Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2013, 11:40   #1
jannick
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Hallo,

ich habe ebenfalls das Problem mit den Mailer-Daemons. Öffne ich mein Postfach bei GMX ist es von oben bis unten voll mit solchen Mails. Keine Ahnung was der Grund dafür ist, jedenfalls scheint meine Emailadresse für sämtlichen Spam missbraucht zu werden.

Ich wäre euch für eure Unterstützung sehr dankbar!

Was muss ich tun?

Alt 13.06.2013, 11:45   #2
markusg
/// Malware-holic
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
b
__________________

__________________

Alt 13.06.2013, 14:41   #3
jannick
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/13/2013 3:22:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jay\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.85 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 63.86% Memory free
7.71 Gb Paging File | 6.41 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 79.76 Gb Free Space | 44.56% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 217.76 Gb Free Space | 81.66% Space Free | Partition Type: NTFS
 
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/13 12:17:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Downloads\OTL.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013/01/09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/07/07 20:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/06/12 11:42:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2010/06/01 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/15 12:11:26 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/06 11:26:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/07 21:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/07 20:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/04/01 02:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/31 02:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/29 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/25 13:24:00 | 000,015,104 | ---- | M] (ROCCAT Development, Inc.) [+] Mouse [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys -- (KovaPlusFltr)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/02/14 06:58:57 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/25 17:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/02/13 01:32:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/21 17:23:56 | 000,000,000 | ---D | M]
 
[2011/04/05 21:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions
[2013/05/09 00:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\72rlucgj.default\extensions
[2012/12/12 12:54:05 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/09 00:09:55 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/11 14:03:24 | 000,000,911 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\11-suche.xml
[2012/10/11 14:03:24 | 000,002,273 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\englische-ergebnisse.xml
[2012/10/11 14:03:24 | 000,010,563 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\gmx-suche.xml
[2013/06/12 20:20:25 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-1.xml
[2011/07/25 10:33:41 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-2.xml
[2012/04/09 01:34:07 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-3.xml
[2012/04/28 15:06:59 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-4.xml
[2012/06/17 13:15:29 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-5.xml
[2012/07/18 21:58:22 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-6.xml
[2012/09/09 14:43:49 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-7.xml
[2012/09/17 14:45:42 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-8.xml
[2012/10/28 21:53:25 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-9.xml
[2011/03/30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin.xml
[2012/10/11 14:03:24 | 000,002,432 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\lastminute.xml
[2012/10/11 14:03:24 | 000,005,545 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\webde-suche.xml
[2013/05/24 02:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/24 02:38:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/13 01:32:03 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2012/08/28 21:53:56 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E83D437-7FBE-4366-A384-649368F8DCC1}: DhcpNameServer = 134.102.20.20 134.102.149.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{967C7E46-1720-47F1-8848-34AA8052D617}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Connectify - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ETDWare - hkey= - key= - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HP Deskjet 3070 B611 series (NET) - hkey= - key= - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Iminent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IminentMessenger - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IntelTBRunOnce - hkey= - key= - C:\Windows\SysNative\wscript.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 07:52:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/21 17:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/05/21 17:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/05/21 17:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/05/21 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Adobe
[2013/05/18 19:29:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Adobe
[1 C:\Users\Jay\Documents\*.tmp files -> C:\Users\Jay\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/13 15:01:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013/06/13 14:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/13 14:26:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/13 12:43:50 | 000,147,918 | ---- | M] () -- C:\Users\Jay\Desktop\Lösungen Tutorium 4 Produktionsplanung I+II.pdf
[2013/06/13 12:17:32 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 12:17:32 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 12:04:39 | 4137,852,928 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 14:34:55 | 000,076,018 | ---- | M] () -- C:\Users\Jay\Desktop\VW_Juniormasters.pdf
[2013/06/10 12:49:43 | 000,054,891 | ---- | M] () -- C:\Users\Jay\Desktop\Tutorienblatt 5 Ablaufplanung I_NEU.pdf
[2013/06/08 15:21:28 | 488,459,064 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/29 11:00:30 | 000,001,045 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/29 11:00:23 | 000,001,009 | ---- | M] () -- C:\Users\Jay\Desktop\Dropbox.lnk
[2013/05/27 08:27:48 | 000,441,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/17 04:58:22 | 001,529,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 04:58:22 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/17 04:58:22 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/17 04:58:22 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/17 04:58:22 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/15 20:36:56 | 000,039,964 | ---- | M] () -- C:\Users\Jay\Desktop\Studienausweis.jpg
[1 C:\Users\Jay\Documents\*.tmp files -> C:\Users\Jay\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========

[2013/04/17 21:52:16 | 000,001,496 | ---- | C] () -- C:\Users\Jay\AppData\Local\recently-used.xbel
[2012/06/18 23:15:12 | 000,068,440 | ---- | C] () -- C:\Users\Jay\profil.gif
[2012/06/17 12:56:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012/06/17 12:49:16 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012/06/14 15:20:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/04/05 21:45:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/01/16 14:33:39 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/05 14:56:30 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2013/03/29 22:05:15 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$I2GON8F.u
[2013/03/29 22:05:30 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$I6KPC7P.u
[2013/03/29 22:36:07 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$I7QBBXC.u
[2013/03/29 22:05:15 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$ICZN1GF.u
[2013/03/29 15:36:45 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$IESEDUM.u
[2013/03/29 17:02:48 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$ILCDPQW.u
[2013/03/29 15:36:45 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$INVCV2V.u
[2013/03/29 22:36:07 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$IRRBJOX.u
[2013/03/29 15:34:10 | 000,050,101 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$R2GON8F.u
[2013/03/29 15:34:11 | 000,001,739 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$R6KPC7P.u
[2013/03/29 22:10:36 | 003,339,046 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$R7QBBXC.u
[2013/03/29 15:34:09 | 003,339,046 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RCZN1GF.u
[2013/03/29 15:34:10 | 000,050,101 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RESEDUM.u
[2013/03/29 15:34:11 | 000,001,739 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RLCDPQW.u
[2013/03/29 15:34:09 | 003,339,046 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RNVCV2V.u
[2013/03/29 22:10:37 | 000,050,101 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RRRBJOX.u
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/13 12:05:44 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Dropbox
[2013/05/24 16:38:25 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\e-academy Inc
[2011/05/15 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\GetRightToGo
[2012/11/15 01:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ICQ
[2013/05/26 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ImgBurn
[2013/05/21 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\IrfanView
[2012/12/25 03:27:32 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\loadtbs
[2013/02/13 01:34:36 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\PDF Architect
[2013/02/13 01:31:46 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\pdfforge
[2013/06/03 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SimpleScreenshot
[2011/07/20 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TeamViewer
[2011/04/27 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\The Creative Assembly
[2013/06/11 22:58:39 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TS3Client
[2012/11/29 20:09:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\VideoConverterPackages
[2012/05/28 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/12/25 18:05:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013/04/15 01:25:43 | 000,000,000 | ---D | M] -- C:\AMD
[2013/06/13 12:04:39 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/11/24 04:04:20 | 000,000,000 | ---D | M] -- C:\Intel
[2013/02/23 16:47:23 | 000,000,000 | ---D | M] -- C:\LanguageNames2
[2011/04/05 22:30:10 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/04/17 21:43:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/05/26 18:10:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/06/07 23:09:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/04/05 14:52:38 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/06/13 15:23:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/04/05 14:53:55 | 000,000,000 | R--D | M] -- C:\Users
[2013/06/08 15:21:28 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/14 15:21:15 | 000,000,252 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Messager.job
[2013/05/21 17:42:15 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011/04/05 15:02:57 | 000,000,148 | ---- | M] () -- C:\Users\Jay\DiskScrP.txt
[2011/04/23 19:09:58 | 000,000,097 | ---- | M] () -- C:\Users\Jay\easyWhiteboard.ini
[2012/12/14 22:33:12 | 000,010,545 | ---- | M] () -- C:\Users\Jay\MBtech.docx
[2013/06/13 15:23:22 | 003,932,160 | -HS- | M] () -- C:\Users\Jay\ntuser.dat
[2013/06/13 15:23:22 | 000,262,144 | -HS- | M] () -- C:\Users\Jay\ntuser.dat.LOG1
[2011/04/05 14:53:55 | 000,000,000 | -HS- | M] () -- C:\Users\Jay\ntuser.dat.LOG2
[2011/04/05 15:06:21 | 000,065,536 | -HS- | M] () -- C:\Users\Jay\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/04/05 15:06:21 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/04/05 15:06:21 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/05/23 18:03:59 | 000,065,536 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{af6289b8-a4e8-11e1-b653-e811322182de}.TM.blf
[2012/05/23 18:03:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{af6289b8-a4e8-11e1-b653-e811322182de}.TMContainer00000000000000000001.regtrans-ms
[2012/05/23 18:03:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{af6289b8-a4e8-11e1-b653-e811322182de}.TMContainer00000000000000000002.regtrans-ms
[2011/04/05 14:53:55 | 000,000,020 | -HS- | M] () -- C:\Users\Jay\ntuser.ini
[2012/06/18 23:15:13 | 000,068,440 | ---- | M] () -- C:\Users\Jay\profil.gif
[2012/06/20 20:12:27 | 000,011,264 | -HS- | M] () -- C:\Users\Jay\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:268F887D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:76650B61

< End of report >
         
--- --- ---


Extras.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/13/2013 3:22:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jay\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.85 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 63.86% Memory free
7.71 Gb Paging File | 6.41 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 79.76 Gb Free Space | 44.56% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 217.76 Gb Free Space | 81.66% Space Free | Partition Type: NTFS
 
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B73E1A7-5DF0-41B7-8CC8-623FDF2ABC1A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0CAACC56-7F10-4176-88A5-333087F234AB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{14F22F36-C554-418E-95AD-291A6D1E5C1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1B167229-15E4-47A6-97CC-46C71EC26A34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2845332C-9D33-4D82-A800-F0F5AE0ADC8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{305CF41C-A554-4B85-884B-979C3BC69844}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{363C8E68-0F80-451A-84EE-008CD7A08966}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3777D745-FAE6-4D48-A860-4CC2FEC7A8F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4D3D573D-A24C-47F9-B09C-AD240C7A1126}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5B586FAA-0733-42E9-BF28-DE12D4C8A0E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63A2A24C-E875-4781-BC96-2FEA18F4CA65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{69E5F0E8-576D-41FB-8E64-79C026365B6A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6CDA2F8D-572E-4DA7-877F-FE255A63E491}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D297E4D-0C84-4041-B5B2-850A75FCEA59}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{70F37501-A458-4A1E-A533-3B9D62CC852F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7155B0C3-280C-40D7-AEA9-574B4A87FED4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{724C95C2-2423-4CD5-85D4-F9BB4B841CAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7E956736-E5AB-4A2C-AC30-04F760E94BA0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{884FB341-1593-457F-BF15-144765D40835}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8A5D5E80-E8AE-43B3-85A5-E095E5EC88B5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A5388BED-4EDC-43ED-9B8D-B94278454F6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2F654C0-543A-4798-BDB1-1BB110952CB6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C0942316-0628-49F8-BA70-9EE07BF22A02}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C431830B-8880-40C1-935F-4CEEDF430DDA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D0B22661-E95B-404F-AAB6-BA84230D6399}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D7E53C00-84CC-4B1C-B331-B03670326CD4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E0D9A404-1D08-4E42-B76D-72FB89FF5A09}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF4E78F0-189A-4A45-9ABE-F8B9074C8646}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078FE5E9-0547-4BCC-8948-3AC6A51F797D}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{11E9E1AC-F056-4C96-A410-DE5061C81C28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{196FB6F4-3FD3-4D1A-B092-FB51E61B29D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1F5B788C-AC96-44C5-AAED-DBF8C8A78666}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{241A8EB7-FFEF-46D5-86B3-362F01BF542A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{27DC0DF2-0BA4-4E29-A5F2-1F9CB064A810}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\jnknds\counter-strike source\hl2.exe | 
"{35685DEE-B405-49C6-98CC-CEDF4448DD3C}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{371B43BD-26C9-4FA6-8C9B-5635CF9343A9}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{3735775E-668B-415C-AE00-C6E5192728E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{39BF755D-12A2-4581-9142-562EAFF455EF}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{476B4BD1-EC97-4560-8270-C1B73352303B}" = protocol=17 | dir=in | app=c:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe | 
"{49888138-CAD3-424D-B782-02D2A3C34A9E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4C5FD61A-95E0-41FB-9C4B-BDEF09CFC5A4}" = protocol=6 | dir=out | app=system | 
"{52827191-EB69-4F54-8039-D9FE37D0450F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{551A6FB4-C67B-4607-A727-7993466CD794}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{565CD746-51E0-475B-B065-DBD3A075E9B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C78AA6F-82B0-4678-B312-09172AC7587B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\jnknds\counter-strike source\hl2.exe | 
"{5D233C5F-78B7-4F1C-B378-8E356B714635}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{5E6C6E11-C5E0-454B-8F93-24AE9AE820D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5E9D482C-B9E9-456D-89F6-C327308696F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67BDB9F9-E690-492C-A9FA-C2E7E214DA4A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{6945F243-4866-4EC6-AAAF-A5205E3F269C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EB7093C-A9F0-4156-9067-F2BD3D2328BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7084D1DF-6552-4F3A-914D-CD950CBDA749}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{776B39C6-3A18-4003-98D5-532537509B30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{78AB40E6-BA2E-4EAE-B21A-5A91BB2A92B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D3C1B5C-5749-4750-936A-0D375AA4A281}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{82B46288-AA52-4A9C-A356-6ACD8628B2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{866C7AB4-5D5B-471F-9066-5E93CA9D26EB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{877572A4-203C-43D9-91C6-AC03030F3261}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{999E831D-8138-4D16-9C58-4774DA6152B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9E62929C-D71E-4DAD-ABA6-4A8BD1019478}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9EC24901-2EB1-40B2-AAD5-C7DD2E463C14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9FDC8553-F6EF-48A0-B81C-5690CA6D8CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{A25D9F94-84AE-42CD-9CDE-409D468D59C3}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{DDDD1199-F682-49D4-8239-C24490FEF9FF}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{EE56B071-1871-406A-A08B-2E54C3152383}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{F77E8CB9-92FB-475E-A9E2-D3658C72CAC7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FCBF4591-78FA-4806-88AE-0F88B72183C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{0ED79C75-A7F4-4569-BBB8-3F6EACE9F76D}C:\users\jay\desktop\to34\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\desktop\to34\system\tacticalops.exe | 
"TCP Query User{1F18BDA5-69E9-451D-89EC-AC3D445B80D1}C:\users\jay\desktop\tactical ops\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\desktop\tactical ops\system\tacticalops.exe | 
"TCP Query User{501D9A21-8BEF-4A12-9439-7F07ECA7143A}C:\users\jay\tactical ops\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\tactical ops\system\tacticalops.exe | 
"TCP Query User{6EADAAFB-2329-4AEF-B45F-EA2F1F1F6FA7}C:\users\jay\to34\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\to34\system\tacticalops.exe | 
"TCP Query User{9B23C498-87CA-47C3-BF10-B0F163AE2799}D:\program files (x86)\infogrames\tactical ops\system\tacticalops.exe" = protocol=6 | dir=in | app=d:\program files (x86)\infogrames\tactical ops\system\tacticalops.exe | 
"TCP Query User{C20649E6-2338-4E17-BED3-93A84F927FC1}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"TCP Query User{C9A81289-6239-4A54-8B66-6B1FDF278C12}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"TCP Query User{DCDCDE0F-97E0-4C23-99F8-D2392B03BCCF}C:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{FC0FC181-A863-4F9C-8347-4F8D9D4B76FF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2107BB9D-8CD6-D2BB-9D67-210C4E2D25B2}" = AMD Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{479B309B-E6B4-4947-8B83-472CF4272582}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D4452EF7-1982-400C-82AB-6BE9400A7EC3}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows-Treiberpaket - Broadcom HIDClass  (09/11/2009 6.3.0.1500)
"524FB58AAB1C34915E5DAE6F9A7ABD1AA8C96614" = Windows-Treiberpaket - Broadcom Corporation Bluetooth  (03/16/2012 6.5.1.2600)
"6A044848DB955BAB41313E7878DE4E2C68715F24" = Windows-Treiberpaket - Broadcom Corporation (bcbtums) Bluetooth  (03/16/2012 6.5.1.2600)
"73EBF284DDB186EC3E526FEE77E2325097703596" = Windows-Treiberpaket - Broadcom Corporation Bluetooth  (03/16/2012 6.5.1.2600)
"765E3A42F1EB7BB642F073A20918B588DC4D1193" = Windows-Treiberpaket - Broadcom Corporation Bluetooth  (03/16/2012 6.5.1.2600)
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
"{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
"{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
"{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1" = Vokabel Trainer 5
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0054-0407-0000-0000000FF1CE}" = Microsoft Visio MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-00B4-0407-0000-0000000FF1CE}" = Microsoft Project MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{91150000-003B-0000-0000-0000000FF1CE}" = Microsoft Project Professional 2013
"{91150000-0051-0000-0000-0000000FF1CE}" = Microsoft Visio Professional 2013
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
"{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
"{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmerigoMedia Hauptstädte-Quiz_is1" = AmerigoMedia Hauptstädte-Quiz
"Audacity_is1" = Audacity 2.0.2
"CamStudio" = CamStudio
"easy Whiteboard" = easy Whiteboard
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Sound Recorder_is1" = Free Sound Recorder v9.4.1
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free Video Dub_is1" = Free Video Dub version 2.0.7.423
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.3.903
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HP Photo Creations" = HP Photo Creations
"IDroo" = IDroo 1.0.0.154
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Office15.PRJPROR" = Microsoft Project Professional 2013
"Office15.VISPROR" = Microsoft Visio Professional 2013
"PKR" = PKR
"SimpleScreenshot" = SimpleScreenshot 1.40
"Steam App 34030" = Napoleon: Total War
"Steam App 730" = Counter-Strike: Global Offensive
"Tactical Ops" = Tactical Ops
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Video Converter Packages" = Video Converter Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/18/2012 6:33:19 PM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 11/18/2012 6:47:19 PM | Computer Name = Jay-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
 Zeitstempel: 0x4f596cbb  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
 2.0.10175.3910, Zeitstempel: 0x4b9715b8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9d8
ID
 des fehlerhaften Prozesses: 0xb3c  Startzeit der fehlerhaften Anwendung: 0x01cdc5de8f869fca
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
 e810a694-31d1-11e2-add8-e811322182de
 
Error - 11/19/2012 2:31:32 AM | Computer Name = Jay-PC | Source = VSS | ID = 12344
Description = 
 
Error - 11/19/2012 2:31:54 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 11/19/2012 8:19:28 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 11/19/2012 8:47:24 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 11/19/2012 8:43:30 PM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 11/20/2012 5:07:53 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 11/20/2012 8:25:28 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 11/20/2012 3:30:11 PM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description = 
 
[ System Events ]
Error - 6/12/2013 2:15:40 PM | Computer Name = Jay-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 6/12/2013 2:16:01 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 6/12/2013 2:16:59 PM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/13/2013 1:44:57 AM | Computer Name = Jay-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 6/13/2013 1:45:19 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 6/13/2013 1:46:17 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/13/2013 6:04:37 AM | Computer Name = Jay-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 6/13/2013 6:05:17 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 6/13/2013 6:06:15 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/13/2013 8:55:19 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         
--- --- ---
__________________

Alt 13.06.2013, 18:42   #4
markusg
/// Malware-holic
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 23:42   #5
jannick
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



00:37:49.0001 3596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:37:49.0129 3596 ============================================================
00:37:49.0129 3596 Current date / time: 2013/06/14 00:37:49.0129
00:37:49.0129 3596 SystemInfo:
00:37:49.0129 3596
00:37:49.0129 3596 OS Version: 6.1.7601 ServicePack: 1.0
00:37:49.0129 3596 Product type: Workstation
00:37:49.0129 3596 ComputerName: JAY-PC
00:37:49.0129 3596 UserName: Jay
00:37:49.0129 3596 Windows directory: C:\Windows
00:37:49.0129 3596 System windows directory: C:\Windows
00:37:49.0129 3596 Running under WOW64
00:37:49.0129 3596 Processor architecture: Intel x64
00:37:49.0129 3596 Number of processors: 4
00:37:49.0129 3596 Page size: 0x1000
00:37:49.0129 3596 Boot type: Normal boot
00:37:49.0129 3596 ============================================================
00:37:49.0469 3596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:37:49.0473 3596 ============================================================
00:37:49.0473 3596 \Device\Harddisk0\DR0:
00:37:49.0473 3596 MBR partitions:
00:37:49.0473 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
00:37:49.0473 3596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
00:37:49.0496 3596 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
00:37:49.0496 3596 ============================================================
00:37:49.0526 3596 C: <-> \Device\Harddisk0\DR0\Partition2
00:37:49.0598 3596 D: <-> \Device\Harddisk0\DR0\Partition3
00:37:49.0598 3596 ============================================================
00:37:49.0598 3596 Initialize success
00:37:49.0598 3596 ============================================================
00:39:27.0720 1908 ============================================================
00:39:27.0720 1908 Scan started
00:39:27.0720 1908 Mode: Manual; SigCheck; TDLFS;
00:39:27.0720 1908 ============================================================
00:39:28.0016 1908 ================ Scan system memory ========================
00:39:28.0016 1908 System memory - ok
00:39:28.0016 1908 ================ Scan services =============================
00:39:28.0250 1908 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:39:28.0375 1908 1394ohci - ok
00:39:28.0438 1908 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:39:28.0469 1908 ACPI - ok
00:39:28.0516 1908 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:39:28.0594 1908 AcpiPmi - ok
00:39:28.0734 1908 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:39:28.0750 1908 AdobeARMservice - ok
00:39:28.0921 1908 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:39:28.0952 1908 AdobeFlashPlayerUpdateSvc - ok
00:39:29.0015 1908 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:39:29.0062 1908 adp94xx - ok
00:39:29.0077 1908 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:39:29.0093 1908 adpahci - ok
00:39:29.0108 1908 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:39:29.0124 1908 adpu320 - ok
00:39:29.0155 1908 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:39:29.0374 1908 AeLookupSvc - ok
00:39:29.0405 1908 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:39:29.0467 1908 AFD - ok
00:39:29.0514 1908 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:39:29.0545 1908 agp440 - ok
00:39:29.0561 1908 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:39:29.0623 1908 ALG - ok
00:39:29.0686 1908 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:39:29.0717 1908 aliide - ok
00:39:29.0748 1908 [ 94E1920E0E45ABAF0E09CCCCBE99733C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:39:29.0826 1908 AMD External Events Utility - ok
00:39:29.0873 1908 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:39:29.0888 1908 amdide - ok
00:39:29.0920 1908 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:39:29.0966 1908 AmdK8 - ok
00:39:30.0185 1908 [ 3D07F9C090C7A1D76D624972A5384471 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:39:30.0466 1908 amdkmdag - ok
00:39:30.0528 1908 [ 99AB7E4B24C80155DC4296F657FAF3C7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:39:30.0575 1908 amdkmdap - ok
00:39:30.0606 1908 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:39:30.0653 1908 AmdPPM - ok
00:39:30.0700 1908 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:39:30.0715 1908 amdsata - ok
00:39:30.0746 1908 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:39:30.0778 1908 amdsbs - ok
00:39:30.0778 1908 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:39:30.0809 1908 amdxata - ok
00:39:30.0856 1908 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:39:31.0012 1908 AppID - ok
00:39:31.0043 1908 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:39:31.0136 1908 AppIDSvc - ok
00:39:31.0199 1908 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
00:39:31.0230 1908 Appinfo - ok
00:39:31.0277 1908 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:39:31.0292 1908 arc - ok
00:39:31.0292 1908 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:39:31.0308 1908 arcsas - ok
00:39:31.0324 1908 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:39:31.0402 1908 AsyncMac - ok
00:39:31.0448 1908 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:39:31.0464 1908 atapi - ok
00:39:31.0526 1908 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:39:31.0620 1908 athr - ok
00:39:31.0698 1908 [ 4D76B51F3BA702BFD060F0A075AACD22 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:39:31.0745 1908 AtiHDAudioService - ok
00:39:31.0776 1908 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
00:39:31.0838 1908 AtiHdmiService - ok
00:39:31.0901 1908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:39:31.0963 1908 AudioEndpointBuilder - ok
00:39:31.0963 1908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:39:32.0010 1908 AudioSrv - ok
00:39:32.0072 1908 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:39:32.0150 1908 AxInstSV - ok
00:39:32.0197 1908 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:39:32.0244 1908 b06bdrv - ok
00:39:32.0291 1908 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:39:32.0338 1908 b57nd60a - ok
00:39:32.0384 1908 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:39:32.0431 1908 BDESVC - ok
00:39:32.0447 1908 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:39:32.0540 1908 Beep - ok
00:39:32.0618 1908 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:39:32.0696 1908 BFE - ok
00:39:32.0728 1908 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:39:32.0806 1908 BITS - ok
00:39:32.0837 1908 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:39:32.0884 1908 blbdrive - ok
00:39:32.0915 1908 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:39:32.0962 1908 bowser - ok
00:39:32.0977 1908 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:39:33.0055 1908 BrFiltLo - ok
00:39:33.0071 1908 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:39:33.0118 1908 BrFiltUp - ok
00:39:33.0180 1908 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:39:33.0242 1908 Browser - ok
00:39:33.0274 1908 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:39:33.0336 1908 Brserid - ok
00:39:33.0352 1908 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:39:33.0383 1908 BrSerWdm - ok
00:39:33.0414 1908 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:39:33.0445 1908 BrUsbMdm - ok
00:39:33.0476 1908 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:39:33.0508 1908 BrUsbSer - ok
00:39:33.0554 1908 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:39:33.0632 1908 BthEnum - ok
00:39:33.0648 1908 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:39:33.0695 1908 BTHMODEM - ok
00:39:33.0742 1908 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:39:33.0773 1908 BthPan - ok
00:39:33.0820 1908 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:39:33.0866 1908 BTHPORT - ok
00:39:33.0913 1908 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:39:33.0991 1908 bthserv - ok
00:39:34.0038 1908 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:39:34.0069 1908 BTHUSB - ok
00:39:34.0100 1908 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:39:34.0163 1908 cdfs - ok
00:39:34.0210 1908 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:39:34.0241 1908 cdrom - ok
00:39:34.0303 1908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:39:34.0366 1908 CertPropSvc - ok
00:39:34.0397 1908 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:39:34.0444 1908 circlass - ok
00:39:34.0475 1908 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:39:34.0506 1908 CLFS - ok
00:39:34.0568 1908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:39:34.0600 1908 clr_optimization_v2.0.50727_32 - ok
00:39:34.0646 1908 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:39:34.0662 1908 clr_optimization_v2.0.50727_64 - ok
00:39:34.0756 1908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:39:34.0771 1908 clr_optimization_v4.0.30319_32 - ok
00:39:34.0802 1908 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:39:34.0818 1908 clr_optimization_v4.0.30319_64 - ok
00:39:34.0849 1908 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:39:34.0896 1908 CmBatt - ok
00:39:34.0912 1908 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:39:34.0927 1908 cmdide - ok
00:39:34.0974 1908 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:39:35.0036 1908 CNG - ok
00:39:35.0083 1908 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:39:35.0114 1908 Compbatt - ok
00:39:35.0161 1908 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:39:35.0208 1908 CompositeBus - ok
00:39:35.0224 1908 COMSysApp - ok
00:39:35.0255 1908 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:39:35.0270 1908 crcdisk - ok
00:39:35.0317 1908 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:39:35.0364 1908 CryptSvc - ok
00:39:35.0442 1908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:39:35.0520 1908 DcomLaunch - ok
00:39:35.0551 1908 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:39:35.0629 1908 defragsvc - ok
00:39:35.0660 1908 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:39:35.0754 1908 DfsC - ok
00:39:35.0816 1908 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:39:35.0863 1908 Dhcp - ok
00:39:35.0894 1908 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:39:35.0972 1908 discache - ok
00:39:36.0004 1908 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:39:36.0035 1908 Disk - ok
00:39:36.0066 1908 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:39:36.0113 1908 Dnscache - ok
00:39:36.0144 1908 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:39:36.0222 1908 dot3svc - ok
00:39:36.0269 1908 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:39:36.0331 1908 DPS - ok
00:39:36.0378 1908 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:39:36.0409 1908 drmkaud - ok
00:39:36.0472 1908 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:39:36.0503 1908 DXGKrnl - ok
00:39:36.0534 1908 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:39:36.0596 1908 EapHost - ok
00:39:36.0706 1908 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:39:36.0799 1908 ebdrv - ok
00:39:36.0830 1908 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:39:36.0893 1908 EFS - ok
00:39:36.0971 1908 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:39:37.0033 1908 ehRecvr - ok
00:39:37.0049 1908 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:39:37.0111 1908 ehSched - ok
00:39:37.0174 1908 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:39:37.0205 1908 elxstor - ok
00:39:37.0252 1908 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:39:37.0283 1908 ErrDev - ok
00:39:37.0330 1908 [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
00:39:37.0392 1908 ETD - ok
00:39:37.0439 1908 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:39:37.0532 1908 EventSystem - ok
00:39:37.0548 1908 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:39:37.0626 1908 exfat - ok
00:39:37.0642 1908 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:39:37.0735 1908 fastfat - ok
00:39:37.0798 1908 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:39:37.0860 1908 Fax - ok
00:39:37.0891 1908 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:39:37.0922 1908 fdc - ok
00:39:37.0954 1908 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:39:38.0032 1908 fdPHost - ok
00:39:38.0047 1908 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:39:38.0094 1908 FDResPub - ok
00:39:38.0125 1908 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:39:38.0141 1908 FileInfo - ok
00:39:38.0156 1908 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:39:38.0219 1908 Filetrace - ok
00:39:38.0250 1908 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:39:38.0266 1908 flpydisk - ok
00:39:38.0297 1908 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:39:38.0312 1908 FltMgr - ok
00:39:38.0390 1908 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
00:39:38.0453 1908 FontCache - ok
00:39:38.0515 1908 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:39:38.0531 1908 FontCache3.0.0.0 - ok
00:39:38.0562 1908 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:39:38.0578 1908 FsDepends - ok
00:39:38.0624 1908 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:39:38.0640 1908 Fs_Rec - ok
00:39:38.0687 1908 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:39:38.0718 1908 fvevol - ok
00:39:38.0749 1908 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:39:38.0765 1908 gagp30kx - ok
00:39:38.0827 1908 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:39:38.0921 1908 gpsvc - ok
00:39:38.0952 1908 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:39:38.0999 1908 hcw85cir - ok
00:39:39.0061 1908 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:39:39.0108 1908 HdAudAddService - ok
00:39:39.0155 1908 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:39:39.0202 1908 HDAudBus - ok
00:39:39.0233 1908 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:39:39.0248 1908 HidBatt - ok
00:39:39.0248 1908 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:39:39.0295 1908 HidBth - ok
00:39:39.0311 1908 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:39:39.0358 1908 HidIr - ok
00:39:39.0373 1908 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:39:39.0451 1908 hidserv - ok
00:39:39.0498 1908 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:39:39.0529 1908 HidUsb - ok
00:39:39.0560 1908 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:39:39.0623 1908 hkmsvc - ok
00:39:39.0670 1908 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:39:39.0716 1908 HomeGroupListener - ok
00:39:39.0763 1908 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:39:39.0810 1908 HomeGroupProvider - ok
00:39:39.0857 1908 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:39:39.0888 1908 HpSAMD - ok
00:39:39.0950 1908 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:39:40.0028 1908 HTTP - ok
00:39:40.0060 1908 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:39:40.0075 1908 hwpolicy - ok
00:39:40.0122 1908 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:39:40.0138 1908 i8042prt - ok
00:39:40.0184 1908 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:39:40.0216 1908 iaStor - ok
00:39:40.0278 1908 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:39:40.0309 1908 iaStorV - ok
00:39:40.0356 1908 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:39:40.0403 1908 idsvc - ok
00:39:40.0574 1908 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:39:40.0777 1908 igfx - ok
00:39:40.0824 1908 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:39:40.0840 1908 iirsp - ok
00:39:40.0902 1908 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:39:40.0996 1908 IKEEXT - ok
00:39:41.0042 1908 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
00:39:41.0089 1908 Impcd - ok
00:39:41.0198 1908 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:39:41.0261 1908 IntcAzAudAddService - ok
00:39:41.0308 1908 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:39:41.0323 1908 intelide - ok
00:39:41.0354 1908 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:39:41.0401 1908 intelppm - ok
00:39:41.0432 1908 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:39:41.0510 1908 IPBusEnum - ok
00:39:41.0557 1908 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:39:41.0588 1908 IpFilterDriver - ok
00:39:41.0635 1908 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:39:41.0682 1908 iphlpsvc - ok
00:39:41.0713 1908 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:39:41.0745 1908 IPMIDRV - ok
00:39:41.0776 1908 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:39:41.0838 1908 IPNAT - ok
00:39:41.0854 1908 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:39:41.0885 1908 IRENUM - ok
00:39:41.0916 1908 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:39:41.0916 1908 isapnp - ok
00:39:41.0963 1908 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:39:41.0994 1908 iScsiPrt - ok
00:39:42.0041 1908 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:39:42.0072 1908 kbdclass - ok
00:39:42.0103 1908 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:39:42.0135 1908 kbdhid - ok
00:39:42.0166 1908 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:39:42.0181 1908 KeyIso - ok
00:39:42.0228 1908 [ B355CDD82F914D681DADEF1049D8174A ] KovaPlusFltr C:\Windows\system32\drivers\KovaPlusFltr.sys
00:39:42.0259 1908 KovaPlusFltr - ok
00:39:42.0291 1908 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:39:42.0306 1908 KSecDD - ok
00:39:42.0353 1908 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:39:42.0369 1908 KSecPkg - ok
00:39:42.0415 1908 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:39:42.0478 1908 ksthunk - ok
00:39:42.0525 1908 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:39:42.0587 1908 KtmRm - ok
00:39:42.0649 1908 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:39:42.0727 1908 LanmanServer - ok
00:39:42.0774 1908 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:39:42.0868 1908 LanmanWorkstation - ok
00:39:42.0899 1908 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:39:42.0961 1908 lltdio - ok
00:39:43.0008 1908 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:39:43.0086 1908 lltdsvc - ok
00:39:43.0117 1908 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:39:43.0180 1908 lmhosts - ok
00:39:43.0227 1908 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:39:43.0258 1908 LSI_FC - ok
00:39:43.0258 1908 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:39:43.0289 1908 LSI_SAS - ok
00:39:43.0305 1908 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:39:43.0320 1908 LSI_SAS2 - ok
00:39:43.0336 1908 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:39:43.0351 1908 LSI_SCSI - ok
00:39:43.0383 1908 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:39:43.0461 1908 luafv - ok
00:39:43.0492 1908 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:39:43.0507 1908 Mcx2Svc - ok
00:39:43.0539 1908 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:39:43.0554 1908 megasas - ok
00:39:43.0601 1908 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:39:43.0617 1908 MegaSR - ok
00:39:43.0757 1908 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:39:43.0757 1908 Microsoft Office Groove Audit Service - ok
00:39:43.0788 1908 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:39:43.0835 1908 MMCSS - ok
00:39:43.0851 1908 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:39:43.0897 1908 Modem - ok
00:39:43.0944 1908 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:39:43.0960 1908 monitor - ok
00:39:44.0007 1908 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:39:44.0022 1908 mouclass - ok
00:39:44.0053 1908 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:39:44.0069 1908 mouhid - ok
00:39:44.0100 1908 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:39:44.0116 1908 mountmgr - ok
00:39:44.0116 1908 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:39:44.0131 1908 mpio - ok
00:39:44.0163 1908 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:39:44.0194 1908 mpsdrv - ok
00:39:44.0241 1908 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:39:44.0334 1908 MpsSvc - ok
00:39:44.0350 1908 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:39:44.0381 1908 MRxDAV - ok
00:39:44.0412 1908 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:39:44.0459 1908 mrxsmb - ok
00:39:44.0506 1908 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:39:44.0537 1908 mrxsmb10 - ok
00:39:44.0568 1908 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:39:44.0615 1908 mrxsmb20 - ok
00:39:44.0646 1908 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:39:44.0677 1908 msahci - ok
00:39:44.0709 1908 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:39:44.0724 1908 msdsm - ok
00:39:44.0755 1908 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:39:44.0787 1908 MSDTC - ok
00:39:44.0818 1908 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:39:44.0896 1908 Msfs - ok
00:39:44.0911 1908 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:39:45.0005 1908 mshidkmdf - ok
00:39:45.0021 1908 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:39:45.0036 1908 msisadrv - ok
00:39:45.0083 1908 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:39:45.0145 1908 MSiSCSI - ok
00:39:45.0145 1908 msiserver - ok
00:39:45.0192 1908 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:39:45.0223 1908 MSKSSRV - ok
00:39:45.0239 1908 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:39:45.0317 1908 MSPCLOCK - ok
00:39:45.0348 1908 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:39:45.0426 1908 MSPQM - ok
00:39:45.0442 1908 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:39:45.0473 1908 MsRPC - ok
00:39:45.0504 1908 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:39:45.0520 1908 mssmbios - ok
00:39:45.0567 1908 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:39:45.0629 1908 MSTEE - ok
00:39:45.0645 1908 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:39:45.0660 1908 MTConfig - ok
00:39:45.0707 1908 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:39:45.0723 1908 Mup - ok
00:39:45.0769 1908 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:39:45.0863 1908 napagent - ok
00:39:45.0910 1908 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:39:45.0957 1908 NativeWifiP - ok
00:39:46.0019 1908 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:39:46.0066 1908 NDIS - ok
00:39:46.0097 1908 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:39:46.0159 1908 NdisCap - ok
00:39:46.0206 1908 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:39:46.0269 1908 NdisTapi - ok
00:39:46.0300 1908 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:39:46.0378 1908 Ndisuio - ok
00:39:46.0409 1908 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:39:46.0487 1908 NdisWan - ok
00:39:46.0503 1908 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:39:46.0581 1908 NDProxy - ok
00:39:46.0627 1908 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:39:46.0659 1908 NetBIOS - ok
00:39:46.0690 1908 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:39:46.0752 1908 NetBT - ok
00:39:46.0768 1908 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:39:46.0768 1908 Netlogon - ok
00:39:46.0830 1908 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:39:46.0908 1908 Netman - ok
00:39:46.0939 1908 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:39:47.0002 1908 netprofm - ok
00:39:47.0033 1908 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:39:47.0049 1908 NetTcpPortSharing - ok
00:39:47.0080 1908 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:39:47.0095 1908 nfrd960 - ok
00:39:47.0127 1908 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:39:47.0173 1908 NlaSvc - ok
00:39:47.0314 1908 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:39:47.0407 1908 NOBU - ok
00:39:47.0423 1908 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:39:47.0470 1908 Npfs - ok
00:39:47.0485 1908 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:39:47.0563 1908 nsi - ok
00:39:47.0595 1908 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:39:47.0673 1908 nsiproxy - ok
00:39:47.0751 1908 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:39:47.0813 1908 Ntfs - ok
00:39:47.0829 1908 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:39:47.0907 1908 Null - ok
00:39:47.0938 1908 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:39:47.0953 1908 nvraid - ok
00:39:47.0969 1908 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:39:47.0985 1908 nvstor - ok
00:39:48.0031 1908 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:39:48.0047 1908 nv_agp - ok
00:39:48.0156 1908 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:39:48.0187 1908 odserv - ok
00:39:48.0219 1908 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:39:48.0250 1908 ohci1394 - ok
00:39:48.0312 1908 [ 2B8E4C792BED0E5882702720BC528AE5 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:39:48.0343 1908 ose - ok
00:39:48.0562 1908 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:39:48.0780 1908 osppsvc - ok
00:39:48.0811 1908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:39:48.0874 1908 p2pimsvc - ok
00:39:48.0905 1908 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:39:48.0936 1908 p2psvc - ok
00:39:48.0983 1908 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:39:49.0014 1908 Parport - ok
00:39:49.0045 1908 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:39:49.0077 1908 partmgr - ok
00:39:49.0108 1908 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:39:49.0155 1908 PcaSvc - ok
00:39:49.0170 1908 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:39:49.0201 1908 pci - ok
00:39:49.0248 1908 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:39:49.0264 1908 pciide - ok
00:39:49.0279 1908 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:39:49.0311 1908 pcmcia - ok
00:39:49.0326 1908 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:39:49.0342 1908 pcw - ok
00:39:49.0451 1908 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
00:39:49.0498 1908 PDF Architect Helper Service - ok
00:39:49.0560 1908 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
00:39:49.0591 1908 PDF Architect Service - ok
00:39:49.0638 1908 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:39:49.0732 1908 PEAUTH - ok
00:39:49.0810 1908 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:39:49.0841 1908 PerfHost - ok
00:39:49.0919 1908 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:39:50.0013 1908 pla - ok
00:39:50.0059 1908 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:39:50.0122 1908 PlugPlay - ok
00:39:50.0153 1908 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:39:50.0169 1908 PNRPAutoReg - ok
00:39:50.0200 1908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:39:50.0215 1908 PNRPsvc - ok
00:39:50.0262 1908 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:39:50.0340 1908 PolicyAgent - ok
00:39:50.0356 1908 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:39:50.0418 1908 Power - ok
00:39:50.0449 1908 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:39:50.0512 1908 PptpMiniport - ok
00:39:50.0543 1908 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:39:50.0574 1908 Processor - ok
00:39:50.0605 1908 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:39:50.0652 1908 ProfSvc - ok
00:39:50.0668 1908 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:39:50.0683 1908 ProtectedStorage - ok
00:39:50.0730 1908 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:39:50.0808 1908 Psched - ok
00:39:50.0871 1908 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:39:50.0933 1908 ql2300 - ok
00:39:50.0964 1908 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:39:50.0980 1908 ql40xx - ok
00:39:51.0027 1908 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:39:51.0073 1908 QWAVE - ok
00:39:51.0089 1908 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:39:51.0136 1908 QWAVEdrv - ok
00:39:51.0151 1908 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:39:51.0198 1908 RasAcd - ok
00:39:51.0229 1908 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:39:51.0307 1908 RasAgileVpn - ok
00:39:51.0339 1908 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:39:51.0401 1908 RasAuto - ok
00:39:51.0463 1908 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:39:51.0526 1908 Rasl2tp - ok
00:39:51.0573 1908 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:39:51.0651 1908 RasMan - ok
00:39:51.0682 1908 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:39:51.0744 1908 RasPppoe - ok
00:39:51.0760 1908 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:39:51.0822 1908 RasSstp - ok
00:39:51.0853 1908 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:39:51.0931 1908 rdbss - ok
00:39:51.0963 1908 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:39:51.0994 1908 rdpbus - ok
00:39:52.0025 1908 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:39:52.0103 1908 RDPCDD - ok
00:39:52.0134 1908 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:39:52.0181 1908 RDPENCDD - ok
00:39:52.0181 1908 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:39:52.0243 1908 RDPREFMP - ok
00:39:52.0275 1908 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:39:52.0306 1908 RDPWD - ok
00:39:52.0368 1908 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:39:52.0399 1908 rdyboost - ok
00:39:52.0431 1908 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:39:52.0509 1908 RemoteAccess - ok
00:39:52.0540 1908 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:39:52.0602 1908 RemoteRegistry - ok
00:39:52.0649 1908 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SysWOW64\Rezip.exe
00:39:52.0665 1908 Rezip ( UnsignedFile.Multi.Generic ) - warning
00:39:52.0665 1908 Rezip - detected UnsignedFile.Multi.Generic (1)
00:39:52.0711 1908 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:39:52.0758 1908 RFCOMM - ok
00:39:52.0789 1908 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:39:52.0852 1908 RpcEptMapper - ok
00:39:52.0883 1908 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:39:52.0914 1908 RpcLocator - ok
00:39:52.0945 1908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:39:53.0023 1908 RpcSs - ok
00:39:53.0070 1908 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:39:53.0133 1908 rspndr - ok
00:39:53.0164 1908 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:39:53.0211 1908 RTL8167 - ok
00:39:53.0289 1908 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys
00:39:53.0304 1908 rtport - ok
00:39:53.0335 1908 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
00:39:53.0382 1908 SABI - ok
00:39:53.0398 1908 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:39:53.0413 1908 SamSs - ok
00:39:53.0445 1908 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:39:53.0476 1908 sbp2port - ok
00:39:53.0491 1908 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:39:53.0569 1908 SCardSvr - ok
00:39:53.0601 1908 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:39:53.0694 1908 scfilter - ok
00:39:53.0741 1908 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:39:53.0819 1908 Schedule - ok
00:39:53.0850 1908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:39:53.0897 1908 SCPolicySvc - ok
00:39:53.0944 1908 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:39:53.0991 1908 SDRSVC - ok
00:39:54.0037 1908 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:39:54.0115 1908 secdrv - ok
00:39:54.0131 1908 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:39:54.0193 1908 seclogon - ok
00:39:54.0240 1908 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:39:54.0303 1908 SENS - ok
00:39:54.0318 1908 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:39:54.0349 1908 SensrSvc - ok
00:39:54.0381 1908 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:39:54.0427 1908 Serenum - ok
00:39:54.0459 1908 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:39:54.0490 1908 Serial - ok
00:39:54.0521 1908 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:39:54.0568 1908 sermouse - ok
00:39:54.0599 1908 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:39:54.0693 1908 SessionEnv - ok
00:39:54.0724 1908 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:39:54.0771 1908 sffdisk - ok
00:39:54.0786 1908 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:39:54.0817 1908 sffp_mmc - ok
00:39:54.0849 1908 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:39:54.0895 1908 sffp_sd - ok
00:39:54.0927 1908 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:39:54.0958 1908 sfloppy - ok
00:39:55.0005 1908 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:39:55.0083 1908 SharedAccess - ok
00:39:55.0114 1908 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:39:55.0207 1908 ShellHWDetection - ok
00:39:55.0239 1908 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:39:55.0254 1908 SiSRaid2 - ok
00:39:55.0285 1908 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:39:55.0301 1908 SiSRaid4 - ok
00:39:55.0363 1908 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:39:55.0379 1908 SkypeUpdate - ok
00:39:55.0410 1908 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:39:55.0488 1908 Smb - ok
00:39:55.0535 1908 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:39:55.0566 1908 SNMPTRAP - ok
00:39:55.0582 1908 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:39:55.0597 1908 spldr - ok
00:39:55.0644 1908 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:39:55.0707 1908 Spooler - ok
00:39:55.0831 1908 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:39:55.0972 1908 sppsvc - ok
00:39:55.0987 1908 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:39:56.0065 1908 sppuinotify - ok
00:39:56.0128 1908 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
00:39:56.0128 1908 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
00:39:56.0128 1908 sptd ( LockedFile.Multi.Generic ) - warning
00:39:56.0128 1908 sptd - detected LockedFile.Multi.Generic (1)
00:39:56.0159 1908 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:39:56.0221 1908 srv - ok
00:39:56.0268 1908 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:39:56.0299 1908 srv2 - ok
00:39:56.0331 1908 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:39:56.0377 1908 srvnet - ok
00:39:56.0424 1908 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:39:56.0487 1908 SSDPSRV - ok
00:39:56.0502 1908 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:39:56.0565 1908 SstpSvc - ok
00:39:56.0596 1908 StarOpen - ok
00:39:56.0627 1908 Steam Client Service - ok
00:39:56.0643 1908 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:39:56.0674 1908 stexstor - ok
00:39:56.0705 1908 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
00:39:56.0736 1908 StillCam - ok
00:39:56.0783 1908 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:39:56.0830 1908 stisvc - ok
00:39:56.0877 1908 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:39:56.0892 1908 swenum - ok
00:39:56.0923 1908 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:39:57.0001 1908 swprv - ok
00:39:57.0079 1908 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:39:57.0157 1908 SysMain - ok
00:39:57.0204 1908 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:39:57.0251 1908 TabletInputService - ok
00:39:57.0282 1908 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:39:57.0360 1908 TapiSrv - ok
00:39:57.0391 1908 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:39:57.0469 1908 TBS - ok
00:39:57.0579 1908 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:39:57.0641 1908 Tcpip - ok
00:39:57.0719 1908 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:39:57.0766 1908 TCPIP6 - ok
00:39:57.0797 1908 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:39:57.0828 1908 tcpipreg - ok
00:39:57.0859 1908 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:39:57.0906 1908 TDPIPE - ok
00:39:57.0937 1908 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:39:57.0953 1908 TDTCP - ok
00:39:58.0000 1908 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:39:58.0078 1908 tdx - ok
00:39:58.0140 1908 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:39:58.0156 1908 TermDD - ok
00:39:58.0218 1908 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:39:58.0312 1908 TermService - ok
00:39:58.0343 1908 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:39:58.0390 1908 Themes - ok
00:39:58.0421 1908 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:39:58.0468 1908 THREADORDER - ok
00:39:58.0499 1908 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:39:58.0577 1908 TrkWks - ok
00:39:58.0639 1908 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:39:58.0733 1908 TrustedInstaller - ok
00:39:58.0764 1908 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:39:58.0811 1908 tssecsrv - ok
00:39:58.0858 1908 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:39:58.0889 1908 TsUsbFlt - ok
00:39:58.0936 1908 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:39:58.0998 1908 tunnel - ok
00:39:59.0061 1908 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
00:39:59.0076 1908 TurboB - ok
00:39:59.0107 1908 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:39:59.0123 1908 TurboBoost - ok
00:39:59.0154 1908 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:39:59.0170 1908 uagp35 - ok
00:39:59.0217 1908 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:39:59.0295 1908 udfs - ok
00:39:59.0326 1908 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:39:59.0357 1908 UI0Detect - ok
00:39:59.0373 1908 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:39:59.0388 1908 uliagpkx - ok
00:39:59.0435 1908 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:39:59.0482 1908 umbus - ok
00:39:59.0513 1908 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:39:59.0560 1908 UmPass - ok
00:39:59.0591 1908 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:39:59.0669 1908 upnphost - ok
00:39:59.0731 1908 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:39:59.0778 1908 usbaudio - ok
00:39:59.0825 1908 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:39:59.0887 1908 usbccgp - ok
00:39:59.0934 1908 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:39:59.0965 1908 usbcir - ok
00:39:59.0997 1908 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:40:00.0028 1908 usbehci - ok
00:40:00.0075 1908 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:40:00.0121 1908 usbhub - ok
00:40:00.0153 1908 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:40:00.0184 1908 usbohci - ok
00:40:00.0231 1908 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:40:00.0262 1908 usbprint - ok
00:40:00.0293 1908 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:40:00.0340 1908 usbscan - ok
00:40:00.0355 1908 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:40:00.0402 1908 USBSTOR - ok
00:40:00.0449 1908 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:40:00.0480 1908 usbuhci - ok
00:40:00.0558 1908 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:40:00.0605 1908 usbvideo - ok
00:40:00.0636 1908 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:40:00.0699 1908 UxSms - ok
00:40:00.0714 1908 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:40:00.0714 1908 VaultSvc - ok
00:40:00.0745 1908 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:40:00.0761 1908 vdrvroot - ok
00:40:00.0808 1908 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:40:00.0901 1908 vds - ok
00:40:00.0933 1908 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:40:00.0964 1908 vga - ok
00:40:00.0979 1908 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:40:01.0057 1908 VgaSave - ok
00:40:01.0104 1908 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:40:01.0135 1908 vhdmp - ok
00:40:01.0167 1908 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:40:01.0182 1908 viaide - ok
00:40:01.0198 1908 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:40:01.0229 1908 volmgr - ok
00:40:01.0276 1908 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:40:01.0291 1908 volmgrx - ok
00:40:01.0338 1908 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:40:01.0354 1908 volsnap - ok
00:40:01.0401 1908 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:40:01.0416 1908 vsmraid - ok
00:40:01.0494 1908 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:40:01.0603 1908 VSS - ok
00:40:01.0619 1908 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:40:01.0635 1908 vwifibus - ok
00:40:01.0666 1908 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:40:01.0713 1908 vwififlt - ok
00:40:01.0744 1908 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:40:01.0791 1908 vwifimp - ok
00:40:01.0822 1908 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:40:01.0884 1908 W32Time - ok
00:40:01.0900 1908 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:40:01.0931 1908 WacomPen - ok
00:40:01.0993 1908 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:40:02.0071 1908 WANARP - ok
00:40:02.0087 1908 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:40:02.0118 1908 Wanarpv6 - ok
00:40:02.0196 1908 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:40:02.0274 1908 wbengine - ok
00:40:02.0305 1908 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:40:02.0352 1908 WbioSrvc - ok
00:40:02.0383 1908 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:40:02.0446 1908 wcncsvc - ok
00:40:02.0493 1908 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:40:02.0524 1908 WcsPlugInService - ok
00:40:02.0539 1908 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:40:02.0555 1908 Wd - ok
00:40:02.0602 1908 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:40:02.0649 1908 Wdf01000 - ok
00:40:02.0664 1908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:40:02.0758 1908 WdiServiceHost - ok
00:40:02.0773 1908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:40:02.0805 1908 WdiSystemHost - ok
00:40:02.0851 1908 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:40:02.0883 1908 WebClient - ok
00:40:02.0914 1908 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:40:02.0961 1908 Wecsvc - ok
00:40:02.0976 1908 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:40:03.0023 1908 wercplsupport - ok
00:40:03.0070 1908 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:40:03.0148 1908 WerSvc - ok
00:40:03.0179 1908 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:40:03.0241 1908 WfpLwf - ok
00:40:03.0257 1908 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:40:03.0257 1908 WIMMount - ok
00:40:03.0288 1908 WinDefend - ok
00:40:03.0304 1908 WinHttpAutoProxySvc - ok
00:40:03.0366 1908 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:40:03.0429 1908 Winmgmt - ok
00:40:03.0507 1908 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:40:03.0616 1908 WinRM - ok
00:40:03.0678 1908 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:40:03.0709 1908 WinUsb - ok
00:40:03.0741 1908 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:40:03.0819 1908 Wlansvc - ok
00:40:03.0943 1908 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:40:04.0006 1908 wlidsvc - ok
00:40:04.0053 1908 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:40:04.0068 1908 WmiAcpi - ok
00:40:04.0099 1908 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:40:04.0131 1908 wmiApSrv - ok
00:40:04.0162 1908 WMPNetworkSvc - ok
00:40:04.0193 1908 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:40:04.0224 1908 WPCSvc - ok
00:40:04.0255 1908 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:40:04.0287 1908 WPDBusEnum - ok
00:40:04.0318 1908 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:40:04.0365 1908 ws2ifsl - ok
00:40:04.0380 1908 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:40:04.0427 1908 wscsvc - ok
00:40:04.0458 1908 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
00:40:04.0505 1908 WSDPrintDevice - ok
00:40:04.0505 1908 WSearch - ok
00:40:04.0614 1908 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:40:04.0692 1908 wuauserv - ok
00:40:04.0739 1908 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:40:04.0770 1908 WudfPf - ok
00:40:04.0833 1908 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:40:04.0864 1908 WUDFRd - ok
00:40:04.0895 1908 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:40:04.0942 1908 wudfsvc - ok
00:40:04.0989 1908 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
00:40:05.0020 1908 WwanSvc - ok
00:40:05.0051 1908 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
00:40:05.0129 1908 yukonw7 - ok
00:40:05.0176 1908 ================ Scan global ===============================
00:40:05.0207 1908 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:40:05.0238 1908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:40:05.0254 1908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:40:05.0285 1908 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:40:05.0316 1908 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:40:05.0316 1908 [Global] - ok
00:40:05.0316 1908 ================ Scan MBR ==================================
00:40:05.0332 1908 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
00:40:06.0112 1908 \Device\Harddisk0\DR0 - ok
00:40:06.0112 1908 ================ Scan VBR ==================================
00:40:06.0127 1908 [ 98FA392A7F5F4A5EAE8D5AA6861452C8 ] \Device\Harddisk0\DR0\Partition1
00:40:06.0127 1908 \Device\Harddisk0\DR0\Partition1 - ok
00:40:06.0143 1908 [ B4AED65CCDE0A5E481E56860E57A7DD8 ] \Device\Harddisk0\DR0\Partition2
00:40:06.0143 1908 \Device\Harddisk0\DR0\Partition2 - ok
00:40:06.0174 1908 [ 1E6A1AA3E3B2BFB1729990198EF0B2F7 ] \Device\Harddisk0\DR0\Partition3
00:40:06.0174 1908 \Device\Harddisk0\DR0\Partition3 - ok
00:40:06.0174 1908 ============================================================
00:40:06.0174 1908 Scan finished
00:40:06.0174 1908 ============================================================
00:40:06.0190 3660 Detected object count: 2
00:40:06.0190 3660 Actual detected object count: 2
00:40:39.0340 3660 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
00:40:39.0340 3660 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:40:39.0340 3660 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:40:39.0340 3660 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:41:00.0603 2760 Deinitialize success


Alt 14.06.2013, 12:57   #6
markusg
/// Malware-holic
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang

Alt 14.06.2013, 19:41   #7
jannick
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-13.01 - Jay 14.06.2013  20:31:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3946.2662 [GMT 2:00]
ausgeführt von:: c:\users\Jay\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\sss
c:\program files (x86)\sss\licence.txt
c:\program files (x86)\sss\ReadMe.txt
c:\program files (x86)\sss\SimpleScreenshot.exe
c:\program files (x86)\sss\upload.php
c:\programdata\FullRemove.exe
c:\users\Jay\AppData\Roaming\convert\convert.exe
c:\users\Jay\Documents\~WRL0672.tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-14 bis 2013-06-14  ))))))))))))))))))))))))))))))
.
.
2013-06-14 18:36 . 2013-06-14 18:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-14 06:31 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDD72AC2-C7CA-416F-B5D5-05509D621DE4}\mpengine.dll
2013-06-12 18:26 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 18:25 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 18:25 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-05 16:31 . 2013-06-05 16:33	--------	d-----w-	c:\users\Jay\Hamburg Company Tour
2013-06-02 12:28 . 2013-06-05 16:32	--------	d-----w-	c:\users\Jay\Norderney 2013
2013-05-26 16:11 . 2013-05-26 17:55	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
2013-05-26 16:10 . 2013-05-26 16:10	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2013-05-26 15:07 . 2013-05-26 15:08	--------	d-----w-	c:\users\Jay\AppData\Roaming\ImgBurn
2013-05-26 14:55 . 2013-05-26 14:55	--------	d-----w-	c:\program files (x86)\ImgBurn
2013-05-24 14:38 . 2013-05-24 14:38	--------	d-----w-	c:\users\Jay\AppData\Roaming\e-academy Inc
2013-05-24 14:38 . 2013-05-24 14:38	--------	d-----w-	c:\users\Jay\AppData\Local\e-academy Inc
2013-05-24 00:38 . 2013-05-24 00:38	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-21 19:32 . 2013-05-21 19:32	--------	d-----w-	c:\users\Jay\AppData\Roaming\IrfanView
2013-05-21 19:32 . 2013-05-21 19:32	--------	d-----w-	c:\program files (x86)\IrfanView
2013-05-21 19:24 . 2013-05-21 19:24	--------	d-----w-	c:\users\Jay\AppData\Roaming\Bildverkleinerer
2013-05-21 19:12 . 2013-06-14 07:40	--------	d-----r-	c:\users\Jay\Dropbox
2013-05-21 19:11 . 2013-06-14 07:40	--------	d-----w-	c:\users\Jay\AppData\Roaming\Dropbox
2013-05-21 15:42 . 2013-06-12 09:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 15:42 . 2013-06-12 09:42	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 15:23 . 2013-06-07 21:09	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-05-21 15:18 . 2013-05-21 15:18	--------	d-----w-	c:\users\Jay\AppData\Local\Adobe
2013-05-20 19:42 . 2013-05-20 19:42	6572736	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2013-05-20 19:42 . 2013-05-20 19:42	6795992	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2013-05-20 18:25 . 2013-05-20 18:25	5079256	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2013-05-20 18:25 . 2013-05-20 18:25	4843712	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2013-05-20 18:25 . 2013-05-20 18:25	25367232	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2013-05-18 05:24 . 2013-05-18 05:24	2976448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\1031\MSOINTL.DLL
2013-05-16 10:39 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 10:39 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 10:39 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-16 10:39 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-16 10:39 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-16 10:39 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-16 10:39 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-16 10:39 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-16 10:39 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-16 10:38 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-16 10:38 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-16 10:38 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 09:42 . 2013-05-14 23:04	9089416	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 09:04 . 2011-03-28 16:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-04-28 12:42	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-16 23:45 . 2013-04-16 23:45	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-16 23:45 . 2013-04-16 23:45	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-16 23:45 . 2013-04-16 23:45	311200	----a-w-	c:\windows\system32\javaws.exe
2013-04-16 23:45 . 2013-04-16 23:45	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-16 23:45 . 2013-04-16 23:45	188832	----a-w-	c:\windows\system32\javaw.exe
2013-04-16 23:45 . 2013-04-16 23:45	188320	----a-w-	c:\windows\system32\java.exe
2013-04-13 05:49 . 2013-05-16 10:39	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 10:39	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 10:39	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 10:39	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 10:39	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 10:39	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:19	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-24 10:54 . 2013-03-24 10:54	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-24 10:54 . 2013-03-24 10:54	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-24 10:54 . 2013-03-24 10:54	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-24 10:54 . 2013-03-24 10:54	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-24 10:54 . 2013-03-24 10:54	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-24 10:54 . 2013-03-24 10:54	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-24 10:54 . 2013-03-24 10:54	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-24 10:54 . 2013-03-24 10:54	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-24 10:54 . 2013-03-24 10:54	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-24 10:54 . 2013-03-24 10:54	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-24 10:54 . 2013-03-24 10:54	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-24 10:54 . 2013-03-24 10:54	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-24 10:54 . 2013-03-24 10:54	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-24 10:54 . 2013-03-24 10:54	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-24 10:54 . 2013-03-24 10:54	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-24 10:54 . 2013-03-24 10:54	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-24 10:54 . 2013-03-24 10:54	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-24 10:54 . 2013-03-24 10:54	441856	----a-w-	c:\windows\system32\html.iec
2013-03-24 10:54 . 2013-03-24 10:54	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-24 10:54 . 2013-03-24 10:54	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-24 10:54 . 2013-03-24 10:54	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-24 10:54 . 2013-03-24 10:54	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-24 10:54 . 2013-03-24 10:54	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-24 10:54 . 2013-03-24 10:54	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-24 10:54 . 2013-03-24 10:54	235008	----a-w-	c:\windows\system32\url.dll
2013-03-24 10:54 . 2013-03-24 10:54	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-24 10:54 . 2013-03-24 10:54	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-24 10:54 . 2013-03-24 10:54	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-24 10:54 . 2013-03-24 10:54	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-24 10:54 . 2013-03-24 10:54	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-24 10:54 . 2013-03-24 10:54	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-24 10:54 . 2013-03-24 10:54	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-24 10:54 . 2013-03-24 10:54	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-24 10:54 . 2013-03-24 10:54	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-24 10:54 . 2013-03-24 10:54	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-24 10:54 . 2013-03-24 10:54	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-24 10:54 . 2013-03-24 10:54	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-24 10:54 . 2013-03-24 10:54	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-24 10:54 . 2013-03-24 10:54	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-24 10:54 . 2013-03-24 10:54	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-24 10:54 . 2013-03-24 10:54	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-24 10:54 . 2013-03-24 10:54	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-24 10:54 . 2013-03-24 10:54	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-24 10:54 . 2013-03-24 10:54	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-24 10:54 . 2013-03-24 10:54	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-24 10:54 . 2013-03-24 10:54	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-24 10:54 . 2013-03-24 10:54	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-24 10:54 . 2013-03-24 10:54	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-24 10:54 . 2013-03-24 10:54	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-24 10:53 . 2013-03-24 10:53	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-03-24 10:53 . 2013-03-24 10:53	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-03-24 10:53 . 2013-03-24 10:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-24 10:53 . 2013-03-24 10:53	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-24 10:53 . 2013-03-24 10:53	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-03-24 10:53 . 2013-03-24 10:53	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-03-24 10:53 . 2013-03-24 10:53	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-24 10:53 . 2013-03-24 10:53	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-03-24 10:53 . 2013-03-24 10:53	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-03-24 10:53 . 2013-03-24 10:53	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-24 10:53 . 2013-03-24 10:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-03-24 10:53 . 2013-03-24 10:53	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-03-24 10:53 . 2013-03-24 10:53	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-03-24 10:53 . 2013-03-24 10:53	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-24 10:53 . 2013-03-24 10:53	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-03-24 10:53 . 2013-03-24 10:53	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-03-24 10:53 . 2013-03-24 10:53	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-24 10:53 . 2013-03-24 10:53	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-03-24 10:53 . 2013-03-24 10:53	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	130736	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jay\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys;c:\windows\SYSNATIVE\drivers\KovaPlusFltr.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-21 09:42]
.
2013-06-14 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 19:59	2328776	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 19:59	2328776	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 19:59	2328776	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	164016	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	164016	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	164016	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45	164016	----a-w-	c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Jay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 134.102.20.20 134.102.149.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\72rlucgj.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF - ExtSQL: !HIDDEN! 2012-12-25 16:47; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);FF - user.js: general.useragent.extra.brc - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-Tactical Ops - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-14  20:39:28
ComboFix-quarantined-files.txt  2013-06-14 18:39
.
Vor Suchlauf: 9 Verzeichnis(se), 92.380.524.544 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 95.509.663.744 Bytes frei
.
- - End Of File - - 3F9F369EF679DDE763938237BBC88081
         
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

Alt 14.06.2013, 20:03   #8
markusg
/// Malware-holic
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 12:53   #9
jannick
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Sorry, war das Wochenende nicht da.

Hier der Logfile:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Jay :: JAY-PC [Administrator]

17.06.2013 12:36:02
mbam-log-2013-06-17 (12-36-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401852
Laufzeit: 59 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Jay\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 11
C:\Program Files (x86)\Mozilla Firefox\Plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jay\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 17.06.2013, 13:30   #10
markusg
/// Malware-holic
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Hi soweit kommts noch, dass man sich für ein freies WE entschuldigen muss.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 15:11   #11
jannick
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



7-Zip 9.20 12.07.2012 UNBEKANNT
Active@ ISO Burner LSoft Technologies 06.06.2012 2.5.1 NOTWENDIG
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 NOTWENDIG
Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 21.05.2013 143MB 11.0.03 NOTWENDIG
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 15.04.2013 26,3MB 8.0.911.0 UNNÖTIG
AmerigoMedia Hauptstädte-Quiz AmerigoMedia - Thomas Gottfried EDV 15.05.2011 UNNÖTIG
Atheros Client Installation Program Atheros 24.11.2010 1.0.5.0621 NOTWENIDG
Audacity 2.0.2
Audacity Team 25.12.2012 43,5MB 2.0.2 NOTWENDiG
BatteryLifeExtender Samsung 24.11.2010 31,5MB 1.0.5 NOTWENDIG
Broadcom 802.11 Network Adapter Broadcom Corporation 24.12.2012 5.60.48.44 NOTWENDIG
CamStudio 08.08.2012 UNNÖTIG
CCleaner Piriform 24.05.2013 4.02 NOTWENDIG
Counter-Strike: Global Offensive Valve 08.04.2013 NOTWENDIG
Counter-Strike: Source Valve 29.03.2013 4,48GB 1.0.0.0 NOTWENDIG
Crysis® 2 Electronic Arts 01.04.2012 7,57GB 1.0.0.0 UNNÖTIG
CyberLink YouCam CyberLink Corp. 05.04.2011 77,2MB 2.0.3911 UNNÖTIG
Dropbox Dropbox, Inc. 29.05.2013 2.0.22 NOTWENDIG
Easy Content Share Samsung Electronics Co., LTD 24.11.2010 12,4MB 1.0.0.13 UNNÖTIG
Easy Display Manager Samsung Electronics Co., Ltd. 24.11.2010 3.2 UNNÖTIG
Easy Network Manager Samsung 24.11.2010 34,9MB 4.3.3 UNNÖTIG
Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 24.11.2010 2.1.0.11 UNNÖTIG
easy Whiteboard 23.04.2011 UNNÖTIG
EasyBatteryManager Samsung 24.11.2010 4.0.0.4 UNNÖTIG
EasyFileShare Samsung 24.11.2010 29,4MB 1.0.3 UNBEKANNT
ETDWare PS/2-x64 7.0.7.0_WHQL ELAN Microelectronics Corp. 24.11.2010 7.0.7.0 UNBEKANNT
EVEREST Home Edition v2.20 Lavalys Inc 15.04.2013 2.20 NOTWENDIG
Free Sound Recorder v9.4.1 Copyright(C) 2005-2012 FreeSoundRecorder Technologies, Inc. 28.11.2012 22,8MB UNNÖTIG
Free Video Converter V 3.1 Koyote Soft 29.11.2012 10,7MB 3.1.0.0 UNNÖTIG
Free Video Dub version 2.0.7.423 DVDVideoSoft Ltd. 26.04.2012 63,9MB 2.0.7.423 UNNÖTIG
Free Video Flip and Rotate version 2.1.3.903 DVDVideoSoft Ltd. 09.09.2012 79,6MB 2.1.3.903 UNNÖTIG
GIMP 2.8.4 The GIMP Team 17.04.3 244MB 2.8.4 UNNÖTIG
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 14.06.2012 127MB 23.0.504.0 NOTWENDIG
HP Deskjet 3070 B611 series Hilfe Hewlett Packard 14.06.2012 8,89MB 140.0.2.2 NOTWENDIG
HP Photo Creations HP Photo Creations 14.06.2012 40,0MB 1.0.0.5192 NOTWENDIG
ICQ7.5 ICQ 08.05.2011 7.5 UNNÖTIG
IDroo 1.0.0.154 Iteral Group Ltd 14.07.2012 1.0.0.154 UNNÖTIG
ImgBurn LIGHTNING UK! 26.05.2013 2.5.7.0 UNBEKANNT
Intel(R) Rapid Storage Technology Intel Corporation 17.06.2013 9.6.3.1001 UNBEKANNT
Intel(R) Turbo Boost Technology Driver Intel Corporation 24.12.2012 01.02.00.1002 UNBEKANNT
IrfanView (remove only) Irfan Skiljan 21.05.2013 2,00MB 4.35 UNNÖTIG
Java 7 Update 21 (64-bit) Oracle 17.04.2013 128MB 7.0.210 UNBEKANNT
Java(TM) 7 Update 4 Oracle 18.05.2012 99,3MB 7.0.40 UNBEKANNT
JavaFX 2.1.0 Oracle Corporation 18.05.2012 20,8MB 2.1.0 UNBEKANNT
LAME v3.99.3 (for Windows) 25.12.2012 1,52MB UNBEKANNT
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 15.06.2013 19,2MB 1.75.0.1300 NOTWENDIG
Marvell Miniport Driver Marvell 24.11.2010 11.22.3.3 UNBEKANNT
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.04.2011 38,8MB 4.0.30319 NOTWENDIG
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.04.2011 2,93MB 4.0.30319 NOTWENDIG 15.0.4420.1017
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.05.2011 252KB 8.0.50727.4053 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 300KB 8.0.61001 UNBEKANNT
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 27.05.2011 200KB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 24.11.2010 788KB 9.0.30729.4148 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.06.2011 788KB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 01.04.2012 234KB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 01.05.2011 596KB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 600KB 9.0.30729.6161 UNBEKANNT
Mozilla Firefox 21.0 (x86 de) Mozilla 24.05.2013 80,6MB 21.0 NOTWENDIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.06.2012 1,27MB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.06.2012 1,33MB 4.20.9876.0 UNBEKANNT
Napoleon: Total War The Creative Assembly 27.04.2011 UNNÖTIG
Norton Online Backup Symantec Corporation 24.11.2010 6,19MB 2.1.17869 UNNÖTIG
Pazera Free MP4 to AVI Converter 1.6 Jacek Pazera 09.09.2012 6,32MB 1.6 UNNÖTIG
PDF Architect pdfforge 13.02.2013 91,1MB 1.0.52.8917 UNBEKANNT
PDF24 Creator 5.4.0 PDF24.org 25.03.2013 40,3MB UNNÖTIG
PDFCreator pdfforge 13.02.2013 1.6.2 UNNÖTIG
PKR PKR Ltd 20.07.2012 UNNÖTIG
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.11.2010 6.0.1.6083 NOTWENDIG
REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 24.11.2010 0133.09.1202 NOTWENDIG
SAMSUNG Mobile Composite Device Software 17.06.2012 NOTWENDIG
SAMSUNG Mobile Modem Driver Set 17.06.2012 NOTWENDIG
Samsung Mobile phone USB driver Drive Software 17.06.2012 NOTWENDIG
SAMSUNG Mobile USB Modem 1.0 Software 17.06.2012 NOTWENDIG
SAMSUNG Mobile USB Modem Software 17.06.2012 NOTWENDIG
Samsung PC Studio 3 Samsung Electronics Co., Ltd. 17.06.2012 3.2.2.80601 NOTWENDIG
Samsung Recovery Solution 4 Samsung 24.11.2010 4.0.0.6 NOTWENDIG
Samsung Support Center Samsung 24.11.2010 45,8MB 1.0.2 NOTWENDIG
Samsung Update Plus Samsung Electronics Co., Ltd. 24.11.2010 NOTWENDIG 2.0 NOTWENDIG
Secure Download Manager Kivuto Solutions Inc. 24.05.2013 935KB 3.1.0
SimpleScreenshot 1.40 21.06.2011 NOTWENDIG
Skype™ 6.3 Skype Technologies S.A. 20.05.2013 20,9MB 6.3.107 NOTWENDIG
Steam Valve 27.04.2011 42,1MB 1.0.0.0 NOTWENDIG
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten Hewlett-Packard Co. 14.06.2012 8,13MB 23.0.504.0 UNBEKANNT
Tactical Ops Infogrames 28.03.2013 NOTWENDIG
TeamSpeak 3 Client TeamSpeak Systems GmbH 01.04.2013 3.0.10 NOTWENDIG
User Guide 24.11.2010 1.0
Video Converter Packages 29.11.2012 UNBEKANNT
VLC media player 2.0.1 VideoLAN 18.04.2012 2.0.1 NOTWENDIG
Vokabel Trainer 5 Manuel Wäschle 06.05.2013 6,31MB NOTWENDIG
Windows Live Essentials Microsoft Corporation 25.06.2012 15.4.3555.0308 NOTWENDIG
Windows Media Player Firefox Plugin Microsoft Corp 23.06.2011 296KB 1.0.0.8 NOTWENDIG
Windows-Treiberpaket - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 17.06.2012 03/16/ 2012 6.5.1.2600 NOTWENDIG
Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 17.06.2012 03/16/2012 6.5.1.2600 NOTWENDIG
Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 24.12.2012 03/16/2012 6.5.1.2600 NOTWENDIG
Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 24.12.2012 03/16/2012 6.5.1.2600 NOTWENDIG
Windows-Treiberpaket - Broadcom HIDClass (09/11/2009 6.3.0.1500) Broadcom 17.06.2012 09/11/2009 6.3.0.1500 NOTWENDIG
XnView 1.98.8 Gougelet Pierre-e 28.05.2012 16,0MB 1.98.8 UNBEKANNT
Überwachungstool für die Intel® Turbo-Boost-Technik Intel 05.04.2011 2,15MB 1.0.400.4 UNBEKANNT

Alt 18.06.2013, 15:26   #12
markusg
/// Malware-holic
 
Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Standard

Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang



Hi,
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

AMD
AmerigoMedia
CamStudio
Crysis®
CyberLink
Easy: alle
Free : alle
GIMP
ICQ7.5
IDroo
ImgBurn
IrfanView
Java(TM)
JavaFX
Napoleon:
Norton
Pazera
PDF: alle
PKR
Studie
Video Converter

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang
ahnung, dankbar, ebenfalls, emailadresse, gmx, grund, keine ahnung, lauter, missbraucht, postfach, problem, schei, spam, sämtliche, sämtlichen, unterstützung, voll



Ähnliche Themen: Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang


  1. Mailer-Daemon-Mail Hack oder Spam?
    Überwachung, Datenschutz und Spam - 13.04.2015 (3)
  2. Mailer Daemon - Undelivered Message - Von Nachrichten die nicht vom Account gesendet wurde
    Überwachung, Datenschutz und Spam - 16.11.2014 (3)
  3. Mysteriöse Mailer-Daemon-mail
    Überwachung, Datenschutz und Spam - 13.07.2014 (15)
  4. [Win 8.1] Spam Email GMX mailer-daemon und .exe Anhänge
    Log-Analyse und Auswertung - 07.06.2014 (3)
  5. GMX mailer-daemon
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (4)
  6. Flut von Mailer Daemon @ GMX Mails!
    Log-Analyse und Auswertung - 28.10.2013 (6)
  7. MAILER-DAEMON@gmx.net - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (7)
  8. E-Mail Account gehackt? mailer-daemon@gmx.de
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (17)
  9. Mailer-Daemon Flut bei gmx-account
    Log-Analyse und Auswertung - 03.02.2013 (13)
  10. e-Mail Flut mit mailer-daemon Meldungen
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (24)
  11. Mailer-Daemon - erhalte für EINGEGANGENE Mails Mailer-Daemon-Nachrichten
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (3)
  12. hunderte Mails von MAILER-DAEMON@mailout-de.gmx.net in zwei tagen im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  13. Mailer Daemon Nachrichten im gmx.de Account
    Überwachung, Datenschutz und Spam - 28.09.2012 (22)
  14. Mailer Daemon-Flut bei GMX-Konto
    Überwachung, Datenschutz und Spam - 20.11.2011 (14)
  15. Spam von MAILER-DAEMON@mailout-de.gmx.net
    Plagegeister aller Art und deren Bekämpfung - 11.07.2011 (8)
  16. mailer-daemon@mail.gmx.de
    Überwachung, Datenschutz und Spam - 14.04.2011 (26)
  17. mailer-daemon@mx0.gmx.net=virus?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2005 (5)

Zum Thema Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang - Hallo, ich habe ebenfalls das Problem mit den Mailer-Daemons. Öffne ich mein Postfach bei GMX ist es von oben bis unten voll mit solchen Mails. Keine Ahnung was der Grund - Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang...
Archiv
Du betrachtest: Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.