Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware? Spionage von Email Passwörtern

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.04.2013, 21:10   #1
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Hallo zusammen,

Nach einer Neuinstallation wegen einem "Virenschutz"-Schadprogramm, hatte ich nun vor kurzem gemerkt, dass über mehrere Email-Adressen, die ich in Windows Mail angelegt habe, massenhaft Spam-Mails versendet wurden. Von meinem Email-Provider habe ich jetzt einen Brief bekommen, dass er die Massenmail bemerkt hat und den Ausgang erstmal gesperrt hat.

Zitat:
> Die Prüfung der über dieses E-Mail-Konto versendeten Spam-Mails hat
> ergeben, dass diese von IP-Adressen fremder Provider eingeliefert worden
> sind. Dies bedeutet, dass Ihre Passwörter mit an Sicherheit grenzender
> Wahrscheinlichkeit kompromittiert sind.

Nach Ändern der Passwörter ist im Moment Ruhe.

Es geht hierbei um insgesamt 4 verschiedene Emailadressen, bei zwei verschiedenen Providern, somit liegt der Verdacht nahe, dass die Passwörter mit einem Schadprogramm ausgespäht wurden.

Anbei sind die LOGs der Anleitung.

Vielen Dank im voraus!

OTL
Code:
ATTFilter
OTL logfile created on: 26.04.2013 21:33:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Susanne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 74,54% Memory free
7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,89 Gb Total Space | 228,08 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32
Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 21:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe
PRC - [2013.03.28 00:09:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 00:09:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.28 00:09:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.03.14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.28 00:09:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 00:09:40 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.28 16:42:10 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2013.03.28 16:42:10 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2013.03.28 16:42:10 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2013.03.28 16:42:10 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2013.03.28 16:42:10 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2013.03.28 16:42:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2013.03.28 00:10:03 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 00:10:03 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 00:10:03 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.20 10:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.06 10:16:34 | 000,048,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\celmkt_x64.sys -- (celmkt)
DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7}
IE:64bit: - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7}
IE - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {B7C9BB37-1B20-47FD-8234-F026AAD227B7}
IE - HKCU\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{181AF04A-74F0-4087-949B-19A0AB5FC4E2}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F872112-0BF1-4EE0-A9F0-46665E889F19}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6FDD47-75AB-4987-8034-237DAF5F86B5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989A43FD-BC5B-4A94-B219-E263F30CB4A4}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3069b75a-a35e-11e2-80ff-c80aa945a4b0}\Shell - "" = AutoRun
O33 - MountPoints2\{3069b75a-a35e-11e2-80ff-c80aa945a4b0}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5e77905b-a01a-11e2-9601-c80aa945a4b0}\Shell - "" = AutoRun
O33 - MountPoints2\{5e77905b-a01a-11e2-9601-c80aa945a4b0}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{70e37bcc-97b4-11e2-acf2-001bdc0f6f87}\Shell - "" = AutoRun
O33 - MountPoints2\{70e37bcc-97b4-11e2-acf2-001bdc0f6f87}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{70e37bdf-97b4-11e2-acf2-001bdc0f6f87}\Shell - "" = AutoRun
O33 - MountPoints2\{70e37bdf-97b4-11e2-acf2-001bdc0f6f87}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 21:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe
[2013.04.16 08:07:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Fotos Projektantrag
[2013.04.09 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Stellenbeschreibungen
[2013.04.06 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\hpqlog
[2013.03.28 18:51:10 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\ElevatedDiagnostics
[2013.03.28 18:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
[2013.03.28 16:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2013.03.28 16:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2013.03.28 16:42:29 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013.03.28 16:42:29 | 000,421,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys
[2013.03.28 16:42:29 | 000,222,464 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.03.28 16:42:29 | 000,212,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013.03.28 16:42:29 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.03.28 16:42:29 | 000,098,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013.03.28 16:42:29 | 000,086,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.03.28 16:42:29 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013.03.28 16:42:29 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013.03.28 16:42:29 | 000,028,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013.03.28 16:42:29 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys
[2013.03.28 16:42:29 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013.03.28 16:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2013.03.28 16:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013.03.28 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\PsyPrax
[2013.03.28 15:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PSYPRCFG
[2013.03.28 15:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Psyprax32
[2013.03.28 15:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Psyprax32
[2013.03.28 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Psyprax32
[2013.03.28 14:47:31 | 000,000,000 | ---D | C] -- C:\adebisKITA
[2013.03.28 14:47:05 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.03.28 14:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual FoxPro OLE DB Provider
[2013.03.28 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.28 13:47:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.28 13:45:02 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.03.28 13:44:45 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.03.28 08:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013.03.28 03:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.28 03:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.28 03:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.28 01:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.28 01:46:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbvirtcom182pnp-1
[2013.03.28 01:46:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbvirtcom182pnp[1]
[2013.03.28 01:46:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbtreiber251pnp-2
[2013.03.28 01:46:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\usbtreiber251pnp[1]
[2013.03.28 01:46:17 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Singe-we-Godi
[2013.03.28 01:46:11 | 000,000,000 | --SD | C] -- C:\Users\Susanne\Documents\Meine Datenquellen
[2013.03.28 01:46:11 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Documents\My Stationery
[2013.03.28 01:46:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Praxis
[2013.03.28 01:46:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Noten Kinder
[2013.03.28 01:45:41 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\**Zensiert**
[2013.03.28 01:45:40 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Deutsche Post AG
[2013.03.28 01:45:37 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\CyberLink
[2013.03.28 01:45:36 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Broschüre
[2013.03.28 01:45:36 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\Ausbildungs-Studienplatzanträge
[2013.03.28 01:45:31 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Documents\apemap
[2013.03.28 01:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.03.28 01:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.03.28 01:39:17 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Erdgeschoß
[2013.03.28 01:39:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.28 01:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.03.28 01:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.03.28 01:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.03.28 01:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2013.03.28 01:36:14 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Microsoft Help
[2013.03.28 01:35:58 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.03.28 01:25:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.03.28 01:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.28 01:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.03.28 01:25:39 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Adobe
[2013.03.28 01:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP640 series
[2013.03.28 01:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013.03.28 01:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013.03.28 01:22:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2013.03.28 01:22:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.03.28 01:22:15 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.03.28 01:21:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013.03.28 01:15:26 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\vlc
[2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\WinRAR
[2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.28 01:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.28 01:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.03.28 01:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.28 01:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.03.28 01:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.03.28 01:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.03.28 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Google
[2013.03.28 01:11:29 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Skype
[2013.03.28 01:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.03.28 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Deployment
[2013.03.28 01:10:59 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Apps
[2013.03.28 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\CyberLink
[2013.03.28 00:28:08 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\CyberLink
[2013.03.28 00:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online
[2013.03.28 00:17:39 | 000,041,024 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\DslTestSp5a64.sys
[2013.03.28 00:17:15 | 000,019,008 | ---- | C] (T-Systems Enterprise Services GmbH) -- C:\Windows\SysNative\drivers\dslmnlwf.sys
[2013.03.28 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Avira
[2013.03.28 00:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.28 00:10:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 00:10:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 00:10:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.28 00:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.28 00:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.27 23:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.27 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Macromedia
[2013.03.27 23:47:37 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Adobe
[2013.03.27 23:39:18 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\HpUpdate
[2013.03.27 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\ATI
[2013.03.27 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\ATI
[2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Searches
[2013.03.27 23:31:22 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.27 23:31:16 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Identities
[2013.03.27 23:31:13 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Contacts
[2013.03.27 23:31:10 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\VirtualStore
[2013.03.27 23:30:42 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Hewlett-Packard
[2013.03.27 23:28:41 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Hewlett-Packard
[2013.03.27 23:27:15 | 000,000,000 | --SD | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Videos
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Saved Games
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Pictures
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Music
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Links
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Favorites
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Downloads
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Documents
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\Desktop
[2013.03.27 23:27:15 | 000,000,000 | R--D | C] -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Vorlagen
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Verlauf
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Temporary Internet Files
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Startmenü
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\SendTo
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Recent
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Netzwerkumgebung
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Lokale Einstellungen
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Videos
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Musik
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Eigene Dateien
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Documents\Eigene Bilder
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Druckumgebung
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Cookies
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\AppData\Local\Anwendungsdaten
[2013.03.27 23:27:15 | 000,000,000 | -HSD | C] -- C:\Users\Susanne\Anwendungsdaten
[2013.03.27 23:27:15 | 000,000,000 | -H-D | C] -- C:\Users\Susanne\AppData
[2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Temp
[2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Local\Microsoft
[2013.03.27 23:27:15 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\Media Center Programs
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.27 23:27:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.27 23:23:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 21:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susanne\Desktop\OTL.exe
[2013.04.26 21:31:53 | 000,000,000 | ---- | M] () -- C:\Users\Susanne\defogger_reenable
[2013.04.26 21:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 20:22:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 20:22:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 20:16:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 20:15:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 20:14:43 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 11:41:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.23 11:41:34 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.23 11:41:34 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.23 11:41:34 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.23 11:41:34 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.19 12:00:52 | 002,846,090 | ---- | M] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv
[2013.04.17 14:36:21 | 000,103,137 | ---- | M] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf
[2013.04.17 11:56:59 | 008,141,664 | ---- | M] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip
[2013.04.17 09:16:55 | 000,323,879 | ---- | M] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf
[2013.04.11 03:20:57 | 000,389,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 19:39:51 | 000,279,832 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf
[2013.04.05 18:56:03 | 000,162,031 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf
[2013.04.05 18:32:26 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013.03.28 18:49:58 | 000,255,624 | ---- | M] () -- C:\Windows\hpdj3600.his
[2013.03.28 18:49:58 | 000,009,251 | ---- | M] () -- C:\Windows\hpdj3600.ini
[2013.03.28 16:46:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2013.03.28 16:45:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013.03.28 16:43:10 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2013.03.28 16:42:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.28 16:42:10 | 001,001,472 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2013.03.28 16:42:10 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys
[2013.03.28 16:42:10 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.03.28 16:42:10 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2013.03.28 16:42:10 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.03.28 16:42:10 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2013.03.28 16:42:10 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.03.28 16:42:10 | 000,069,632 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2013.03.28 16:42:10 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2013.03.28 16:42:10 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2013.03.28 16:42:10 | 000,022,016 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys
[2013.03.28 16:42:10 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2013.03.28 16:10:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.28 16:10:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.28 00:10:03 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 00:10:03 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 00:10:03 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.27 23:34:40 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll
[2013.03.27 23:25:34 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.03.27 23:25:34 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.04.26 21:31:53 | 000,000,000 | ---- | C] () -- C:\Users\Susanne\defogger_reenable
[2013.04.19 12:00:52 | 002,846,090 | ---- | C] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv
[2013.04.17 14:36:21 | 000,103,137 | ---- | C] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf
[2013.04.17 09:16:54 | 000,323,879 | ---- | C] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf
[2013.04.13 07:38:15 | 008,141,664 | ---- | C] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip
[2013.04.10 19:39:51 | 000,279,832 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf
[2013.04.05 18:56:03 | 000,162,031 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf
[2013.04.05 18:32:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013.03.28 18:45:22 | 000,255,624 | ---- | C] () -- C:\Windows\hpdj3600.his
[2013.03.28 18:45:22 | 000,009,251 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2013.03.28 18:31:24 | 000,048,488 | ---- | C] () -- C:\Windows\SysNative\drivers\celmkt_x64.sys
[2013.03.28 16:46:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2013.03.28 16:45:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2013.03.28 16:43:10 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2013.03.28 16:42:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.28 16:10:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.28 16:10:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.28 14:47:37 | 000,001,720 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adebisKITA.lnk
[2013.03.28 13:45:49 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.03.28 13:44:31 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.03.28 13:44:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.03.28 13:44:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.03.28 13:44:12 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.03.28 04:14:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.28 03:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.28 03:02:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.28 01:47:07 | 000,010,631 | ---- | C] () -- C:\Users\Susanne\**Zensiert**.pfx
[2013.03.28 01:46:19 | 006,204,630 | ---- | C] () -- C:\Users\Susanne\Documents\Weihnachtslieder.pdf
[2013.03.28 01:46:19 | 000,783,638 | ---- | C] () -- C:\Users\Susanne\Documents\Weihnachtsbrief2010 e-mail.pdf
[2013.03.28 01:46:18 | 003,720,192 | ---- | C] () -- C:\Users\Susanne\Documents\Tiere, Natur.pps
[2013.03.28 01:46:17 | 000,186,613 | ---- | C] () -- C:\Users\Susanne\Documents\Ratgeber_Gruene_Elektronik_18_Zusammenfassung_deutsch.pdf
[2013.03.28 01:46:17 | 000,182,610 | ---- | C] () -- C:\Users\Susanne\Documents\Rundbrief-1.pdf
[2013.03.28 01:46:11 | 000,093,084 | ---- | C] () -- C:\Users\Susanne\Documents\**Zensiert**.pdf
[2013.03.28 01:45:40 | 003,755,299 | ---- | C] () -- C:\Users\Susanne\Documents\Helden_auf_Bewährung.pdf
[2013.03.28 01:45:40 | 000,635,056 | ---- | C] () -- C:\Users\Susanne\Documents\Gestörte Schaltkreise, Spektrum der Wissenschaft, Mai 2011.pdf
[2013.03.28 01:45:40 | 000,383,394 | ---- | C] () -- C:\Users\Susanne\Documents\Geburtstagseinladung Susanne.pdf
[2013.03.28 01:45:40 | 000,146,087 | ---- | C] () -- C:\Users\Susanne\Documents\Jahresbericht 2011 Internet.pdf
[2013.03.28 01:45:40 | 000,113,040 | ---- | C] () -- C:\Users\Susanne\Documents\JHV2012.pdf
[2013.03.28 01:45:37 | 000,045,584 | ---- | C] () -- C:\Users\Susanne\Documents\Delphine_Stresstest.pdf
[2013.03.28 01:45:36 | 002,003,968 | ---- | C] () -- C:\Users\Susanne\Documents\Aufmunterung.pps
[2013.03.28 01:45:31 | 000,177,956 | ---- | C] () -- C:\Users\Susanne\Documents\Adressen_und_ Geburtstage_2013-Stand_Januar.pdf
[2013.03.28 01:45:31 | 000,024,625 | ---- | C] () -- C:\Users\Susanne\Documents\**Zensiert**.pdf
[2013.03.28 01:39:19 | 000,001,436 | ---- | C] () -- C:\Users\Susanne\Desktop\Kobi.lnk
[2013.03.28 01:39:19 | 000,001,362 | ---- | C] () -- C:\Users\Susanne\Desktop\Praxis.lnk
[2013.03.28 01:39:17 | 000,001,233 | ---- | C] () -- C:\Users\Susanne\Desktop\Eigene Dokumente.lnk
[2013.03.28 01:23:24 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\CNC173FD.TBL
[2013.03.28 01:11:57 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.28 01:11:56 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.27 23:31:24 | 000,001,405 | ---- | C] () -- C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.27 23:28:36 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2013.03.27 23:28:36 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
[2013.03.27 23:22:55 | 3112,587,264 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.28 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Susanne\AppData\Roaming\PsyPrax
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 21:34:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Susanne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 74,54% Memory free
7,73 Gb Paging File | 6,42 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,89 Gb Total Space | 228,08 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32
Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E13646-031C-4D63-8E2C-519FBC33306B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{04252F46-FE52-4788-BEB8-14AB86D42AA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{101B128E-90A8-4903-8DC7-79EE187CF730}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{317D60CE-391D-4C00-8EB2-9B618EC89804}" = rport=139 | protocol=6 | dir=out | app=system | 
"{31BE142A-4638-4761-AA49-78553D4FF2FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38B5FBEB-8B4E-41F8-AEBD-E9141835109D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A9EC5FA-F2A2-4F33-A6D9-CF8A0361B14F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{47C09A6D-DBD6-4774-933F-C5A0ABFC333B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{570AF88F-5B35-4017-B21B-14BD983B7621}" = rport=445 | protocol=6 | dir=out | app=system | 
"{59861AAD-C033-4B8A-8661-52D0F1B790BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5DB434BF-4D65-4D5D-BB8A-580E54B415B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6472F28A-42F9-4051-BAF3-2AD6C9A75BF2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76D496F1-1DE2-4299-B2C6-5CD9B2827AEA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9F571AC9-29D4-4E1A-AC8A-3B6FA6ADDB55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A84D54A0-00D7-4513-8C5A-BB7956D1A0DD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B928F0A8-4AED-44D0-ABBD-DA63028FA1A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD5BC235-8C84-40FD-AF6E-E485AFAC3D47}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BD8DC53F-669F-4F51-AF2C-783544C0ED22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7299E4F-5FB5-4DD0-9A19-FA23A2261D2F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DE94DA1A-5CF8-4DB0-B2AA-856EE85472F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF252669-F899-42A3-8663-69AFC4C4897F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F33438B2-3EAA-4109-A12D-0AB86A9469C4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F5639180-A5A5-42A3-96A3-0F8F727250EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FDD2F485-64DA-425D-9175-DD0D8394AA1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AADA7F3-2885-4ECA-BEC2-254985BB6FCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{368AAFC2-B438-46E4-B759-99D59F0339BA}" = protocol=6 | dir=out | app=system | 
"{3FD9CC3B-87D4-4B85-BEE6-9BE2AEFB175E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{56A29773-AA47-41B9-82C9-7C124702DFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{584601BA-9DFB-44B6-A568-E784B874FF63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A0AF75F-36B4-43B8-927E-DF981CB92A83}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5D30B85A-D69A-430B-9EDD-6218AABF75C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{69F57D4E-89E7-4191-89E6-76701B961BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6BBE4CAF-3792-4555-AE85-F17029E61731}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6C433974-967C-4044-B2D1-4842C60660FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{70C50F4C-78BC-41A7-9173-64517195C2CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{713EF3A1-F0FA-411F-B44C-18DB0E58E62D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{77361F11-48B6-414D-823B-A63C6043F1D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F0E0F82-2C6C-4B89-A2FD-4DCA093B8817}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A4E6C821-87CE-4CAE-B407-E418F06F4BF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8D4DA27-3FC2-4B9A-96AE-C86712984FB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAE39440-4513-4105-9EE3-6141F234335A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B4E0B5BC-0C52-496E-B1D9-DDF2AA37585C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6996356-E04B-4776-8499-1A18F0BF509D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{C7AD2E47-7FB5-49AA-ACD2-B48CC0F02CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD7A6CDA-EDB8-496B-8166-8DB274889FD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1F42F7A-FA17-4481-8F38-8E14BBD6BD9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F58A85A4-75FA-4F36-AC9E-A9FC1F35C8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19E2CC1A-981D-49FD-B42A-143DC96D40C8}" = adebisKITA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides 
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A981A9BA-8670-4419-8B2F-F3E6C0514531}_is1" = Psyprax
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"hp print screen utility" = hp print screen utility
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mobile Partner" = Mobile Partner
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"VLC media player" = VLC media player 2.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2013 14:12:19 | Computer Name = Susanne | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpdj.exe, Version: 2.236.4.0, Zeitstempel:
 0x3f52e9d3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x6e4  Startzeit der fehlerhaften Anwendung: 0x01ce2bdfb7b85a13  Pfad der fehlerhaften
 Anwendung: C:\Users\Susanne\AppData\Local\Temp\hpdj.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 0716bf9d-97d3-11e2-b3b0-c80aa945a4b0
 
Error - 30.03.2013 09:53:52 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.03.2013 11:50:47 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.04.2013 15:19:58 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.04.2013 07:04:52 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 07.04.2013 06:10:08 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.04.2013 11:31:59 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.04.2013 09:18:06 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.04.2013 08:30:21 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.04.2013 21:51:49 | Computer Name = Susanne | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
 "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1069
 
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Dhcp" konnte sich nicht als "NT Authority\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DHCP-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1069
 
Error - 28.03.2013 05:06:41 | Computer Name = Susanne | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
 "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1069
 
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 28.03.2013 08:12:07 | Computer Name = Susanne | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 28.03.2013 10:43:03 | Computer Name = Susanne | Source = Service Control Manager | ID = 7030
Description = Der Dienst "HWDeviceService64.exe" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 28.03.2013 12:49:49 | Computer Name = Susanne | Source = Service Control Manager | ID = 7030
Description = Der Dienst "hpdj" ist als interaktiver Dienst gekennzeichnet. Das 
System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind.
 Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         
gmer
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 21:55:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Susanne\AppData\Local\Temp\axddypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076fe1465 2 bytes [FE, 76]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076fe14bb 2 bytes [FE, 76]
.text  ...                                                                                                                        * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f6f87                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f6f87@000761d00829                                   0x0B 0xF8 0xC3 0x0C ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f6f87 (not active ControlSet)                            
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f6f87@000761d00829                                       0x0B 0xF8 0xC3 0x0C ...

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----
         

Geändert von jojoho (26.04.2013 um 21:54 Uhr)

Alt 28.04.2013, 19:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 28.04.2013, 23:21   #3
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



In der Tat Avira hat bei einem Suchlauf relativ direkt nach den Massenmails folgendes gefunden:

(Eigentlich wollt ich den Log schon gestern gleich noch in meinen ersten Beitrag einbinden, aber das ging leider nichtmehr)

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 21. April 2013  22:10


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : *****

Versionsinformationen:
BUILD.DAT      : 13.0.0.3499    49286 Bytes  19.03.2013 16:29:00
AVSCAN.EXE     : 13.6.0.986    639712 Bytes  27.03.2013 22:09:42
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  27.03.2013 22:09:42
LUKE.DLL       : 13.6.0.902     67808 Bytes  27.03.2013 22:09:51
AVSCPLR.DLL    : 13.6.0.986     94944 Bytes  27.03.2013 22:10:03
AVREG.DLL      : 13.6.0.940    250592 Bytes  27.03.2013 22:10:03
avlode.dll     : 13.6.2.940    434912 Bytes  27.03.2013 22:09:42
avlode.rdf     : 13.0.0.46      15591 Bytes  28.03.2013 16:13:36
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 16:37:22
VBASE001.VDF   : 7.11.70.1       2048 Bytes  04.04.2013 16:37:23
VBASE002.VDF   : 7.11.70.2       2048 Bytes  04.04.2013 16:37:23
VBASE003.VDF   : 7.11.70.3       2048 Bytes  04.04.2013 16:37:23
VBASE004.VDF   : 7.11.70.4       2048 Bytes  04.04.2013 16:37:23
VBASE005.VDF   : 7.11.70.5       2048 Bytes  04.04.2013 16:37:23
VBASE006.VDF   : 7.11.70.6       2048 Bytes  04.04.2013 16:37:23
VBASE007.VDF   : 7.11.70.7       2048 Bytes  04.04.2013 16:37:23
VBASE008.VDF   : 7.11.70.8       2048 Bytes  04.04.2013 16:37:23
VBASE009.VDF   : 7.11.70.9       2048 Bytes  04.04.2013 16:37:23
VBASE010.VDF   : 7.11.70.10      2048 Bytes  04.04.2013 16:37:23
VBASE011.VDF   : 7.11.70.11      2048 Bytes  04.04.2013 16:37:23
VBASE012.VDF   : 7.11.70.12      2048 Bytes  04.04.2013 16:37:23
VBASE013.VDF   : 7.11.70.13      2048 Bytes  04.04.2013 16:37:23
VBASE014.VDF   : 7.11.70.103   136192 Bytes  05.04.2013 16:37:23
VBASE015.VDF   : 7.11.70.183   183808 Bytes  06.04.2013 15:00:45
VBASE016.VDF   : 7.11.71.9     145920 Bytes  08.04.2013 15:00:15
VBASE017.VDF   : 7.11.71.115   169472 Bytes  10.04.2013 06:21:39
VBASE018.VDF   : 7.11.71.197   172544 Bytes  11.04.2013 12:21:35
VBASE019.VDF   : 7.11.72.17    135168 Bytes  12.04.2013 14:50:30
VBASE020.VDF   : 7.11.72.103   158208 Bytes  15.04.2013 15:03:33
VBASE021.VDF   : 7.11.72.137   152064 Bytes  15.04.2013 15:03:33
VBASE022.VDF   : 7.11.72.223   159232 Bytes  16.04.2013 07:06:03
VBASE023.VDF   : 7.11.73.59    204288 Bytes  18.04.2013 05:48:09
VBASE024.VDF   : 7.11.73.133   164864 Bytes  19.04.2013 16:02:47
VBASE025.VDF   : 7.11.73.134     2048 Bytes  19.04.2013 16:02:47
VBASE026.VDF   : 7.11.73.135     2048 Bytes  19.04.2013 16:02:47
VBASE027.VDF   : 7.11.73.136     2048 Bytes  19.04.2013 16:02:47
VBASE028.VDF   : 7.11.73.137     2048 Bytes  19.04.2013 16:02:47
VBASE029.VDF   : 7.11.73.138     2048 Bytes  19.04.2013 16:02:47
VBASE030.VDF   : 7.11.73.139     2048 Bytes  19.04.2013 16:02:47
VBASE031.VDF   : 7.11.73.192   153088 Bytes  21.04.2013 17:26:28
Engineversion  : 8.2.12.30 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  27.03.2013 22:09:30
AESCRIPT.DLL   : 8.1.4.106     483709 Bytes  12.04.2013 14:50:33
AESCN.DLL      : 8.1.10.4      131446 Bytes  27.03.2013 22:09:30
AESBX.DLL      : 8.2.5.12      606578 Bytes  27.03.2013 22:09:30
AERDL.DLL      : 8.2.0.88      643444 Bytes  27.03.2013 22:09:30
AEPACK.DLL     : 8.3.2.6       827767 Bytes  28.03.2013 16:13:36
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  27.03.2013 22:09:29
AEHEUR.DLL     : 8.1.4.302    5890425 Bytes  19.04.2013 10:02:49
AEHELP.DLL     : 8.1.25.2      258423 Bytes  27.03.2013 22:09:28
AEGEN.DLL      : 8.1.7.2       442741 Bytes  27.03.2013 22:09:27
AEEXP.DLL      : 8.4.0.22      196982 Bytes  19.04.2013 10:02:50
AEEMU.DLL      : 8.1.3.2       393587 Bytes  27.03.2013 22:09:27
AECORE.DLL     : 8.1.31.2      201080 Bytes  27.03.2013 22:09:27
AEBB.DLL       : 8.1.1.4        53619 Bytes  27.03.2013 22:09:27
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  27.03.2013 22:08:37
AVPREF.DLL     : 13.6.0.480     51056 Bytes  27.03.2013 22:09:42
AVREP.DLL      : 13.6.0.480    178544 Bytes  27.03.2013 22:10:03
AVARKT.DLL     : 13.6.0.902    260832 Bytes  27.03.2013 22:09:37
AVEVTLOG.DLL   : 13.6.0.902    167648 Bytes  27.03.2013 22:09:39
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  27.03.2013 22:09:57
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  27.03.2013 22:09:43
NETNT.DLL      : 13.6.0.480     16240 Bytes  27.03.2013 22:09:53
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  27.03.2013 22:08:38
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  27.03.2013 22:08:38

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 21. April 2013  22:10

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AERTSr64.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HWDeviceService64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI64.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtVOsd64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1570' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
    [0] Archivtyp: RSRC
    --> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\2A3E4DFD-00002EB1.eml
        [1] Archivtyp: MIME
      --> Payment_Advice.zip
          [2] Archivtyp: ZIP
        --> Payment_Advice.exe
            [FUND]      Ist das Trojanische Pferd TR/PSW.Fareit.C.10
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\2A3E4DFD-00002EB1.eml
  [FUND]      Ist das Trojanische Pferd TR/PSW.Fareit.C.10
    --> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\40B50C34-00002F0C.eml
        [1] Archivtyp: MIME
      --> Die Einzelheiten Ihres Einkaufs.zip
          [2] Archivtyp: ZIP
        --> Die Einzelheiten Ihres Einkaufs.pdf.exe
            [FUND]      Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Androm.EB.94
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\40B50C34-00002F0C.eml
  [FUND]      Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Androm.EB.94
    --> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\74F21001-00002F6C.eml
        [1] Archivtyp: MIME
      --> object
          [2] Archivtyp: MIME
        --> object
            [3] Archivtyp: MIME
          --> Payment Advice_Ref[B44974619814].zip
              [4] Archivtyp: ZIP
            --> Payment Advice_Ref[B44{_hsbs ref}].exe
                [FUND]      Ist das Trojanische Pferd TR/PSW.Tepfer.EB.63
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\74F21001-00002F6C.eml
  [FUND]      Ist das Trojanische Pferd TR/PSW.Tepfer.EB.63
    --> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\3F0C3F2B-00000A02.eml
        [1] Archivtyp: MIME
      --> FullDetails.html
          [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
          [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\3F0C3F2B-00000A02.eml
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
    --> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\44D747F8-000009EF.eml
        [1] Archivtyp: MIME
      --> FullDetails.html
          [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
          [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\44D747F8-000009EF.eml
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
    --> C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Posteingang\63121F0A-0000094B.eml
        [1] Archivtyp: MIME
      --> Fraud report.zip
          [2] Archivtyp: ZIP
        --> Fraud report.exe
            [FUND]      Ist das Trojanische Pferd TR/Yakes.O
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Posteingang\63121F0A-0000094B.eml
  [FUND]      Ist das Trojanische Pferd TR/Yakes.O
Beginne mit der Suche in 'D:\' <RECOVERY>
Beginne mit der Suche in 'E:\' <HP_TOOLS>

Beginne mit der Desinfektion:
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Posteingang\63121F0A-0000094B.eml
  [FUND]      Ist das Trojanische Pferd TR/Yakes.O
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59a2695e.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\44D747F8-000009EF.eml
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '412846fa.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\**Zensiert**\Gelöschte E 443\3F0C3F2B-00000A02.eml
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Redirector.EU
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '136b1c64.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\74F21001-00002F6C.eml
  [FUND]      Ist das Trojanische Pferd TR/PSW.Tepfer.EB.63
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '754253d0.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\40B50C34-00002F0C.eml
  [FUND]      Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Androm.EB.94
  [HINWEIS]   Der Fund wurde als verdächtig eingestuft.
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '30ca7ee2.qua' verschoben!
C:\Users\Susanne\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\2A3E4DFD-00002EB1.eml
  [FUND]      Ist das Trojanische Pferd TR/PSW.Fareit.C.10
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fc04cf2.qua' verschoben!


Ende des Suchlaufs: Montag, 22. April 2013  07:03
Benötigte Zeit:  1:01:01 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  30580 Verzeichnisse wurden überprüft
 634923 Dateien wurden geprüft
     11 Viren bzw. unerwünschte Programme wurden gefunden
      1 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      6 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 634911 Dateien ohne Befall
  22874 Archive wurden durchsucht
      6 Warnungen
      6 Hinweise
 749451 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
__________________

Alt 29.04.2013, 10:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.




Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.05.2013, 17:39   #5
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Susanne :: SUSANNE [administrator]

02.05.2013 16:04:44
mbar-log-2013-05-02 (16-04-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29197
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR
Code:
ATTFilter
 of processors: 4 586 0x2502
16:16:16.106    ComputerName: SUSANNE  UserName: Susanne
16:16:16.680    Initialze error C000010E - driver not loaded
16:16:16.721    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
16:16:26.076    AVAST engine defs: 13050200
16:16:46.290    Scan error: Falscher Parameter.
16:17:57.222    The log file has been saved successfully to "C:\Users\Susanne\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-02 16:24:32
-----------------------------
16:24:32.628    OS Version: Windows x64 6.1.7601 Service Pack 1
16:24:32.628    Number of processors: 4 586 0x2502
16:24:32.628    ComputerName: SUSANNE  UserName: Susanne
16:24:33.501    Initialize success
16:24:45.825    AVAST engine defs: 13050200
16:25:00.021    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:25:00.021    Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
16:25:00.146    Disk 0 MBR read successfully
16:25:00.162    Disk 0 MBR scan
16:25:00.177    Disk 0 unknown MBR code
16:25:00.193    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
16:25:00.209    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       291728 MB offset 409600
16:25:00.240    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13213 MB offset 597868544
16:25:00.271    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
16:25:00.318    Disk 0 scanning C:\Windows\system32\drivers
16:25:14.498    Service scanning
16:25:47.991    Modules scanning
16:25:48.007    Disk 0 trace - called modules:
16:25:48.537    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:25:48.553    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c13060]
16:25:48.553    3 CLASSPNP.SYS[fffff880010cf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004984050]
16:25:48.569    Scan finished successfully
16:26:58.472    Disk 0 MBR has been saved successfully to "C:\Users\Susanne\Desktop\MBR.dat"
16:26:58.472    The log file has been saved successfully to "C:\Users\Susanne\Desktop\aswMBR.txt"
         
TDSS-Killer
Code:
ATTFilter
16:35:49.0766 4460  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:35:49.0933 4460  ============================================================
16:35:49.0933 4460  Current date / time: 2013/05/02 16:35:49.0933
16:35:49.0933 4460  SystemInfo:
16:35:49.0933 4460  
16:35:49.0934 4460  OS Version: 6.1.7601 ServicePack: 1.0
16:35:49.0934 4460  Product type: Workstation
16:35:49.0934 4460  ComputerName: SUSANNE
16:35:49.0934 4460  UserName: Susanne
16:35:49.0934 4460  Windows directory: C:\Windows
16:35:49.0934 4460  System windows directory: C:\Windows
16:35:49.0934 4460  Running under WOW64
16:35:49.0934 4460  Processor architecture: Intel x64
16:35:49.0934 4460  Number of processors: 4
16:35:49.0934 4460  Page size: 0x1000
16:35:49.0934 4460  Boot type: Normal boot
16:35:49.0934 4460  ============================================================
16:35:51.0313 4460  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:35:55.0799 4460  Drive \Device\Harddisk1\DR1 - Size: 0x1EB00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:35:55.0806 4460  ============================================================
16:35:55.0806 4460  \Device\Harddisk0\DR0:
16:35:55.0806 4460  MBR partitions:
16:35:55.0806 4460  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:35:55.0806 4460  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239C8000
16:35:55.0806 4460  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23A2C000, BlocksNum 0x19CE800
16:35:55.0806 4460  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
16:35:55.0806 4460  \Device\Harddisk1\DR1:
16:35:55.0808 4460  MBR partitions:
16:35:55.0808 4460  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xE9, BlocksNum 0xF5717
16:35:55.0809 4460  ============================================================
16:35:55.0838 4460  C: <-> \Device\Harddisk0\DR0\Partition2
16:35:55.0882 4460  D: <-> \Device\Harddisk0\DR0\Partition3
16:35:55.0896 4460  E: <-> \Device\Harddisk0\DR0\Partition4
16:35:55.0896 4460  ============================================================
16:35:55.0896 4460  Initialize success
16:35:55.0896 4460  ============================================================
16:36:03.0697 2752  ============================================================
16:36:03.0697 2752  Scan started
16:36:03.0697 2752  Mode: Manual; 
16:36:03.0697 2752  ============================================================
16:36:03.0932 2752  ================ Scan system memory ========================
16:36:03.0932 2752  System memory - ok
16:36:03.0933 2752  ================ Scan services =============================
16:36:04.0116 2752  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:36:04.0120 2752  1394ohci - ok
16:36:04.0162 2752  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:36:04.0166 2752  ACPI - ok
16:36:04.0185 2752  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:36:04.0186 2752  AcpiPmi - ok
16:36:04.0274 2752  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:36:04.0275 2752  AdobeARMservice - ok
16:36:04.0323 2752  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:36:04.0329 2752  adp94xx - ok
16:36:04.0349 2752  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:36:04.0353 2752  adpahci - ok
16:36:04.0377 2752  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:36:04.0379 2752  adpu320 - ok
16:36:04.0402 2752  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:36:04.0404 2752  AeLookupSvc - ok
16:36:04.0475 2752  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:36:04.0476 2752  AERTFilters - ok
16:36:04.0543 2752  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:36:04.0550 2752  AFD - ok
16:36:04.0609 2752  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
16:36:04.0622 2752  AgereSoftModem - ok
16:36:04.0655 2752  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:36:04.0656 2752  agp440 - ok
16:36:04.0690 2752  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:36:04.0692 2752  ALG - ok
16:36:04.0721 2752  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:36:04.0722 2752  aliide - ok
16:36:04.0757 2752  [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:36:04.0759 2752  AMD External Events Utility - ok
16:36:04.0776 2752  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:36:04.0776 2752  amdide - ok
16:36:04.0805 2752  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:36:04.0806 2752  AmdK8 - ok
16:36:04.0828 2752  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:36:04.0829 2752  AmdPPM - ok
16:36:04.0868 2752  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:36:04.0869 2752  amdsata - ok
16:36:04.0890 2752  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:36:04.0893 2752  amdsbs - ok
16:36:04.0910 2752  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:36:04.0911 2752  amdxata - ok
16:36:04.0967 2752  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:36:04.0969 2752  AntiVirSchedulerService - ok
16:36:05.0000 2752  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:36:05.0001 2752  AntiVirService - ok
16:36:05.0038 2752  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:36:05.0039 2752  AppID - ok
16:36:05.0065 2752  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:36:05.0067 2752  AppIDSvc - ok
16:36:05.0100 2752  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:36:05.0102 2752  Appinfo - ok
16:36:05.0147 2752  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:36:05.0149 2752  arc - ok
16:36:05.0167 2752  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:36:05.0168 2752  arcsas - ok
16:36:05.0190 2752  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:36:05.0190 2752  AsyncMac - ok
16:36:05.0228 2752  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:36:05.0228 2752  atapi - ok
16:36:05.0352 2752  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:36:05.0388 2752  athr - ok
16:36:05.0456 2752  [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
16:36:05.0457 2752  AtiHdmiService - ok
16:36:05.0600 2752  [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:36:05.0661 2752  atikmdag - ok
16:36:05.0727 2752  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:36:05.0737 2752  AudioEndpointBuilder - ok
16:36:05.0754 2752  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:36:05.0758 2752  AudioSrv - ok
16:36:05.0809 2752  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:36:05.0811 2752  avgntflt - ok
16:36:05.0840 2752  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:36:05.0841 2752  avipbb - ok
16:36:05.0877 2752  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:36:05.0877 2752  avkmgr - ok
16:36:05.0927 2752  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:36:05.0930 2752  AxInstSV - ok
16:36:05.0973 2752  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:36:05.0979 2752  b06bdrv - ok
16:36:06.0015 2752  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:36:06.0018 2752  b57nd60a - ok
16:36:06.0084 2752  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:36:06.0086 2752  BDESVC - ok
16:36:06.0120 2752  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:36:06.0120 2752  Beep - ok
16:36:06.0177 2752  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:36:06.0185 2752  BFE - ok
16:36:06.0224 2752  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:36:06.0235 2752  BITS - ok
16:36:06.0255 2752  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:36:06.0256 2752  blbdrive - ok
16:36:06.0292 2752  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:36:06.0294 2752  bowser - ok
16:36:06.0328 2752  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:36:06.0329 2752  BrFiltLo - ok
16:36:06.0339 2752  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:36:06.0339 2752  BrFiltUp - ok
16:36:06.0366 2752  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:36:06.0367 2752  Browser - ok
16:36:06.0389 2752  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:36:06.0392 2752  Brserid - ok
16:36:06.0409 2752  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:36:06.0410 2752  BrSerWdm - ok
16:36:06.0423 2752  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:36:06.0423 2752  BrUsbMdm - ok
16:36:06.0431 2752  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:36:06.0431 2752  BrUsbSer - ok
16:36:06.0464 2752  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:36:06.0464 2752  BthEnum - ok
16:36:06.0479 2752  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:36:06.0480 2752  BTHMODEM - ok
16:36:06.0503 2752  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:36:06.0505 2752  BthPan - ok
16:36:06.0560 2752  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:36:06.0569 2752  BTHPORT - ok
16:36:06.0601 2752  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:36:06.0603 2752  bthserv - ok
16:36:06.0627 2752  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:36:06.0628 2752  BTHUSB - ok
16:36:06.0654 2752  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:36:06.0655 2752  cdfs - ok
16:36:06.0683 2752  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:36:06.0684 2752  cdrom - ok
16:36:06.0725 2752  [ 51E8CB07EF17C3B4C806EDC8C45DEFDD ] celmkt          C:\Windows\system32\Drivers\celmkt_x64.sys
16:36:06.0725 2752  celmkt - ok
16:36:06.0763 2752  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:36:06.0765 2752  CertPropSvc - ok
16:36:06.0784 2752  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:36:06.0785 2752  circlass - ok
16:36:06.0841 2752  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:36:06.0845 2752  CLFS - ok
16:36:06.0901 2752  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:36:06.0902 2752  clr_optimization_v2.0.50727_32 - ok
16:36:06.0955 2752  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:36:06.0958 2752  clr_optimization_v2.0.50727_64 - ok
16:36:07.0076 2752  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:36:07.0078 2752  clr_optimization_v4.0.30319_32 - ok
16:36:07.0125 2752  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:36:07.0127 2752  clr_optimization_v4.0.30319_64 - ok
16:36:07.0145 2752  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:36:07.0145 2752  CmBatt - ok
16:36:07.0174 2752  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:36:07.0175 2752  cmdide - ok
16:36:07.0223 2752  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
16:36:07.0230 2752  CNG - ok
16:36:07.0321 2752  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:36:07.0325 2752  Com4QLBEx - ok
16:36:07.0362 2752  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:36:07.0362 2752  Compbatt - ok
16:36:07.0405 2752  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:36:07.0406 2752  CompositeBus - ok
16:36:07.0414 2752  COMSysApp - ok
16:36:07.0435 2752  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:36:07.0436 2752  crcdisk - ok
16:36:07.0476 2752  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:36:07.0479 2752  CryptSvc - ok
16:36:07.0523 2752  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:36:07.0533 2752  DcomLaunch - ok
16:36:07.0573 2752  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:36:07.0577 2752  defragsvc - ok
16:36:07.0605 2752  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:36:07.0606 2752  DfsC - ok
16:36:07.0638 2752  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:36:07.0641 2752  Dhcp - ok
16:36:07.0664 2752  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:36:07.0664 2752  discache - ok
16:36:07.0693 2752  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:36:07.0694 2752  Disk - ok
16:36:07.0720 2752  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:36:07.0721 2752  Dnscache - ok
16:36:07.0755 2752  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:36:07.0760 2752  dot3svc - ok
16:36:07.0802 2752  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:36:07.0804 2752  DPS - ok
16:36:07.0829 2752  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:36:07.0830 2752  drmkaud - ok
16:36:07.0887 2752  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:36:07.0898 2752  DXGKrnl - ok
16:36:07.0928 2752  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:36:07.0930 2752  EapHost - ok
16:36:08.0013 2752  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:36:08.0045 2752  ebdrv - ok
16:36:08.0084 2752  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:36:08.0085 2752  EFS - ok
16:36:08.0155 2752  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:36:08.0167 2752  ehRecvr - ok
16:36:08.0189 2752  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:36:08.0191 2752  ehSched - ok
16:36:08.0230 2752  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:36:08.0235 2752  elxstor - ok
16:36:08.0252 2752  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:36:08.0252 2752  ErrDev - ok
16:36:08.0288 2752  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:36:08.0292 2752  EventSystem - ok
16:36:08.0335 2752  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:36:08.0336 2752  ew_hwusbdev - ok
16:36:08.0381 2752  [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
16:36:08.0382 2752  ew_usbenumfilter - ok
16:36:08.0401 2752  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:36:08.0403 2752  exfat - ok
16:36:08.0421 2752  ezSharedSvc - ok
16:36:08.0429 2752  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:36:08.0431 2752  fastfat - ok
16:36:08.0473 2752  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:36:08.0481 2752  Fax - ok
16:36:08.0506 2752  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:36:08.0507 2752  fdc - ok
16:36:08.0539 2752  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:36:08.0540 2752  fdPHost - ok
16:36:08.0555 2752  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:36:08.0556 2752  FDResPub - ok
16:36:08.0573 2752  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:36:08.0574 2752  FileInfo - ok
16:36:08.0587 2752  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:36:08.0587 2752  Filetrace - ok
16:36:08.0593 2752  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:36:08.0593 2752  flpydisk - ok
16:36:08.0655 2752  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:36:08.0660 2752  FltMgr - ok
16:36:08.0718 2752  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:36:08.0732 2752  FontCache - ok
16:36:08.0787 2752  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:36:08.0789 2752  FontCache3.0.0.0 - ok
16:36:08.0814 2752  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:36:08.0815 2752  FsDepends - ok
16:36:08.0825 2752  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:36:08.0826 2752  Fs_Rec - ok
16:36:08.0863 2752  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:36:08.0866 2752  fvevol - ok
16:36:08.0884 2752  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:36:08.0885 2752  gagp30kx - ok
16:36:08.0927 2752  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:36:08.0936 2752  gpsvc - ok
16:36:09.0002 2752  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:36:09.0003 2752  gupdate - ok
16:36:09.0010 2752  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:36:09.0012 2752  gupdatem - ok
16:36:09.0025 2752  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:36:09.0026 2752  hcw85cir - ok
16:36:09.0073 2752  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:36:09.0077 2752  HdAudAddService - ok
16:36:09.0100 2752  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:36:09.0102 2752  HDAudBus - ok
16:36:09.0139 2752  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:36:09.0140 2752  HECIx64 - ok
16:36:09.0164 2752  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:36:09.0165 2752  HidBatt - ok
16:36:09.0189 2752  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:36:09.0191 2752  HidBth - ok
16:36:09.0216 2752  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:36:09.0217 2752  HidIr - ok
16:36:09.0240 2752  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:36:09.0242 2752  hidserv - ok
16:36:09.0261 2752  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:36:09.0261 2752  HidUsb - ok
16:36:09.0307 2752  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:36:09.0309 2752  hkmsvc - ok
16:36:09.0342 2752  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:36:09.0346 2752  HomeGroupListener - ok
16:36:09.0381 2752  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:36:09.0383 2752  HomeGroupProvider - ok
16:36:09.0434 2752  [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:36:09.0435 2752  HP Health Check Service - ok
16:36:09.0466 2752  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:36:09.0466 2752  HpqKbFiltr - ok
16:36:09.0519 2752  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:36:09.0521 2752  hpqwmiex - ok
16:36:09.0576 2752  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:36:09.0577 2752  HpSAMD - ok
16:36:09.0632 2752  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:36:09.0644 2752  HTTP - ok
16:36:09.0689 2752  [ 4DBBFCE863FE1B64C770EB53A3BA5860 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
16:36:09.0690 2752  huawei_cdcacm - ok
16:36:09.0712 2752  [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:36:09.0713 2752  huawei_enumerator - ok
16:36:09.0745 2752  [ DF65F49F3A108AB509D675312FC896B8 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
16:36:09.0746 2752  huawei_ext_ctrl - ok
16:36:09.0779 2752  [ 962032D69A8CA503F030F311CF4487B7 ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
16:36:09.0781 2752  huawei_wwanecm - ok
16:36:09.0894 2752  [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
16:36:09.0899 2752  HWDeviceService64.exe - ok
16:36:09.0930 2752  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:36:09.0931 2752  hwpolicy - ok
16:36:09.0978 2752  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:36:09.0979 2752  i8042prt - ok
16:36:10.0037 2752  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:36:10.0040 2752  iaStor - ok
16:36:10.0071 2752  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:36:10.0075 2752  iaStorV - ok
16:36:10.0133 2752  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:36:10.0148 2752  idsvc - ok
16:36:10.0297 2752  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:36:10.0357 2752  igfx - ok
16:36:10.0383 2752  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:36:10.0383 2752  iirsp - ok
16:36:10.0426 2752  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:36:10.0435 2752  IKEEXT - ok
16:36:10.0516 2752  [ 181E4FF75674A7105ECD0A02C35EF43A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:36:10.0531 2752  IntcAzAudAddService - ok
16:36:10.0566 2752  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:36:10.0567 2752  intelide - ok
16:36:10.0615 2752  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:36:10.0616 2752  intelppm - ok
16:36:10.0648 2752  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:36:10.0651 2752  IPBusEnum - ok
16:36:10.0679 2752  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:36:10.0680 2752  IpFilterDriver - ok
16:36:10.0734 2752  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:36:10.0743 2752  iphlpsvc - ok
16:36:10.0778 2752  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:36:10.0779 2752  IPMIDRV - ok
16:36:10.0798 2752  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:36:10.0799 2752  IPNAT - ok
16:36:10.0810 2752  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:36:10.0811 2752  IRENUM - ok
16:36:10.0833 2752  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:36:10.0834 2752  isapnp - ok
16:36:10.0853 2752  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:36:10.0856 2752  iScsiPrt - ok
16:36:10.0872 2752  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:36:10.0873 2752  kbdclass - ok
16:36:10.0912 2752  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:36:10.0912 2752  kbdhid - ok
16:36:10.0926 2752  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:36:10.0927 2752  KeyIso - ok
16:36:10.0952 2752  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:36:10.0953 2752  KSecDD - ok
16:36:10.0989 2752  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:36:10.0991 2752  KSecPkg - ok
16:36:11.0020 2752  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:36:11.0021 2752  ksthunk - ok
16:36:11.0048 2752  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:36:11.0054 2752  KtmRm - ok
16:36:11.0103 2752  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:36:11.0107 2752  LanmanServer - ok
16:36:11.0141 2752  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:36:11.0144 2752  LanmanWorkstation - ok
16:36:11.0194 2752  [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:36:11.0195 2752  LightScribeService - ok
16:36:11.0233 2752  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:36:11.0234 2752  lltdio - ok
16:36:11.0249 2752  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:36:11.0254 2752  lltdsvc - ok
16:36:11.0274 2752  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:36:11.0276 2752  lmhosts - ok
16:36:11.0329 2752  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:36:11.0332 2752  LMS - ok
16:36:11.0357 2752  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:36:11.0359 2752  LSI_FC - ok
16:36:11.0371 2752  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:36:11.0373 2752  LSI_SAS - ok
16:36:11.0385 2752  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:36:11.0386 2752  LSI_SAS2 - ok
16:36:11.0392 2752  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:36:11.0393 2752  LSI_SCSI - ok
16:36:11.0399 2752  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:36:11.0401 2752  luafv - ok
16:36:11.0433 2752  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:36:11.0436 2752  Mcx2Svc - ok
16:36:11.0448 2752  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:36:11.0448 2752  megasas - ok
16:36:11.0466 2752  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:36:11.0468 2752  MegaSR - ok
16:36:11.0493 2752  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:36:11.0494 2752  MMCSS - ok
16:36:11.0503 2752  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:36:11.0504 2752  Modem - ok
16:36:11.0521 2752  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:36:11.0521 2752  monitor - ok
16:36:11.0561 2752  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:36:11.0562 2752  mouclass - ok
16:36:11.0589 2752  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:36:11.0589 2752  mouhid - ok
16:36:11.0628 2752  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:36:11.0630 2752  mountmgr - ok
16:36:11.0668 2752  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:36:11.0670 2752  mpio - ok
16:36:11.0688 2752  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:36:11.0689 2752  mpsdrv - ok
16:36:11.0739 2752  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:36:11.0748 2752  MpsSvc - ok
16:36:11.0777 2752  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:36:11.0778 2752  MRxDAV - ok
16:36:11.0811 2752  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:36:11.0812 2752  mrxsmb - ok
16:36:11.0827 2752  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:36:11.0830 2752  mrxsmb10 - ok
16:36:11.0841 2752  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:36:11.0842 2752  mrxsmb20 - ok
16:36:11.0879 2752  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:36:11.0880 2752  msahci - ok
16:36:11.0894 2752  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:36:11.0895 2752  msdsm - ok
16:36:11.0908 2752  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:36:11.0911 2752  MSDTC - ok
16:36:11.0947 2752  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:36:11.0948 2752  Msfs - ok
16:36:11.0959 2752  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:36:11.0959 2752  mshidkmdf - ok
16:36:11.0972 2752  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:36:11.0973 2752  msisadrv - ok
16:36:11.0997 2752  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:36:12.0000 2752  MSiSCSI - ok
16:36:12.0005 2752  msiserver - ok
16:36:12.0028 2752  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:36:12.0029 2752  MSKSSRV - ok
16:36:12.0045 2752  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:36:12.0046 2752  MSPCLOCK - ok
16:36:12.0059 2752  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:36:12.0059 2752  MSPQM - ok
16:36:12.0097 2752  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:36:12.0101 2752  MsRPC - ok
16:36:12.0131 2752  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:36:12.0132 2752  mssmbios - ok
16:36:12.0143 2752  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:36:12.0143 2752  MSTEE - ok
16:36:12.0155 2752  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:36:12.0155 2752  MTConfig - ok
16:36:12.0171 2752  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:36:12.0172 2752  Mup - ok
16:36:12.0207 2752  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:36:12.0213 2752  napagent - ok
16:36:12.0242 2752  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:36:12.0245 2752  NativeWifiP - ok
16:36:12.0304 2752  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:36:12.0314 2752  NDIS - ok
16:36:12.0325 2752  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:36:12.0326 2752  NdisCap - ok
16:36:12.0347 2752  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:36:12.0348 2752  NdisTapi - ok
16:36:12.0386 2752  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:36:12.0387 2752  Ndisuio - ok
16:36:12.0420 2752  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:36:12.0422 2752  NdisWan - ok
16:36:12.0455 2752  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:36:12.0456 2752  NDProxy - ok
16:36:12.0480 2752  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:36:12.0480 2752  NetBIOS - ok
16:36:12.0518 2752  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:36:12.0521 2752  NetBT - ok
16:36:12.0551 2752  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:36:12.0553 2752  Netlogon - ok
16:36:12.0593 2752  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:36:12.0598 2752  Netman - ok
16:36:12.0618 2752  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:36:12.0624 2752  netprofm - ok
16:36:12.0649 2752  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:36:12.0651 2752  NetTcpPortSharing - ok
16:36:12.0773 2752  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
16:36:12.0828 2752  netw5v64 - ok
16:36:12.0848 2752  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:36:12.0849 2752  nfrd960 - ok
16:36:12.0873 2752  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:36:12.0876 2752  NlaSvc - ok
16:36:12.0897 2752  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:36:12.0897 2752  Npfs - ok
16:36:12.0918 2752  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:36:12.0920 2752  nsi - ok
16:36:12.0932 2752  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:36:12.0933 2752  nsiproxy - ok
16:36:13.0004 2752  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:36:13.0020 2752  Ntfs - ok
16:36:13.0035 2752  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:36:13.0035 2752  Null - ok
16:36:13.0093 2752  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:36:13.0095 2752  nvraid - ok
16:36:13.0126 2752  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:36:13.0127 2752  nvstor - ok
16:36:13.0192 2752  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:36:13.0194 2752  nv_agp - ok
16:36:13.0222 2752  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:36:13.0223 2752  ohci1394 - ok
16:36:13.0310 2752  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:36:13.0313 2752  ose - ok
16:36:13.0531 2752  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:36:13.0575 2752  osppsvc - ok
16:36:13.0609 2752  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:36:13.0627 2752  p2pimsvc - ok
16:36:13.0656 2752  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:36:13.0660 2752  p2psvc - ok
16:36:13.0681 2752  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:36:13.0682 2752  Parport - ok
16:36:13.0706 2752  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:36:13.0707 2752  partmgr - ok
16:36:13.0718 2752  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:36:13.0720 2752  PcaSvc - ok
16:36:13.0758 2752  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:36:13.0759 2752  pci - ok
16:36:13.0773 2752  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:36:13.0773 2752  pciide - ok
16:36:13.0793 2752  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:36:13.0795 2752  pcmcia - ok
16:36:13.0810 2752  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:36:13.0810 2752  pcw - ok
16:36:13.0835 2752  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:36:13.0841 2752  PEAUTH - ok
16:36:13.0897 2752  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:36:13.0898 2752  PerfHost - ok
16:36:13.0962 2752  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:36:13.0976 2752  pla - ok
16:36:14.0011 2752  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:36:14.0015 2752  PlugPlay - ok
16:36:14.0031 2752  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:36:14.0032 2752  PNRPAutoReg - ok
16:36:14.0050 2752  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:36:14.0053 2752  PNRPsvc - ok
16:36:14.0076 2752  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:36:14.0082 2752  PolicyAgent - ok
16:36:14.0118 2752  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:36:14.0121 2752  Power - ok
16:36:14.0159 2752  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:36:14.0160 2752  PptpMiniport - ok
16:36:14.0186 2752  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:36:14.0187 2752  Processor - ok
16:36:14.0212 2752  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:36:14.0215 2752  ProfSvc - ok
16:36:14.0229 2752  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:36:14.0230 2752  ProtectedStorage - ok
16:36:14.0271 2752  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:36:14.0272 2752  Psched - ok
16:36:14.0309 2752  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:36:14.0324 2752  ql2300 - ok
16:36:14.0337 2752  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:36:14.0338 2752  ql40xx - ok
16:36:14.0366 2752  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:36:14.0370 2752  QWAVE - ok
16:36:14.0378 2752  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:36:14.0379 2752  QWAVEdrv - ok
16:36:14.0399 2752  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:36:14.0399 2752  RasAcd - ok
16:36:14.0428 2752  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:36:14.0429 2752  RasAgileVpn - ok
16:36:14.0443 2752  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:36:14.0445 2752  RasAuto - ok
16:36:14.0475 2752  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:36:14.0476 2752  Rasl2tp - ok
16:36:14.0528 2752  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:36:14.0536 2752  RasMan - ok
16:36:14.0565 2752  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:36:14.0566 2752  RasPppoe - ok
16:36:14.0581 2752  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:36:14.0582 2752  RasSstp - ok
16:36:14.0612 2752  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:36:14.0616 2752  rdbss - ok
16:36:14.0652 2752  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:36:14.0653 2752  rdpbus - ok
16:36:14.0672 2752  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:36:14.0672 2752  RDPCDD - ok
16:36:14.0702 2752  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:36:14.0703 2752  RDPENCDD - ok
16:36:14.0741 2752  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:36:14.0742 2752  RDPREFMP - ok
16:36:14.0798 2752  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:36:14.0799 2752  RdpVideoMiniport - ok
16:36:14.0830 2752  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:36:14.0832 2752  RDPWD - ok
16:36:14.0884 2752  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:36:14.0887 2752  rdyboost - ok
16:36:14.0917 2752  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:36:14.0920 2752  RemoteAccess - ok
16:36:14.0945 2752  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:36:14.0949 2752  RemoteRegistry - ok
16:36:14.0980 2752  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:36:14.0982 2752  RFCOMM - ok
16:36:15.0055 2752  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:36:15.0059 2752  RichVideo - ok
16:36:15.0079 2752  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:36:15.0082 2752  RpcEptMapper - ok
16:36:15.0093 2752  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:36:15.0095 2752  RpcLocator - ok
16:36:15.0142 2752  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:36:15.0151 2752  RpcSs - ok
16:36:15.0185 2752  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:36:15.0186 2752  rspndr - ok
16:36:15.0230 2752  [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
16:36:15.0234 2752  RSUSBSTOR - ok
16:36:15.0286 2752  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:36:15.0291 2752  RTL8167 - ok
16:36:15.0304 2752  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:36:15.0305 2752  SamSs - ok
16:36:15.0335 2752  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:36:15.0336 2752  sbp2port - ok
16:36:15.0366 2752  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:36:15.0370 2752  SCardSvr - ok
16:36:15.0409 2752  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:36:15.0410 2752  scfilter - ok
16:36:15.0444 2752  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:36:15.0457 2752  Schedule - ok
16:36:15.0491 2752  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:36:15.0492 2752  SCPolicySvc - ok
16:36:15.0527 2752  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
16:36:15.0529 2752  sdbus - ok
16:36:15.0565 2752  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:36:15.0569 2752  SDRSVC - ok
16:36:15.0596 2752  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:36:15.0597 2752  secdrv - ok
16:36:15.0628 2752  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:36:15.0630 2752  seclogon - ok
16:36:15.0664 2752  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:36:15.0666 2752  SENS - ok
16:36:15.0678 2752  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:36:15.0680 2752  SensrSvc - ok
16:36:15.0698 2752  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:36:15.0699 2752  Serenum - ok
16:36:15.0713 2752  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:36:15.0715 2752  Serial - ok
16:36:15.0734 2752  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:36:15.0735 2752  sermouse - ok
16:36:15.0782 2752  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:36:15.0785 2752  SessionEnv - ok
16:36:15.0821 2752  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:36:15.0822 2752  sffdisk - ok
16:36:15.0834 2752  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:36:15.0834 2752  sffp_mmc - ok
16:36:15.0847 2752  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:36:15.0847 2752  sffp_sd - ok
16:36:15.0870 2752  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:36:15.0870 2752  sfloppy - ok
16:36:15.0894 2752  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:36:15.0899 2752  SharedAccess - ok
16:36:15.0919 2752  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:36:15.0923 2752  ShellHWDetection - ok
16:36:15.0947 2752  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:36:15.0948 2752  SiSRaid2 - ok
16:36:15.0960 2752  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:36:15.0961 2752  SiSRaid4 - ok
16:36:15.0994 2752  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:36:15.0995 2752  SkypeUpdate - ok
16:36:16.0022 2752  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:36:16.0023 2752  Smb - ok
16:36:16.0058 2752  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:36:16.0060 2752  SNMPTRAP - ok
16:36:16.0069 2752  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:36:16.0070 2752  spldr - ok
16:36:16.0106 2752  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:36:16.0112 2752  Spooler - ok
16:36:16.0219 2752  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:36:16.0251 2752  sppsvc - ok
16:36:16.0271 2752  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:36:16.0274 2752  sppuinotify - ok
16:36:16.0308 2752  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:36:16.0315 2752  srv - ok
16:36:16.0354 2752  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:36:16.0360 2752  srv2 - ok
16:36:16.0389 2752  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:36:16.0393 2752  SrvHsfHDA - ok
16:36:16.0429 2752  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:36:16.0446 2752  SrvHsfV92 - ok
16:36:16.0471 2752  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:36:16.0478 2752  SrvHsfWinac - ok
16:36:16.0509 2752  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:36:16.0511 2752  srvnet - ok
16:36:16.0563 2752  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:36:16.0567 2752  SSDPSRV - ok
16:36:16.0587 2752  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:36:16.0591 2752  SstpSvc - ok
16:36:16.0634 2752  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:36:16.0635 2752  stexstor - ok
16:36:16.0675 2752  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:36:16.0687 2752  stisvc - ok
16:36:16.0723 2752  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:36:16.0724 2752  swenum - ok
16:36:16.0746 2752  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:36:16.0753 2752  swprv - ok
16:36:16.0822 2752  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:36:16.0828 2752  SynTP - ok
16:36:16.0914 2752  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:36:16.0937 2752  SysMain - ok
16:36:16.0982 2752  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:36:16.0984 2752  TabletInputService - ok
16:36:16.0997 2752  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:36:17.0002 2752  TapiSrv - ok
16:36:17.0033 2752  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:36:17.0036 2752  TBS - ok
16:36:17.0111 2752  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:36:17.0131 2752  Tcpip - ok
16:36:17.0163 2752  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:36:17.0173 2752  TCPIP6 - ok
16:36:17.0202 2752  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:36:17.0202 2752  tcpipreg - ok
16:36:17.0237 2752  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:36:17.0238 2752  TDPIPE - ok
16:36:17.0257 2752  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:36:17.0258 2752  TDTCP - ok
16:36:17.0300 2752  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:36:17.0302 2752  tdx - ok
16:36:17.0315 2752  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:36:17.0316 2752  TermDD - ok
16:36:17.0343 2752  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:36:17.0352 2752  TermService - ok
16:36:17.0369 2752  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:36:17.0371 2752  Themes - ok
16:36:17.0387 2752  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:36:17.0388 2752  THREADORDER - ok
16:36:17.0401 2752  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:36:17.0403 2752  TrkWks - ok
16:36:17.0466 2752  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:36:17.0469 2752  TrustedInstaller - ok
16:36:17.0510 2752  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:36:17.0511 2752  tssecsrv - ok
16:36:17.0546 2752  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:36:17.0547 2752  TsUsbFlt - ok
16:36:17.0606 2752  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:36:17.0608 2752  tunnel - ok
16:36:17.0637 2752  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:36:17.0638 2752  uagp35 - ok
16:36:17.0675 2752  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:36:17.0680 2752  udfs - ok
16:36:17.0709 2752  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:36:17.0712 2752  UI0Detect - ok
16:36:17.0746 2752  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:36:17.0747 2752  uliagpkx - ok
16:36:17.0790 2752  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:36:17.0792 2752  umbus - ok
16:36:17.0807 2752  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:36:17.0808 2752  UmPass - ok
16:36:17.0897 2752  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:36:17.0916 2752  UNS - ok
16:36:17.0946 2752  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:36:17.0951 2752  upnphost - ok
16:36:17.0989 2752  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:36:17.0991 2752  usbccgp - ok
16:36:18.0014 2752  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:36:18.0016 2752  usbcir - ok
16:36:18.0048 2752  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:36:18.0049 2752  usbehci - ok
16:36:18.0079 2752  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:36:18.0082 2752  usbhub - ok
16:36:18.0103 2752  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:36:18.0103 2752  usbohci - ok
16:36:18.0142 2752  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:36:18.0142 2752  usbprint - ok
16:36:18.0156 2752  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:36:18.0157 2752  USBSTOR - ok
16:36:18.0175 2752  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:36:18.0176 2752  usbuhci - ok
16:36:18.0212 2752  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:36:18.0214 2752  usbvideo - ok
16:36:18.0242 2752  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:36:18.0244 2752  UxSms - ok
16:36:18.0262 2752  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:36:18.0264 2752  VaultSvc - ok
16:36:18.0307 2752  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:36:18.0308 2752  vdrvroot - ok
16:36:18.0351 2752  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:36:18.0363 2752  vds - ok
16:36:18.0384 2752  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:36:18.0385 2752  vga - ok
16:36:18.0401 2752  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:36:18.0402 2752  VgaSave - ok
16:36:18.0435 2752  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:36:18.0438 2752  vhdmp - ok
16:36:18.0453 2752  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:36:18.0453 2752  viaide - ok
16:36:18.0468 2752  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:36:18.0469 2752  volmgr - ok
16:36:18.0504 2752  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:36:18.0508 2752  volmgrx - ok
16:36:18.0524 2752  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:36:18.0528 2752  volsnap - ok
16:36:18.0561 2752  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:36:18.0563 2752  vsmraid - ok
16:36:18.0637 2752  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:36:18.0656 2752  VSS - ok
16:36:18.0682 2752  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:36:18.0683 2752  vwifibus - ok
16:36:18.0704 2752  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:36:18.0705 2752  vwififlt - ok
16:36:18.0742 2752  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:36:18.0747 2752  W32Time - ok
16:36:18.0766 2752  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:36:18.0767 2752  WacomPen - ok
16:36:18.0808 2752  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:36:18.0809 2752  WANARP - ok
16:36:18.0813 2752  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:36:18.0815 2752  Wanarpv6 - ok
16:36:18.0880 2752  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:36:18.0901 2752  wbengine - ok
16:36:18.0920 2752  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:36:18.0924 2752  WbioSrvc - ok
16:36:18.0958 2752  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:36:18.0963 2752  wcncsvc - ok
16:36:18.0982 2752  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:36:18.0984 2752  WcsPlugInService - ok
16:36:19.0013 2752  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:36:19.0014 2752  Wd - ok
16:36:19.0052 2752  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:36:19.0059 2752  Wdf01000 - ok
16:36:19.0073 2752  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:36:19.0074 2752  WdiServiceHost - ok
16:36:19.0078 2752  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:36:19.0080 2752  WdiSystemHost - ok
16:36:19.0115 2752  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:36:19.0120 2752  WebClient - ok
16:36:19.0134 2752  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:36:19.0138 2752  Wecsvc - ok
16:36:19.0146 2752  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:36:19.0148 2752  wercplsupport - ok
16:36:19.0157 2752  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:36:19.0158 2752  WerSvc - ok
16:36:19.0178 2752  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:36:19.0179 2752  WfpLwf - ok
16:36:19.0189 2752  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:36:19.0190 2752  WIMMount - ok
16:36:19.0204 2752  WinDefend - ok
16:36:19.0219 2752  WinHttpAutoProxySvc - ok
16:36:19.0263 2752  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:36:19.0265 2752  Winmgmt - ok
16:36:19.0343 2752  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:36:19.0371 2752  WinRM - ok
16:36:19.0410 2752  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:36:19.0419 2752  Wlansvc - ok
16:36:19.0467 2752  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:36:19.0467 2752  WmiAcpi - ok
16:36:19.0502 2752  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:36:19.0505 2752  wmiApSrv - ok
16:36:19.0536 2752  WMPNetworkSvc - ok
16:36:19.0570 2752  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:36:19.0572 2752  WPCSvc - ok
16:36:19.0622 2752  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:36:19.0626 2752  WPDBusEnum - ok
16:36:19.0656 2752  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:36:19.0657 2752  ws2ifsl - ok
16:36:19.0674 2752  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:36:19.0677 2752  wscsvc - ok
16:36:19.0683 2752  WSearch - ok
16:36:19.0764 2752  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:36:19.0798 2752  wuauserv - ok
16:36:19.0833 2752  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:36:19.0834 2752  WudfPf - ok
16:36:19.0865 2752  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:36:19.0868 2752  WUDFRd - ok
16:36:19.0904 2752  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:36:19.0907 2752  wudfsvc - ok
16:36:19.0936 2752  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:36:19.0941 2752  WwanSvc - ok
16:36:19.0976 2752  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
16:36:19.0981 2752  yukonw7 - ok
16:36:20.0010 2752  ================ Scan global ===============================
16:36:20.0031 2752  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:36:20.0053 2752  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:36:20.0061 2752  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:36:20.0086 2752  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:36:20.0120 2752  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:36:20.0124 2752  [Global] - ok
16:36:20.0125 2752  ================ Scan MBR ==================================
16:36:20.0135 2752  [ 1D41AC707E36448FA8DDDA0F7B3C8BDA ] \Device\Harddisk0\DR0
16:36:20.0371 2752  \Device\Harddisk0\DR0 - ok
16:36:20.0384 2752  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
16:36:20.0402 2752  \Device\Harddisk1\DR1 - ok
16:36:20.0403 2752  ================ Scan VBR ==================================
16:36:20.0407 2752  [ BCC17C56A95682AB363AD365042C6826 ] \Device\Harddisk0\DR0\Partition1
16:36:20.0409 2752  \Device\Harddisk0\DR0\Partition1 - ok
16:36:20.0423 2752  [ 4C42F4D6309E407CDC99A300A7FF87C2 ] \Device\Harddisk0\DR0\Partition2
16:36:20.0425 2752  \Device\Harddisk0\DR0\Partition2 - ok
16:36:20.0458 2752  [ FE63E6BCFB76ED115556DCF8A9ACD5CE ] \Device\Harddisk0\DR0\Partition3
16:36:20.0460 2752  \Device\Harddisk0\DR0\Partition3 - ok
16:36:20.0476 2752  [ 345F3BD610E66A8C0B9D1C4DA3047238 ] \Device\Harddisk0\DR0\Partition4
16:36:20.0477 2752  \Device\Harddisk0\DR0\Partition4 - ok
16:36:20.0483 2752  [ 6735B22D70A4D0034187E9D4329BEB48 ] \Device\Harddisk1\DR1\Partition1
16:36:20.0486 2752  \Device\Harddisk1\DR1\Partition1 - ok
16:36:20.0487 2752  ============================================================
16:36:20.0487 2752  Scan finished
16:36:20.0487 2752  ============================================================
16:36:20.0496 4312  Detected object count: 0
16:36:20.0496 4312  Actual detected object count: 0
16:39:18.0440 0680  Deinitialize success
         


Alt 03.05.2013, 14:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Zitat:
16:36:03.0697 2752 Scan started
16:36:03.0697 2752 Mode: Manual;
Bitte die Anleitungen richtig lesen und umsetzen, du hast den tdsskiller leider falsch eingestellt. Mach es bitte nochmal richtig.

Zitat:
Database version: v2013.03.22.01
Außerdem hast du MBAR vor dem Scan nicht aktualisiert. Auch den Scan musst du mit aktuellen Signaturen wiederholen.
__________________
--> Malware? Spionage von Email Passwörtern

Alt 04.05.2013, 15:01   #7
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Hallo und Entschuldigung, dass die ersten Logs falsch waren, ich hoffe mal jetzt passt alles.
Ich habe es jetzt nochmal probiert:

asw.MBR.exe ist abgestürzt und lief dann mit der Einstellung AV Scan (none)

mbar
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Susanne :: SUSANNE [administrator]

03.05.2013 18:27:29
mbar-log-2013-05-03 (18-27-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29270
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
17:54:07.0272 0548  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:54:07.0439 0548  ============================================================
17:54:07.0439 0548  Current date / time: 2013/05/03 17:54:07.0439
17:54:07.0439 0548  SystemInfo:
17:54:07.0439 0548  
17:54:07.0439 0548  OS Version: 6.1.7601 ServicePack: 1.0
17:54:07.0439 0548  Product type: Workstation
17:54:07.0439 0548  ComputerName: SUSANNE
17:54:07.0439 0548  UserName: Susanne
17:54:07.0439 0548  Windows directory: C:\Windows
17:54:07.0439 0548  System windows directory: C:\Windows
17:54:07.0439 0548  Running under WOW64
17:54:07.0440 0548  Processor architecture: Intel x64
17:54:07.0440 0548  Number of processors: 4
17:54:07.0440 0548  Page size: 0x1000
17:54:07.0440 0548  Boot type: Normal boot
17:54:07.0440 0548  ============================================================
17:54:08.0836 0548  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:13.0307 0548  Drive \Device\Harddisk1\DR1 - Size: 0x1EB00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:54:13.0315 0548  ============================================================
17:54:13.0315 0548  \Device\Harddisk0\DR0:
17:54:13.0315 0548  MBR partitions:
17:54:13.0315 0548  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:54:13.0315 0548  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239C8000
17:54:13.0315 0548  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23A2C000, BlocksNum 0x19CE800
17:54:13.0315 0548  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
17:54:13.0315 0548  \Device\Harddisk1\DR1:
17:54:13.0317 0548  MBR partitions:
17:54:13.0317 0548  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xE9, BlocksNum 0xF5717
17:54:13.0317 0548  ============================================================
17:54:13.0344 0548  C: <-> \Device\Harddisk0\DR0\Partition2
17:54:13.0388 0548  D: <-> \Device\Harddisk0\DR0\Partition3
17:54:13.0403 0548  E: <-> \Device\Harddisk0\DR0\Partition4
17:54:13.0403 0548  ============================================================
17:54:13.0403 0548  Initialize success
17:54:13.0403 0548  ============================================================
17:55:25.0569 4004  ============================================================
17:55:25.0569 4004  Scan started
17:55:25.0569 4004  Mode: Manual; SigCheck; TDLFS; 
17:55:25.0569 4004  ============================================================
17:55:25.0881 4004  ================ Scan system memory ========================
17:55:25.0881 4004  System memory - ok
17:55:25.0881 4004  ================ Scan services =============================
17:55:26.0099 4004  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:55:26.0255 4004  1394ohci - ok
17:55:26.0271 4004  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:55:26.0302 4004  ACPI - ok
17:55:26.0317 4004  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:55:26.0411 4004  AcpiPmi - ok
17:55:26.0520 4004  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:55:26.0536 4004  AdobeARMservice - ok
17:55:26.0598 4004  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:55:26.0645 4004  adp94xx - ok
17:55:26.0676 4004  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:55:26.0692 4004  adpahci - ok
17:55:26.0707 4004  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:55:26.0723 4004  adpu320 - ok
17:55:26.0754 4004  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:55:26.0879 4004  AeLookupSvc - ok
17:55:26.0926 4004  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:55:26.0957 4004  AERTFilters - ok
17:55:26.0988 4004  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:55:27.0066 4004  AFD - ok
17:55:27.0113 4004  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
17:55:27.0207 4004  AgereSoftModem - ok
17:55:27.0253 4004  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:55:27.0269 4004  agp440 - ok
17:55:27.0316 4004  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:55:27.0394 4004  ALG - ok
17:55:27.0409 4004  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:55:27.0441 4004  aliide - ok
17:55:27.0456 4004  [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:55:27.0534 4004  AMD External Events Utility - ok
17:55:27.0565 4004  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:55:27.0581 4004  amdide - ok
17:55:27.0628 4004  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:55:27.0675 4004  AmdK8 - ok
17:55:27.0690 4004  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:55:27.0737 4004  AmdPPM - ok
17:55:27.0753 4004  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:55:27.0768 4004  amdsata - ok
17:55:27.0784 4004  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:55:27.0800 4004  amdsbs - ok
17:55:27.0815 4004  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:55:27.0831 4004  amdxata - ok
17:55:27.0878 4004  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:55:27.0893 4004  AntiVirSchedulerService - ok
17:55:27.0924 4004  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:55:27.0956 4004  AntiVirService - ok
17:55:28.0002 4004  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:55:28.0143 4004  AppID - ok
17:55:28.0174 4004  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:55:28.0268 4004  AppIDSvc - ok
17:55:28.0314 4004  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:55:28.0392 4004  Appinfo - ok
17:55:28.0439 4004  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:55:28.0470 4004  arc - ok
17:55:28.0486 4004  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:55:28.0502 4004  arcsas - ok
17:55:28.0533 4004  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:55:28.0580 4004  AsyncMac - ok
17:55:28.0611 4004  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:55:28.0626 4004  atapi - ok
17:55:28.0720 4004  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:55:28.0829 4004  athr - ok
17:55:28.0892 4004  [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:55:28.0923 4004  AtiHdmiService - ok
17:55:29.0063 4004  [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:55:29.0188 4004  atikmdag - ok
17:55:29.0235 4004  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:55:29.0328 4004  AudioEndpointBuilder - ok
17:55:29.0328 4004  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:55:29.0375 4004  AudioSrv - ok
17:55:29.0422 4004  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:55:29.0453 4004  avgntflt - ok
17:55:29.0484 4004  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:55:29.0500 4004  avipbb - ok
17:55:29.0531 4004  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:55:29.0547 4004  avkmgr - ok
17:55:29.0594 4004  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:55:29.0687 4004  AxInstSV - ok
17:55:29.0734 4004  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:55:29.0796 4004  b06bdrv - ok
17:55:29.0828 4004  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:55:29.0874 4004  b57nd60a - ok
17:55:29.0921 4004  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:55:29.0952 4004  BDESVC - ok
17:55:29.0968 4004  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:55:30.0046 4004  Beep - ok
17:55:30.0093 4004  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:55:30.0155 4004  BFE - ok
17:55:30.0186 4004  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:55:30.0264 4004  BITS - ok
17:55:30.0296 4004  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:55:30.0311 4004  blbdrive - ok
17:55:30.0342 4004  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:55:30.0374 4004  bowser - ok
17:55:30.0405 4004  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:55:30.0498 4004  BrFiltLo - ok
17:55:30.0514 4004  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:55:30.0545 4004  BrFiltUp - ok
17:55:30.0576 4004  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:55:30.0639 4004  Browser - ok
17:55:30.0654 4004  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:55:30.0701 4004  Brserid - ok
17:55:30.0717 4004  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:55:30.0764 4004  BrSerWdm - ok
17:55:30.0810 4004  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:55:30.0857 4004  BrUsbMdm - ok
17:55:30.0873 4004  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:55:30.0904 4004  BrUsbSer - ok
17:55:30.0951 4004  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:55:31.0013 4004  BthEnum - ok
17:55:31.0029 4004  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:55:31.0060 4004  BTHMODEM - ok
17:55:31.0091 4004  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:55:31.0138 4004  BthPan - ok
17:55:31.0185 4004  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:55:31.0232 4004  BTHPORT - ok
17:55:31.0263 4004  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:55:31.0341 4004  bthserv - ok
17:55:31.0372 4004  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:55:31.0403 4004  BTHUSB - ok
17:55:31.0434 4004  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:55:31.0497 4004  cdfs - ok
17:55:31.0528 4004  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:55:31.0559 4004  cdrom - ok
17:55:31.0606 4004  [ 51E8CB07EF17C3B4C806EDC8C45DEFDD ] celmkt          C:\Windows\system32\Drivers\celmkt_x64.sys
17:55:31.0622 4004  celmkt - ok
17:55:31.0668 4004  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:55:31.0731 4004  CertPropSvc - ok
17:55:31.0762 4004  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:55:31.0793 4004  circlass - ok
17:55:31.0824 4004  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:55:31.0856 4004  CLFS - ok
17:55:31.0918 4004  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:55:31.0934 4004  clr_optimization_v2.0.50727_32 - ok
17:55:31.0980 4004  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:55:31.0996 4004  clr_optimization_v2.0.50727_64 - ok
17:55:32.0074 4004  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:55:32.0090 4004  clr_optimization_v4.0.30319_32 - ok
17:55:32.0136 4004  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:55:32.0152 4004  clr_optimization_v4.0.30319_64 - ok
17:55:32.0168 4004  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:55:32.0214 4004  CmBatt - ok
17:55:32.0246 4004  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:55:32.0261 4004  cmdide - ok
17:55:32.0308 4004  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
17:55:32.0355 4004  CNG - ok
17:55:32.0448 4004  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:55:32.0480 4004  Com4QLBEx - ok
17:55:32.0511 4004  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:55:32.0511 4004  Compbatt - ok
17:55:32.0558 4004  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:55:32.0604 4004  CompositeBus - ok
17:55:32.0620 4004  COMSysApp - ok
17:55:32.0636 4004  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:55:32.0667 4004  crcdisk - ok
17:55:32.0698 4004  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:55:32.0745 4004  CryptSvc - ok
17:55:32.0792 4004  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:55:32.0870 4004  DcomLaunch - ok
17:55:32.0901 4004  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:55:32.0963 4004  defragsvc - ok
17:55:32.0994 4004  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:55:33.0057 4004  DfsC - ok
17:55:33.0088 4004  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:55:33.0119 4004  Dhcp - ok
17:55:33.0166 4004  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:55:33.0244 4004  discache - ok
17:55:33.0260 4004  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:55:33.0275 4004  Disk - ok
17:55:33.0306 4004  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:55:33.0353 4004  Dnscache - ok
17:55:33.0400 4004  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:55:33.0478 4004  dot3svc - ok
17:55:33.0494 4004  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:55:33.0572 4004  DPS - ok
17:55:33.0603 4004  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:55:33.0650 4004  drmkaud - ok
17:55:33.0712 4004  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:55:33.0759 4004  DXGKrnl - ok
17:55:33.0774 4004  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:55:33.0837 4004  EapHost - ok
17:55:33.0915 4004  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:55:33.0977 4004  ebdrv - ok
17:55:34.0008 4004  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:55:34.0071 4004  EFS - ok
17:55:34.0149 4004  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:55:34.0227 4004  ehRecvr - ok
17:55:34.0258 4004  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:55:34.0305 4004  ehSched - ok
17:55:34.0352 4004  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:55:34.0398 4004  elxstor - ok
17:55:34.0414 4004  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:55:34.0430 4004  ErrDev - ok
17:55:34.0476 4004  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:55:34.0523 4004  EventSystem - ok
17:55:34.0570 4004  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
17:55:34.0617 4004  ew_hwusbdev - ok
17:55:34.0679 4004  [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
17:55:34.0710 4004  ew_usbenumfilter - ok
17:55:34.0757 4004  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:55:34.0835 4004  exfat - ok
17:55:34.0851 4004  ezSharedSvc - ok
17:55:34.0866 4004  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:55:34.0929 4004  fastfat - ok
17:55:34.0976 4004  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:55:35.0069 4004  Fax - ok
17:55:35.0100 4004  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:55:35.0132 4004  fdc - ok
17:55:35.0178 4004  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:55:35.0241 4004  fdPHost - ok
17:55:35.0256 4004  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:55:35.0303 4004  FDResPub - ok
17:55:35.0334 4004  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:55:35.0350 4004  FileInfo - ok
17:55:35.0350 4004  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:55:35.0412 4004  Filetrace - ok
17:55:35.0428 4004  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:55:35.0428 4004  flpydisk - ok
17:55:35.0475 4004  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:55:35.0506 4004  FltMgr - ok
17:55:35.0553 4004  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:55:35.0615 4004  FontCache - ok
17:55:35.0662 4004  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:55:35.0678 4004  FontCache3.0.0.0 - ok
17:55:35.0709 4004  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:55:35.0724 4004  FsDepends - ok
17:55:35.0756 4004  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:55:35.0756 4004  Fs_Rec - ok
17:55:35.0802 4004  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:55:35.0834 4004  fvevol - ok
17:55:35.0849 4004  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:55:35.0865 4004  gagp30kx - ok
17:55:35.0912 4004  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:55:35.0974 4004  gpsvc - ok
17:55:36.0036 4004  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:36.0052 4004  gupdate - ok
17:55:36.0068 4004  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:36.0068 4004  gupdatem - ok
17:55:36.0099 4004  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:55:36.0146 4004  hcw85cir - ok
17:55:36.0192 4004  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:55:36.0239 4004  HdAudAddService - ok
17:55:36.0270 4004  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:55:36.0302 4004  HDAudBus - ok
17:55:36.0333 4004  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
17:55:36.0348 4004  HECIx64 - ok
17:55:36.0364 4004  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:55:36.0395 4004  HidBatt - ok
17:55:36.0426 4004  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:55:36.0458 4004  HidBth - ok
17:55:36.0504 4004  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:55:36.0536 4004  HidIr - ok
17:55:36.0567 4004  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:55:36.0660 4004  hidserv - ok
17:55:36.0707 4004  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:55:36.0723 4004  HidUsb - ok
17:55:36.0770 4004  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:55:36.0863 4004  hkmsvc - ok
17:55:36.0894 4004  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:55:36.0926 4004  HomeGroupListener - ok
17:55:36.0957 4004  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:55:36.0988 4004  HomeGroupProvider - ok
17:55:37.0035 4004  [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:55:37.0050 4004  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
17:55:37.0050 4004  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
17:55:37.0097 4004  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:55:37.0128 4004  HpqKbFiltr - ok
17:55:37.0175 4004  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:55:37.0191 4004  hpqwmiex - ok
17:55:37.0238 4004  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:55:37.0269 4004  HpSAMD - ok
17:55:37.0316 4004  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:55:37.0378 4004  HTTP - ok
17:55:37.0425 4004  [ 4DBBFCE863FE1B64C770EB53A3BA5860 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
17:55:37.0487 4004  huawei_cdcacm - ok
17:55:37.0503 4004  [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
17:55:37.0550 4004  huawei_enumerator - ok
17:55:37.0581 4004  [ DF65F49F3A108AB509D675312FC896B8 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
17:55:37.0628 4004  huawei_ext_ctrl - ok
17:55:37.0659 4004  [ 962032D69A8CA503F030F311CF4487B7 ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
17:55:37.0674 4004  huawei_wwanecm - ok
17:55:37.0768 4004  [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
17:55:37.0799 4004  HWDeviceService64.exe - ok
17:55:37.0846 4004  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:55:37.0862 4004  hwpolicy - ok
17:55:37.0893 4004  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:55:37.0908 4004  i8042prt - ok
17:55:37.0940 4004  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:55:37.0955 4004  iaStor - ok
17:55:37.0971 4004  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:55:38.0002 4004  iaStorV - ok
17:55:38.0049 4004  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:55:38.0096 4004  idsvc - ok
17:55:38.0236 4004  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:55:38.0361 4004  igfx - ok
17:55:38.0392 4004  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:55:38.0408 4004  iirsp - ok
17:55:38.0454 4004  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:55:38.0517 4004  IKEEXT - ok
17:55:38.0595 4004  [ 181E4FF75674A7105ECD0A02C35EF43A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:55:38.0673 4004  IntcAzAudAddService - ok
17:55:38.0688 4004  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:55:38.0704 4004  intelide - ok
17:55:38.0735 4004  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:55:38.0766 4004  intelppm - ok
17:55:38.0813 4004  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:55:38.0876 4004  IPBusEnum - ok
17:55:38.0907 4004  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:55:38.0969 4004  IpFilterDriver - ok
17:55:39.0016 4004  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:55:39.0063 4004  iphlpsvc - ok
17:55:39.0094 4004  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:55:39.0125 4004  IPMIDRV - ok
17:55:39.0156 4004  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:55:39.0234 4004  IPNAT - ok
17:55:39.0250 4004  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:55:39.0328 4004  IRENUM - ok
17:55:39.0344 4004  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:55:39.0359 4004  isapnp - ok
17:55:39.0375 4004  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:55:39.0390 4004  iScsiPrt - ok
17:55:39.0422 4004  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:55:39.0437 4004  kbdclass - ok
17:55:39.0468 4004  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:55:39.0484 4004  kbdhid - ok
17:55:39.0515 4004  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:55:39.0531 4004  KeyIso - ok
17:55:39.0546 4004  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:55:39.0562 4004  KSecDD - ok
17:55:39.0593 4004  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:55:39.0609 4004  KSecPkg - ok
17:55:39.0640 4004  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:55:39.0687 4004  ksthunk - ok
17:55:39.0718 4004  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:55:39.0780 4004  KtmRm - ok
17:55:39.0843 4004  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:55:39.0890 4004  LanmanServer - ok
17:55:39.0936 4004  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:55:39.0983 4004  LanmanWorkstation - ok
17:55:40.0030 4004  [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:55:40.0046 4004  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:55:40.0046 4004  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:55:40.0077 4004  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:55:40.0139 4004  lltdio - ok
17:55:40.0170 4004  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:55:40.0248 4004  lltdsvc - ok
17:55:40.0280 4004  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:55:40.0311 4004  lmhosts - ok
17:55:40.0373 4004  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:55:40.0389 4004  LMS - ok
17:55:40.0420 4004  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:55:40.0436 4004  LSI_FC - ok
17:55:40.0436 4004  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:55:40.0451 4004  LSI_SAS - ok
17:55:40.0451 4004  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:55:40.0467 4004  LSI_SAS2 - ok
17:55:40.0482 4004  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:55:40.0498 4004  LSI_SCSI - ok
17:55:40.0498 4004  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:55:40.0560 4004  luafv - ok
17:55:40.0592 4004  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:55:40.0654 4004  Mcx2Svc - ok
17:55:40.0685 4004  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:55:40.0701 4004  megasas - ok
17:55:40.0716 4004  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:55:40.0732 4004  MegaSR - ok
17:55:40.0763 4004  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:55:40.0841 4004  MMCSS - ok
17:55:40.0857 4004  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:55:40.0904 4004  Modem - ok
17:55:40.0935 4004  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:55:40.0966 4004  monitor - ok
17:55:41.0013 4004  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:55:41.0028 4004  mouclass - ok
17:55:41.0044 4004  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:55:41.0075 4004  mouhid - ok
17:55:41.0122 4004  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:55:41.0138 4004  mountmgr - ok
17:55:41.0153 4004  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:55:41.0169 4004  mpio - ok
17:55:41.0184 4004  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:55:41.0247 4004  mpsdrv - ok
17:55:41.0294 4004  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:55:41.0356 4004  MpsSvc - ok
17:55:41.0387 4004  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:55:41.0418 4004  MRxDAV - ok
17:55:41.0450 4004  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:55:41.0496 4004  mrxsmb - ok
17:55:41.0512 4004  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:55:41.0543 4004  mrxsmb10 - ok
17:55:41.0559 4004  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:55:41.0574 4004  mrxsmb20 - ok
17:55:41.0606 4004  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:55:41.0621 4004  msahci - ok
17:55:41.0637 4004  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:55:41.0652 4004  msdsm - ok
17:55:41.0668 4004  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:55:41.0684 4004  MSDTC - ok
17:55:41.0715 4004  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:55:41.0762 4004  Msfs - ok
17:55:41.0762 4004  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:55:41.0808 4004  mshidkmdf - ok
17:55:41.0808 4004  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:55:41.0824 4004  msisadrv - ok
17:55:41.0855 4004  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:55:41.0918 4004  MSiSCSI - ok
17:55:41.0918 4004  msiserver - ok
17:55:41.0949 4004  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:55:41.0996 4004  MSKSSRV - ok
17:55:42.0027 4004  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:55:42.0058 4004  MSPCLOCK - ok
17:55:42.0074 4004  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:55:42.0152 4004  MSPQM - ok
17:55:42.0183 4004  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:55:42.0230 4004  MsRPC - ok
17:55:42.0261 4004  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:55:42.0276 4004  mssmbios - ok
17:55:42.0292 4004  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:55:42.0354 4004  MSTEE - ok
17:55:42.0370 4004  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:55:42.0386 4004  MTConfig - ok
17:55:42.0401 4004  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:55:42.0417 4004  Mup - ok
17:55:42.0432 4004  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:55:42.0510 4004  napagent - ok
17:55:42.0542 4004  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:55:42.0573 4004  NativeWifiP - ok
17:55:42.0635 4004  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:55:42.0682 4004  NDIS - ok
17:55:42.0713 4004  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:55:42.0744 4004  NdisCap - ok
17:55:42.0760 4004  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:55:42.0807 4004  NdisTapi - ok
17:55:42.0854 4004  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:55:42.0932 4004  Ndisuio - ok
17:55:42.0963 4004  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:55:43.0025 4004  NdisWan - ok
17:55:43.0041 4004  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:55:43.0119 4004  NDProxy - ok
17:55:43.0150 4004  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:55:43.0212 4004  NetBIOS - ok
17:55:43.0244 4004  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:55:43.0306 4004  NetBT - ok
17:55:43.0337 4004  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:55:43.0353 4004  Netlogon - ok
17:55:43.0384 4004  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:55:43.0446 4004  Netman - ok
17:55:43.0462 4004  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:55:43.0524 4004  netprofm - ok
17:55:43.0556 4004  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:43.0571 4004  NetTcpPortSharing - ok
17:55:43.0712 4004  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
17:55:43.0836 4004  netw5v64 - ok
17:55:43.0852 4004  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:55:43.0868 4004  nfrd960 - ok
17:55:43.0899 4004  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:55:43.0930 4004  NlaSvc - ok
17:55:43.0946 4004  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:55:43.0992 4004  Npfs - ok
17:55:44.0024 4004  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:55:44.0102 4004  nsi - ok
17:55:44.0117 4004  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:55:44.0180 4004  nsiproxy - ok
17:55:44.0226 4004  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:55:44.0273 4004  Ntfs - ok
17:55:44.0289 4004  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:55:44.0351 4004  Null - ok
17:55:44.0398 4004  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:55:44.0414 4004  nvraid - ok
17:55:44.0429 4004  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:55:44.0445 4004  nvstor - ok
17:55:44.0492 4004  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:55:44.0507 4004  nv_agp - ok
17:55:44.0523 4004  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:55:44.0538 4004  ohci1394 - ok
17:55:44.0585 4004  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:55:44.0601 4004  ose - ok
17:55:44.0772 4004  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:55:44.0882 4004  osppsvc - ok
17:55:44.0928 4004  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:55:44.0960 4004  p2pimsvc - ok
17:55:44.0975 4004  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:55:45.0006 4004  p2psvc - ok
17:55:45.0022 4004  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:55:45.0038 4004  Parport - ok
17:55:45.0069 4004  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:55:45.0084 4004  partmgr - ok
17:55:45.0084 4004  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:55:45.0131 4004  PcaSvc - ok
17:55:45.0162 4004  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:55:45.0178 4004  pci - ok
17:55:45.0178 4004  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:55:45.0194 4004  pciide - ok
17:55:45.0209 4004  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:55:45.0240 4004  pcmcia - ok
17:55:45.0256 4004  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:55:45.0256 4004  pcw - ok
17:55:45.0287 4004  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:55:45.0350 4004  PEAUTH - ok
17:55:45.0443 4004  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:55:45.0474 4004  PerfHost - ok
17:55:45.0537 4004  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:55:45.0615 4004  pla - ok
17:55:45.0662 4004  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:55:45.0693 4004  PlugPlay - ok
17:55:45.0708 4004  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:55:45.0740 4004  PNRPAutoReg - ok
17:55:45.0755 4004  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:55:45.0771 4004  PNRPsvc - ok
17:55:45.0802 4004  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:55:45.0864 4004  PolicyAgent - ok
17:55:45.0896 4004  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:55:45.0958 4004  Power - ok
17:55:46.0005 4004  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:55:46.0083 4004  PptpMiniport - ok
17:55:46.0098 4004  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:55:46.0130 4004  Processor - ok
17:55:46.0145 4004  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:55:46.0192 4004  ProfSvc - ok
17:55:46.0208 4004  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:55:46.0223 4004  ProtectedStorage - ok
17:55:46.0254 4004  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:55:46.0317 4004  Psched - ok
17:55:46.0379 4004  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:55:46.0442 4004  ql2300 - ok
17:55:46.0473 4004  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:55:46.0488 4004  ql40xx - ok
17:55:46.0520 4004  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:55:46.0582 4004  QWAVE - ok
17:55:46.0598 4004  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:55:46.0629 4004  QWAVEdrv - ok
17:55:46.0644 4004  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:55:46.0707 4004  RasAcd - ok
17:55:46.0738 4004  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:55:46.0769 4004  RasAgileVpn - ok
17:55:46.0785 4004  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:55:46.0847 4004  RasAuto - ok
17:55:46.0894 4004  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:55:46.0941 4004  Rasl2tp - ok
17:55:47.0003 4004  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:55:47.0081 4004  RasMan - ok
17:55:47.0112 4004  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:55:47.0175 4004  RasPppoe - ok
17:55:47.0190 4004  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:55:47.0253 4004  RasSstp - ok
17:55:47.0268 4004  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:55:47.0315 4004  rdbss - ok
17:55:47.0331 4004  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:55:47.0378 4004  rdpbus - ok
17:55:47.0393 4004  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:55:47.0440 4004  RDPCDD - ok
17:55:47.0456 4004  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:55:47.0502 4004  RDPENCDD - ok
17:55:47.0518 4004  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:55:47.0565 4004  RDPREFMP - ok
17:55:47.0612 4004  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:55:47.0643 4004  RdpVideoMiniport - ok
17:55:47.0674 4004  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:55:47.0705 4004  RDPWD - ok
17:55:47.0752 4004  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:55:47.0783 4004  rdyboost - ok
17:55:47.0799 4004  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:55:47.0892 4004  RemoteAccess - ok
17:55:47.0939 4004  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:55:47.0986 4004  RemoteRegistry - ok
17:55:48.0017 4004  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:55:48.0048 4004  RFCOMM - ok
17:55:48.0126 4004  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:55:48.0142 4004  RichVideo - ok
17:55:48.0158 4004  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:55:48.0220 4004  RpcEptMapper - ok
17:55:48.0236 4004  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:55:48.0267 4004  RpcLocator - ok
17:55:48.0298 4004  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:55:48.0376 4004  RpcSs - ok
17:55:48.0392 4004  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:55:48.0454 4004  rspndr - ok
17:55:48.0501 4004  [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:55:48.0532 4004  RSUSBSTOR - ok
17:55:48.0594 4004  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:55:48.0626 4004  RTL8167 - ok
17:55:48.0641 4004  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:55:48.0657 4004  SamSs - ok
17:55:48.0688 4004  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:55:48.0719 4004  sbp2port - ok
17:55:48.0735 4004  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:55:48.0797 4004  SCardSvr - ok
17:55:48.0828 4004  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:55:48.0875 4004  scfilter - ok
17:55:48.0906 4004  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:55:48.0984 4004  Schedule - ok
17:55:49.0016 4004  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:55:49.0078 4004  SCPolicySvc - ok
17:55:49.0109 4004  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
17:55:49.0156 4004  sdbus - ok
17:55:49.0187 4004  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:55:49.0234 4004  SDRSVC - ok
17:55:49.0250 4004  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:55:49.0343 4004  secdrv - ok
17:55:49.0359 4004  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:55:49.0390 4004  seclogon - ok
17:55:49.0421 4004  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:55:49.0499 4004  SENS - ok
17:55:49.0530 4004  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:55:49.0546 4004  SensrSvc - ok
17:55:49.0546 4004  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:55:49.0562 4004  Serenum - ok
17:55:49.0593 4004  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:55:49.0608 4004  Serial - ok
17:55:49.0624 4004  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:55:49.0655 4004  sermouse - ok
17:55:49.0686 4004  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:55:49.0718 4004  SessionEnv - ok
17:55:49.0749 4004  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:55:49.0780 4004  sffdisk - ok
17:55:49.0796 4004  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:55:49.0827 4004  sffp_mmc - ok
17:55:49.0842 4004  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:55:49.0889 4004  sffp_sd - ok
17:55:49.0905 4004  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:55:49.0920 4004  sfloppy - ok
17:55:49.0952 4004  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:55:50.0014 4004  SharedAccess - ok
17:55:50.0045 4004  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:55:50.0092 4004  ShellHWDetection - ok
17:55:50.0123 4004  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:55:50.0139 4004  SiSRaid2 - ok
17:55:50.0139 4004  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:55:50.0154 4004  SiSRaid4 - ok
17:55:50.0186 4004  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:55:50.0217 4004  SkypeUpdate - ok
17:55:50.0232 4004  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:55:50.0295 4004  Smb - ok
17:55:50.0326 4004  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:55:50.0357 4004  SNMPTRAP - ok
17:55:50.0373 4004  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:55:50.0373 4004  spldr - ok
17:55:50.0404 4004  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:55:50.0466 4004  Spooler - ok
17:55:50.0560 4004  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:55:50.0669 4004  sppsvc - ok
17:55:50.0700 4004  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:55:50.0747 4004  sppuinotify - ok
17:55:50.0794 4004  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:55:50.0810 4004  srv - ok
17:55:50.0841 4004  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:55:50.0872 4004  srv2 - ok
17:55:50.0903 4004  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:55:50.0950 4004  SrvHsfHDA - ok
17:55:50.0981 4004  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:55:51.0044 4004  SrvHsfV92 - ok
17:55:51.0059 4004  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:55:51.0090 4004  SrvHsfWinac - ok
17:55:51.0122 4004  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:55:51.0137 4004  srvnet - ok
17:55:51.0184 4004  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:55:51.0231 4004  SSDPSRV - ok
17:55:51.0246 4004  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:55:51.0293 4004  SstpSvc - ok
17:55:51.0324 4004  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:55:51.0324 4004  stexstor - ok
17:55:51.0371 4004  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:55:51.0434 4004  stisvc - ok
17:55:51.0449 4004  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:55:51.0465 4004  swenum - ok
17:55:51.0496 4004  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:55:51.0558 4004  swprv - ok
17:55:51.0621 4004  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:55:51.0652 4004  SynTP - ok
17:55:51.0714 4004  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:55:51.0792 4004  SysMain - ok
17:55:51.0824 4004  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:55:51.0839 4004  TabletInputService - ok
17:55:51.0855 4004  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:55:51.0917 4004  TapiSrv - ok
17:55:51.0948 4004  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:55:52.0026 4004  TBS - ok
17:55:52.0104 4004  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:55:52.0167 4004  Tcpip - ok
17:55:52.0198 4004  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:55:52.0245 4004  TCPIP6 - ok
17:55:52.0276 4004  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:55:52.0307 4004  tcpipreg - ok
17:55:52.0338 4004  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:55:52.0370 4004  TDPIPE - ok
17:55:52.0401 4004  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:55:52.0432 4004  TDTCP - ok
17:55:52.0463 4004  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:55:52.0494 4004  tdx - ok
17:55:52.0526 4004  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:55:52.0541 4004  TermDD - ok
17:55:52.0604 4004  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:55:52.0697 4004  TermService - ok
17:55:52.0713 4004  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:55:52.0744 4004  Themes - ok
17:55:52.0775 4004  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:55:52.0806 4004  THREADORDER - ok
17:55:52.0838 4004  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:55:52.0884 4004  TrkWks - ok
17:55:52.0947 4004  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:55:53.0025 4004  TrustedInstaller - ok
17:55:53.0056 4004  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:55:53.0103 4004  tssecsrv - ok
17:55:53.0134 4004  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:55:53.0181 4004  TsUsbFlt - ok
17:55:53.0228 4004  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:55:53.0290 4004  tunnel - ok
17:55:53.0321 4004  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:55:53.0337 4004  uagp35 - ok
17:55:53.0368 4004  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:55:53.0415 4004  udfs - ok
17:55:53.0446 4004  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:55:53.0477 4004  UI0Detect - ok
17:55:53.0508 4004  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:55:53.0524 4004  uliagpkx - ok
17:55:53.0571 4004  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:55:53.0602 4004  umbus - ok
17:55:53.0618 4004  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:55:53.0649 4004  UmPass - ok
17:55:53.0742 4004  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:55:53.0805 4004  UNS - ok
17:55:53.0820 4004  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:55:53.0883 4004  upnphost - ok
17:55:53.0898 4004  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:55:53.0961 4004  usbccgp - ok
17:55:53.0976 4004  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:55:54.0023 4004  usbcir - ok
17:55:54.0039 4004  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:55:54.0086 4004  usbehci - ok
17:55:54.0101 4004  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:55:54.0132 4004  usbhub - ok
17:55:54.0164 4004  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:55:54.0179 4004  usbohci - ok
17:55:54.0210 4004  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:55:54.0242 4004  usbprint - ok
17:55:54.0257 4004  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:55:54.0304 4004  USBSTOR - ok
17:55:54.0320 4004  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:55:54.0335 4004  usbuhci - ok
17:55:54.0398 4004  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:55:54.0429 4004  usbvideo - ok
17:55:54.0460 4004  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:55:54.0507 4004  UxSms - ok
17:55:54.0507 4004  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:55:54.0522 4004  VaultSvc - ok
17:55:54.0554 4004  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:55:54.0554 4004  vdrvroot - ok
17:55:54.0600 4004  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:55:54.0647 4004  vds - ok
17:55:54.0678 4004  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:55:54.0694 4004  vga - ok
17:55:54.0694 4004  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:55:54.0756 4004  VgaSave - ok
17:55:54.0788 4004  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:55:54.0819 4004  vhdmp - ok
17:55:54.0850 4004  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:55:54.0866 4004  viaide - ok
17:55:54.0881 4004  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:55:54.0881 4004  volmgr - ok
17:55:54.0928 4004  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:55:54.0944 4004  volmgrx - ok
17:55:54.0959 4004  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:55:54.0975 4004  volsnap - ok
17:55:55.0006 4004  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:55:55.0022 4004  vsmraid - ok
17:55:55.0068 4004  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:55:55.0178 4004  VSS - ok
17:55:55.0209 4004  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:55:55.0224 4004  vwifibus - ok
17:55:55.0240 4004  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:55:55.0271 4004  vwififlt - ok
17:55:55.0302 4004  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:55:55.0349 4004  W32Time - ok
17:55:55.0365 4004  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:55:55.0396 4004  WacomPen - ok
17:55:55.0443 4004  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:55:55.0521 4004  WANARP - ok
17:55:55.0536 4004  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:55:55.0568 4004  Wanarpv6 - ok
17:55:55.0614 4004  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:55:55.0677 4004  wbengine - ok
17:55:55.0708 4004  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:55:55.0739 4004  WbioSrvc - ok
17:55:55.0770 4004  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:55:55.0802 4004  wcncsvc - ok
17:55:55.0817 4004  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:55:55.0833 4004  WcsPlugInService - ok
17:55:55.0864 4004  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:55:55.0864 4004  Wd - ok
17:55:55.0911 4004  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:55:55.0958 4004  Wdf01000 - ok
17:55:55.0958 4004  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:55:56.0051 4004  WdiServiceHost - ok
17:55:56.0051 4004  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:55:56.0082 4004  WdiSystemHost - ok
17:55:56.0129 4004  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:55:56.0160 4004  WebClient - ok
17:55:56.0192 4004  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:55:56.0254 4004  Wecsvc - ok
17:55:56.0285 4004  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:55:56.0332 4004  wercplsupport - ok
17:55:56.0348 4004  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:55:56.0394 4004  WerSvc - ok
17:55:56.0426 4004  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:55:56.0457 4004  WfpLwf - ok
17:55:56.0488 4004  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:55:56.0519 4004  WIMMount - ok
17:55:56.0535 4004  WinDefend - ok
17:55:56.0550 4004  WinHttpAutoProxySvc - ok
17:55:56.0597 4004  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:55:56.0660 4004  Winmgmt - ok
17:55:56.0722 4004  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:55:56.0800 4004  WinRM - ok
17:55:56.0847 4004  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:55:56.0894 4004  Wlansvc - ok
17:55:56.0925 4004  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:55:56.0956 4004  WmiAcpi - ok
17:55:56.0987 4004  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:55:57.0018 4004  wmiApSrv - ok
17:55:57.0050 4004  WMPNetworkSvc - ok
17:55:57.0065 4004  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:55:57.0096 4004  WPCSvc - ok
17:55:57.0143 4004  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:55:57.0174 4004  WPDBusEnum - ok
17:55:57.0206 4004  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:55:57.0268 4004  ws2ifsl - ok
17:55:57.0284 4004  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:55:57.0315 4004  wscsvc - ok
17:55:57.0330 4004  WSearch - ok
17:55:57.0393 4004  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:55:57.0471 4004  wuauserv - ok
17:55:57.0502 4004  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:55:57.0549 4004  WudfPf - ok
17:55:57.0564 4004  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:55:57.0596 4004  WUDFRd - ok
17:55:57.0627 4004  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:55:57.0658 4004  wudfsvc - ok
17:55:57.0674 4004  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:55:57.0720 4004  WwanSvc - ok
17:55:57.0752 4004  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
17:55:57.0767 4004  yukonw7 - ok
17:55:57.0798 4004  ================ Scan global ===============================
17:55:57.0814 4004  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:55:57.0845 4004  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:55:57.0861 4004  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:55:57.0892 4004  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:55:57.0908 4004  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:55:57.0908 4004  [Global] - ok
17:55:57.0908 4004  ================ Scan MBR ==================================
17:55:57.0923 4004  [ 1D41AC707E36448FA8DDDA0F7B3C8BDA ] \Device\Harddisk0\DR0
17:55:58.0220 4004  \Device\Harddisk0\DR0 - ok
17:56:04.0054 4004  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
17:56:04.0475 4004  \Device\Harddisk1\DR1 - ok
17:56:04.0475 4004  ================ Scan VBR ==================================
17:56:04.0475 4004  [ BCC17C56A95682AB363AD365042C6826 ] \Device\Harddisk0\DR0\Partition1
17:56:04.0475 4004  \Device\Harddisk0\DR0\Partition1 - ok
17:56:04.0491 4004  [ 4C42F4D6309E407CDC99A300A7FF87C2 ] \Device\Harddisk0\DR0\Partition2
17:56:04.0506 4004  \Device\Harddisk0\DR0\Partition2 - ok
17:56:04.0522 4004  [ FE63E6BCFB76ED115556DCF8A9ACD5CE ] \Device\Harddisk0\DR0\Partition3
17:56:04.0522 4004  \Device\Harddisk0\DR0\Partition3 - ok
17:56:04.0538 4004  [ 345F3BD610E66A8C0B9D1C4DA3047238 ] \Device\Harddisk0\DR0\Partition4
17:56:04.0538 4004  \Device\Harddisk0\DR0\Partition4 - ok
17:56:04.0553 4004  [ 6735B22D70A4D0034187E9D4329BEB48 ] \Device\Harddisk1\DR1\Partition1
17:56:04.0553 4004  \Device\Harddisk1\DR1\Partition1 - ok
17:56:04.0553 4004  ============================================================
17:56:04.0553 4004  Scan finished
17:56:04.0553 4004  ============================================================
17:56:04.0569 3336  Detected object count: 2
17:56:04.0569 3336  Actual detected object count: 2
18:06:21.0347 3336  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:21.0347 3336  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:06:21.0347 3336  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:21.0347 3336  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:07:02.0937 2784  Deinitialize success
         

Alt 04.05.2013, 15:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.05.2013, 16:41   #9
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Hat geklappt. Hier der Log:
Code:
ATTFilter
ComboFix 13-05-04.01 - Susanne 04.05.2013  17:25:13.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3958.2913 [GMT 2:00]
ausgeführt von:: c:\users\Susanne\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-04 bis 2013-05-04  ))))))))))))))))))))))))))))))
.
.
2013-05-04 15:31 . 2013-05-04 15:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-04 09:12 . 2013-05-04 09:12	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-04 09:12 . 2013-05-04 09:12	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-04 09:11 . 2013-05-04 09:11	--------	d-----w-	c:\windows\system32\Macromed
2013-05-02 14:33 . 2013-05-02 14:33	--------	d-----w-	c:\program files (x86)\7-Zip
2013-05-02 13:44 . 2013-05-02 13:44	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-24 06:32 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-11 01:00 . 2013-02-21 10:15	2240512	----a-w-	c:\windows\system32\wininet.dll
2013-04-11 01:00 . 2013-02-21 10:14	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-04-11 01:00 . 2013-02-21 10:14	19230208	----a-w-	c:\windows\system32\mshtml.dll
2013-04-10 06:34 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 06:34 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 06:34 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 06:34 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 06:34 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 06:34 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 06:34 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 06:34 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-06 09:41 . 2013-04-06 09:41	--------	d-----w-	c:\users\Susanne\AppData\Roaming\hpqlog
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 01:02 . 2013-03-28 03:11	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-28 14:42 . 2013-03-28 14:42	98816	----a-w-	c:\windows\system32\drivers\ew_jucdcacm.sys
2013-03-28 14:42 . 2013-03-28 14:42	86016	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2013-03-28 14:42 . 2013-03-28 14:42	69632	----a-w-	c:\windows\system32\drivers\ew_jucdcecm.sys
2013-03-28 14:42 . 2013-03-28 14:42	421376	----a-w-	c:\windows\system32\drivers\ewusbwwan.sys
2013-03-28 14:42 . 2013-03-28 14:42	32768	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2013-03-28 14:42 . 2013-03-28 14:42	28672	----a-w-	c:\windows\system32\drivers\ew_juextctrl.sys
2013-03-28 14:42 . 2013-03-28 14:42	222464	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2013-03-28 14:42 . 2013-03-28 14:42	22016	----a-w-	c:\windows\system32\drivers\ew_hwupgrade.sys
2013-03-28 14:42 . 2013-03-28 14:42	212992	----a-w-	c:\windows\system32\drivers\ew_juwwanecm.sys
2013-03-28 14:42 . 2013-03-28 14:42	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2013-03-28 14:42 . 2013-03-28 14:42	1490656	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-03-28 14:42 . 2013-03-28 14:42	13952	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-03-28 14:42 . 2013-03-28 14:42	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2013-03-28 14:42 . 2013-03-28 14:42	1001472	----a-w-	c:\windows\system32\drivers\mod7700.sys
2013-03-28 14:10 . 2013-03-28 14:10	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-28 14:10 . 2013-03-28 14:10	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-28 14:10 . 2013-03-28 14:10	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-28 14:10 . 2013-03-28 14:10	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-28 14:10 . 2013-03-28 14:10	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-28 14:10 . 2013-03-28 14:10	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-28 14:10 . 2013-03-28 14:10	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-28 14:10 . 2013-03-28 14:10	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-28 14:10 . 2013-03-28 14:10	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-28 14:10 . 2013-03-28 14:10	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-28 14:10 . 2013-03-28 14:10	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-28 14:10 . 2013-03-28 14:10	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-28 14:10 . 2013-03-28 14:10	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-28 14:10 . 2013-03-28 14:10	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-28 14:10 . 2013-03-28 14:10	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-28 14:10 . 2013-03-28 14:10	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-28 14:10 . 2013-03-28 14:10	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-28 14:10 . 2013-03-28 14:10	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-28 14:10 . 2013-03-28 14:10	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-28 14:10 . 2013-03-28 14:10	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-28 14:10 . 2013-03-28 14:10	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-28 14:10 . 2013-03-28 14:10	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-28 14:10 . 2013-03-28 14:10	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-28 14:10 . 2013-03-28 14:10	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-28 14:10 . 2013-03-28 14:10	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-28 14:10 . 2013-03-28 14:10	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-28 14:10 . 2013-03-28 14:10	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-28 14:10 . 2013-03-28 14:10	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-28 14:10 . 2013-03-28 14:10	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-28 14:10 . 2013-03-28 14:10	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-28 14:10 . 2013-03-28 14:10	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-28 14:10 . 2013-03-28 14:10	441856	----a-w-	c:\windows\system32\html.iec
2013-03-28 14:10 . 2013-03-28 14:10	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-28 14:10 . 2013-03-28 14:10	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-28 14:10 . 2013-03-28 14:10	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-28 14:10 . 2013-03-28 14:10	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-28 14:10 . 2013-03-28 14:10	235008	----a-w-	c:\windows\system32\url.dll
2013-03-28 14:10 . 2013-03-28 14:10	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-28 14:10 . 2013-03-28 14:10	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-28 14:10 . 2013-03-28 14:10	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-28 14:10 . 2013-03-28 14:10	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-28 14:10 . 2013-03-28 14:10	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-28 14:10 . 2013-03-28 14:10	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-28 14:10 . 2013-03-28 14:10	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-28 14:10 . 2013-03-28 14:10	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-28 14:10 . 2013-03-28 14:10	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-28 14:10 . 2013-03-28 14:10	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-28 14:10 . 2013-03-28 14:10	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-28 14:10 . 2013-03-28 14:10	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-28 14:09 . 2013-03-28 14:09	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-03-28 14:09 . 2013-03-28 14:09	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-03-28 14:09 . 2013-03-28 14:09	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-28 14:09 . 2013-03-28 14:09	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-28 14:09 . 2013-03-28 14:09	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-03-28 14:09 . 2013-03-28 14:09	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-03-28 14:09 . 2013-03-28 14:09	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-28 14:09 . 2013-03-28 14:09	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-03-28 14:09 . 2013-03-28 14:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-03-28 14:09 . 2013-03-28 14:09	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-28 14:09 . 2013-03-28 14:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-03-28 14:09 . 2013-03-28 14:09	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-03-28 14:09 . 2013-03-28 14:09	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-03-28 14:09 . 2013-03-28 14:09	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-28 14:09 . 2013-03-28 14:09	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-28 14:09 . 2013-03-28 14:09	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-03-28 14:09 . 2013-03-28 14:09	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-03-28 14:09 . 2013-03-28 14:09	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-28 14:09 . 2013-03-28 14:09	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-03-28 14:09 . 2013-03-28 14:09	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-03-28 14:09 . 2013-03-28 14:09	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 celmkt;celmkt;c:\windows\system32\Drivers\celmkt_x64.sys [2009-10-06 48488]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-03-28 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2013-03-28 13952]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2013-03-28 98816]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2013-03-28 28672]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2013-03-28 212992]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-27 28600]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-28 86016]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 10:04	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 23:11]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 23:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-23 172032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.benefind.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{181AF04A-74F0-4087-949B-19A0AB5FC4E2}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{6F872112-0BF1-4EE0-A9F0-46665E889F19}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{989A43FD-BC5B-4A94-B219-E263F30CB4A4}: NameServer = 139.7.30.125 139.7.30.126
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-04  17:33:40
ComboFix-quarantined-files.txt  2013-05-04 15:33
.
Vor Suchlauf: 8 Verzeichnis(se), 242.563.784.704 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 242.976.542.720 Bytes frei
.
- - End Of File - - 8C053D8B50622F34C5E23DDBFFE4261C
         

Alt 04.05.2013, 21:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.05.2013, 12:10   #11
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Danke, anbei die drei Logs!

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by Susanne on 04.05.2013 at 23:26:11,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic



~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.05.2013 at 23:29:31,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 04/05/2013 um 23:34:48 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Susanne - SUSANNE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Susanne\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [723 octets] - [04/05/2013 23:34:48]

########## EOF - C:\AdwCleaner[S1].txt - [782 octets] ##########
         
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2013 23:52:14 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Susanne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 74,33% Memory free
7,73 Gb Paging File | 6,47 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,89 Gb Total Space | 226,21 Gb Free Space | 79,40% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32
Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-44154158-779545507-3128274890-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E13646-031C-4D63-8E2C-519FBC33306B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{04252F46-FE52-4788-BEB8-14AB86D42AA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{101B128E-90A8-4903-8DC7-79EE187CF730}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{317D60CE-391D-4C00-8EB2-9B618EC89804}" = rport=139 | protocol=6 | dir=out | app=system | 
"{31BE142A-4638-4761-AA49-78553D4FF2FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38B5FBEB-8B4E-41F8-AEBD-E9141835109D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A9EC5FA-F2A2-4F33-A6D9-CF8A0361B14F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{47C09A6D-DBD6-4774-933F-C5A0ABFC333B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{570AF88F-5B35-4017-B21B-14BD983B7621}" = rport=445 | protocol=6 | dir=out | app=system | 
"{59861AAD-C033-4B8A-8661-52D0F1B790BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5DB434BF-4D65-4D5D-BB8A-580E54B415B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6472F28A-42F9-4051-BAF3-2AD6C9A75BF2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76D496F1-1DE2-4299-B2C6-5CD9B2827AEA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9F571AC9-29D4-4E1A-AC8A-3B6FA6ADDB55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A84D54A0-00D7-4513-8C5A-BB7956D1A0DD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B928F0A8-4AED-44D0-ABBD-DA63028FA1A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD5BC235-8C84-40FD-AF6E-E485AFAC3D47}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BD8DC53F-669F-4F51-AF2C-783544C0ED22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7299E4F-5FB5-4DD0-9A19-FA23A2261D2F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DE94DA1A-5CF8-4DB0-B2AA-856EE85472F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF252669-F899-42A3-8663-69AFC4C4897F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F33438B2-3EAA-4109-A12D-0AB86A9469C4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F5639180-A5A5-42A3-96A3-0F8F727250EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FDD2F485-64DA-425D-9175-DD0D8394AA1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AADA7F3-2885-4ECA-BEC2-254985BB6FCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{368AAFC2-B438-46E4-B759-99D59F0339BA}" = protocol=6 | dir=out | app=system | 
"{3FD9CC3B-87D4-4B85-BEE6-9BE2AEFB175E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{56A29773-AA47-41B9-82C9-7C124702DFAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{584601BA-9DFB-44B6-A568-E784B874FF63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A0AF75F-36B4-43B8-927E-DF981CB92A83}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5D30B85A-D69A-430B-9EDD-6218AABF75C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{69F57D4E-89E7-4191-89E6-76701B961BB3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6BBE4CAF-3792-4555-AE85-F17029E61731}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6C433974-967C-4044-B2D1-4842C60660FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{70C50F4C-78BC-41A7-9173-64517195C2CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{713EF3A1-F0FA-411F-B44C-18DB0E58E62D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{77361F11-48B6-414D-823B-A63C6043F1D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F0E0F82-2C6C-4B89-A2FD-4DCA093B8817}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A4E6C821-87CE-4CAE-B407-E418F06F4BF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8D4DA27-3FC2-4B9A-96AE-C86712984FB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAE39440-4513-4105-9EE3-6141F234335A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B4E0B5BC-0C52-496E-B1D9-DDF2AA37585C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6996356-E04B-4776-8499-1A18F0BF509D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{C7AD2E47-7FB5-49AA-ACD2-B48CC0F02CDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD7A6CDA-EDB8-496B-8166-8DB274889FD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1F42F7A-FA17-4481-8F38-8E14BBD6BD9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F58A85A4-75FA-4F36-AC9E-A9FC1F35C8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19E2CC1A-981D-49FD-B42A-143DC96D40C8}" = adebisKITA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides 
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A981A9BA-8670-4419-8B2F-F3E6C0514531}_is1" = Psyprax
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"hp print screen utility" = hp print screen utility
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mobile Partner" = Mobile Partner
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"VLC media player" = VLC media player 2.0.5
 
< End of report >
         

Alt 06.05.2013, 09:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Das andere Log von OTL fehlt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.05.2013, 14:27   #13
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Entschuldigung, das habe ich vergessen:

Code:
ATTFilter
OTL logfile created on: 04.05.2013 23:52:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Susanne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 74,33% Memory free
7,73 Gb Paging File | 6,47 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,89 Gb Total Space | 226,21 Gb Free Space | 79,40% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,68 Mb Free Space | 93,30% Space Free | Partition Type: FAT32
Drive G: | 486,88 Mb Total Space | 485,67 Mb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: SUSANNE | User Name: Susanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Susanne\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (celmkt) -- C:\Windows\SysNative\drivers\celmkt_x64.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.benefind.de/
IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\..\SearchScopes\{B7C9BB37-1B20-47FD-8234-F026AAD227B7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-44154158-779545507-3128274890-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: benefind (Enabled)
CHR - default_search_provider: search_url = hxxp://www.benefind.de/web.php?q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://www.benefind.de/autocomplete/autocompletev.php?q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Susanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.04 17:32:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-44154158-779545507-3128274890-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-44154158-779545507-3128274890-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-44154158-779545507-3128274890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{181AF04A-74F0-4087-949B-19A0AB5FC4E2}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F872112-0BF1-4EE0-A9F0-46665E889F19}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6FDD47-75AB-4987-8034-237DAF5F86B5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989A43FD-BC5B-4A94-B219-E263F30CB4A4}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.04 23:28:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.04 23:26:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.04 23:26:03 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.04 23:23:38 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Susanne\Desktop\JRT.exe
[2013.05.04 17:33:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.04 17:23:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.04 17:23:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.04 17:23:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.04 17:23:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.04 17:23:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.04 17:21:43 | 005,065,726 | R--- | C] (Swearware) -- C:\Users\Susanne\Desktop\ComboFix.exe
[2013.05.04 11:12:00 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.04 11:12:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.04 11:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.05.03 18:17:06 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\mbar
[2013.05.03 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Stellenbeschreibeung2
[2013.05.02 18:24:51 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\2.scands und logs
[2013.05.02 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\1.scans
[2013.05.02 16:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.02 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.02 15:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.16 08:07:19 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Fotos Projektantrag
[2013.04.11 03:01:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 03:01:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 03:01:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.11 03:01:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 03:01:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.11 03:01:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.11 03:01:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.11 03:01:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.11 03:01:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.11 03:01:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.11 03:01:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.11 03:01:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.11 03:01:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 03:01:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 03:01:01 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 08:34:45 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 08:34:44 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 08:34:43 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 08:34:43 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 08:34:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 08:34:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 16:41:06 | 000,000,000 | ---D | C] -- C:\Users\Susanne\Desktop\Stellenbeschreibungen
[2013.04.06 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\Susanne\AppData\Roaming\hpqlog
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 23:45:29 | 000,034,957 | ---- | M] () -- C:\Users\Susanne\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2013.05.04 23:43:45 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 23:43:45 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 23:36:19 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 23:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 23:36:06 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.04 23:23:40 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Susanne\Desktop\JRT.exe
[2013.05.04 23:16:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 17:32:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.04 17:21:49 | 005,065,726 | R--- | M] (Swearware) -- C:\Users\Susanne\Desktop\ComboFix.exe
[2013.05.04 11:19:57 | 000,947,445 | ---- | M] () -- C:\Users\Susanne\Desktop\ZKN03053-2.pdf
[2013.05.04 11:19:57 | 000,921,073 | ---- | M] () -- C:\Users\Susanne\Desktop\ZKN03053-1.pdf
[2013.05.04 11:12:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.04 11:12:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.03 17:07:13 | 000,000,512 | ---- | M] () -- C:\Users\Susanne\Desktop\MBR.dat
[2013.04.30 12:08:50 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.30 12:08:50 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.30 12:08:50 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.30 12:08:50 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.30 12:08:50 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.26 21:31:53 | 000,000,000 | ---- | M] () -- C:\Users\Susanne\defogger_reenable
[2013.04.19 12:00:52 | 002,846,090 | ---- | M] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv
[2013.04.17 14:36:21 | 000,103,137 | ---- | M] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf
[2013.04.17 11:56:59 | 008,141,664 | ---- | M] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip
[2013.04.17 09:16:55 | 000,323,879 | ---- | M] () -- C:\Users\Susanne\Desktop\Entwurf Schilling.pdf
[2013.04.11 03:20:57 | 000,389,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 19:39:51 | 000,279,832 | ---- | M] () -- C:\Users\Susanne\Desktop\Projektbeschreibung Zentrum **Zensiert**.pdf
[2013.04.05 18:56:03 | 000,162,031 | ---- | M] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf
[2013.04.05 18:32:26 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== Files Created - No Company Name ==========
 
[2013.05.04 23:45:29 | 000,034,957 | ---- | C] () -- C:\Users\Susanne\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2013.05.04 17:23:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.04 17:23:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.04 17:23:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.04 17:23:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.04 17:23:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.04 11:19:57 | 000,947,445 | ---- | C] () -- C:\Users\Susanne\Desktop\ZKN03053-2.pdf
[2013.05.04 11:19:57 | 000,921,073 | ---- | C] () -- C:\Users\Susanne\Desktop\ZKN03053-1.pdf
[2013.05.03 17:07:13 | 000,000,512 | ---- | C] () -- C:\Users\Susanne\Desktop\MBR.dat
[2013.04.26 21:31:53 | 000,000,000 | ---- | C] () -- C:\Users\Susanne\defogger_reenable
[2013.04.19 12:00:52 | 002,846,090 | ---- | C] () -- C:\Users\Susanne\Desktop\papierlose-welt.wmv
[2013.04.17 14:36:21 | 000,103,137 | ---- | C] () -- C:\Users\Susanne\Desktop\Aufmaß.pdf
[2013.04.17 09:16:54 | 000,323,879 | ---- | C] () -- C:\Users\Susanne\Desktop\**Zensiert**.pdf
[2013.04.13 07:38:15 | 008,141,664 | ---- | C] () -- C:\Users\Susanne\Desktop\Fotos Projektantrag.zip
[2013.04.10 19:39:51 | 000,279,832 | ---- | C] () -- C:\Users\Susanne\Desktop\Projektbeschreibung **Zensiert**.pdf
[2013.04.05 18:56:03 | 000,162,031 | ---- | C] () -- C:\Users\Susanne\Desktop\Familie auf Zeit_Wochenendväter.pdf
[2013.04.05 18:32:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013.03.28 18:45:22 | 000,009,251 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2013.03.28 01:47:07 | 000,010,631 | ---- | C] () -- C:\Users\Susanne\**Zensiert**_elster_2048.pfx
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 06.05.2013, 14:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.05.2013, 22:54   #15
jojoho
 
Malware? Spionage von Email Passwörtern - Standard

Malware? Spionage von Email Passwörtern



Danke, hier die zwei Letzten Logs ohne Funde, schaut gut aus, oder?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Susanne :: SUSANNE [Administrator]

Schutz: Aktiviert

06.05.2013 16:33:09
mbam-log-2013-05-06 (16-33-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401603
Laufzeit: 52 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e7fc593b053c2a419acb3a8782f4261d
# engine=13767
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-06 04:57:14
# local_time=2013-05-06 06:57:14 (+0100, Mitteleurop‰ische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 12435 3440917 5214 0
# compatibility_mode=5893 16776574 66 85 3387049 119489284 0 0
# scanned=194402
# found=0
# cleaned=0
# scan_time=3947
         

Antwort

Themen zu Malware? Spionage von Email Passwörtern
angelegt, bds/androm.eb.94, emailadresse, emailadressen, geliefert, hallo zusammen, html-scriptvirus html/redirector.eu, install.exe, kompromittiert, launch, massenhaft, neuinstallation, passwörter, passwörtern, richtlinie, sicherheit, spionage, tr/psw.fareit.c.10, tr/psw.tepfer.eb.63, tr/yakes.o, verschiedene, verschiedenen, virenschutz, zusammen



Ähnliche Themen: Malware? Spionage von Email Passwörtern


  1. Malware.RDM.23!5.1D[F1] in Anhang bei Email
    Log-Analyse und Auswertung - 22.10.2015 (7)
  2. Email Account gehackt: Email Versand an meine Kontakte mit meinem Namen, aber anderer Email Adresse.
    Log-Analyse und Auswertung - 29.07.2015 (3)
  3. DHL-Fake-Email Link geöffnet, wie kann ich die Malware entfernen?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2015 (9)
  4. Snapsave,Malware,Spionage
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (3)
  5. Windows 7: Selbstständige Eingabe von Passwörtern
    Log-Analyse und Auswertung - 31.07.2014 (18)
  6. Trojaner durch Öffnen von Spam-Email/WinZip Malware Protector
    Plagegeister aller Art und deren Bekämpfung - 12.05.2014 (1)
  7. Cisco-Router mit Passwörtern im Quellcode des Web-Interfaces
    Nachrichten - 06.03.2014 (0)
  8. Sperrungs des email Postfachs Malware ?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (12)
  9. Link in Email angeklickt. PC mit Malware infiziert?
    Log-Analyse und Auswertung - 10.11.2012 (8)
  10. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  11. verdacht auf spionage von passwörtern und anderen wichtigen daten
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (1)
  12. Programm zum suchen von Passwörtern
    Alles rund um Windows - 02.03.2011 (2)
  13. Nach Email-Account-Hack: Malware auf dem PC?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2010 (4)
  14. Trojaner zwingt Firefox zum heimlichen Speichern von Passwörtern [Update]
    Nachrichten - 13.10.2010 (1)
  15. Trojaner zwingt Firefox zum heimlichen Speichern von Passwörtern
    Nachrichten - 12.10.2010 (0)
  16. Malware verschickt Spam an komplettes Email-kontakte Kontingent
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (1)
  17. Tips zur Erstellung von sicheren Passwörtern!
    Lob, Kritik und Wünsche - 20.09.2005 (10)

Zum Thema Malware? Spionage von Email Passwörtern - Hallo zusammen, Nach einer Neuinstallation wegen einem "Virenschutz"-Schadprogramm, hatte ich nun vor kurzem gemerkt, dass über mehrere Email-Adressen, die ich in Windows Mail angelegt habe, massenhaft Spam-Mails versendet wurden. Von - Malware? Spionage von Email Passwörtern...
Archiv
Du betrachtest: Malware? Spionage von Email Passwörtern auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.