:11.0869 1916 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:44:11.0895 1916 bowser - ok
15:44:11.0904 1916 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:44:11.0933 1916 BrFiltLo - ok
15:44:11.0947 1916 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:44:11.0958 1916 BrFiltUp - ok
15:44:12.0000 1916 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
15:44:12.0018 1916 Browser - ok
15:44:12.0041 1916 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:44:12.0091 1916 Brserid - ok
15:44:12.0111 1916 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:44:12.0140 1916 BrSerWdm - ok
15:44:12.0149 1916 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:44:12.0171 1916 BrUsbMdm - ok
15:44:12.0190 1916 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:44:12.0206 1916 BrUsbSer - ok
15:44:12.0228 1916 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:44:12.0248 1916 BTHMODEM - ok
15:44:12.0271 1916 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:44:12.0297 1916 bthserv - ok
15:44:12.0310 1916 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:44:12.0343 1916 cdfs - ok
15:44:12.0373 1916 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:44:12.0390 1916 cdrom - ok
15:44:12.0428 1916 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:44:12.0506 1916 CertPropSvc - ok
15:44:12.0526 1916 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:44:12.0551 1916 circlass - ok
15:44:12.0572 1916 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:44:12.0591 1916 CLFS - ok
15:44:12.0640 1916 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:12.0665 1916 clr_optimization_v2.0.50727_32 - ok
15:44:12.0711 1916 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:12.0738 1916 clr_optimization_v2.0.50727_64 - ok
15:44:12.0805 1916 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:12.0831 1916 clr_optimization_v4.0.30319_32 - ok
15:44:12.0851 1916 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:12.0861 1916 clr_optimization_v4.0.30319_64 - ok
15:44:12.0900 1916 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:44:12.0930 1916 CmBatt - ok
15:44:12.0951 1916 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:44:12.0965 1916 cmdide - ok
15:44:12.0995 1916 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
15:44:13.0034 1916 CNG - ok
15:44:13.0049 1916 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:44:13.0062 1916 Compbatt - ok
15:44:13.0076 1916 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:44:13.0107 1916 CompositeBus - ok
15:44:13.0116 1916 COMSysApp - ok
15:44:13.0127 1916 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:44:13.0141 1916 crcdisk - ok
15:44:13.0170 1916 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:44:13.0231 1916 CryptSvc - ok
15:44:13.0262 1916 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
15:44:13.0273 1916 CVirtA - ok
15:44:13.0351 1916 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\VPN Client\cvpnd.exe
15:44:13.0393 1916 CVPND - ok
15:44:13.0413 1916 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
15:44:13.0424 1916 CVPNDRVA - ok
15:44:13.0451 1916 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:44:13.0482 1916 DcomLaunch - ok
15:44:13.0505 1916 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:44:13.0545 1916 defragsvc - ok
15:44:13.0587 1916 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:44:13.0623 1916 DfsC - ok
15:44:13.0643 1916 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:44:13.0683 1916 Dhcp - ok
15:44:13.0699 1916 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:44:13.0788 1916 discache - ok
15:44:13.0809 1916 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:44:13.0824 1916 Disk - ok
15:44:13.0852 1916 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
15:44:13.0862 1916 DNE - ok
15:44:13.0895 1916 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:44:13.0916 1916 Dnscache - ok
15:44:13.0929 1916 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:44:13.0965 1916 dot3svc - ok
15:44:13.0984 1916 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:44:14.0018 1916 DPS - ok
15:44:14.0040 1916 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:44:14.0051 1916 drmkaud - ok
15:44:14.0087 1916 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:44:14.0097 1916 dtsoftbus01 - ok
15:44:14.0132 1916 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:44:14.0156 1916 DXGKrnl - ok
15:44:14.0170 1916 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:44:14.0204 1916 EapHost - ok
15:44:14.0290 1916 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:44:14.0344 1916 ebdrv - ok
15:44:14.0365 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
15:44:14.0402 1916 EFS - ok
15:44:14.0469 1916 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:44:14.0514 1916 ehRecvr - ok
15:44:14.0534 1916 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:44:14.0550 1916 ehSched - ok
15:44:14.0582 1916 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:44:14.0606 1916 elxstor - ok
15:44:14.0703 1916 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
15:44:14.0729 1916 EPSON_EB_RPCV4_04 - ok
15:44:14.0804 1916 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:44:14.0837 1916 EPSON_PM_RPCV4_04 - ok
15:44:14.0897 1916 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:44:14.0969 1916 ErrDev - ok
15:44:15.0027 1916 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:44:15.0086 1916 EventSystem - ok
15:44:15.0110 1916 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:44:15.0139 1916 exfat - ok
15:44:15.0168 1916 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:44:15.0209 1916 fastfat - ok
15:44:15.0252 1916 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:44:15.0308 1916 Fax - ok
15:44:15.0332 1916 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:44:15.0344 1916 fdc - ok
15:44:15.0357 1916 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:44:15.0394 1916 fdPHost - ok
15:44:15.0408 1916 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:44:15.0442 1916 FDResPub - ok
15:44:15.0466 1916 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:44:15.0475 1916 FileInfo - ok
15:44:15.0488 1916 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:44:15.0528 1916 Filetrace - ok
15:44:15.0547 1916 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:15.0556 1916 flpydisk - ok
15:44:15.0569 1916 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:44:15.0582 1916 FltMgr - ok
15:44:15.0603 1916 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
15:44:15.0621 1916 FontCache - ok
15:44:15.0665 1916 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:15.0682 1916 FontCache3.0.0.0 - ok
15:44:15.0704 1916 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:44:15.0719 1916 FsDepends - ok
15:44:15.0749 1916 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:44:15.0763 1916 Fs_Rec - ok
15:44:15.0776 1916 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:44:15.0794 1916 fvevol - ok
15:44:15.0823 1916 [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4 C:\Windows\system32\DRIVERS\fwlanusb4.sys
15:44:15.0858 1916 fwlanusb4 - ok
15:44:15.0876 1916 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:44:15.0887 1916 gagp30kx - ok
15:44:15.0920 1916 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:44:15.0927 1916 GEARAspiWDM - ok
15:44:15.0947 1916 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:44:15.0976 1916 gpsvc - ok
15:44:16.0002 1916 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:44:16.0009 1916 hamachi - ok
15:44:16.0108 1916 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\Hamachi\hamachi-2.exe
15:44:16.0164 1916 Hamachi2Svc - ok
15:44:16.0169 1916 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:44:16.0195 1916 hcw85cir - ok
15:44:16.0226 1916 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:44:16.0246 1916 HdAudAddService - ok
15:44:16.0278 1916 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:16.0295 1916 HDAudBus - ok
15:44:16.0311 1916 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:44:16.0330 1916 HidBatt - ok
15:44:16.0335 1916 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:44:16.0360 1916 HidBth - ok
15:44:16.0364 1916 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:44:16.0382 1916 HidIr - ok
15:44:16.0415 1916 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:44:16.0497 1916 hidserv - ok
15:44:16.0523 1916 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:44:16.0550 1916 HidUsb - ok
15:44:16.0576 1916 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:44:16.0614 1916 hkmsvc - ok
15:44:16.0620 1916 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:44:16.0637 1916 HomeGroupListener - ok
15:44:16.0664 1916 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:44:16.0682 1916 HomeGroupProvider - ok
15:44:16.0712 1916 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:44:16.0722 1916 HpSAMD - ok
15:44:16.0752 1916 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:44:16.0796 1916 HTTP - ok
15:44:16.0806 1916 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:44:16.0815 1916 hwpolicy - ok
15:44:16.0834 1916 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:16.0844 1916 i8042prt - ok
15:44:16.0872 1916 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:44:16.0887 1916 iaStorV - ok
15:44:16.0956 1916 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:17.0002 1916 idsvc - ok
15:44:17.0016 1916 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:44:17.0026 1916 iirsp - ok
15:44:17.0065 1916 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:44:17.0112 1916 IKEEXT - ok
15:44:17.0124 1916 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:44:17.0133 1916 intelide - ok
15:44:17.0155 1916 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:44:17.0172 1916 intelppm - ok
15:44:17.0186 1916 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:44:17.0213 1916 IPBusEnum - ok
15:44:17.0217 1916 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:17.0245 1916 IpFilterDriver - ok
15:44:17.0263 1916 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:44:17.0310 1916 iphlpsvc - ok
15:44:17.0323 1916 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:44:17.0341 1916 IPMIDRV - ok
15:44:17.0345 1916 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:44:17.0374 1916 IPNAT - ok
15:44:17.0411 1916 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:44:17.0446 1916 iPod Service - ok
15:44:17.0468 1916 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:44:17.0484 1916 IRENUM - ok
15:44:17.0498 1916 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:44:17.0508 1916 isapnp - ok
15:44:17.0534 1916 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:44:17.0549 1916 iScsiPrt - ok
15:44:17.0576 1916 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:17.0588 1916 kbdclass - ok
15:44:17.0614 1916 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:17.0645 1916 kbdhid - ok
15:44:17.0661 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
15:44:17.0672 1916 KeyIso - ok
15:44:17.0695 1916 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:44:17.0707 1916 KSecDD - ok
15:44:17.0718 1916 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:44:17.0732 1916 KSecPkg - ok
15:44:17.0747 1916 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:44:17.0795 1916 ksthunk - ok
15:44:17.0817 1916 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:44:17.0852 1916 KtmRm - ok
15:44:17.0884 1916 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:44:17.0915 1916 LanmanServer - ok
15:44:17.0943 1916 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:44:18.0034 1916 LanmanWorkstation - ok
15:44:18.0072 1916 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
15:44:18.0085 1916 lirsgt - ok
15:44:18.0119 1916 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:44:18.0165 1916 lltdio - ok
15:44:18.0188 1916 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:44:18.0219 1916 lltdsvc - ok
15:44:18.0234 1916 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:44:18.0260 1916 lmhosts - ok
15:44:18.0279 1916 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:44:18.0290 1916 LSI_FC - ok
15:44:18.0302 1916 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:44:18.0312 1916 LSI_SAS - ok
15:44:18.0316 1916 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:44:18.0325 1916 LSI_SAS2 - ok
15:44:18.0337 1916 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:44:18.0347 1916 LSI_SCSI - ok
15:44:18.0363 1916 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:44:18.0404 1916 luafv - ok
15:44:18.0425 1916 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:44:18.0436 1916 Mcx2Svc - ok
15:44:18.0448 1916 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:44:18.0458 1916 megasas - ok
15:44:18.0473 1916 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:44:18.0486 1916 MegaSR - ok
15:44:18.0513 1916 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:44:18.0559 1916 MMCSS - ok
15:44:18.0574 1916 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:44:18.0618 1916 Modem - ok
15:44:18.0635 1916 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:44:18.0654 1916 monitor - ok
15:44:18.0679 1916 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:44:18.0688 1916 mouclass - ok
15:44:18.0707 1916 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:44:18.0724 1916 mouhid - ok
15:44:18.0746 1916 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:44:18.0755 1916 mountmgr - ok
15:44:18.0780 1916 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:44:18.0791 1916 mpio - ok
15:44:18.0808 1916 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:44:18.0835 1916 mpsdrv - ok
15:44:18.0866 1916 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:44:18.0909 1916 MpsSvc - ok
15:44:18.0927 1916 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:44:18.0946 1916 MRxDAV - ok
15:44:18.0967 1916 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:18.0978 1916 mrxsmb - ok
15:44:18.0993 1916 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:19.0005 1916 mrxsmb10 - ok
15:44:19.0019 1916 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:19.0040 1916 mrxsmb20 - ok
15:44:19.0050 1916 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:44:19.0059 1916 msahci - ok
15:44:19.0075 1916 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:44:19.0085 1916 msdsm - ok
15:44:19.0097 1916 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:44:19.0118 1916 MSDTC - ok
15:44:19.0136 1916 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:44:19.0163 1916 Msfs - ok
15:44:19.0220 1916 [ 6B298F50EC2F975430189741EE6A5CA2 ] msftesql$CSSQL05 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
15:44:19.0243 1916 msftesql$CSSQL05 - ok
15:44:19.0264 1916 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:44:19.0322 1916 mshidkmdf - ok
15:44:19.0334 1916 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:44:19.0342 1916 msisadrv - ok
15:44:19.0370 1916 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:44:19.0436 1916 MSiSCSI - ok
15:44:19.0440 1916 msiserver - ok
15:44:19.0468 1916 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:44:19.0534 1916 MSKSSRV - ok
15:44:19.0553 1916 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:19.0580 1916 MSPCLOCK - ok
15:44:19.0594 1916 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:44:19.0632 1916 MSPQM - ok
15:44:19.0650 1916 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:44:19.0665 1916 MsRPC - ok
15:44:19.0675 1916 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:44:19.0683 1916 mssmbios - ok
15:44:19.0686 1916 MSSQL$CSSQL05 - ok
15:44:19.0720 1916 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:44:19.0746 1916 MSSQLServerADHelper - ok
15:44:19.0752 1916 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:44:19.0792 1916 MSTEE - ok
15:44:19.0804 1916 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:44:19.0821 1916 MTConfig - ok
15:44:19.0832 1916 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:44:19.0841 1916 Mup - ok
15:44:19.0877 1916 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:44:19.0956 1916 napagent - ok
15:44:20.0001 1916 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:44:20.0045 1916 NativeWifiP - ok
15:44:20.0067 1916 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:44:20.0090 1916 NDIS - ok
15:44:20.0121 1916 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:44:20.0149 1916 NdisCap - ok
15:44:20.0177 1916 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:20.0203 1916 NdisTapi - ok
15:44:20.0226 1916 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:20.0262 1916 Ndisuio - ok
15:44:20.0295 1916 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:20.0323 1916 NdisWan - ok
15:44:20.0333 1916 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:44:20.0375 1916 NDProxy - ok
15:44:20.0391 1916 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:44:20.0425 1916 NetBIOS - ok
15:44:20.0437 1916 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:44:20.0477 1916 NetBT - ok
15:44:20.0493 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
15:44:20.0502 1916 Netlogon - ok
15:44:20.0548 1916 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:44:20.0591 1916 Netman - ok
15:44:20.0614 1916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0624 1916 NetMsmqActivator - ok
15:44:20.0628 1916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0636 1916 NetPipeActivator - ok
15:44:20.0655 1916 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:44:20.0686 1916 netprofm - ok
15:44:20.0724 1916 [ FAD5127B44A089BB420BD0DB48F2075F ] netr28ux C:\Windows\system32\DRIVERS\Dnetr28ux.sys
15:44:20.0742 1916 netr28ux - ok
15:44:20.0747 1916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0754 1916 NetTcpActivator - ok
15:44:20.0758 1916 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:20.0766 1916 NetTcpPortSharing - ok
15:44:20.0788 1916 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:44:20.0797 1916 nfrd960 - ok
15:44:20.0877 1916 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:44:20.0972 1916 NlaSvc - ok
15:44:21.0017 1916 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:44:21.0044 1916 Npfs - ok
15:44:21.0065 1916 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:44:21.0099 1916 nsi - ok
15:44:21.0108 1916 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:44:21.0143 1916 nsiproxy - ok
15:44:21.0212 1916 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:44:21.0258 1916 Ntfs - ok
15:44:21.0270 1916 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:44:21.0307 1916 Null - ok
15:44:21.0350 1916 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:44:21.0360 1916 nvraid - ok
15:44:21.0369 1916 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:44:21.0380 1916 nvstor - ok
15:44:21.0394 1916 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:44:21.0404 1916 nv_agp - ok
15:44:21.0474 1916 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:44:21.0501 1916 odserv - ok
15:44:21.0510 1916 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:44:21.0542 1916 ohci1394 - ok
15:44:21.0587 1916 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:21.0616 1916 ose - ok
15:44:21.0656 1916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:44:21.0705 1916 p2pimsvc - ok
15:44:21.0735 1916 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:44:21.0758 1916 p2psvc - ok
15:44:21.0768 1916 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:44:21.0784 1916 Parport - ok
15:44:21.0805 1916 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:44:21.0814 1916 partmgr - ok
15:44:21.0830 1916 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:44:21.0853 1916 PcaSvc - ok
15:44:21.0870 1916 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:44:21.0881 1916 pci - ok
15:44:21.0890 1916 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:44:21.0899 1916 pciide - ok
15:44:21.0915 1916 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:44:21.0927 1916 pcmcia - ok
15:44:21.0960 1916 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:44:21.0969 1916 pcw - ok
15:44:22.0040 1916 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:44:22.0056 1916 PerfHost - ok
15:44:22.0107 1916 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:44:22.0162 1916 pla - ok
15:44:22.0197 1916 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:44:22.0223 1916 PlugPlay - ok
15:44:22.0237 1916 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:44:22.0258 1916 PNRPAutoReg - ok
15:44:22.0265 1916 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:44:22.0276 1916 PNRPsvc - ok
15:44:22.0313 1916 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:44:22.0353 1916 PolicyAgent - ok
15:44:22.0380 1916 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:44:22.0419 1916 Power - ok
15:44:22.0445 1916 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:44:22.0481 1916 PptpMiniport - ok
15:44:22.0489 1916 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:44:22.0514 1916 Processor - ok
15:44:22.0541 1916 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
15:44:22.0570 1916 ProfSvc - ok
15:44:22.0579 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:44:22.0588 1916 ProtectedStorage - ok
15:44:22.0624 1916 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:44:22.0662 1916 Psched - ok
15:44:22.0698 1916 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:44:22.0730 1916 ql2300 - ok
15:44:22.0742 1916 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:44:22.0752 1916 ql40xx - ok
15:44:22.0762 1916 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:44:22.0787 1916 QWAVE - ok
15:44:22.0807 1916 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:44:22.0829 1916 QWAVEdrv - ok
15:44:22.0843 1916 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:44:22.0870 1916 RasAcd - ok
15:44:22.0902 1916 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:44:22.0957 1916 RasAgileVpn - ok
15:44:22.0973 1916 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:44:23.0010 1916 RasAuto - ok
15:44:23.0024 1916 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:23.0052 1916 Rasl2tp - ok
15:44:23.0067 1916 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:44:23.0115 1916 RasMan - ok
15:44:23.0130 1916 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:23.0171 1916 RasPppoe - ok
15:44:23.0182 1916 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:44:23.0218 1916 RasSstp - ok
15:44:23.0233 1916 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:44:23.0275 1916 rdbss - ok
15:44:23.0286 1916 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:44:23.0299 1916 rdpbus - ok
15:44:23.0320 1916 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:23.0346 1916 RDPCDD - ok
15:44:23.0359 1916 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:44:23.0388 1916 RDPENCDD - ok
15:44:23.0396 1916 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:44:23.0422 1916 RDPREFMP - ok
15:44:23.0458 1916 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:44:23.0476 1916 RDPWD - ok
15:44:23.0492 1916 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:44:23.0503 1916 rdyboost - ok
15:44:23.0531 1916 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:44:23.0566 1916 RemoteAccess - ok
15:44:23.0580 1916 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:44:23.0608 1916 RemoteRegistry - ok
15:44:23.0620 1916 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:44:23.0648 1916 RpcEptMapper - ok
15:44:23.0655 1916 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:44:23.0665 1916 RpcLocator - ok
15:44:23.0684 1916 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:44:23.0715 1916 RpcSs - ok
15:44:23.0735 1916 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:44:23.0775 1916 rspndr - ok
15:44:23.0812 1916 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:44:23.0830 1916 RTL8167 - ok
15:44:23.0834 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
15:44:23.0843 1916 SamSs - ok
15:44:23.0854 1916 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:44:23.0864 1916 sbp2port - ok
15:44:23.0882 1916 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:44:23.0921 1916 SCardSvr - ok
15:44:23.0932 1916 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:44:23.0970 1916 scfilter - ok
15:44:24.0005 1916 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
15:44:24.0023 1916 Schedule - ok
15:44:24.0046 1916 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:44:24.0072 1916 SCPolicySvc - ok
15:44:24.0085 1916 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:44:24.0106 1916 SDRSVC - ok
15:44:24.0114 1916 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:44:24.0152 1916 secdrv - ok
15:44:24.0169 1916 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:44:24.0196 1916 seclogon - ok
15:44:24.0222 1916 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:44:24.0249 1916 SENS - ok
15:44:24.0262 1916 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:44:24.0278 1916 SensrSvc - ok
15:44:24.0301 1916 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:44:24.0317 1916 Serenum - ok
15:44:24.0321 1916 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:44:24.0332 1916 Serial - ok
15:44:24.0361 1916 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:44:24.0390 1916 sermouse - ok
15:44:24.0417 1916 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:44:24.0455 1916 SessionEnv - ok
15:44:24.0480 1916 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:44:24.0516 1916 sffdisk - ok
15:44:24.0534 1916 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:44:24.0559 1916 sffp_mmc - ok
15:44:24.0570 1916 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:44:24.0582 1916 sffp_sd - ok
15:44:24.0592 1916 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:44:24.0603 1916 sfloppy - ok
15:44:24.0628 1916 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:44:24.0677 1916 SharedAccess - ok
15:44:24.0701 1916 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:44:24.0725 1916 ShellHWDetection - ok
15:44:24.0737 1916 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:44:24.0747 1916 SiSRaid2 - ok
15:44:24.0762 1916 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:44:24.0771 1916 SiSRaid4 - ok
15:44:24.0823 1916 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:44:24.0851 1916 SkypeUpdate - ok
15:44:24.0879 1916 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:44:24.0932 1916 Smb - ok
15:44:24.0963 1916 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:44:24.0973 1916 SNMPTRAP - ok
15:44:25.0007 1916 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:44:25.0016 1916 spldr - ok
15:44:25.0038 1916 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
15:44:25.0064 1916 Spooler - ok
15:44:25.0154 1916 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:44:25.0226 1916 sppsvc - ok
15:44:25.0236 1916 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:44:25.0280 1916 sppuinotify - ok
15:44:25.0302 1916 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:44:25.0312 1916 SQLBrowser - ok
15:44:25.0366 1916 [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:44:25.0391 1916 SQLWriter - ok
15:44:25.0423 1916 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:44:25.0459 1916 srv - ok
15:44:25.0476 1916 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:44:25.0503 1916 srv2 - ok
15:44:25.0517 1916 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:44:25.0545 1916 srvnet - ok
15:44:25.0561 1916 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:44:25.0611 1916 SSDPSRV - ok
15:44:25.0627 1916 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:44:25.0655 1916 SstpSvc - ok
15:44:25.0669 1916 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:44:25.0678 1916 stexstor - ok
15:44:25.0707 1916 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:44:25.0726 1916 stisvc - ok
15:44:25.0733 1916 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:44:25.0742 1916 swenum - ok
15:44:25.0756 1916 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:44:25.0799 1916 swprv - ok
15:44:25.0862 1916 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:44:25.0928 1916 SysMain - ok
15:44:25.0940 1916 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:25.0969 1916 TabletInputService - ok
15:44:25.0991 1916 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:44:26.0031 1916 TapiSrv - ok
15:44:26.0046 1916 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:44:26.0131 1916 TBS - ok
15:44:26.0200 1916 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:44:26.0246 1916 Tcpip - ok
15:44:26.0271 1916 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:44:26.0301 1916 TCPIP6 - ok
15:44:26.0317 1916 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:44:26.0344 1916 tcpipreg - ok
15:44:26.0359 1916 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:44:26.0375 1916 TDPIPE - ok
15:44:26.0392 1916 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:44:26.0427 1916 TDTCP - ok
15:44:26.0449 1916 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:44:26.0490 1916 tdx - ok
15:44:26.0504 1916 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:44:26.0516 1916 TermDD - ok
15:44:26.0537 1916 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:44:26.0585 1916 TermService - ok
15:44:26.0597 1916 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:44:26.0621 1916 Themes - ok
15:44:26.0644 1916 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:44:26.0671 1916 THREADORDER - ok
15:44:26.0705 1916 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:44:26.0763 1916 TrkWks - ok
15:44:26.0806 1916 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:26.0835 1916 TrustedInstaller - ok
15:44:26.0847 1916 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:26.0877 1916 tssecsrv - ok
15:44:26.0908 1916 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:44:26.0936 1916 tunnel - ok
15:44:26.0958 1916 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:44:26.0968 1916 uagp35 - ok
15:44:26.0993 1916 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:44:27.0035 1916 udfs - ok
15:44:27.0048 1916 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:44:27.0059 1916 UI0Detect - ok
15:44:27.0087 1916 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:44:27.0097 1916 uliagpkx - ok
15:44:27.0113 1916 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:44:27.0167 1916 umbus - ok
15:44:27.0193 1916 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:44:27.0208 1916 UmPass - ok
15:44:27.0235 1916 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:44:27.0268 1916 upnphost - ok
15:44:27.0298 1916 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:44:27.0313 1916 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:44:27.0313 1916 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:44:27.0352 1916 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:27.0383 1916 usbccgp - ok
15:44:27.0399 1916 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:44:27.0425 1916 usbcir - ok
15:44:27.0459 1916 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:44:27.0488 1916 usbehci - ok
15:44:27.0502 1916 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:44:27.0520 1916 usbhub - ok
15:44:27.0532 1916 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:44:27.0554 1916 usbohci - ok
15:44:27.0570 1916 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:44:27.0589 1916 usbprint - ok
15:44:27.0610 1916 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:44:27.0621 1916 usbscan - ok
15:44:27.0638 1916 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:27.0648 1916 USBSTOR - ok
15:44:27.0717 1916 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:44:27.0751 1916 usbuhci - ok
15:44:27.0777 1916 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:44:27.0842 1916 UxSms - ok
15:44:27.0853 1916 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
15:44:27.0863 1916 VaultSvc - ok
15:44:27.0870 1916 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:44:27.0879 1916 vdrvroot - ok
15:44:27.0922 1916 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:44:27.0946 1916 vds - ok
15:44:27.0959 1916 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:27.0970 1916 vga - ok
15:44:27.0979 1916 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:44:28.0021 1916 VgaSave - ok
15:44:28.0035 1916 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:44:28.0047 1916 vhdmp - ok
15:44:28.0059 1916 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:44:28.0067 1916 viaide - ok
15:44:28.0078 1916 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:44:28.0088 1916 volmgr - ok
15:44:28.0105 1916 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:44:28.0118 1916 volmgrx - ok
15:44:28.0132 1916 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:44:28.0145 1916 volsnap - ok
15:44:28.0170 1916 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:28.0181 1916 vsmraid - ok
15:44:28.0225 1916 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:44:28.0259 1916 VSS - ok
15:44:28.0273 1916 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:44:28.0285 1916 vwifibus - ok
15:44:28.0296 1916 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:44:28.0308 1916 vwifimp - ok
15:44:28.0326 1916 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:44:28.0357 1916 W32Time - ok
15:44:28.0364 1916 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:44:28.0386 1916 WacomPen - ok
15:44:28.0418 1916 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:44:28.0479 1916 WANARP - ok
15:44:28.0484 1916 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:44:28.0520 1916 Wanarpv6 - ok
15:44:28.0547 1916 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:44:28.0580 1916 wbengine - ok
15:44:28.0596 1916 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:44:28.0612 1916 WbioSrvc - ok
15:44:28.0629 1916 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:44:28.0656 1916 wcncsvc - ok
15:44:28.0666 1916 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:28.0676 1916 WcsPlugInService - ok
15:44:28.0692 1916 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:44:28.0701 1916 Wd - ok
15:44:28.0732 1916 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:44:28.0751 1916 Wdf01000 - ok
15:44:28.0762 1916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:44:28.0789 1916 WdiServiceHost - ok
15:44:28.0792 1916 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:44:28.0806 1916 WdiSystemHost - ok
15:44:28.0827 1916 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
15:44:28.0841 1916 WebClient - ok
15:44:28.0857 1916 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:44:28.0892 1916 Wecsvc - ok
15:44:28.0905 1916 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:44:28.0940 1916 wercplsupport - ok
15:44:28.0970 1916 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:44:29.0055 1916 WerSvc - ok
15:44:29.0072 1916 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:29.0104 1916 WfpLwf - ok
15:44:29.0121 1916 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:44:29.0129 1916 WIMMount - ok
15:44:29.0144 1916 WinDefend - ok
15:44:29.0151 1916 WinHttpAutoProxySvc - ok
15:44:29.0194 1916 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:44:29.0274 1916 Winmgmt - ok
15:44:29.0336 1916 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:44:29.0404 1916 WinRM - ok
15:44:29.0455 1916 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:44:29.0497 1916 WinUsb - ok
15:44:29.0546 1916 [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
15:44:29.0565 1916 WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
15:44:29.0565 1916 WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
15:44:29.0619 1916 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:44:29.0673 1916 Wlansvc - ok
15:44:29.0717 1916 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:44:29.0762 1916 WmiAcpi - ok
15:44:29.0801 1916 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:44:29.0840 1916 wmiApSrv - ok
15:44:29.0870 1916 WMPNetworkSvc - ok
15:44:29.0879 1916 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:44:29.0894 1916 WPCSvc - ok
15:44:29.0918 1916 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:44:29.0942 1916 WPDBusEnum - ok
15:44:29.0951 1916 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:44:30.0001 1916 ws2ifsl - ok
15:44:30.0019 1916 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
15:44:30.0029 1916 wscsvc - ok
15:44:30.0032 1916 WSearch - ok
15:44:30.0102 1916 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:44:30.0154 1916 wuauserv - ok
15:44:30.0167 1916 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:44:30.0194 1916 WudfPf - ok
15:44:30.0214 1916 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:30.0243 1916 WUDFRd - ok
15:44:30.0253 1916 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:44:30.0327 1916 wudfsvc - ok
15:44:30.0344 1916 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:44:30.0376 1916 WwanSvc - ok
15:44:30.0413 1916 ================ Scan global ===============================
15:44:30.0429 1916 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:44:30.0449 1916 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
15:44:30.0455 1916 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
15:44:30.0476 1916 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:44:30.0502 1916 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:44:30.0505 1916 [Global] - ok
15:44:30.0506 1916 ================ Scan MBR ==================================
15:44:30.0512 1916 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:30.0740 1916 \Device\Harddisk0\DR0 - ok
15:44:30.0741 1916 ================ Scan VBR ==================================
15:44:30.0744 1916 [ FB595BB097173DA80B353D4C190FE6BC ] \Device\Harddisk0\DR0\Partition1
15:44:30.0746 1916 \Device\Harddisk0\DR0\Partition1 - ok
15:44:30.0772 1916 [ F850FA0AB3B21FBDF12AB15B60E5DAA9 ] \Device\Harddisk0\DR0\Partition2
15:44:30.0774 1916 \Device\Harddisk0\DR0\Partition2 - ok
15:44:30.0793 1916 [ DA33AAD63DC275869B8370726AF3B59C ] \Device\Harddisk0\DR0\Partition3
15:44:30.0795 1916 \Device\Harddisk0\DR0\Partition3 - ok
15:44:30.0795 1916 ============================================================
15:44:30.0795 1916 Scan finished
15:44:30.0795 1916 ============================================================
15:44:30.0812 1016 Detected object count: 2
15:44:30.0812 1016 Actual detected object count: 2
15:48:16.0960 1016 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:16.0960 1016 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:16.0962 1016 WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:16.0962 1016 WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:07.0874 3872 Deinitialize success
|
|
14.03.2013, 16:15
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dauerhafte "Mail Delivery System"-Mails Bitte das richtige Log von MBAR posten Zitat:
__________________ --> Dauerhafte "Mail Delivery System"-Mails |
|
14.03.2013, 19:10
| #7 | |
| | Dauerhafte "Mail Delivery System"-MailsZitat:
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.14.06
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: RAPTORJESUS [administrator]
14.03.2013 15:19:36
mbar-log-2013-03-14 (15-19-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30006
Time elapsed: 8 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.03.2013, 23:58
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dauerhafte "Mail Delivery System"-Mails Unauffällig. Bekommst du noch weitere solcher Mails nachdem das Passwort geändert wurde?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2013, 22:35
| #9 | |
| | Dauerhafte "Mail Delivery System"-MailsZitat:
|
|
15.03.2013, 22:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dauerhafte "Mail Delivery System"-Mails Wenn das Passwort geändert wurde und somit die Möglichkeit, dass Kriminelle dein Konto missbräuchlich verwenden können ausgeschlossen ist, dann gibt es nur noch die Möglichkeit, dass die Spammer ihre Adressen fälschen. Wie bei einer Postkarte auch kannst du als Absender bei einer irgendwas draufschreiben.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2013, 12:54
| #11 |
| | Dauerhafte "Mail Delivery System"-Mails Das heißt, die Mails sind gar keine "Mail Delivery System"-Mails und sollen nur so aussehen? Oder soll ich nochmal die gleichen Tests mit meinem Netbook durchführen? |
|
16.03.2013, 23:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dauerhafte "Mail Delivery System"-Mails Du kannst nicht davon ausgehen, dass ich weiß von welchen Rechnern genau du dich überall bei deinem Konto eingeloggt hast. Natürlich kann es sein, dass einer der Rechner verseucht war und dein Passwort aufgezeichnet hat, es kann aber sein, dass dein Passwort zu einfach zu erraten war. Ebenso kann es sein, dass die Spammer einfach nur ihre Adressen fälschen oder eine beliebige Kombination aus dem Ganzen 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 10:48
| #13 |
| | Dauerhafte "Mail Delivery System"-Mails Okay. Da die Zahl der Mails jetzt quasi gegen 0 geht, betrachte ich die Sache mal als erledigt. Großes  an dich, cosinus! |
|
18.03.2013, 12:04
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dauerhafte "Mail Delivery System"-Mails Ok, machen wir noch etwas Putzarbeit und Kontrolle JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 17:44
| #15 |
| | Dauerhafte "Mail Delivery System"-Mails Das Junkware Removal Tool will nicht recht funktionieren. Wenn ich es als Administrator ausführe, öffnet sich ganz kurz so ein schwarzes Fenster, schließ sich aber sofort wieder. Schutzsoftware ist deaktiviert. Auch nach Neustart ändert sich nichts. |
|
| Themen zu Dauerhafte "Mail Delivery System"-Mails |
| 32 bit, adblock, antivir, audiograbber, autorun, avira, bho, bonjour, error, failed, fehler, firefox, flash player, helper, home, homepage, install.exe, mail delivery, object, panda usb vaccine, plug-in, prozess, realtek, registry, rundll, scan, senden, software, svchost.exe, system, tower, trojaner, windows |
Dauerhafte "Mail Delivery System"-Mails
Linear-Darstellung
