Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 Desktop Overlay "this programm cannot display the webpage"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 27.07.2012, 19:29   #1
legend123
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



hallo erstmal,

hab mir gestern anscheinend was eingefangen.
wenn ich den pc normal starte, braucht er schonmal länger wenn er den desktop lädt und sobald dieser erscheint bekomm ich gleich nen fullscreen overlay mit der fehlermeldung "this program cannot display webpage".
ein beenden dieses overlay ist auf diversen wegen nicht möglich, auch verschwindet der taskmanager sofort nach erscheinen wieder.

im abgesicherten modus kann ich ganz normal agieren soweit.
allerdings funktioniert der restore nicht.
das ganze spielt sich auf win7 64 bit system ab.



Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.14

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
oliver :: OLIVER-PC [Administrator]

Schutz: Deaktiviert

26.07.2012 21:52:26
mbam-log-2012-07-26 (21-52-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 460040
Laufzeit: 15 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0









OTL


OTL logfile created on: 27.07.2012 20:18:59 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\oliver\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 75,37% Memory free
16,00 Gb Paging File | 14,11 Gb Available in Paging File | 88,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 1,37 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1381,79 Gb Free Space | 98,89% Space Free | Partition Type: NTFS

Computer Name: OLIVER-PC | User Name: oliver | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.27 20:17:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\oliver\Downloads\OTL.exe
PRC - [2012.07.26 21:54:49 | 000,050,477 | ---- | M] () -- C:\Users\oliver\Downloads\Defogger.exe
PRC - [2011.12.18 22:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.26 21:54:49 | 000,050,477 | ---- | M] () -- C:\Users\oliver\Downloads\Defogger.exe
MOD - [2012.07.10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012.07.10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012.07.10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012.07.10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012.07.10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012.07.10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.01.23 09:38:24 | 007,515,000 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012.01.23 09:38:24 | 000,552,312 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV:64bit: - [2011.11.03 16:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2011.04.20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.20 09:38:15 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 12:40:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 12:40:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.28 21:11:19 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.12.18 22:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.14 00:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.11.14 00:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 19:45:34 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.05.08 19:45:34 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.08 12:40:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 12:40:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.05 15:18:06 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.15 16:00:35 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.14 11:29:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011.11.14 11:29:44 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.11.14 11:29:42 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.11.14 00:43:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.11.14 00:42:40 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.11.14 00:42:12 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.11.13 22:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.11.13 22:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.11.03 16:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011.08.29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.05.07 18:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011.04.20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 04:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 BA 3A 93 77 25 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oliver\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oliver\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.03.12 15:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.01.01 18:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.01.04 18:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.04 18:32:39 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\oliver\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - Extension: Chrome OGame (de) = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdpddllhkgmdfdeccgkjofpegkdmnhp\1.2.76_0\
CHR - Extension: Chrome OGame (de) = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdpddllhkgmdfdeccgkjofpegkdmnhp\1.2.76_1\
CHR - Extension: Chrome OGame (de) = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdpddllhkgmdfdeccgkjofpegkdmnhp\1.2.76_2\
CHR - Extension: Chrome OGame (de) = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdpddllhkgmdfdeccgkjofpegkdmnhp\1.2.76_3\
CHR - Extension: Chrome OGame (de) = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdpddllhkgmdfdeccgkjofpegkdmnhp\1.2.76_4\
CHR - Extension: Chrome OGame (de) = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdpddllhkgmdfdeccgkjofpegkdmnhp\1.2.76_5\
CHR - Extension: InfoCompte_lang = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimhpeimnbifnhnehoclnkhakhcjbegb\1.4.4_0\
CHR - Extension: InfoCompte3 = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndpplchjhkahobdffdpicljlbeololmp\3.5.7_0\
CHR - Extension: Vuze Remote = C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\

O1 HOSTS File: ([2012.01.04 16:23:01 | 000,002,292 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 127.0.0.1 www.hh-software.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 24 more lines...
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [mtxilywwmxksrcf] C:\ProgramData\mtxilyww.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90C19B23-A11D-4C92-B13F-55F13176D626}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{557b1410-379d-11e1-ba13-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{557b1410-379d-11e1-ba13-005056c00008}\Shell\AutoRun\command - "" = K:\AutoRunCD.exe
O33 - MountPoints2\{ddd72c0b-3487-11e1-8134-0021973d996a}\Shell - "" = AutoRun
O33 - MountPoints2\{ddd72c0b-3487-11e1-8134-0021973d996a}\Shell\AutoRun\command - "" = S:\UpdateInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.26 21:20:44 | 000,000,000 | ---D | C] -- C:\Users\oliver\AppData\Roaming\Malwarebytes
[2012.07.26 21:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 21:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.26 21:20:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.26 21:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.25 23:13:20 | 000,000,000 | ---D | C] -- C:\Users\oliver\AppData\Local\ElevatedDiagnostics
[2012.07.25 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\oliver\AppData\Local\NPE
[2012.07.25 20:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.07.25 19:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\hgrqtleemsdryye
[2012.07.06 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\oliver\Desktop\New folder (6)
[2012.07.06 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\oliver\Desktop\New folder (5)

========== Files - Modified Within 30 Days ==========

[2012.07.26 21:55:34 | 000,800,130 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.26 21:55:34 | 000,665,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.26 21:55:34 | 000,127,280 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 21:55:14 | 000,000,168 | ---- | M] () -- C:\Users\oliver\defogger_reenable
[2012.07.26 21:49:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 21:49:09 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 21:45:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.26 21:20:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 22:46:31 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 22:46:31 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 22:43:46 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 22:43:45 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3747939165-3675581790-2051947424-1000UA.job
[2012.07.25 20:02:11 | 000,415,860 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012.07.25 19:41:14 | 000,000,051 | ---- | M] () -- C:\ProgramData\oynhmqcjejiwxzm
[2012.07.25 19:41:01 | 000,061,440 | ---- | M] () -- C:\ProgramData\mtxilyww.exe
[2012.07.25 06:42:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3747939165-3675581790-2051947424-1000Core.job
[2012.07.22 23:45:24 | 000,397,516 | ---- | M] () -- C:\Users\oliver\Desktop\lände.jpg
[2012.07.22 20:35:57 | 003,839,874 | ---- | M] () -- C:\Users\oliver\Desktop\IMG_2199.JPG
[2012.07.21 19:11:04 | 000,076,497 | ---- | M] () -- C:\Users\oliver\Desktop\Capture4.JPG
[2012.07.20 17:38:20 | 004,590,338 | ---- | M] () -- C:\Users\oliver\Desktop\IMG_2179.JPG
[2012.07.20 17:33:20 | 002,581,115 | ---- | M] () -- C:\Users\oliver\Desktop\IMG_2185.JPG
[2012.07.20 17:23:11 | 001,233,823 | ---- | M] () -- C:\Users\oliver\Desktop\IMG_2177.JPG
[2012.07.19 16:19:57 | 003,147,846 | ---- | M] () -- C:\Users\oliver\Desktop\IMG_2148.JPG
[2012.07.12 09:59:46 | 005,166,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.04 22:38:16 | 000,806,041 | ---- | M] () -- C:\Users\oliver\Desktop\wels.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012.07.26 21:55:14 | 000,000,168 | ---- | C] () -- C:\Users\oliver\defogger_reenable
[2012.07.26 21:20:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 19:41:14 | 000,061,440 | ---- | C] () -- C:\ProgramData\mtxilyww.exe
[2012.07.25 19:41:05 | 000,000,051 | ---- | C] () -- C:\ProgramData\oynhmqcjejiwxzm
[2012.07.22 23:45:23 | 000,397,516 | ---- | C] () -- C:\Users\oliver\Desktop\lände.jpg
[2012.07.22 23:41:44 | 003,839,874 | ---- | C] () -- C:\Users\oliver\Desktop\IMG_2199.JPG
[2012.07.21 19:11:04 | 000,076,497 | ---- | C] () -- C:\Users\oliver\Desktop\Capture4.JPG
[2012.07.20 17:36:47 | 004,590,338 | ---- | C] () -- C:\Users\oliver\Desktop\IMG_2179.JPG
[2012.07.20 17:35:45 | 002,581,115 | ---- | C] () -- C:\Users\oliver\Desktop\IMG_2185.JPG
[2012.07.20 17:25:02 | 001,233,823 | ---- | C] () -- C:\Users\oliver\Desktop\IMG_2177.JPG
[2012.07.19 23:06:14 | 003,147,846 | ---- | C] () -- C:\Users\oliver\Desktop\IMG_2148.JPG
[2012.07.04 22:38:14 | 000,806,041 | ---- | C] () -- C:\Users\oliver\Desktop\wels.jpg
[2012.05.15 13:56:49 | 002,860,568 | ---- | C] () -- C:\Users\oliver\IMG_8002.JPG
[2012.05.15 13:56:49 | 002,782,017 | ---- | C] () -- C:\Users\oliver\IMG_8191.JPG
[2012.05.15 13:56:49 | 002,681,339 | ---- | C] () -- C:\Users\oliver\IMG_8003.JPG
[2012.05.15 13:56:49 | 002,671,878 | ---- | C] () -- C:\Users\oliver\IMG_8006.JPG
[2012.05.15 13:56:49 | 002,571,365 | ---- | C] () -- C:\Users\oliver\IMG_8005.JPG
[2012.05.15 13:56:49 | 002,402,120 | ---- | C] () -- C:\Users\oliver\IMG_8190.JPG
[2012.04.29 18:33:52 | 000,000,094 | ---- | C] () -- C:\Users\oliver\AppData\Local\fusioncache.dat
[2012.04.28 21:11:26 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.28 21:11:19 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.28 21:11:18 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.04.24 17:37:02 | 000,000,632 | RHS- | C] () -- C:\Users\oliver\ntuser.pol
[2012.02.28 00:59:07 | 000,000,132 | ---- | C] () -- C:\Users\oliver\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012.01.01 18:10:56 | 000,805,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.01 16:50:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012.07.13 01:05:35 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\Azureus
[2012.01.01 18:09:43 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\CheckPoint
[2012.02.22 02:00:08 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\DAEMON Tools Lite
[2012.07.25 22:43:37 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\Dropbox
[2012.01.04 02:01:51 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\HDRsoft
[2012.02.28 00:49:48 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\MAXON
[2012.01.04 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\PACE Anti-Piracy
[2012.01.04 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.29 22:42:13 | 000,000,000 | ---D | M] -- C:\Users\oliver\AppData\Roaming\TeamViewer
[2012.06.10 18:41:41 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 944 bytes -> C:\Users\oliver\AppData\Local\oRXvg9w4CbxQlX:QyV9312de8qjwYvtAgs
@Alternate Data Stream - 64 bytes -> C:\Users\oliver\Desktop\fotos fabriken:AFP_AfpInfo
@Alternate Data Stream - 20 bytes -> C:\Users\oliver\Desktop\logserv:Mac_Metadata

< End of report >







OTL Extras logfile created on: 27.07.2012 20:18:59 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\oliver\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 75,37% Memory free
16,00 Gb Paging File | 14,11 Gb Available in Paging File | 88,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 1,37 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1381,79 Gb Free Space | 98,89% Space Free | Partition Type: NTFS

Computer Name: OLIVER-PC | User Name: oliver | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00669B0E-7589-42C2-A1EE-72302D94FAE0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04FA7B85-A941-4545-B072-5FDC361DDF04}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{1C2F077E-4B40-42AB-89F1-BA3C051B4474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36F02FC9-2E53-486F-A467-7BACFF60662A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39D5CE17-690C-41A6-879F-06849B0EBD86}" = rport=445 | protocol=6 | dir=out | app=system |
"{41A0DBAD-CF6A-4E48-A7F7-CE9BDAB23057}" = lport=139 | protocol=6 | dir=in | app=system |
"{41BF2AEB-0498-4A38-BD2B-3AC874E87CF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47BC922C-DC32-4CF9-9B26-C519A1DD3F4D}" = rport=139 | protocol=6 | dir=out | app=system |
"{71B4A233-77F5-480E-86FA-74899DDF7C35}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{778251BC-1D72-4DC1-8730-C257FC9428B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E7B0311-96D0-43D2-9469-AEB18F6AB022}" = rport=138 | protocol=17 | dir=out | app=system |
"{9931368A-E72D-41F0-B15F-7D3CD916E6B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D228E6D-FA5F-4528-B12E-6D1C082A4EE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B754580F-6BB8-4547-9DC7-5CD0F3ACB297}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E011D7A5-D634-4436-B7F1-60F11936179F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E014AFDB-2333-4B80-AEED-155DF18D7F65}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E749F67B-1FA1-4894-BB28-57E68EDC9DD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1BB9C66-94D7-4919-874E-322D2A4439BD}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3873C1F-23FA-4804-AB04-6EFE11DC1E3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F48E12CF-FD0B-4641-B315-BB3766491615}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9599BB2-422D-4FAA-B7F7-4AC93C7D5A4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC0E5D23-86F9-476B-89A7-871656443050}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FC1E7318-666E-41AE-9604-57764AE5B748}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC3D71C8-1CCA-48A2-A5FF-2878911E4E2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{FDB8F0EA-5546-4C43-9127-CE51FD2BDB0C}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF7C4B49-7B22-4F74-9A7C-0BD19CC885EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0477815E-505C-4EB3-BE23-AAB88328C682}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05BDF82E-9AA3-4FC4-909E-5214E720B65F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06577054-D47D-415C-9214-4B57BC495DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{069594AB-F0A6-425E-AC85-1FA64573681F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15FBD14D-285F-4088-A77D-00102A0B7D88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{1A5AD5AC-40DC-4C74-9484-760E13A9348D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{28C79AB8-3A1A-4A1C-8E6D-9C430757429D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2F629800-46E4-4147-9F2A-F8230AFE6447}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{3AF48CBC-EB4F-4268-8F69-D50EC6CB50A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B4B7DA6-7710-4691-A26C-07B1898B42B6}" = protocol=17 | dir=in | app=c:\users\oliver\appdata\roaming\dropbox\bin\dropbox.exe |
"{3FF16809-CACE-4439-B1D3-862C58786939}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4027B5EF-902B-4CB9-A686-3020F365AA86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{456DCE8F-B035-46BB-9F3B-D69555E5C2E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{482BCFA6-C7C8-4764-9A47-56397F3FF1D5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{49CC8BD2-C051-4705-8AF0-DD1EDB59C81A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C9C76B8-B197-4389-83D1-732B3C35E6D6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{4CD7EC3D-85A3-4D0A-A1CC-D1BD4D0CDB86}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{4CF85D99-3A89-40F1-B8E4-38DC17F9549A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F76390E-1ACF-4DC8-883E-C68523E86CE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5568A5FA-04B6-4A16-99EE-88685D730C57}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{5604AF65-1467-4228-B0C4-1B0F3A228B95}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{637A5AC6-F16D-4ED7-81EE-3956E85BEC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{64A36905-03FC-41A8-AC64-AEDAEFB67156}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{69EA44C5-8C6F-4922-B6EF-314B18A631DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6A47E645-CF4A-4343-8D57-52884B698936}" = protocol=6 | dir=out | app=system |
"{6FAE3253-125A-4C89-92C0-2F6998D4B3D2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74DBE9BD-2E53-4AA8-AACB-DB62CAE99672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AE98C73-AFFE-4EF7-95B8-AFBF7B4133F2}" = protocol=17 | dir=in | app=c:\users\oliver\appdata\roaming\dropbox\bin\dropbox.exe |
"{8796E0D8-FB05-44FD-AA62-0BFACFFE6FB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{882FB7BF-3B04-4B04-BA3B-35D8ED1231DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{89819204-E17E-43D7-93D3-5B8CADBA9F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8F0B3994-4DF6-429B-A2B0-295B04A0B787}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{93EEBFE1-E0B4-4F41-BA35-946BB197CCFC}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{969DC30D-08FA-4C19-811D-E40CB9AF9FBB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{97749D94-520F-4421-94DD-EAA2BA4AE345}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A32AEB5-A0EA-4C18-847A-B88501908E89}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C501B05-9490-4787-AB0D-A6007D500226}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{9D4DF5D4-BFB2-40AA-8EED-311BF31FF777}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A4FA0E05-508A-43C3-8784-97127EB7C53A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB2278B9-DB8E-4BA3-900D-FC4D09E4A4AD}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{ABB8E006-54A7-4D0A-9CE9-5EB060F7AD06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE0E5B51-17CB-4E64-9685-B7A9FC1A6F21}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{B3094AAA-64B4-437A-9443-D9CE47FC35C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{B66A9EB9-9649-45C1-864A-94A64C413D30}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{B98CC43F-F272-4A15-A903-901A530D8067}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{BA927F17-DF98-45F7-B648-08395034E626}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BAC39FA0-BE5A-4B00-B646-42602CFB0F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BAF79969-A082-4E3B-8817-7CCFDE1832CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD044719-9288-4680-9FA2-D4DBA4B32AED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C22F28B2-E42A-4EE4-B4B1-4AFA78029994}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2FEEAAB-CF5A-49C8-8AA1-745C77CB46A3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3B497F0-221E-474C-A959-F8E7C766857A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{C7EB2E39-4307-4445-A08D-C41FDBF30BE9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{C8E1FABF-E32C-4A09-BA9E-CE7D3D42CC59}" = protocol=6 | dir=in | app=c:\users\oliver\appdata\roaming\dropbox\bin\dropbox.exe |
"{CE50E5F3-7A96-49ED-B00A-017CE0BC51C4}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{CEFBDE2F-AD12-492C-839E-57DF9AB7FA3C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{D43B5EB3-9CFF-4A98-AB56-029C2DABF671}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{DFB2958D-D1BF-4766-A28B-B263F1FF9384}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E072AC83-6CB2-417C-9DF7-34AA774EE336}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4550090-F11B-433A-841A-494D426C913B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E4B67AEF-AE8F-4583-85FF-40B3CF96155E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{E71678BE-7B6D-4248-A397-D7CB32C304EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E982F6D7-4469-4BE1-A3D3-D0B81E3F11C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E98525C7-5FC3-4AC9-9794-BEF29E41B3EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ED8B9CBD-07C7-4410-A97D-CBFA3C928784}" = protocol=6 | dir=in | app=c:\users\oliver\appdata\roaming\dropbox\bin\dropbox.exe |
"{F2C5D1FA-C312-416C-9EBC-9AE6F15AFCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{FC30C70B-B80A-416C-BA0F-8313420FAAD0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{FCC94C78-25E8-4AAF-9FF5-477E35977475}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{5147C2C7-0F82-446F-A7E6-AE70ABB977CD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{A0D34E0C-C25C-4FF9-8308-51A503DE2FFB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.3
"Wacom Tablet Driver" = Wacom Tablet
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{245F5D2D-6F34-4970-B8D7-D6F3C3C07575}" = ZoneAlarm Firewall
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96ACE4A4-C769-47D2-9FCE-4F46754857E7}" = ZoneAlarm Security
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Free Antivirus
"Black Mirror 3" = Black Mirror 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"EADM" = EA Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PunkBusterSvc" = PunkBuster Services
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TeamViewer 7" = TeamViewer 7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"VMware_Player" = VMware Player
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25.07.2012 06:54:59 | Computer Name = oliver-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5117

Error - 25.07.2012 06:54:59 | Computer Name = oliver-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5117

Error - 25.07.2012 06:55:00 | Computer Name = oliver-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25.07.2012 06:55:00 | Computer Name = oliver-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6115

Error - 25.07.2012 06:55:00 | Computer Name = oliver-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6115

Error - 25.07.2012 14:14:47 | Computer Name = oliver-PC | Source = System Restore | ID = 8210
Description =

Error - 25.07.2012 15:56:13 | Computer Name = oliver-PC | Source = System Restore | ID = 8210
Description =

Error - 25.07.2012 16:25:06 | Computer Name = oliver-PC | Source = System Restore | ID = 8210
Description =

Error - 25.07.2012 16:43:26 | Computer Name = oliver-PC | Source = System Restore | ID = 8210
Description =

Error - 25.07.2012 17:12:21 | Computer Name = oliver-PC | Source = System Restore | ID = 8210
Description =

[ System Events ]
Error - 26.07.2012 15:49:31 | Computer Name = oliver-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 26.07.2012 15:49:31 | Computer Name = oliver-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 26.07.2012 15:49:37 | Computer Name = oliver-PC | Source = DCOM | ID = 10005
Description =

Error - 26.07.2012 15:49:38 | Computer Name = oliver-PC | Source = DCOM | ID = 10005
Description =

Error - 26.07.2012 15:49:39 | Computer Name = oliver-PC | Source = DCOM | ID = 10005
Description =

Error - 26.07.2012 15:49:39 | Computer Name = oliver-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 26.07.2012 15:49:39 | Computer Name = oliver-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 26.07.2012 15:49:39 | Computer Name = oliver-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 26.07.2012 15:59:29 | Computer Name = oliver-PC | Source = DCOM | ID = 10005
Description =

Error - 26.07.2012 15:59:29 | Computer Name = oliver-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.574.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode


< End of report >

Alt 27.07.2012, 22:52   #2
markusg
/// Malware-holic
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



hi
poste alle Malwarebytes logs, mit dem programm wurde bereits etwas gelöscht.
__________________

__________________

Alt 27.07.2012, 22:57   #3
legend123
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



sorry, wollte eigentlich e diesen log posten


Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.26.14

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
oliver :: OLIVER-PC [Administrator]

Schutz: Deaktiviert

26.07.2012 21:22:28
mbam-log-2012-07-26 (21-22-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 460044
Laufzeit: 15 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\oliver\0.42150099534689467.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Alt 01.08.2012, 13:41   #4
legend123
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



hallo? das problem besteht weiterhin, bitte hilfe!

Alt 02.08.2012, 17:08   #5
markusg
/// Malware-holic
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



sorry
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.08.2012, 18:10   #6
legend123
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



hallo

danke erstmal für die hilfe
war auf kurzurlaub, deswegen hats bisschen gedauert

leider hängt sich combofix immer an derselben stelle auf
und zwar ca bei der hälfte wenn er beim output folder ist

wurde im abgesicherten modus als admin vom desktop gestarten, alle anderen programme inkl virenscanner usw waren aus

Alt 08.08.2012, 18:45   #7
markusg
/// Malware-holic
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.08.2012, 12:09   #8
legend123
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



hallo

hab das so gemacht wie beschrieben...
lediglich Usernamen hab ich rausgenommen.
hier der log:

13:04:40.0297 0872 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:04:40.0859 0872 ============================================================
13:04:40.0859 0872 Current date / time: 2012/08/28 13:04:40.0859
13:04:40.0859 0872 SystemInfo:
13:04:40.0859 0872
13:04:40.0859 0872 OS Version: 6.1.7601 ServicePack: 1.0
13:04:40.0859 0872 Product type: Workstation
13:04:40.0859 0872 ComputerName: OLIVER-PC
13:04:40.0859 0872 UserName:
13:04:40.0859 0872 Windows directory: C:\Windows
13:04:40.0859 0872 System windows directory: C:\Windows
13:04:40.0859 0872 Running under WOW64
13:04:40.0859 0872 Processor architecture: Intel x64
13:04:40.0859 0872 Number of processors: 4
13:04:40.0859 0872 Page size: 0x1000
13:04:40.0859 0872 Boot type: Normal boot
13:04:40.0859 0872 ============================================================
13:04:41.0764 0872 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:04:41.0764 0872 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:04:41.0779 0872 ============================================================
13:04:41.0779 0872 \Device\Harddisk1\DR1:
13:04:41.0779 0872 MBR partitions:
13:04:41.0779 0872 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:04:41.0779 0872 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
13:04:41.0779 0872 \Device\Harddisk0\DR0:
13:04:41.0779 0872 MBR partitions:
13:04:41.0779 0872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
13:04:41.0779 0872 ============================================================
13:04:41.0779 0872 C: <-> \Device\Harddisk1\DR1\Partition2
13:04:41.0795 0872 D: <-> \Device\Harddisk0\DR0\Partition1
13:04:41.0795 0872 ============================================================
13:04:41.0795 0872 Initialize success
13:04:41.0795 0872 ============================================================
13:05:03.0639 5036 ============================================================
13:05:03.0639 5036 Scan started
13:05:03.0639 5036 Mode: Manual; SigCheck; TDLFS;
13:05:03.0639 5036 ============================================================
13:05:03.0829 5036 ================ Scan system memory ========================
13:05:03.0829 5036 System memory - ok
13:05:03.0839 5036 ================ Scan services =============================
13:05:03.0899 5036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:05:04.0009 5036 1394ohci - ok
13:05:04.0019 5036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:05:04.0039 5036 ACPI - ok
13:05:04.0049 5036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:05:04.0089 5036 AcpiPmi - ok
13:05:04.0129 5036 [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:05:04.0159 5036 AdobeFlashPlayerUpdateSvc - ok
13:05:04.0179 5036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:05:04.0209 5036 adp94xx - ok
13:05:04.0219 5036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:05:04.0249 5036 adpahci - ok
13:05:04.0259 5036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:05:04.0279 5036 adpu320 - ok
13:05:04.0289 5036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:05:04.0369 5036 AeLookupSvc - ok
13:05:04.0379 5036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:05:04.0409 5036 AFD - ok
13:05:04.0419 5036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:05:04.0439 5036 agp440 - ok
13:05:04.0449 5036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:05:04.0479 5036 ALG - ok
13:05:04.0479 5036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:05:04.0499 5036 aliide - ok
13:05:04.0509 5036 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:05:04.0549 5036 AMD External Events Utility - ok
13:05:04.0559 5036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:05:04.0579 5036 amdide - ok
13:05:04.0579 5036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:05:04.0619 5036 AmdK8 - ok
13:05:04.0749 5036 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:05:04.0969 5036 amdkmdag - ok
13:05:04.0999 5036 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:05:05.0039 5036 amdkmdap - ok
13:05:05.0049 5036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:05:05.0089 5036 AmdPPM - ok
13:05:05.0099 5036 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:05:05.0139 5036 amdsata - ok
13:05:05.0149 5036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:05:05.0189 5036 amdsbs - ok
13:05:05.0199 5036 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:05:05.0219 5036 amdxata - ok
13:05:05.0229 5036 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:05:05.0249 5036 AntiVirSchedulerService - ok
13:05:05.0259 5036 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:05:05.0289 5036 AntiVirService - ok
13:05:05.0299 5036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:05:05.0389 5036 AppID - ok
13:05:05.0399 5036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:05:05.0459 5036 AppIDSvc - ok
13:05:05.0459 5036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:05:05.0519 5036 Appinfo - ok
13:05:05.0529 5036 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:05:05.0549 5036 Apple Mobile Device - ok
13:05:05.0559 5036 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:05:05.0599 5036 AppMgmt - ok
13:05:05.0609 5036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:05:05.0629 5036 arc - ok
13:05:05.0639 5036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:05:05.0669 5036 arcsas - ok
13:05:05.0689 5036 aspnet_state - ok
13:05:05.0699 5036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:05:05.0759 5036 AsyncMac - ok
13:05:05.0769 5036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:05:05.0779 5036 atapi - ok
13:05:05.0799 5036 [ 4AEF9EC86818375495FB78CA58DF4E18 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
13:05:05.0829 5036 atksgt ( UnsignedFile.Multi.Generic ) - warning
13:05:05.0829 5036 atksgt - detected UnsignedFile.Multi.Generic (1)
13:05:05.0849 5036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:05:05.0919 5036 AudioEndpointBuilder - ok
13:05:05.0939 5036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:05:05.0989 5036 AudioSrv - ok
13:05:05.0999 5036 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:05:10.0841 5036 avgntflt - ok
13:05:10.0851 5036 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:05:10.0881 5036 avipbb - ok
13:05:10.0881 5036 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:05:10.0911 5036 avkmgr - ok
13:05:10.0921 5036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:05:10.0961 5036 AxInstSV - ok
13:05:10.0971 5036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:05:11.0011 5036 b06bdrv - ok
13:05:11.0021 5036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:05:11.0061 5036 b57nd60a - ok
13:05:11.0071 5036 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
13:05:11.0101 5036 BBSvc - ok
13:05:11.0111 5036 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
13:05:11.0141 5036 BBUpdate - ok
13:05:11.0151 5036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:05:11.0181 5036 BDESVC - ok
13:05:11.0191 5036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:05:11.0241 5036 Beep - ok
13:05:11.0261 5036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:05:11.0321 5036 BFE - ok
13:05:11.0341 5036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:05:11.0441 5036 BITS - ok
13:05:11.0451 5036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:05:11.0481 5036 blbdrive - ok
13:05:11.0501 5036 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:05:11.0521 5036 Bonjour Service - ok
13:05:11.0531 5036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:05:11.0561 5036 bowser - ok
13:05:11.0571 5036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:05:11.0611 5036 BrFiltLo - ok
13:05:11.0621 5036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:05:11.0671 5036 BrFiltUp - ok
13:05:11.0681 5036 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
13:05:11.0761 5036 Browser - ok
13:05:11.0771 5036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:05:11.0811 5036 Brserid - ok
13:05:11.0831 5036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:05:11.0881 5036 BrSerWdm - ok
13:05:11.0891 5036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:05:11.0931 5036 BrUsbMdm - ok
13:05:11.0941 5036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:05:11.0971 5036 BrUsbSer - ok
13:05:11.0981 5036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:05:12.0011 5036 BTHMODEM - ok
13:05:12.0031 5036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:05:12.0081 5036 bthserv - ok
13:05:12.0091 5036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:05:12.0141 5036 cdfs - ok
13:05:12.0151 5036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:05:12.0181 5036 cdrom - ok
13:05:12.0191 5036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:05:12.0241 5036 CertPropSvc - ok
13:05:12.0241 5036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:05:12.0271 5036 circlass - ok
13:05:12.0281 5036 cjlwqxtn - ok
13:05:12.0301 5036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:05:12.0331 5036 CLFS - ok
13:05:12.0331 5036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:05:12.0361 5036 clr_optimization_v2.0.50727_32 - ok
13:05:12.0361 5036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:05:12.0391 5036 clr_optimization_v2.0.50727_64 - ok
13:05:12.0411 5036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:05:12.0431 5036 clr_optimization_v4.0.30319_32 - ok
13:05:12.0441 5036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:05:12.0461 5036 clr_optimization_v4.0.30319_64 - ok
13:05:12.0471 5036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:05:12.0491 5036 CmBatt - ok
13:05:12.0501 5036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:05:12.0531 5036 cmdide - ok
13:05:12.0541 5036 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:05:12.0591 5036 CNG - ok
13:05:12.0601 5036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:05:12.0631 5036 Compbatt - ok
13:05:12.0641 5036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:05:12.0681 5036 CompositeBus - ok
13:05:12.0691 5036 COMSysApp - ok
13:05:12.0701 5036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:05:12.0731 5036 crcdisk - ok
13:05:12.0741 5036 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:05:12.0791 5036 CryptSvc - ok
13:05:12.0801 5036 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:05:12.0851 5036 CSC - ok
13:05:12.0871 5036 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:05:12.0911 5036 CscService - ok
13:05:12.0931 5036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:05:13.0001 5036 DcomLaunch - ok
13:05:13.0011 5036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:05:13.0091 5036 defragsvc - ok
13:05:13.0101 5036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:05:13.0161 5036 DfsC - ok
13:05:13.0171 5036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:05:13.0251 5036 Dhcp - ok
13:05:13.0251 5036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:05:13.0301 5036 discache - ok
13:05:13.0321 5036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:05:13.0351 5036 Disk - ok
13:05:13.0361 5036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:05:13.0401 5036 Dnscache - ok
13:05:13.0421 5036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:05:13.0481 5036 dot3svc - ok
13:05:13.0491 5036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:05:13.0551 5036 DPS - ok
13:05:13.0561 5036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:05:13.0591 5036 drmkaud - ok
13:05:13.0601 5036 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:05:13.0621 5036 dtsoftbus01 - ok
13:05:13.0661 5036 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:05:13.0701 5036 DXGKrnl - ok
13:05:13.0711 5036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:05:13.0771 5036 EapHost - ok
13:05:13.0861 5036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:05:13.0951 5036 ebdrv - ok
13:05:13.0961 5036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:05:13.0991 5036 EFS - ok
13:05:14.0011 5036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:05:14.0061 5036 ehRecvr - ok
13:05:14.0071 5036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:05:14.0121 5036 ehSched - ok
13:05:14.0131 5036 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
13:05:14.0151 5036 ElbyCDIO - ok
13:05:14.0171 5036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:05:14.0201 5036 elxstor - ok
13:05:14.0211 5036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:05:14.0241 5036 ErrDev - ok
13:05:14.0261 5036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:05:14.0331 5036 EventSystem - ok
13:05:14.0341 5036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:05:14.0401 5036 exfat - ok
13:05:14.0411 5036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:05:14.0472 5036 fastfat - ok
13:05:14.0492 5036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:05:14.0542 5036 Fax - ok
13:05:14.0552 5036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:05:14.0582 5036 fdc - ok
13:05:14.0592 5036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:05:14.0652 5036 fdPHost - ok
13:05:14.0662 5036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:05:14.0742 5036 FDResPub - ok
13:05:14.0752 5036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:05:14.0782 5036 FileInfo - ok
13:05:14.0782 5036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:05:14.0832 5036 Filetrace - ok
13:05:14.0842 5036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:05:14.0862 5036 flpydisk - ok
13:05:15.0102 5036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:05:15.0132 5036 FltMgr - ok
13:05:15.0152 5036 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:05:15.0192 5036 FontCache - ok
13:05:15.0202 5036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:05:15.0222 5036 FontCache3.0.0.0 - ok
13:05:15.0232 5036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:05:15.0252 5036 FsDepends - ok
13:05:15.0262 5036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:05:15.0282 5036 Fs_Rec - ok
13:05:15.0292 5036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:05:15.0312 5036 fvevol - ok
13:05:15.0322 5036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:05:15.0342 5036 gagp30kx - ok
13:05:15.0342 5036 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:05:15.0362 5036 GEARAspiWDM - ok
13:05:15.0382 5036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:05:15.0442 5036 gpsvc - ok
13:05:15.0452 5036 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:15.0472 5036 gupdate - ok
13:05:15.0472 5036 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:15.0492 5036 gupdatem - ok
13:05:15.0502 5036 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:05:15.0522 5036 gusvc - ok
13:05:15.0532 5036 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
13:05:15.0552 5036 hcmon - ok
13:05:15.0562 5036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:05:15.0582 5036 hcw85cir - ok
13:05:15.0592 5036 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:05:15.0632 5036 HdAudAddService - ok
13:05:15.0642 5036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:05:15.0672 5036 HDAudBus - ok
13:05:15.0682 5036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:05:15.0712 5036 HidBatt - ok
13:05:15.0712 5036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:05:15.0742 5036 HidBth - ok
13:05:15.0752 5036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:05:15.0782 5036 HidIr - ok
13:05:15.0792 5036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:05:15.0842 5036 hidserv - ok
13:05:15.0852 5036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:05:15.0872 5036 HidUsb - ok
13:05:15.0882 5036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:05:15.0942 5036 hkmsvc - ok
13:05:15.0952 5036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:05:15.0982 5036 HomeGroupListener - ok
13:05:15.0992 5036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:05:16.0012 5036 HomeGroupProvider - ok
13:05:16.0022 5036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:05:16.0042 5036 HpSAMD - ok
13:05:16.0052 5036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:05:16.0102 5036 HTTP - ok
13:05:16.0112 5036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:05:16.0132 5036 hwpolicy - ok
13:05:16.0132 5036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:05:16.0162 5036 i8042prt - ok
13:05:16.0172 5036 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:05:16.0202 5036 iaStorV - ok
13:05:16.0222 5036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:05:16.0252 5036 idsvc - ok
13:05:16.0252 5036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:05:16.0272 5036 iirsp - ok
13:05:16.0292 5036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:05:16.0352 5036 IKEEXT - ok
13:05:16.0372 5036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:05:16.0382 5036 intelide - ok
13:05:16.0392 5036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:05:16.0422 5036 intelppm - ok
13:05:16.0422 5036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:05:16.0672 5036 IPBusEnum - ok
13:05:16.0682 5036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:05:16.0722 5036 IpFilterDriver - ok
13:05:16.0732 5036 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:05:16.0782 5036 iphlpsvc - ok
13:05:16.0792 5036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:05:16.0822 5036 IPMIDRV - ok
13:05:16.0832 5036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:05:16.0872 5036 IPNAT - ok
13:05:16.0892 5036 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:05:16.0922 5036 iPod Service - ok
13:05:16.0932 5036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:05:16.0952 5036 IRENUM - ok
13:05:16.0962 5036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:05:16.0982 5036 isapnp - ok
13:05:16.0992 5036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:05:17.0012 5036 iScsiPrt - ok
13:05:17.0012 5036 [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:05:17.0032 5036 ISWKL - ok
13:05:17.0042 5036 [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
13:05:17.0072 5036 IswSvc - ok
13:05:17.0082 5036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:05:17.0092 5036 kbdclass - ok
13:05:17.0102 5036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:05:17.0122 5036 kbdhid - ok
13:05:17.0132 5036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:05:17.0152 5036 KeyIso - ok
13:05:17.0162 5036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:05:17.0172 5036 KSecDD - ok
13:05:17.0182 5036 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:05:17.0202 5036 KSecPkg - ok
13:05:17.0212 5036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:05:17.0252 5036 ksthunk - ok
13:05:17.0262 5036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:05:17.0312 5036 KtmRm - ok
13:05:17.0322 5036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:05:17.0372 5036 LanmanServer - ok
13:05:17.0372 5036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:05:17.0422 5036 LanmanWorkstation - ok
13:05:17.0432 5036 [ B658B7076B1ACAA5876524595630F183 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
13:05:17.0443 5036 lirsgt ( UnsignedFile.Multi.Generic ) - warning
13:05:17.0443 5036 lirsgt - detected UnsignedFile.Multi.Generic (1)
13:05:17.0453 5036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:05:17.0493 5036 lltdio - ok
13:05:17.0503 5036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:05:17.0553 5036 lltdsvc - ok
13:05:17.0563 5036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:05:17.0603 5036 lmhosts - ok
13:05:17.0613 5036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:05:17.0633 5036 LSI_FC - ok
13:05:17.0643 5036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:05:17.0663 5036 LSI_SAS - ok
13:05:17.0673 5036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:05:17.0693 5036 LSI_SAS2 - ok
13:05:17.0703 5036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:05:17.0723 5036 LSI_SCSI - ok
13:05:17.0733 5036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:05:17.0773 5036 luafv - ok
13:05:17.0783 5036 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:05:17.0803 5036 MBAMProtector - ok
13:05:17.0813 5036 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:05:17.0833 5036 MBAMService - ok
13:05:17.0843 5036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:05:17.0863 5036 Mcx2Svc - ok
13:05:17.0873 5036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:05:17.0893 5036 megasas - ok
13:05:17.0903 5036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:05:17.0923 5036 MegaSR - ok
13:05:17.0933 5036 Microsoft SharePoint Workspace Audit Service - ok
13:05:17.0943 5036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:05:17.0983 5036 MMCSS - ok
13:05:17.0993 5036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:05:18.0033 5036 Modem - ok
13:05:18.0043 5036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:05:18.0063 5036 monitor - ok
13:05:18.0073 5036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:05:18.0093 5036 mouclass - ok
13:05:18.0093 5036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:05:18.0123 5036 mouhid - ok
13:05:18.0123 5036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:05:18.0143 5036 mountmgr - ok
13:05:18.0153 5036 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:05:18.0163 5036 MozillaMaintenance - ok
13:05:18.0173 5036 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:05:18.0193 5036 MpFilter - ok
13:05:18.0203 5036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:05:18.0223 5036 mpio - ok
13:05:18.0223 5036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:05:18.0273 5036 mpsdrv - ok
13:05:18.0283 5036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:05:18.0343 5036 MpsSvc - ok
13:05:18.0353 5036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:05:18.0383 5036 MRxDAV - ok
13:05:18.0393 5036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:05:18.0413 5036 mrxsmb - ok
13:05:18.0423 5036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:05:18.0453 5036 mrxsmb10 - ok
13:05:18.0463 5036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:05:18.0483 5036 mrxsmb20 - ok
13:05:18.0483 5036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:05:18.0503 5036 msahci - ok
13:05:18.0513 5036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:05:18.0533 5036 msdsm - ok
13:05:18.0533 5036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:05:18.0563 5036 MSDTC - ok
13:05:18.0573 5036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:05:18.0623 5036 Msfs - ok
13:05:18.0633 5036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:05:18.0673 5036 mshidkmdf - ok
13:05:18.0683 5036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:05:18.0693 5036 msisadrv - ok
13:05:18.0703 5036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:05:18.0753 5036 MSiSCSI - ok
13:05:18.0753 5036 msiserver - ok
13:05:18.0763 5036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:05:18.0813 5036 MSKSSRV - ok
13:05:18.0823 5036 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:05:18.0833 5036 MsMpSvc - ok
13:05:18.0843 5036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:05:18.0883 5036 MSPCLOCK - ok
13:05:18.0893 5036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:05:18.0933 5036 MSPQM - ok
13:05:18.0943 5036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:05:18.0963 5036 MsRPC - ok
13:05:18.0983 5036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:05:18.0993 5036 mssmbios - ok
13:05:19.0003 5036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:05:19.0039 5036 MSTEE - ok
13:05:19.0054 5036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:05:19.0070 5036 MTConfig - ok
13:05:19.0085 5036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:05:19.0101 5036 Mup - ok
13:05:19.0101 5036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:05:19.0163 5036 napagent - ok
13:05:19.0163 5036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:05:19.0195 5036 NativeWifiP - ok
13:05:19.0210 5036 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:05:19.0241 5036 NDIS - ok
13:05:19.0257 5036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:05:19.0304 5036 NdisCap - ok
13:05:19.0304 5036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:05:19.0351 5036 NdisTapi - ok
13:05:19.0366 5036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:05:19.0429 5036 Ndisuio - ok
13:05:19.0444 5036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:05:19.0491 5036 NdisWan - ok
13:05:19.0507 5036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:05:19.0553 5036 NDProxy - ok
13:05:19.0569 5036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:05:19.0616 5036 NetBIOS - ok
13:05:19.0631 5036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:05:19.0678 5036 NetBT - ok
13:05:19.0678 5036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:05:19.0709 5036 Netlogon - ok
13:05:19.0709 5036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:05:19.0772 5036 Netman - ok
13:05:19.0772 5036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:19.0787 5036 NetMsmqActivator - ok
13:05:19.0803 5036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:19.0819 5036 NetPipeActivator - ok
13:05:19.0819 5036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:05:19.0881 5036 netprofm - ok
13:05:19.0881 5036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:19.0897 5036 NetTcpActivator - ok
13:05:19.0912 5036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:19.0928 5036 NetTcpPortSharing - ok
13:05:19.0928 5036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:05:19.0943 5036 nfrd960 - ok
13:05:19.0959 5036 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:05:19.0975 5036 NisDrv - ok
13:05:19.0975 5036 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
13:05:20.0006 5036 NisSrv - ok
13:05:20.0006 5036 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:05:20.0053 5036 NlaSvc - ok
13:05:20.0068 5036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:05:20.0115 5036 Npfs - ok
13:05:20.0115 5036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:05:20.0162 5036 nsi - ok
13:05:20.0177 5036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:05:20.0224 5036 nsiproxy - ok
13:05:20.0240 5036 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:05:20.0302 5036 Ntfs - ok
13:05:20.0302 5036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:05:20.0349 5036 Null - ok
13:05:20.0365 5036 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
13:05:20.0380 5036 NVENETFD - ok
13:05:20.0552 5036 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:05:20.0833 5036 nvlddmkm - ok
13:05:20.0864 5036 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:05:20.0879 5036 nvraid - ok
13:05:20.0879 5036 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:05:20.0911 5036 nvstor - ok
13:05:20.0911 5036 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:05:20.0926 5036 nvsvc - ok
13:05:20.0942 5036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:05:20.0957 5036 nv_agp - ok
13:05:20.0957 5036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:05:20.0989 5036 ohci1394 - ok
13:05:20.0989 5036 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:21.0004 5036 ose - ok
13:05:21.0067 5036 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:05:21.0191 5036 osppsvc - ok
13:05:21.0207 5036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:05:21.0238 5036 p2pimsvc - ok
13:05:21.0238 5036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:05:21.0269 5036 p2psvc - ok
13:05:21.0285 5036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:05:21.0301 5036 Parport - ok
13:05:21.0316 5036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:05:21.0332 5036 partmgr - ok
13:05:21.0332 5036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:05:21.0363 5036 PcaSvc - ok
13:05:21.0379 5036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:05:21.0394 5036 pci - ok
13:05:21.0394 5036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:05:21.0410 5036 pciide - ok
13:05:21.0425 5036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:05:21.0441 5036 pcmcia - ok
13:05:21.0441 5036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:05:21.0472 5036 pcw - ok
13:05:21.0488 5036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:05:21.0535 5036 PEAUTH - ok
13:05:21.0550 5036 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:05:21.0597 5036 PeerDistSvc - ok
13:05:21.0628 5036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:05:21.0644 5036 PerfHost - ok
13:05:21.0706 5036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:05:21.0925 5036 pla - ok
13:05:21.0940 5036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:05:21.0971 5036 PlugPlay - ok
13:05:21.0971 5036 PnkBstrA - ok
13:05:21.0971 5036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:05:22.0003 5036 PNRPAutoReg - ok
13:05:22.0003 5036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:05:22.0034 5036 PNRPsvc - ok
13:05:22.0049 5036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:05:22.0096 5036 PolicyAgent - ok
13:05:22.0112 5036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:05:22.0159 5036 Power - ok
13:05:22.0159 5036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:05:22.0205 5036 PptpMiniport - ok
13:05:22.0205 5036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:05:22.0237 5036 Processor - ok
13:05:22.0237 5036 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:05:22.0268 5036 ProfSvc - ok
13:05:22.0268 5036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:05:22.0299 5036 ProtectedStorage - ok
13:05:22.0299 5036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:05:22.0346 5036 Psched - ok
13:05:22.0346 5036 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:05:22.0361 5036 PxHlpa64 - ok
13:05:22.0393 5036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:05:22.0439 5036 ql2300 - ok
13:05:22.0439 5036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:05:22.0455 5036 ql40xx - ok
13:05:22.0471 5036 qrhjrvoi - ok
13:05:22.0471 5036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:05:22.0502 5036 QWAVE - ok
13:05:22.0517 5036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:05:22.0533 5036 QWAVEdrv - ok
13:05:22.0549 5036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:05:22.0595 5036 RasAcd - ok
13:05:22.0595 5036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:05:22.0642 5036 RasAgileVpn - ok
13:05:22.0642 5036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:05:22.0689 5036 RasAuto - ok
13:05:22.0705 5036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:05:22.0751 5036 Rasl2tp - ok
13:05:22.0751 5036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:05:22.0798 5036 RasMan - ok
13:05:22.0814 5036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:05:22.0861 5036 RasPppoe - ok
13:05:22.0861 5036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:05:22.0907 5036 RasSstp - ok
13:05:22.0923 5036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:05:22.0970 5036 rdbss - ok
13:05:22.0970 5036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:05:23.0001 5036 rdpbus - ok
13:05:23.0001 5036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:05:23.0048 5036 RDPCDD - ok
13:05:23.0063 5036 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:05:23.0079 5036 RDPDR - ok
13:05:23.0095 5036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:05:23.0141 5036 RDPENCDD - ok
13:05:23.0141 5036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:05:23.0188 5036 RDPREFMP - ok
13:05:23.0188 5036 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:05:23.0219 5036 RdpVideoMiniport - ok
13:05:23.0219 5036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:05:23.0251 5036 RDPWD - ok
13:05:23.0266 5036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:05:23.0282 5036 rdyboost - ok
13:05:23.0297 5036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:05:23.0329 5036 RemoteAccess - ok
13:05:23.0344 5036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:05:23.0391 5036 RemoteRegistry - ok
13:05:23.0391 5036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:05:23.0438 5036 RpcEptMapper - ok
13:05:23.0453 5036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:05:23.0469 5036 RpcLocator - ok
13:05:23.0485 5036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:05:23.0531 5036 RpcSs - ok
13:05:23.0531 5036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:05:23.0578 5036 rspndr - ok
13:05:23.0578 5036 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:05:23.0609 5036 s3cap - ok
13:05:23.0609 5036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:05:23.0625 5036 SamSs - ok
13:05:23.0641 5036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:05:23.0656 5036 sbp2port - ok
13:05:23.0672 5036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:05:23.0719 5036 SCardSvr - ok
13:05:23.0734 5036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:05:23.0765 5036 scfilter - ok
13:05:23.0797 5036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:05:23.0859 5036 Schedule - ok
13:05:23.0859 5036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:05:23.0906 5036 SCPolicySvc - ok
13:05:23.0906 5036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:05:23.0937 5036 SDRSVC - ok
13:05:23.0953 5036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:05:23.0993 5036 secdrv - ok
13:05:23.0993 5036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:05:24.0038 5036 seclogon - ok
13:05:24.0038 5036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:05:24.0085 5036 SENS - ok
13:05:24.0101 5036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:05:24.0116 5036 SensrSvc - ok
13:05:24.0116 5036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:05:24.0147 5036 Serenum - ok
13:05:24.0147 5036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:05:24.0179 5036 Serial - ok
13:05:24.0179 5036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:05:24.0194 5036 sermouse - ok
13:05:24.0210 5036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:05:24.0257 5036 SessionEnv - ok
13:05:24.0272 5036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:05:24.0288 5036 sffdisk - ok
13:05:24.0288 5036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:05:24.0319 5036 sffp_mmc - ok
13:05:24.0319 5036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:05:24.0350 5036 sffp_sd - ok
13:05:24.0350 5036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:05:24.0381 5036 sfloppy - ok
13:05:24.0381 5036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:05:24.0444 5036 SharedAccess - ok
13:05:24.0444 5036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:05:24.0491 5036 ShellHWDetection - ok
13:05:24.0506 5036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:05:24.0522 5036 SiSRaid2 - ok
13:05:24.0522 5036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:05:24.0537 5036 SiSRaid4 - ok
13:05:24.0553 5036 [ 68EA68D03BF58389FE6AD2B38FAD798C ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:05:24.0569 5036 SkypeUpdate - ok
13:05:24.0569 5036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:05:24.0615 5036 Smb - ok
13:05:24.0631 5036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:05:24.0647 5036 SNMPTRAP - ok
13:05:24.0662 5036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:05:24.0678 5036 spldr - ok
13:05:24.0678 5036 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:05:24.0740 5036 Spooler - ok
13:05:24.0787 5036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:05:24.0896 5036 sppsvc - ok
13:05:24.0896 5036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:05:24.0943 5036 sppuinotify - ok
13:05:24.0959 5036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:05:24.0990 5036 srv - ok
13:05:25.0005 5036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:05:25.0021 5036 srv2 - ok
13:05:25.0037 5036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:05:25.0052 5036 srvnet - ok
13:05:25.0068 5036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:05:25.0099 5036 SSDPSRV - ok
13:05:25.0115 5036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:05:25.0161 5036 SstpSvc - ok
13:05:25.0161 5036 Steam Client Service - ok
13:05:25.0177 5036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:05:25.0193 5036 stexstor - ok
13:05:25.0208 5036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:05:25.0239 5036 stisvc - ok
13:05:25.0239 5036 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:05:25.0255 5036 storflt - ok
13:05:25.0271 5036 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:05:25.0286 5036 storvsc - ok
13:05:25.0286 5036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:05:25.0302 5036 swenum - ok
13:05:25.0317 5036 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:05:25.0333 5036 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:05:25.0333 5036 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:05:25.0349 5036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:05:25.0395 5036 swprv - ok
13:05:25.0411 5036 Synth3dVsc - ok
13:05:25.0442 5036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:05:25.0505 5036 SysMain - ok
13:05:25.0505 5036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:05:25.0536 5036 TabletInputService - ok
13:05:25.0629 5036 [ B9E475AB1AABB21F278EA74965F918B9 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
13:05:25.0770 5036 TabletServiceWacom - ok
13:05:25.0801 5036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:05:25.0848 5036 TapiSrv - ok
13:05:25.0848 5036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:05:25.0895 5036 TBS - ok
13:05:25.0926 5036 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:05:25.0988 5036 Tcpip - ok
13:05:26.0019 5036 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:05:26.0066 5036 TCPIP6 - ok
13:05:26.0082 5036 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:05:26.0129 5036 tcpipreg - ok
13:05:26.0129 5036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:05:26.0160 5036 TDPIPE - ok
13:05:26.0160 5036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:05:26.0191 5036 TDTCP - ok
13:05:26.0207 5036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:05:26.0253 5036 tdx - ok
13:05:26.0300 5036 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:05:26.0378 5036 TeamViewer7 - ok
13:05:26.0378 5036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:05:26.0409 5036 TermDD - ok
13:05:26.0425 5036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:05:26.0487 5036 TermService - ok
13:05:26.0487 5036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:05:26.0519 5036 Themes - ok
13:05:26.0534 5036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:05:26.0565 5036 THREADORDER - ok
13:05:26.0581 5036 [ B8F4A8AFFAAE521A20E8D2AF3F487124 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
13:05:26.0612 5036 TouchServiceWacom - ok
13:05:26.0612 5036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:05:26.0659 5036 TrkWks - ok
13:05:26.0675 5036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:05:26.0706 5036 TrustedInstaller - ok
13:05:26.0721 5036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:05:26.0768 5036 tssecsrv - ok
13:05:26.0768 5036 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:05:26.0799 5036 TsUsbFlt - ok
13:05:26.0799 5036 tsusbhub - ok
13:05:26.0815 5036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:05:26.0862 5036 tunnel - ok
13:05:26.0862 5036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:05:26.0877 5036 uagp35 - ok
13:05:26.0893 5036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:05:26.0940 5036 udfs - ok
13:05:27.0049 5036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:05:27.0080 5036 UI0Detect - ok
13:05:27.0080 5036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:05:27.0096 5036 uliagpkx - ok
13:05:27.0111 5036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:05:27.0127 5036 umbus - ok
13:05:27.0127 5036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:05:27.0158 5036 UmPass - ok
13:05:27.0158 5036 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:05:27.0189 5036 UmRdpService - ok
13:05:27.0205 5036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:05:27.0252 5036 upnphost - ok
13:05:27.0252 5036 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:05:27.0283 5036 USBAAPL64 - ok
13:05:27.0283 5036 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:05:27.0314 5036 usbaudio - ok
13:05:27.0314 5036 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:05:27.0345 5036 usbccgp - ok
13:05:27.0345 5036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:05:27.0377 5036 usbcir - ok
13:05:27.0377 5036 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:05:27.0392 5036 usbehci - ok
13:05:27.0408 5036 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:05:27.0439 5036 usbhub - ok
13:05:27.0439 5036 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:05:27.0470 5036 usbohci - ok
13:05:27.0470 5036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:05:27.0486 5036 usbprint - ok
13:05:27.0501 5036 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:05:27.0533 5036 usbscan - ok
13:05:27.0533 5036 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:05:27.0548 5036 USBSTOR - ok
13:05:27.0564 5036 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:05:27.0579 5036 usbuhci - ok
13:05:27.0579 5036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:05:27.0626 5036 UxSms - ok
13:05:27.0642 5036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:05:27.0657 5036 VaultSvc - ok
13:05:27.0657 5036 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
13:05:27.0689 5036 VClone - ok
13:05:27.0689 5036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:05:27.0704 5036 vdrvroot - ok
13:05:27.0720 5036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:05:27.0767 5036 vds - ok
13:05:27.0767 5036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:05:27.0798 5036 vga - ok
13:05:27.0798 5036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:05:27.0845 5036 VgaSave - ok
13:05:27.0845 5036 VGPU - ok
13:05:27.0860 5036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:05:27.0876 5036 vhdmp - ok
13:05:27.0891 5036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:05:27.0907 5036 viaide - ok
13:05:27.0907 5036 [ 16073F2BC424558EBD277A15188D329E ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
13:05:27.0923 5036 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
13:05:27.0923 5036 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
13:05:27.0938 5036 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:05:27.0954 5036 vmbus - ok
13:05:27.0954 5036 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:05:27.0969 5036 VMBusHID - ok
13:05:27.0985 5036 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
13:05:28.0001 5036 vmci - ok
13:05:28.0001 5036 [ 3A717D3E29C107351347B478A9D0043F ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
13:05:28.0016 5036 vmkbd - ok
13:05:28.0016 5036 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:05:28.0032 5036 VMnetAdapter - ok
13:05:28.0032 5036 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:05:28.0047 5036 VMnetBridge - ok
13:05:28.0063 5036 VMnetDHCP - ok
13:05:28.0063 5036 [ B6A3766C3E99FB1F6663C6B4B7C3F3A1 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
13:05:28.0079 5036 VMnetuserif - ok
13:05:28.0094 5036 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
13:05:28.0110 5036 VMUSBArbService - ok
13:05:28.0125 5036 VMware NAT Service - ok
13:05:28.0125 5036 [ E53CAD9B1FA901CA2046501EE88F9CEF ] vmx86 C:\Windows\system32\drivers\vmx86.sys
13:05:28.0141 5036 vmx86 - ok
13:05:28.0157 5036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:05:28.0172 5036 volmgr - ok
13:05:28.0188 5036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:05:28.0203 5036 volmgrx - ok
13:05:28.0219 5036 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:05:28.0235 5036 volsnap - ok
13:05:28.0250 5036 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
13:05:28.0266 5036 Vsdatant - ok
13:05:28.0266 5036 vsmon - ok
13:05:28.0281 5036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:05:28.0297 5036 vsmraid - ok
13:05:28.0328 5036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:05:28.0406 5036 VSS - ok
13:05:28.0406 5036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:05:28.0437 5036 vwifibus - ok
13:05:28.0437 5036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:05:28.0484 5036 W32Time - ok
13:05:28.0500 5036 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
13:05:28.0515 5036 wacmoumonitor - ok
13:05:28.0531 5036 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
13:05:28.0547 5036 wacommousefilter - ok
13:05:28.0547 5036 WacomPen - ok
13:05:28.0547 5036 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
13:05:28.0562 5036 wacomvhid - ok
13:05:28.0578 5036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:05:28.0609 5036 WANARP - ok
13:05:28.0625 5036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:05:28.0656 5036 Wanarpv6 - ok
13:05:28.0687 5036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:05:28.0718 5036 WatAdminSvc - ok
13:05:28.0749 5036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:05:28.0796 5036 wbengine - ok
13:05:28.0812 5036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:05:28.0843 5036 WbioSrvc - ok
13:05:28.0843 5036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:05:28.0874 5036 wcncsvc - ok
13:05:28.0890 5036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:05:28.0905 5036 WcsPlugInService - ok
13:05:28.0905 5036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:05:28.0921 5036 Wd - ok
13:05:28.0937 5036 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:05:28.0968 5036 Wdf01000 - ok
13:05:28.0983 5036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:05:28.0999 5036 WdiServiceHost - ok
13:05:29.0015 5036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:05:29.0030 5036 WdiSystemHost - ok
13:05:29.0046 5036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:05:29.0077 5036 WebClient - ok
13:05:29.0077 5036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:05:29.0124 5036 Wecsvc - ok
13:05:29.0139 5036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:05:29.0186 5036 wercplsupport - ok
13:05:29.0186 5036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:05:29.0233 5036 WerSvc - ok
13:05:29.0249 5036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:05:29.0295 5036 WfpLwf - ok
13:05:29.0295 5036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:05:29.0311 5036 WIMMount - ok
13:05:29.0311 5036 WinDefend - ok
13:05:29.0327 5036 WinHttpAutoProxySvc - ok
13:05:29.0342 5036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:05:29.0373 5036 Winmgmt - ok
13:05:29.0405 5036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:05:29.0498 5036 WinRM - ok
13:05:29.0498 5036 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:05:29.0529 5036 WinUsb - ok
13:05:29.0545 5036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:05:29.0576 5036 Wlansvc - ok
13:05:29.0592 5036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:05:29.0607 5036 WmiAcpi - ok
13:05:29.0623 5036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:05:29.0639 5036 wmiApSrv - ok
13:05:29.0654 5036 WMPNetworkSvc - ok
13:05:29.0670 5036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:05:29.0685 5036 WPCSvc - ok
13:05:29.0701 5036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:05:29.0717 5036 WPDBusEnum - ok
13:05:29.0732 5036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:05:29.0763 5036 ws2ifsl - ok
13:05:29.0779 5036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:05:29.0810 5036 wscsvc - ok
13:05:29.0810 5036 WSearch - ok
13:05:29.0841 5036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:05:29.0904 5036 wuauserv - ok
13:05:29.0919 5036 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:05:29.0966 5036 WudfPf - ok
13:05:29.0966 5036 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:05:30.0013 5036 WUDFRd - ok
13:05:30.0013 5036 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:05:30.0060 5036 wudfsvc - ok
13:05:30.0075 5036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:05:30.0107 5036 WwanSvc - ok
13:05:30.0107 5036 ================ Scan global ===============================
13:05:30.0122 5036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:05:30.0122 5036 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:05:30.0138 5036 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:05:30.0138 5036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:05:30.0153 5036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:05:30.0153 5036 [Global] - ok
13:05:30.0153 5036 ================ Scan MBR ==================================
13:05:30.0153 5036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:05:30.0278 5036 \Device\Harddisk1\DR1 - ok
13:05:30.0278 5036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:05:30.0387 5036 \Device\Harddisk0\DR0 - ok
13:05:30.0387 5036 ================ Scan VBR ==================================
13:05:30.0387 5036 [ 42DBFE903F280CC9ABEC3E5964AAB43E ] \Device\Harddisk1\DR1\Partition1
13:05:30.0387 5036 \Device\Harddisk1\DR1\Partition1 - ok
13:05:30.0387 5036 [ 8676F1297879680BDAA4FEE992015D4E ] \Device\Harddisk1\DR1\Partition2
13:05:30.0387 5036 \Device\Harddisk1\DR1\Partition2 - ok
13:05:30.0403 5036 [ DF6E466DEBC64151F863209E1592D3C8 ] \Device\Harddisk0\DR0\Partition1
13:05:30.0403 5036 \Device\Harddisk0\DR0\Partition1 - ok
13:05:30.0403 5036 ============================================================
13:05:30.0403 5036 Scan finished
13:05:30.0403 5036 ============================================================
13:05:30.0419 4864 Detected object count: 4
13:05:30.0419 4864 Actual detected object count: 4
13:05:46.0685 4864 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:46.0685 4864 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:46.0685 4864 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:46.0685 4864 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:46.0695 4864 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:46.0695 4864 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:05:46.0695 4864 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
13:05:46.0695 4864 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip


Danke fürs durchsehn und die Hilfe! Hoff der Kübel funzt bald wieder

Alt 30.08.2012, 13:45   #9
markusg
/// Malware-holic
 
Win 7 Desktop Overlay "this programm cannot display the webpage" - Standard

Win 7 Desktop Overlay "this programm cannot display the webpage"



lade den CCleaner standard:
CCleaner Download - CCleaner 3.22.1800
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Win 7 Desktop Overlay "this programm cannot display the webpage"
64 bit system, antivir, avira, bho, bingbar, black, bonjour, browser, call of duty, conduit, desktop, error, excel, firefox, flash player, google, google earth, helper, homepage, hängen, install.exe, langs, logfile, nicht möglich, officejet, pc normal, plug-in, programm, registry, rundll, scan, searchscopes, security, software, svchost.exe, system, tablet, taskmanager, usb, win7 64, win7 64 bit



Ähnliche Themen: Win 7 Desktop Overlay "this programm cannot display the webpage"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows 7: Firefox zeigt Overlay Werbung und schiebt "Ads not by this site" Blöcke ein
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (5)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. da warens nur noch 3: "assembly\GAC_32(64)\Desktop.ini" & "Fehlercode 0x80070424"
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (17)
  5. Avira hat "HTML/Infected.WebPage.Gen3" auf meiner Homepage gefunden
    Log-Analyse und Auswertung - 27.05.2013 (19)
  6. Trojaner -Desktop "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (11)
  7. "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (6)
  8. Keinen Zugriff auf Desktop wegen Vollfenster "Dieses Programm kann die Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 10.09.2012 (1)
  9. "This program cannot display the webpage" Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (3)
  10. Trojaner "This program cannot display the webpage"
    Diskussionsforum - 31.07.2012 (2)
  11. Vollbildmitteilung "Dieses programm kann die Website nicht anzeigen" verhindert Zugriff auf Desktop
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (1)
  12. Keinen Zugriff auf Desktop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 14.04.2012 (11)
  13. MAYDAY - Windows 7 UCASH - mit Variante "Cannot display the webpage". OTLPE scan läuft
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (3)
  14. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  15. Fund beim laden einer Seite "html infected.webpage.gen2"
    Antiviren-, Firewall- und andere Schutzprogramme - 09.02.2011 (8)
  16. Problem "infected.webpage.gen" - Hi Jack Logfil
    Mülltonne - 27.12.2010 (0)
  17. Avira hat bei mir "HTML/Infected.WebPage.Gen" gefunden.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2009 (1)

Zum Thema Win 7 Desktop Overlay "this programm cannot display the webpage" - hallo erstmal, hab mir gestern anscheinend was eingefangen. wenn ich den pc normal starte, braucht er schonmal länger wenn er den desktop lädt und sobald dieser erscheint bekomm ich gleich - Win 7 Desktop Overlay "this programm cannot display the webpage"...
Archiv
Du betrachtest: Win 7 Desktop Overlay "this programm cannot display the webpage" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.