| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 10 Viruse bei Avira in Quarantäne gefunden.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.01.2013, 18:35
| #1 |
| |  10 Viruse bei Avira in Quarantäne gefunden. Hallo, ich habe heute 10 Viruse in Avira gefunden ist aber schon länger her nur ich weiß nicht ob noch was da ist. Bitte helft mir. Mfg Walid  |
|
06.01.2013, 18:41
| #2 |
| /// Malware-holic   | 10 Viruse bei Avira in Quarantäne gefunden. Hi
__________________und wir sollen Raten, was Avira gefunden hatt, oder wie? Öffne bitte Avira, Verwaltung, Quarantäne, Poste die Funde mit Pfadangabe.
__________________ |
|
06.01.2013, 18:44
| #3 |
| | 10 Viruse bei Avira in Quarantäne gefunden. Das doffe ist ich habe die Sachen aus der Quarantäne vorhin gelöscht...
__________________Ich könnte aber gucken ob ich sie aus den Ereignissen fischen kann |
|
06.01.2013, 18:48
| #4 |
| /// Malware-holic | 10 Viruse bei Avira in Quarantäne gefunden. Ja, warum stellt man eine Frage, und löscht dann die Funde ohne sie zu notieren, woher sollen wir dann die Antwort kennen, wie gefährlich das war? Schau auch unter Avira, Berichte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 18:49
| #5 |
| | 10 Viruse bei Avira in Quarantäne gefunden. Unter Ereignisse und Berichte ist ja auch nix mehr  |
|
06.01.2013, 18:52
| #6 |
| /// Malware-holic | 10 Viruse bei Avira in Quarantäne gefunden. aus der Quarantäne braucht man nichts zu löschen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ --> 10 Viruse bei Avira in Quarantäne gefunden. |
|
06.01.2013, 19:24
| #7 |
| | 10 Viruse bei Avira in Quarantäne gefunden. Schonmal vielen Dank für die Hilfe! So hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 06.01.2013 18:54:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Win7\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,54% Memory free 3,99 Gb Paging File | 2,78 Gb Available in Paging File | 69,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 207,79 Gb Total Space | 156,34 Gb Free Space | 75,24% Space Free | Partition Type: NTFS Drive E: | 25,00 Gb Total Space | 6,49 Gb Free Space | 25,94% Space Free | Partition Type: NTFS Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.06 18:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Win7\Desktop\OTL.exe PRC - [2012.12.14 10:17:04 | 004,103,672 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.14 10:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer.exe PRC - [2012.12.14 10:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\tv_w32.exe PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.10 17:56:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.10 00:55:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 00:55:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 00:55:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2011.12.16 16:52:10 | 000,403,616 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.12.16 16:52:08 | 000,813,320 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.30 18:14:34 | 001,914,768 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Agent\agent.exe PRC - [2010.11.30 17:43:58 | 004,638,352 | ---- | M] (Acronis) -- C:\Programme\Acronis\DiskDirectorAdvanced\mms.exe PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.12.13 18:18:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.29 16:06:08 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2012.11.21 14:45:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.10 00:55:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.10 00:55:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2012.03.08 17:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.12.16 16:52:08 | 000,813,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.30 18:14:34 | 001,914,768 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent) SRV - [2010.11.30 17:43:58 | 004,638,352 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Acronis\DiskDirectorAdvanced\mms.exe -- (DMS) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.08.23 15:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.05.10 00:55:50 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 00:55:50 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.05.08 08:31:05 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.05.08 08:31:02 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.05.08 08:31:00 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.08.10 10:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848&SSPV=IEOB18 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 6E BE 21 44 A3 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0B47AAC3-6D64-4520-91D4-4F7BA5A2F0FD}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IEOB18 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deDE511 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "FBDownloader Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.search.selectedEngine: "FBDownloader Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21" FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.13.40.15 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Win7\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Win7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.08 14:39:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 14:45:33 | 000,000,000 | ---D | M] [2012.05.08 06:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\Extensions [2012.12.08 14:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\Firefox\Profiles\ku1pvkdl.default\Extensions [2012.12.08 14:40:38 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Win7\AppData\Roaming\mozilla\Firefox\Profiles\ku1pvkdl.default\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.12.04 15:56:53 | 000,002,402 | ---- | M] () -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\ku1pvkdl.default\searchplugins\bingp.xml [2012.12.26 21:30:42 | 000,001,064 | ---- | M] () -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\ku1pvkdl.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2012.11.29 00:19:09 | 000,002,431 | ---- | M] () -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\ku1pvkdl.default\searchplugins\FBDownloader.xml [2012.12.27 14:30:59 | 000,000,959 | ---- | M] () -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\ku1pvkdl.default\searchplugins\fbdownloader_search.xml [2012.11.21 14:45:00 | 000,002,551 | ---- | M] () -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\ku1pvkdl.default\searchplugins\mngr.xml [2012.12.31 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.21 14:45:33 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.21 14:44:44 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.11.21 14:45:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Application Manager (Enabled) = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (no name) - {553318DA-D010-469E-84B1-496563CAE1BF} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Win7\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [DataMgr] C:\Users\Win7\AppData\Roaming\DataMgr\datamgr.exe (HTTO Group, Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Protector] C:\Users\Win7\AppData\Roaming\SDIV 2.0\Prot\prot.vbs () O4 - HKCU..\Run: [TU] C:\Users\Win7\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe () O4 - Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.10.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{500D9A0B-ABA8-4F92-AC2B-F9E521CD409A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.06 18:53:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Win7\Desktop\OTL.exe [2013.01.06 18:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.01.06 18:17:12 | 000,000,000 | ---D | C] -- C:\Users\Win7\Desktop\ProcessExplorer [2013.01.06 02:15:53 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{24739EDA-F4CD-4802-86E2-13EFE28C38C4} [2013.01.04 20:11:15 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\.minecraft [2013.01.04 19:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.04 19:49:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.01.04 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.01.03 23:01:15 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{3F3189D0-D3D5-4359-A9E5-39D75BF68102} [2013.01.03 11:00:15 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{3E4A26BE-1CA5-438C-9808-15418C241516} [2013.01.01 18:32:15 | 000,000,000 | ---D | C] -- C:\Users\Win7\Desktop\Neuer Ordner [2013.01.01 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{55606B1F-E510-4409-88B8-E0766EF27A06} [2013.01.01 17:29:46 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{456806FE-DDB5-4D90-92E1-FCBBC6DFDF34} [2013.01.01 16:05:35 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{03025426-9959-44A5-8159-8EF9CB8C2B16} [2013.01.01 02:40:49 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{B8E34EC8-26D1-4C4C-AE46-6C23D080668B} [2013.01.01 01:05:12 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{89E31C97-451F-48B0-B2B9-299E1AD4BB04} [2012.12.31 19:59:15 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{5B18D78C-C667-441F-A829-077110F1058E} [2012.12.31 17:23:20 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{CF7ED111-6778-43D4-8A4D-2DD07DDC50B1} [2012.12.31 16:44:59 | 000,000,000 | ---D | C] -- C:\Users\Win7\Documents\Muellabfuhr-Simulator [2012.12.31 14:32:37 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{89A19277-DE84-4974-8CB8-87CFE43D1B42} [2012.12.30 17:18:07 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{F8CB9537-28A3-40CF-B871-6F9EE2FBF44A} [2012.12.29 20:45:14 | 000,000,000 | ---D | C] -- C:\Users\Win7\Desktop\bilder [2012.12.29 19:34:40 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{249E858D-6814-4418-9EA8-08148F6D3946} [2012.12.26 21:29:09 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{2324B8C8-6FD7-4891-84E2-B527582FF5C6} [2012.12.26 20:48:32 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{11541549-45BB-48E0-961A-2B9E6522D241} [2012.12.26 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{550B9D96-FCB4-447F-BA1C-6AA1BF1DE81A} [2012.12.26 14:45:03 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{3E34DE5E-21D0-4833-90BC-C902382062D0} [2012.12.26 09:49:34 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{9E4E1FEF-F8C9-4C1E-91E4-A069695F9C28} [2012.12.25 21:10:07 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{47404B1B-CE33-4846-B693-DA42F7368126} [2012.12.24 20:39:40 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{9A71247B-8293-4F1D-9A39-6066538A0161} [2012.12.21 13:11:04 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{21D7BEB2-4538-4B7B-B7A3-582D40E685E6} [2012.12.20 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{45793ADF-BEB2-4F22-A782-D9B1599C0E16} [2012.12.19 22:23:38 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{35066059-B9EA-44DA-95DA-89899063D784} [2012.12.18 18:07:14 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{7D1C76D2-4BDF-4E2B-AA7C-77C9E3F4D837} [2012.12.13 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\Unity [2012.12.13 18:29:51 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\Unity [2012.12.13 13:23:00 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{732A1213-D245-4851-B1D2-B9F7C1BB5E85} [2012.12.11 23:03:05 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{0EEDF013-01D0-4E9A-898F-6DF5BD564EAC} [2012.12.11 23:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.12.11 23:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.12.11 23:00:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.12.10 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{8243D346-4345-43B5-B249-E5C7AD5FEA9A} [2012.12.09 17:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\astragon [2012.12.09 12:34:39 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{AA31926A-B6E5-4A86-9C57-4CBD821BCA05} [2012.12.08 15:33:33 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.12.08 14:41:12 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.12.08 14:41:10 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.12.08 14:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.12.08 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\TuneUp Software [2012.12.08 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.12.08 14:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.08 14:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.12.08 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\Conduit [2012.12.08 14:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE [2012.12.08 14:40:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.08 14:39:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.08 14:39:50 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.08 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\DVDVideoSoft [2012.12.08 14:39:27 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Roaming\OpenCandy [2012.12.08 14:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.12.08 14:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.12.08 12:04:03 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{69D8DCFA-DA09-4969-869A-14C31D24EDF5} [2012.12.07 22:52:07 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\{84DE8DC2-FB68-49C3-B385-CF05C87955F5} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.06 18:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Win7\Desktop\OTL.exe [2013.01.06 18:45:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.06 18:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.06 18:16:48 | 001,149,822 | ---- | M] () -- C:\Users\Win7\Desktop\ProcessExplorer.zip [2013.01.06 18:09:28 | 000,312,201 | ---- | M] () -- C:\Users\Win7\Desktop\OptiFine_1.4.6_HD_A3.zip [2013.01.06 18:06:32 | 001,745,975 | ---- | M] () -- C:\Users\Win7\Desktop\minecraftforge-universal-1.4.6-6.5.0.489.zip [2013.01.06 17:35:06 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.06 17:26:56 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702810392-1778331535-792018659-1000UA.job [2013.01.06 17:26:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.06 02:22:39 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 02:22:39 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 02:14:15 | 1606,619,136 | -HS- | M] () -- C:\hiberfil.sys [2013.01.04 22:58:25 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1702810392-1778331535-792018659-1000Core.job [2013.01.04 19:49:41 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.29 20:18:20 | 004,767,765 | ---- | M] () -- C:\Users\Win7\Desktop\IMG_4516.JPG [2012.12.29 20:14:09 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.29 20:14:09 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.29 20:14:09 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.29 20:14:09 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.25 20:39:14 | 004,891,915 | ---- | M] () -- C:\Users\Win7\Desktop\IMG_4519.JPG [2012.12.25 20:39:00 | 007,095,188 | ---- | M] () -- C:\Users\Win7\Desktop\IMG_4518.JPG [2012.12.25 12:26:06 | 004,679,572 | ---- | M] () -- C:\Users\Win7\Desktop\IMG_4517.JPG [2012.12.25 12:25:48 | 005,334,218 | ---- | M] () -- C:\Users\Win7\Desktop\IMG_4515.JPG [2012.12.25 11:43:50 | 005,000,572 | ---- | M] () -- C:\Users\Win7\Desktop\IMG_4514.JPG [2012.12.21 16:47:27 | 000,295,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.09 22:25:34 | 000,001,409 | ---- | M] () -- C:\Users\Win7\Desktop\Internet Explorer.lnk [2012.12.08 14:41:04 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.08 14:41:04 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.08 14:40:39 | 000,000,009 | ---- | M] () -- C:\END [2012.12.08 14:39:41 | 000,001,356 | ---- | M] () -- C:\Users\Win7\Desktop\Free YouTube to MP3 Converter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.06 18:16:50 | 001,149,822 | ---- | C] () -- C:\Users\Win7\Desktop\ProcessExplorer.zip [2013.01.06 18:09:59 | 001,745,975 | ---- | C] () -- C:\Users\Win7\Desktop\minecraftforge-universal-1.4.6-6.5.0.489.zip [2013.01.06 18:09:53 | 000,312,201 | ---- | C] () -- C:\Users\Win7\Desktop\OptiFine_1.4.6_HD_A3.zip [2013.01.04 19:49:41 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.29 20:48:41 | 007,095,188 | ---- | C] () -- C:\Users\Win7\Desktop\IMG_4518.JPG [2012.12.29 20:48:41 | 004,891,915 | ---- | C] () -- C:\Users\Win7\Desktop\IMG_4519.JPG [2012.12.29 20:48:41 | 004,679,572 | ---- | C] () -- C:\Users\Win7\Desktop\IMG_4517.JPG [2012.12.29 20:48:40 | 005,334,218 | ---- | C] () -- C:\Users\Win7\Desktop\IMG_4515.JPG [2012.12.29 20:48:40 | 004,767,765 | ---- | C] () -- C:\Users\Win7\Desktop\IMG_4516.JPG [2012.12.29 20:48:39 | 005,000,572 | ---- | C] () -- C:\Users\Win7\Desktop\IMG_4514.JPG [2012.12.09 22:25:34 | 000,001,409 | ---- | C] () -- C:\Users\Win7\Desktop\Internet Explorer.lnk [2012.12.08 14:41:04 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.08 14:41:04 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.08 14:41:03 | 000,002,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.12.08 14:40:39 | 000,000,009 | ---- | C] () -- C:\END [2012.12.08 14:39:41 | 000,001,356 | ---- | C] () -- C:\Users\Win7\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.05 17:27:06 | 000,581,642 | ---- | C] () -- C:\Users\Win7\AppData\Roaming\technic-launcher.jar [2012.12.05 17:27:06 | 000,581,168 | ---- | C] () -- C:\Users\Win7\AppData\Roaming\technic-launcher.jar.bak [2012.11.25 23:35:44 | 000,000,359 | ---- | C] () -- C:\Users\Win7\Papierkorb - Verknüpfung.lnk [2012.11.21 17:21:38 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.11.21 17:21:38 | 000,138,056 | ---- | C] () -- C:\Users\Win7\AppData\Roaming\PnkBstrK.sys [2012.11.21 17:20:59 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.11.21 17:20:50 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.09.29 10:40:36 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012.05.08 07:54:55 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2012.05.08 07:54:55 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2012.05.08 07:54:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2012.05.08 07:54:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2012.05.08 07:54:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2012.05.08 07:54:55 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2012.05.08 07:06:21 | 000,000,040 | ---- | C] () -- C:\Users\Win7\AppData\Roaming\burnaware.ini [2012.04.23 22:43:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.12 02:30:05 | 000,696,870 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 02:30:05 | 000,148,134 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.06 17:40:58 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\.minecraft [2013.01.04 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\.techniclauncher [2012.05.08 08:33:01 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Acronis [2012.09.29 17:48:00 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Arvuqy [2012.11.29 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\DataMgr [2012.11.29 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Der Planer 4 [2012.12.08 15:21:20 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\DVDVideoSoft [2012.12.08 14:39:50 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.13 20:31:05 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Hisi [2012.11.29 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\HMN [2012.10.20 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Iwup [2013.01.04 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\logs [2012.10.19 21:20:09 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Naufa [2012.11.25 00:51:46 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Need for Speed World [2012.11.19 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Nyabpu [2012.12.08 14:39:27 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\OpenCandy [2012.07.19 16:24:03 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\OpenOffice.org [2012.10.07 12:04:49 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\redsn0w [2012.11.29 00:18:14 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\SDIV 2.0 [2012.11.21 14:38:31 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Systweak [2012.12.05 15:49:31 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\TeamViewer [2012.12.08 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\TuneUp Software [2012.11.30 21:57:19 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Ubisoft [2012.08.31 00:14:19 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Ulgy [2012.11.21 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Umwuli [2012.12.13 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Unity [2012.08.28 21:37:07 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Xyytbu [2012.11.21 14:45:21 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\YourFileDownloader [2012.11.21 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\Win7\AppData\Roaming\Ziit ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.04.23 22:50:32 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.07.12 03:02:16 | 000,000,000 | ---D | M] -- C:\4d767eb2cbc5c35090eeaeb75709 [2012.05.11 13:20:34 | 000,000,000 | ---D | M] -- C:\74954b5185b34cc4b3a7bf3d6b [2012.10.11 20:04:56 | 000,000,000 | ---D | M] -- C:\c2b722bba3eac664c9f205 [2012.11.24 00:16:13 | 000,000,000 | ---D | M] -- C:\Crash [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.04.23 22:48:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.05.08 07:50:59 | 000,000,000 | ---D | M] -- C:\OEM [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.04 19:49:40 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.09 23:47:37 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.04.23 22:48:29 | 000,000,000 | -HSD | M] -- C:\Programme [2012.04.23 22:48:29 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.06 18:58:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.05 16:26:34 | 000,000,000 | ---D | M] -- C:\temp [2012.05.08 08:40:55 | 000,000,000 | R--D | M] -- C:\Users [2013.01.06 02:17:34 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,032,764 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.04.28 21:56:28 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.11.21 14:32:36 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 14:32:37 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.12.03 22:46:52 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1702810392-1778331535-792018659-1000Core.job [2012.12.03 22:46:53 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1702810392-1778331535-792018659-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012.02.14 21:15:17 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll < %USERPROFILE%\*.* > [2013.01.06 19:13:19 | 002,097,152 | -HS- | M] () -- C:\Users\Win7\ntuser.dat [2013.01.06 19:13:19 | 000,262,144 | -HS- | M] () -- C:\Users\Win7\ntuser.dat.LOG1 [2012.04.23 22:49:16 | 000,000,000 | -HS- | M] () -- C:\Users\Win7\ntuser.dat.LOG2 [2012.12.30 21:13:40 | 000,065,536 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{221c4f63-5209-11e2-86fa-001f16c630b4}.TM.blf [2012.12.30 21:13:40 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{221c4f63-5209-11e2-86fa-001f16c630b4}.TMContainer00000000000000000001.regtrans-ms [2012.12.30 21:13:40 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{221c4f63-5209-11e2-86fa-001f16c630b4}.TMContainer00000000000000000002.regtrans-ms [2012.04.23 22:49:19 | 000,065,536 | -HS- | M] () -- C:\Users\Win7\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012.04.23 22:49:19 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012.04.23 22:49:19 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.10.21 17:04:55 | 000,065,536 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{bb867267-1b89-11e2-9e2a-001f16c630b4}.TM.blf [2012.10.21 17:04:55 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{bb867267-1b89-11e2-9e2a-001f16c630b4}.TMContainer00000000000000000001.regtrans-ms [2012.10.21 17:04:55 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{bb867267-1b89-11e2-9e2a-001f16c630b4}.TMContainer00000000000000000002.regtrans-ms [2012.09.01 17:13:08 | 000,065,536 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{f8643ee6-f447-11e1-a78c-001f16c630b4}.TM.blf [2012.09.01 17:13:08 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{f8643ee6-f447-11e1-a78c-001f16c630b4}.TMContainer00000000000000000001.regtrans-ms [2012.09.01 17:13:08 | 000,524,288 | -HS- | M] () -- C:\Users\Win7\ntuser.dat{f8643ee6-f447-11e1-a78c-001f16c630b4}.TMContainer00000000000000000002.regtrans-ms [2012.04.23 22:49:16 | 000,000,020 | -HS- | M] () -- C:\Users\Win7\ntuser.ini [2012.11.25 23:35:44 | 000,000,359 | ---- | M] () -- C:\Users\Win7\Papierkorb - Verknüpfung.lnk < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.01.2013 18:54:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Win7\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,54% Memory free
3,99 Gb Paging File | 2,78 Gb Available in Paging File | 69,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 207,79 Gb Total Space | 156,34 Gb Free Space | 75,24% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 6,49 Gb Free Space | 25,94% Space Free | Partition Type: NTFS
Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09915E50-00AB-4A68-9F68-282DBA171BE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{117B3B64-1745-4F4E-BED1-81A41C044F53}" = lport=57638 | protocol=17 | dir=in | name=pando media booster |
"{133406B1-E337-4672-9260-D06112D3F6CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{13340897-CD60-4C2C-B67B-B05451D3F1DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{2210C6B3-F2F5-4A0F-A13A-3A17E4C8775B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{4125DD33-A94B-46DE-987C-5BDBA731E9E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{43D23973-AC88-473D-B9A7-AABE01AB5766}" = rport=137 | protocol=17 | dir=out | app=system |
"{46AA2072-304C-4BCB-BAD2-FBF64CAC8C9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5129A9DE-E74B-4381-AF74-04F5550C4B9E}" = lport=57638 | protocol=17 | dir=in | name=pando media booster |
"{693AB804-77BF-476A-B26B-92AF62D9D8D0}" = rport=445 | protocol=6 | dir=out | app=system |
"{6F56B724-BD63-4A8E-8241-666C3762BDD7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BA078FEE-048D-4658-8DB7-8BAA33D81625}" = lport=57638 | protocol=6 | dir=in | name=pando media booster |
"{BF5F7637-61D7-4F2B-92DD-0ED12C5F1F2C}" = lport=57638 | protocol=6 | dir=in | name=pando media booster |
"{C62D5A0C-7FA3-4267-9A5C-8259147ECA47}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2027EA1-6F17-48D2-A7B8-CA5783B6A6A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D981A639-1D1E-4448-B2AC-9C64C6DA0B17}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DAE02A1E-62F4-4165-AD83-0933CB3F945B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F79DB263-88D3-49B6-A2A4-43A04B388380}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F95853D1-D759-4822-8BA8-CC322A859DE1}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB80DA8-266F-4DB1-9F2C-94C1B206A94C}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{10499CD8-2FA9-4202-8B33-8F9588851378}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{11EF9F83-E27E-40EA-88A9-5DEB2FA5B77D}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{129BFBCE-2E40-4BFF-8DD4-AAF320FAD181}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{22D9FF29-ED28-42C5-8ECF-F2809BA73DD6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{24FCDBE7-C0B5-47E9-94DC-DE415A6D1988}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{25228A2F-8D63-4E6D-AA46-49C0F3EBED05}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{2E402EF2-1654-4141-9275-4E3945EEC2AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{31F1E35B-B5B3-4A6C-ADB7-F0EC430E1CCD}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{35094CA0-F2F1-4329-B205-096C5FCBDB6E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{406AEAFB-FA88-4CA9-8732-BA08F5F437CF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{527BE8DD-52CE-461E-9A10-6C83DE75C81D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{663A8CA0-E8B6-4C4E-B0C0-FEE040AB71D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{66F86312-13E1-427A-84C8-22AF52DFCEFB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6D5185C5-CE7D-4FCC-BB38-AE27F9CBCCA6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{71983813-F6BE-4722-B6F1-EDAD68A1AA5E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{7782BB69-6284-4ACD-8CCD-C14B88311977}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{805A337C-F179-4C56-A6EA-559BD962F3C3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8BFC73AD-24CB-4621-9CD7-A83781D9192F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8CFA5A5D-A75F-4D8F-ACE0-899BD7D62F4A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{8FD73183-5284-439F-B14F-29DDDC6853B3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{91C75779-5056-49C1-87F6-CE6B806FAE6E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{96FA4620-5B51-4100-8EEE-1ED96DC8E70C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{970EC84B-4E60-467D-9C12-6AF8407F9F18}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{99420D59-D030-4ED8-897D-2EB74B58B278}" = protocol=17 | dir=in | app=c:\program files\acronis\diskdirectoradvanced\mms.exe |
"{A5D399C0-7D4E-4CC2-A02D-5DC14F8BF2B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B232D53F-F901-444F-898D-29459F258DA6}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{C548FBC1-F5BF-424C-AEA2-7A6FCB0001EB}" = dir=in | app=c:\users\win7\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{C5785163-7F10-46BB-8775-22CBEE3CD7F9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{C5A42A1E-B0F3-4A21-9B0D-6F088AB84AA8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C68C87A7-684E-431D-8327-7A8705872F5E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\anno5.exe |
"{CA94D957-F1B9-4295-874E-58A72C9273F1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{CCB22ADA-5308-4342-B509-5D5B02BD2138}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D64DCE25-3300-48A5-8D46-740A1F929AA5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\autopatcher.exe |
"{DC039816-8556-4A9C-A763-1BFCE2C0763C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 2070\initengine.exe |
"{DC76D596-3619-4B61-85BF-BBB0BF29F68F}" = protocol=6 | dir=in | app=c:\program files\acronis\diskdirectoradvanced\mms.exe |
"{DDA4363B-FE55-4EC2-BD73-03EB23541DEA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{DDABC2B9-5D67-459B-875B-F85342698D1E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E2935828-8674-41AB-A458-FBE9F4686215}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1CCFEB2-324C-4586-A02C-900144088152}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0362A8D7-FF8C-4ECC-B27D-AA7D6E38A021}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{11C190C8-2C13-4967-84E6-C445A302E6FB}C:\users\win7\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55238F2A-D3A2-4D91-B437-D5FC52CB30C4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{59FC169E-C618-4B9C-80CD-0E01F1B911ED}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{8F70C291-9AC8-4A6C-9906-3E5559DC6E7B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{9C414AB0-5077-4F48-ACC9-FE09A48DD9AB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C4CAF0E3-7085-4412-BA49-025B9205B2C4}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{E2C5AF97-3F3D-4648-8C0D-A0292CB4E23E}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{E6D6F81B-BF58-488C-8DC9-2492A8DD3F9E}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{FA22FE36-D942-453A-BA98-65932BB48658}C:\users\win7\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe |
"UDP Query User{54493B9F-CE52-4F2E-95AA-8F8171AD30BE}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{62084E91-BFF4-4134-9EB6-B25AE008F80F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{739C2261-A078-4940-8643-B3E12153A6D0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{82D18F3E-E0BA-4C11-B735-21DF4F4C7E56}C:\users\win7\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe |
"UDP Query User{8E758ADA-5A14-4147-A0AC-E69734EEF202}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{AA75207E-85A6-4838-9C7A-9DABAAABAF36}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{AC655E96-19AD-48B1-A185-E462E6DB029D}C:\users\win7\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\win7\appdata\local\akamai\netsession_win.exe |
"UDP Query User{AD937CAC-3944-4092-A36D-4D46D24DD4B6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CA70FC22-AE19-4070-A827-2C4DE9F1AB59}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{F14D09F1-F4AF-42C3-999F-785BD822FF65}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53B91797-7CC8-41AA-999E-C33DAEC63A1A}" = Acronis Disk Director 11 Advanced* Agent
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EF18153-2F5C-4511-9C05-2BF39F5A241A}" = Acronis Disk Director 11 Advanced Bootable Media Builder
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFDDB79D-3FB6-4E82-832C-728F73FAC327}" = Acronis Disk Director 11 Advanced*Management*Console
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1" = Der Planer 4 Version 1.3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"German Truck Simulator" = German Truck Simulator 1.00
"Google Chrome" = Google Chrome
"Lieferwagen-Simulator 2010_is1" = Lieferwagen-Simulator 2010
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"SOE-C:/Users/Win7/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Win7/Pictures/Bilder" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2012 18:45:15 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.12.2012 00:54:06 | Computer Name = Win7-PC | Source = Acronis Scheduler | ID = 1
Description = Scheduler kann den Task nicht ausführen"" mit GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4'}
wegen Fehler 267 (Der Verzeichnisname ist ungültig)
Error - 30.12.2012 10:55:23 | Computer Name = Win7-PC | Source = Google Update | ID = 20
Description =
Error - 30.12.2012 10:57:32 | Computer Name = Win7-PC | Source = Google Update | ID = 20
Description =
Error - 30.12.2012 12:16:28 | Computer Name = Win7-PC | Source = Acronis Scheduler | ID = 1
Description = Scheduler kann den Task nicht ausführen"" mit GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4'}
wegen Fehler 267 (Der Verzeichnisname ist ungültig)
Error - 30.12.2012 12:18:04 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.12.2012 12:37:33 | Computer Name = Win7-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 540 Startzeit: 01cde6a904084b73 Endzeit: 63 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 3146493f-529f-11e2-97b6-001f16c630b4
Error - 30.12.2012 14:53:14 | Computer Name = Win7-PC | Source = Google Update | ID = 20
Description =
Error - 31.12.2012 09:31:45 | Computer Name = Win7-PC | Source = Acronis Scheduler | ID = 1
Description = Scheduler kann den Task nicht ausführen"" mit GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4'}
wegen Fehler 267 (Der Verzeichnisname ist ungültig)
Error - 31.12.2012 09:33:16 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 28.11.2012 06:48:11 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.11.2012 08:08:23 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.11.2012 09:56:26 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.11.2012 14:29:50 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.11.2012 16:32:43 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.11.2012 17:07:02 | Computer Name = Win7-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.11.2012 17:07:02 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.11.2012 17:41:47 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.11.2012 18:17:33 | Computer Name = Win7-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.11.2012 18:17:33 | Computer Name = Win7-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
walid |
|
06.01.2013, 19:33
| #8 |
| /// Malware-holic | 10 Viruse bei Avira in Quarantäne gefunden. Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 19:39
| #9 |
| | 10 Viruse bei Avira in Quarantäne gefunden. So hier tdss killer Code:
ATTFilter 19:36:29.0571 4248 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:36:29.0958 4248 ============================================================
19:36:29.0958 4248 Current date / time: 2013/01/06 19:36:29.0958
19:36:29.0958 4248 SystemInfo:
19:36:29.0958 4248
19:36:29.0958 4248 OS Version: 6.1.7601 ServicePack: 1.0
19:36:29.0958 4248 Product type: Workstation
19:36:29.0958 4248 ComputerName: WIN7-PC
19:36:29.0958 4248 UserName: Win7
19:36:29.0958 4248 Windows directory: C:\Windows
19:36:29.0959 4248 System windows directory: C:\Windows
19:36:29.0959 4248 Processor architecture: Intel x86
19:36:29.0959 4248 Number of processors: 2
19:36:29.0959 4248 Page size: 0x1000
19:36:29.0959 4248 Boot type: Normal boot
19:36:29.0959 4248 ============================================================
19:36:31.0669 4248 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:36:31.0672 4248 ============================================================
19:36:31.0673 4248 \Device\Harddisk0\DR0:
19:36:31.0673 4248 MBR partitions:
19:36:31.0673 4248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:36:31.0673 4248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19F92000
19:36:31.0699 4248 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19FC5000, BlocksNum 0x3200000
19:36:31.0699 4248 ============================================================
19:36:31.0816 4248 C: <-> \Device\Harddisk0\DR0\Partition2
19:36:31.0851 4248 E: <-> \Device\Harddisk0\DR0\Partition3
19:36:31.0887 4248 ============================================================
19:36:31.0887 4248 Initialize success
19:36:31.0887 4248 ============================================================
19:37:10.0828 2600 ============================================================
19:37:10.0828 2600 Scan started
19:37:10.0828 2600 Mode: Manual; SigCheck; TDLFS;
19:37:10.0828 2600 ============================================================
19:37:12.0051 2600 ================ Scan system memory ========================
19:37:12.0051 2600 System memory - ok
19:37:12.0052 2600 ================ Scan services =============================
19:37:12.0317 2600 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:37:12.0499 2600 1394ohci - ok
19:37:12.0531 2600 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:37:12.0558 2600 ACPI - ok
19:37:12.0580 2600 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:37:12.0710 2600 AcpiPmi - ok
19:37:12.0918 2600 [ 481A8A84F5D63C812750CFECDC89DF05 ] AcronisAgent C:\Program Files\Common Files\Acronis\Agent\agent.exe
19:37:13.0012 2600 AcronisAgent - ok
19:37:13.0088 2600 [ 3CB728E52B0C26142DB8A4A9F224E777 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19:37:13.0137 2600 AcrSch2Svc - ok
19:37:13.0231 2600 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:37:13.0249 2600 AdobeARMservice - ok
19:37:13.0337 2600 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:37:13.0368 2600 AdobeFlashPlayerUpdateSvc - ok
19:37:13.0439 2600 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:37:13.0479 2600 adp94xx - ok
19:37:13.0506 2600 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:37:13.0532 2600 adpahci - ok
19:37:13.0545 2600 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:37:13.0569 2600 adpu320 - ok
19:37:13.0615 2600 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:37:13.0758 2600 AeLookupSvc - ok
19:37:13.0812 2600 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:37:13.0878 2600 AFD - ok
19:37:13.0977 2600 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
19:37:14.0078 2600 AgereSoftModem - ok
19:37:14.0128 2600 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:37:14.0150 2600 agp440 - ok
19:37:14.0187 2600 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:37:14.0203 2600 aic78xx - ok
19:37:14.0274 2600 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:37:14.0327 2600 ALG - ok
19:37:14.0382 2600 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:37:14.0395 2600 aliide - ok
19:37:14.0442 2600 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:37:14.0522 2600 AMD External Events Utility - ok
19:37:14.0562 2600 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:37:14.0577 2600 amdagp - ok
19:37:14.0597 2600 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:37:14.0611 2600 amdide - ok
19:37:14.0628 2600 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:37:14.0673 2600 AmdK8 - ok
19:37:14.0680 2600 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:37:14.0768 2600 AmdPPM - ok
19:37:14.0835 2600 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:37:14.0861 2600 amdsata - ok
19:37:14.0896 2600 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:37:14.0923 2600 amdsbs - ok
19:37:14.0951 2600 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:37:14.0970 2600 amdxata - ok
19:37:15.0064 2600 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:37:15.0081 2600 AntiVirSchedulerService - ok
19:37:15.0134 2600 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:37:15.0147 2600 AntiVirService - ok
19:37:15.0219 2600 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:37:15.0291 2600 AppID - ok
19:37:15.0473 2600 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:37:15.0611 2600 AppIDSvc - ok
19:37:15.0650 2600 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:37:15.0781 2600 Appinfo - ok
19:37:16.0109 2600 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:37:16.0121 2600 Apple Mobile Device - ok
19:37:16.0197 2600 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:37:16.0272 2600 AppMgmt - ok
19:37:16.0376 2600 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
19:37:16.0400 2600 arc - ok
19:37:16.0411 2600 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:37:16.0444 2600 arcsas - ok
19:37:16.0641 2600 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:37:16.0662 2600 aspnet_state - ok
19:37:17.0526 2600 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:17.0916 2600 AsyncMac - ok
19:37:17.0966 2600 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:37:17.0989 2600 atapi - ok
19:37:18.0118 2600 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
19:37:18.0457 2600 athr - ok
19:37:18.0802 2600 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:19.0168 2600 atikmdag - ok
19:37:19.0555 2600 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:37:20.0218 2600 AudioEndpointBuilder - ok
19:37:20.0233 2600 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:37:20.0409 2600 Audiosrv - ok
19:37:20.0666 2600 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:37:20.0750 2600 avgntflt - ok
19:37:21.0142 2600 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:37:21.0202 2600 avipbb - ok
19:37:21.0243 2600 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:37:21.0271 2600 avkmgr - ok
19:37:21.0376 2600 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:37:23.0313 2600 AxInstSV - ok
19:37:23.0903 2600 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
19:37:24.0091 2600 b06bdrv - ok
19:37:24.0133 2600 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:37:24.0222 2600 b57nd60x - ok
19:37:24.0314 2600 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:37:24.0441 2600 BDESVC - ok
19:37:24.0476 2600 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:37:24.0669 2600 Beep - ok
19:37:24.0801 2600 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:37:25.0024 2600 BFE - ok
19:37:25.0093 2600 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:37:25.0420 2600 BITS - ok
19:37:25.0439 2600 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:37:25.0520 2600 blbdrive - ok
19:37:25.0560 2600 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:37:25.0887 2600 bowser - ok
19:37:26.0034 2600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:37:26.0117 2600 BrFiltLo - ok
19:37:26.0145 2600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:37:26.0205 2600 BrFiltUp - ok
19:37:26.0259 2600 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:37:26.0308 2600 Browser - ok
19:37:26.0342 2600 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:37:26.0370 2600 Brserid - ok
19:37:26.0394 2600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:37:26.0419 2600 BrSerWdm - ok
19:37:26.0432 2600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:37:26.0470 2600 BrUsbMdm - ok
19:37:26.0478 2600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:37:26.0510 2600 BrUsbSer - ok
19:37:26.0521 2600 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:37:26.0550 2600 BTHMODEM - ok
19:37:26.0600 2600 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:37:26.0662 2600 bthserv - ok
19:37:26.0690 2600 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:37:26.0755 2600 cdfs - ok
19:37:26.0818 2600 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:37:26.0867 2600 cdrom - ok
19:37:26.0903 2600 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:37:26.0982 2600 CertPropSvc - ok
19:37:27.0034 2600 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
19:37:27.0068 2600 circlass - ok
19:37:27.0103 2600 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:37:27.0138 2600 CLFS - ok
19:37:27.0230 2600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:27.0256 2600 clr_optimization_v2.0.50727_32 - ok
19:37:27.0307 2600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:27.0331 2600 clr_optimization_v4.0.30319_32 - ok
19:37:27.0349 2600 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:37:27.0388 2600 CmBatt - ok
19:37:27.0416 2600 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:37:27.0437 2600 cmdide - ok
19:37:27.0486 2600 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
19:37:27.0552 2600 CNG - ok
19:37:27.0588 2600 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:37:27.0610 2600 Compbatt - ok
19:37:27.0649 2600 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:37:27.0701 2600 CompositeBus - ok
19:37:27.0750 2600 COMSysApp - ok
19:37:27.0786 2600 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:37:27.0803 2600 crcdisk - ok
19:37:27.0932 2600 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:37:28.0004 2600 CryptSvc - ok
19:37:28.0050 2600 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:37:28.0142 2600 CSC - ok
19:37:28.0254 2600 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:37:28.0348 2600 CscService - ok
19:37:28.0402 2600 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:37:28.0472 2600 DcomLaunch - ok
19:37:28.0495 2600 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:37:28.0583 2600 defragsvc - ok
19:37:28.0630 2600 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:37:28.0687 2600 DfsC - ok
19:37:28.0843 2600 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:37:28.0882 2600 Dhcp - ok
19:37:28.0906 2600 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:37:28.0982 2600 discache - ok
19:37:29.0031 2600 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
19:37:29.0060 2600 Disk - ok
19:37:29.0265 2600 [ 942DE3AD3D93A7925B6650CDCF160E82 ] DMS C:\Program Files\Acronis\DiskDirectorAdvanced\mms.exe
19:37:29.0516 2600 DMS - ok
19:37:29.0772 2600 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:37:29.0906 2600 dmvsc - ok
19:37:30.0169 2600 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:37:30.0309 2600 Dnscache - ok
19:37:30.0480 2600 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:37:30.0647 2600 dot3svc - ok
19:37:30.0815 2600 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:37:30.0909 2600 DPS - ok
19:37:30.0985 2600 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:37:31.0082 2600 drmkaud - ok
19:37:31.0293 2600 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:37:31.0359 2600 DXGKrnl - ok
19:37:31.0411 2600 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:37:31.0490 2600 EapHost - ok
19:37:31.0643 2600 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
19:37:31.0779 2600 ebdrv - ok
19:37:31.0813 2600 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:37:31.0870 2600 EFS - ok
19:37:31.0988 2600 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:37:32.0071 2600 ehRecvr - ok
19:37:32.0079 2600 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:37:32.0131 2600 ehSched - ok
19:37:32.0207 2600 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:37:32.0236 2600 elxstor - ok
19:37:32.0252 2600 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:37:32.0293 2600 ErrDev - ok
19:37:32.0368 2600 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:37:32.0453 2600 EventSystem - ok
19:37:32.0488 2600 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:37:32.0540 2600 exfat - ok
19:37:32.0567 2600 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:37:32.0630 2600 fastfat - ok
19:37:32.0687 2600 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:37:32.0771 2600 Fax - ok
19:37:32.0797 2600 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
19:37:32.0825 2600 fdc - ok
19:37:32.0839 2600 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:37:32.0911 2600 fdPHost - ok
19:37:32.0933 2600 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:37:33.0013 2600 FDResPub - ok
19:37:33.0035 2600 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:37:33.0052 2600 FileInfo - ok
19:37:33.0075 2600 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:37:33.0116 2600 Filetrace - ok
19:37:33.0137 2600 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:37:33.0164 2600 flpydisk - ok
19:37:33.0200 2600 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:37:33.0220 2600 FltMgr - ok
19:37:33.0281 2600 [ D85453BAF5DE7E55CB13441452A4E2D3 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
19:37:33.0298 2600 fltsrv - ok
19:37:33.0347 2600 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:37:33.0443 2600 FontCache - ok
19:37:33.0552 2600 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:37:33.0576 2600 FontCache3.0.0.0 - ok
19:37:33.0629 2600 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:37:33.0672 2600 FsDepends - ok
19:37:33.0750 2600 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:37:33.0767 2600 fssfltr - ok
19:37:33.0954 2600 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:37:34.0108 2600 fsssvc - ok
19:37:34.0151 2600 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:37:34.0178 2600 Fs_Rec - ok
19:37:34.0230 2600 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:37:34.0257 2600 fvevol - ok
19:37:34.0289 2600 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:37:34.0308 2600 gagp30kx - ok
19:37:34.0368 2600 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:34.0385 2600 GEARAspiWDM - ok
19:37:34.0431 2600 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:37:34.0508 2600 gpsvc - ok
19:37:34.0677 2600 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:34.0706 2600 gupdate - ok
19:37:34.0741 2600 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:37:34.0762 2600 gupdatem - ok
19:37:34.0811 2600 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:37:34.0839 2600 gusvc - ok
19:37:34.0886 2600 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:37:34.0916 2600 hamachi - ok
19:37:35.0041 2600 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
19:37:35.0131 2600 Hamachi2Svc - ok
19:37:35.0185 2600 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:37:35.0238 2600 hcw85cir - ok
19:37:35.0272 2600 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:37:35.0340 2600 HdAudAddService - ok
19:37:35.0403 2600 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:35.0442 2600 HDAudBus - ok
19:37:35.0464 2600 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:37:35.0531 2600 HidBatt - ok
19:37:35.0540 2600 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:37:35.0583 2600 HidBth - ok
19:37:35.0618 2600 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:37:35.0685 2600 HidIr - ok
19:37:35.0718 2600 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:37:35.0789 2600 hidserv - ok
19:37:35.0842 2600 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:37:35.0906 2600 HidUsb - ok
19:37:35.0968 2600 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:37:36.0020 2600 hkmsvc - ok
19:37:36.0161 2600 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:37:36.0210 2600 HomeGroupListener - ok
19:37:36.0250 2600 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:37:36.0306 2600 HomeGroupProvider - ok
19:37:36.0357 2600 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:37:36.0377 2600 HpSAMD - ok
19:37:36.0463 2600 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:37:36.0539 2600 HTTP - ok
19:37:36.0555 2600 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:37:36.0571 2600 hwpolicy - ok
19:37:36.0616 2600 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:37:36.0769 2600 i8042prt - ok
19:37:36.0786 2600 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:37:36.0820 2600 iaStorV - ok
19:37:36.0913 2600 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:37:36.0968 2600 idsvc - ok
19:37:37.0154 2600 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:37:37.0324 2600 igfx - ok
19:37:37.0369 2600 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:37:37.0397 2600 iirsp - ok
19:37:37.0525 2600 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:37:37.0640 2600 IKEEXT - ok
19:37:37.0826 2600 [ B29E79C67F3779E70BA187E31B639EBC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:37:37.0908 2600 IntcAzAudAddService - ok
19:37:37.0937 2600 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:37:37.0963 2600 intelide - ok
19:37:38.0029 2600 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:37:38.0050 2600 intelppm - ok
19:37:38.0074 2600 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:37:38.0120 2600 IPBusEnum - ok
19:37:38.0136 2600 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:38.0218 2600 IpFilterDriver - ok
19:37:38.0297 2600 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:37:38.0449 2600 iphlpsvc - ok
19:37:38.0458 2600 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:37:38.0484 2600 IPMIDRV - ok
19:37:38.0507 2600 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:37:38.0628 2600 IPNAT - ok
19:37:38.0695 2600 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:37:38.0742 2600 iPod Service - ok
19:37:38.0769 2600 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:37:38.0833 2600 IRENUM - ok
19:37:38.0862 2600 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:37:38.0882 2600 isapnp - ok
19:37:38.0900 2600 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:37:38.0929 2600 iScsiPrt - ok
19:37:38.0990 2600 [ C4C95805B85BCE1EB9D20F4A02FC5F9B ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
19:37:39.0059 2600 k57nd60x - ok
19:37:39.0119 2600 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:37:39.0168 2600 kbdclass - ok
19:37:39.0199 2600 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:37:39.0298 2600 kbdhid - ok
19:37:39.0352 2600 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:37:39.0381 2600 KeyIso - ok
19:37:39.0435 2600 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:37:39.0460 2600 KSecDD - ok
19:37:39.0634 2600 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:37:39.0673 2600 KSecPkg - ok
19:37:39.0798 2600 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:37:39.0848 2600 KtmRm - ok
19:37:39.0881 2600 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:37:40.0008 2600 LanmanServer - ok
19:37:40.0069 2600 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:37:40.0148 2600 LanmanWorkstation - ok
19:37:40.0221 2600 [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:37:40.0261 2600 Live Updater Service - ok
19:37:40.0325 2600 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:37:40.0443 2600 lltdio - ok
19:37:40.0491 2600 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:37:40.0552 2600 lltdsvc - ok
19:37:40.0576 2600 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:37:40.0658 2600 lmhosts - ok
19:37:40.0711 2600 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:37:40.0742 2600 LSI_FC - ok
19:37:40.0754 2600 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:37:40.0780 2600 LSI_SAS - ok
19:37:40.0789 2600 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:37:40.0817 2600 LSI_SAS2 - ok
19:37:40.0842 2600 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:37:40.0870 2600 LSI_SCSI - ok
19:37:40.0888 2600 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:37:40.0951 2600 luafv - ok
19:37:40.0978 2600 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:37:41.0031 2600 Mcx2Svc - ok
19:37:41.0042 2600 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
19:37:41.0072 2600 megasas - ok
19:37:41.0097 2600 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:37:41.0120 2600 MegaSR - ok
19:37:41.0141 2600 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:37:41.0221 2600 MMCSS - ok
19:37:41.0248 2600 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:37:41.0322 2600 Modem - ok
19:37:41.0358 2600 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:37:41.0405 2600 monitor - ok
19:37:41.0437 2600 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:37:41.0462 2600 mouclass - ok
19:37:41.0544 2600 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:37:41.0608 2600 mouhid - ok
19:37:41.0641 2600 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:37:41.0668 2600 mountmgr - ok
19:37:41.0717 2600 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:37:41.0740 2600 MozillaMaintenance - ok
19:37:41.0767 2600 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:37:41.0790 2600 mpio - ok
19:37:41.0807 2600 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:37:41.0850 2600 mpsdrv - ok
19:37:41.0903 2600 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:37:41.0991 2600 MpsSvc - ok
19:37:42.0017 2600 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:37:42.0068 2600 MRxDAV - ok
19:37:42.0109 2600 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:42.0137 2600 mrxsmb - ok
19:37:42.0168 2600 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:42.0223 2600 mrxsmb10 - ok
19:37:42.0259 2600 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:42.0296 2600 mrxsmb20 - ok
19:37:42.0326 2600 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:37:42.0347 2600 msahci - ok
19:37:42.0368 2600 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:37:42.0386 2600 msdsm - ok
19:37:42.0417 2600 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:37:42.0462 2600 MSDTC - ok
19:37:42.0522 2600 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:37:42.0588 2600 Msfs - ok
19:37:42.0622 2600 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:37:42.0679 2600 mshidkmdf - ok
19:37:42.0711 2600 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:37:42.0729 2600 msisadrv - ok
19:37:42.0775 2600 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:37:42.0840 2600 MSiSCSI - ok
19:37:42.0861 2600 msiserver - ok
19:37:42.0902 2600 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:37:42.0953 2600 MSKSSRV - ok
19:37:42.0987 2600 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:43.0041 2600 MSPCLOCK - ok
19:37:43.0049 2600 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:37:43.0099 2600 MSPQM - ok
19:37:43.0128 2600 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:37:43.0159 2600 MsRPC - ok
19:37:43.0179 2600 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:43.0198 2600 mssmbios - ok
19:37:43.0216 2600 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:37:43.0258 2600 MSTEE - ok
19:37:43.0269 2600 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:37:43.0324 2600 MTConfig - ok
19:37:43.0357 2600 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:37:43.0379 2600 Mup - ok
19:37:43.0452 2600 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:37:43.0508 2600 napagent - ok
19:37:43.0574 2600 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:37:43.0620 2600 NativeWifiP - ok
19:37:43.0698 2600 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:37:43.0742 2600 NDIS - ok
19:37:43.0808 2600 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:37:43.0890 2600 NdisCap - ok
19:37:43.0928 2600 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:43.0992 2600 NdisTapi - ok
19:37:44.0031 2600 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:44.0083 2600 Ndisuio - ok
19:37:44.0111 2600 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:44.0241 2600 NdisWan - ok
19:37:44.0349 2600 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:37:44.0434 2600 NDProxy - ok
19:37:44.0494 2600 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:37:44.0619 2600 NetBIOS - ok
19:37:44.0648 2600 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:37:44.0770 2600 NetBT - ok
19:37:44.0827 2600 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:37:44.0853 2600 Netlogon - ok
19:37:44.0938 2600 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:37:45.0031 2600 Netman - ok
19:37:45.0079 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:37:45.0108 2600 NetMsmqActivator - ok
19:37:45.0116 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:37:45.0134 2600 NetPipeActivator - ok
19:37:45.0168 2600 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:37:45.0234 2600 netprofm - ok
19:37:45.0249 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:37:45.0267 2600 NetTcpActivator - ok
19:37:45.0296 2600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:37:45.0329 2600 NetTcpPortSharing - ok
19:37:45.0392 2600 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:37:45.0420 2600 nfrd960 - ok
19:37:45.0488 2600 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:37:45.0549 2600 NlaSvc - ok
19:37:45.0600 2600 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:37:45.0647 2600 Npfs - ok
19:37:45.0690 2600 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:37:45.0739 2600 nsi - ok
19:37:45.0752 2600 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:37:45.0830 2600 nsiproxy - ok
19:37:45.0913 2600 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:37:45.0959 2600 Ntfs - ok
19:37:45.0977 2600 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:37:46.0029 2600 Null - ok
19:37:46.0072 2600 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:37:46.0100 2600 nvraid - ok
19:37:46.0121 2600 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:37:46.0141 2600 nvstor - ok
19:37:46.0163 2600 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:37:46.0186 2600 nv_agp - ok
19:37:46.0200 2600 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:37:46.0261 2600 ohci1394 - ok
19:37:46.0312 2600 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:37:46.0372 2600 p2pimsvc - ok
19:37:46.0412 2600 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:37:46.0498 2600 p2psvc - ok
19:37:46.0521 2600 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
19:37:46.0551 2600 Parport - ok
19:37:46.0590 2600 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:37:46.0614 2600 partmgr - ok
19:37:46.0627 2600 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:37:46.0659 2600 Parvdm - ok
19:37:46.0691 2600 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:37:46.0730 2600 PcaSvc - ok
19:37:46.0761 2600 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:37:46.0781 2600 pci - ok
19:37:46.0866 2600 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:37:46.0885 2600 pciide - ok
19:37:46.0921 2600 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:37:46.0956 2600 pcmcia - ok
19:37:47.0043 2600 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:37:47.0070 2600 pcw - ok
19:37:47.0118 2600 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:37:47.0346 2600 PEAUTH - ok
19:37:47.0429 2600 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:37:47.0825 2600 PeerDistSvc - ok
19:37:47.0926 2600 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:37:48.0061 2600 pla - ok
19:37:48.0123 2600 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:37:48.0193 2600 PlugPlay - ok
19:37:48.0478 2600 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:37:48.0493 2600 PnkBstrA - ok
19:37:48.0707 2600 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:37:48.0745 2600 PNRPAutoReg - ok
19:37:48.0780 2600 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:37:48.0808 2600 PNRPsvc - ok
19:37:48.0857 2600 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:37:48.0937 2600 PolicyAgent - ok
19:37:48.0970 2600 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:37:49.0047 2600 Power - ok
19:37:49.0100 2600 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:37:49.0160 2600 PptpMiniport - ok
19:37:49.0183 2600 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
19:37:49.0237 2600 Processor - ok
19:37:49.0297 2600 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:37:49.0362 2600 ProfSvc - ok
19:37:49.0414 2600 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:37:49.0441 2600 ProtectedStorage - ok
19:37:49.0655 2600 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:37:49.0731 2600 Psched - ok
19:37:49.0787 2600 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:37:49.0840 2600 ql2300 - ok
19:37:49.0893 2600 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:37:49.0918 2600 ql40xx - ok
19:37:49.0949 2600 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:37:50.0031 2600 QWAVE - ok
19:37:50.0064 2600 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:37:50.0086 2600 QWAVEdrv - ok
19:37:50.0106 2600 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:37:50.0180 2600 RasAcd - ok
19:37:50.0231 2600 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:37:50.0279 2600 RasAgileVpn - ok
19:37:50.0296 2600 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:37:50.0373 2600 RasAuto - ok
19:37:50.0417 2600 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:50.0469 2600 Rasl2tp - ok
19:37:50.0513 2600 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:37:50.0578 2600 RasMan - ok
19:37:50.0612 2600 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:50.0651 2600 RasPppoe - ok
19:37:50.0686 2600 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:37:50.0767 2600 RasSstp - ok
19:37:50.0806 2600 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:37:50.0871 2600 rdbss - ok
19:37:50.0899 2600 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:37:50.0941 2600 rdpbus - ok
19:37:50.0953 2600 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:51.0009 2600 RDPCDD - ok
19:37:51.0035 2600 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:37:51.0053 2600 RDPDR - ok
19:37:51.0241 2600 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:37:51.0363 2600 RDPENCDD - ok
19:37:51.0420 2600 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:37:51.0516 2600 RDPREFMP - ok
19:37:51.0585 2600 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:37:51.0723 2600 RdpVideoMiniport - ok
19:37:51.0959 2600 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:37:52.0001 2600 RDPWD - ok
19:37:52.0066 2600 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:37:52.0101 2600 rdyboost - ok
19:37:52.0140 2600 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:37:52.0197 2600 RemoteAccess - ok
19:37:52.0228 2600 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:37:52.0282 2600 RemoteRegistry - ok
19:37:52.0321 2600 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:37:52.0390 2600 RpcEptMapper - ok
19:37:52.0429 2600 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:37:52.0491 2600 RpcLocator - ok
19:37:52.0530 2600 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:37:52.0610 2600 RpcSs - ok
19:37:52.0658 2600 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:37:52.0724 2600 rspndr - ok
19:37:52.0787 2600 [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:37:52.0814 2600 RSUSBSTOR - ok
19:37:52.0841 2600 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:37:52.0901 2600 s3cap - ok
19:37:52.0915 2600 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:37:52.0934 2600 SamSs - ok
19:37:52.0965 2600 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:37:52.0981 2600 sbp2port - ok
19:37:53.0017 2600 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:37:53.0102 2600 SCardSvr - ok
19:37:53.0133 2600 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:37:53.0406 2600 scfilter - ok
19:37:53.0462 2600 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:37:53.0555 2600 Schedule - ok
19:37:53.0586 2600 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:37:53.0632 2600 SCPolicySvc - ok
19:37:53.0648 2600 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:37:53.0698 2600 SDRSVC - ok
19:37:53.0810 2600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:37:53.0897 2600 secdrv - ok
19:37:54.0009 2600 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:37:54.0095 2600 seclogon - ok
19:37:54.0130 2600 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:37:54.0271 2600 SENS - ok
19:37:54.0305 2600 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:37:54.0389 2600 SensrSvc - ok
19:37:54.0557 2600 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:37:54.0687 2600 Serenum - ok
19:37:54.0841 2600 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
19:37:54.0919 2600 Serial - ok
19:37:54.0946 2600 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:37:54.0979 2600 sermouse - ok
19:37:55.0025 2600 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:37:55.0131 2600 SessionEnv - ok
19:37:55.0231 2600 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:37:55.0352 2600 sffdisk - ok
19:37:55.0398 2600 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:37:55.0435 2600 sffp_mmc - ok
19:37:55.0465 2600 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:37:55.0518 2600 sffp_sd - ok
19:37:55.0530 2600 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:37:55.0579 2600 sfloppy - ok
19:37:55.0652 2600 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:37:55.0743 2600 SharedAccess - ok
19:37:55.0790 2600 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:37:55.0855 2600 ShellHWDetection - ok
19:37:55.0867 2600 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:37:55.0885 2600 sisagp - ok
19:37:55.0916 2600 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:37:55.0935 2600 SiSRaid2 - ok
19:37:55.0947 2600 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:37:55.0967 2600 SiSRaid4 - ok
19:37:56.0040 2600 [ D0C0B700152B1F610F10B356483B3401 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:37:56.0057 2600 SkypeUpdate - ok
19:37:56.0096 2600 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:37:56.0143 2600 Smb - ok
19:37:56.0205 2600 [ 5583054EF09D13CA953DA1FAE287D80D ] snapman C:\Windows\system32\DRIVERS\snapman.sys
19:37:56.0243 2600 snapman - ok
19:37:56.0276 2600 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:37:56.0302 2600 SNMPTRAP - ok
19:37:56.0318 2600 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:37:56.0343 2600 spldr - ok
19:37:56.0396 2600 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:37:56.0458 2600 Spooler - ok
19:37:56.0558 2600 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:37:56.0719 2600 sppsvc - ok
19:37:56.0741 2600 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:37:56.0814 2600 sppuinotify - ok
19:37:56.0853 2600 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:37:56.0924 2600 srv - ok
19:37:56.0949 2600 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:37:57.0002 2600 srv2 - ok
19:37:57.0028 2600 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:37:57.0092 2600 srvnet - ok
19:37:57.0121 2600 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:37:57.0183 2600 SSDPSRV - ok
19:37:57.0247 2600 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:37:57.0267 2600 ssmdrv - ok
19:37:57.0298 2600 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:37:57.0345 2600 SstpSvc - ok
19:37:57.0386 2600 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:37:57.0408 2600 stexstor - ok
19:37:57.0469 2600 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:37:57.0535 2600 StiSvc - ok
19:37:57.0571 2600 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:37:57.0588 2600 storflt - ok
19:37:57.0617 2600 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:37:57.0631 2600 storvsc - ok
19:37:57.0664 2600 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:37:57.0689 2600 swenum - ok
19:37:57.0710 2600 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:37:57.0764 2600 swprv - ok
19:37:57.0795 2600 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
19:37:57.0816 2600 Synth3dVsc - ok
19:37:57.0872 2600 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:37:57.0939 2600 SysMain - ok
19:37:57.0964 2600 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:37:58.0003 2600 TabletInputService - ok
19:37:58.0030 2600 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:37:58.0107 2600 TapiSrv - ok
19:37:58.0154 2600 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:37:58.0208 2600 TBS - ok
19:37:58.0309 2600 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:37:58.0361 2600 Tcpip - ok
19:37:58.0442 2600 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:37:58.0488 2600 TCPIP6 - ok
19:37:58.0543 2600 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:37:58.0640 2600 tcpipreg - ok
19:37:58.0698 2600 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:37:58.0743 2600 TDPIPE - ok
19:37:58.0796 2600 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:37:58.0848 2600 TDTCP - ok
19:37:58.0883 2600 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:37:58.0919 2600 tdx - ok
19:37:59.0281 2600 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
19:37:59.0559 2600 TeamViewer8 - ok
19:37:59.0729 2600 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:37:59.0759 2600 TermDD - ok
19:37:59.0808 2600 [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt C:\Windows\system32\drivers\terminpt.sys
19:37:59.0840 2600 terminpt - ok
19:37:59.0903 2600 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:37:59.0999 2600 TermService - ok
19:38:00.0024 2600 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:38:00.0100 2600 Themes - ok
19:38:00.0131 2600 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:38:00.0184 2600 THREADORDER - ok
19:38:00.0225 2600 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:38:00.0300 2600 TrkWks - ok
19:38:00.0391 2600 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:38:00.0473 2600 TrustedInstaller - ok
19:38:00.0533 2600 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:00.0590 2600 tssecsrv - ok
19:38:00.0647 2600 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:38:00.0668 2600 TsUsbFlt - ok
19:38:00.0717 2600 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:38:00.0748 2600 TsUsbGD - ok
19:38:00.0779 2600 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
19:38:00.0820 2600 tsusbhub - ok
19:38:01.0059 2600 [ 75E9D9B9E1C268697DA56EFF1A578F68 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
19:38:01.0158 2600 TuneUp.UtilitiesSvc - ok
19:38:01.0237 2600 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
19:38:01.0254 2600 TuneUpUtilitiesDrv - ok
19:38:01.0318 2600 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:38:01.0391 2600 tunnel - ok
19:38:01.0429 2600 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:38:01.0460 2600 uagp35 - ok
19:38:01.0488 2600 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:38:01.0553 2600 udfs - ok
19:38:01.0604 2600 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:38:01.0657 2600 UI0Detect - ok
19:38:01.0701 2600 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:38:01.0720 2600 uliagpkx - ok
19:38:01.0760 2600 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:38:01.0802 2600 umbus - ok
19:38:01.0820 2600 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
19:38:01.0864 2600 UmPass - ok
19:38:01.0901 2600 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:38:01.0957 2600 UmRdpService - ok
19:38:01.0998 2600 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:38:02.0069 2600 upnphost - ok
19:38:02.0118 2600 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:38:02.0139 2600 USBAAPL - ok
19:38:02.0203 2600 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:38:02.0224 2600 usbaudio - ok
19:38:02.0257 2600 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:02.0273 2600 usbccgp - ok
19:38:02.0313 2600 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:38:02.0341 2600 usbcir - ok
19:38:02.0359 2600 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:38:02.0402 2600 usbehci - ok
19:38:02.0451 2600 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:38:02.0478 2600 usbhub - ok
19:38:02.0488 2600 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:38:02.0537 2600 usbohci - ok
19:38:02.0562 2600 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:38:02.0612 2600 usbprint - ok
19:38:02.0666 2600 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:02.0706 2600 USBSTOR - ok
19:38:02.0739 2600 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:02.0781 2600 usbuhci - ok
19:38:02.0824 2600 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:38:02.0848 2600 usbvideo - ok
19:38:02.0886 2600 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:38:02.0945 2600 UxSms - ok
19:38:03.0017 2600 [ D90693C3AD11172B8952C8A1117AFCB1 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
19:38:03.0034 2600 UxTuneUp - ok
19:38:03.0056 2600 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:38:03.0089 2600 VaultSvc - ok
19:38:03.0126 2600 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:38:03.0143 2600 vdrvroot - ok
19:38:03.0176 2600 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:38:03.0323 2600 vds - ok
19:38:03.0369 2600 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:03.0411 2600 vga - ok
19:38:03.0449 2600 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:38:03.0487 2600 VgaSave - ok
19:38:03.0504 2600 VGPU - ok
19:38:03.0533 2600 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:38:03.0553 2600 vhdmp - ok
19:38:03.0569 2600 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:38:03.0591 2600 viaagp - ok
19:38:03.0600 2600 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:38:03.0654 2600 ViaC7 - ok
19:38:03.0677 2600 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:38:03.0697 2600 viaide - ok
19:38:03.0729 2600 [ 7140E9EA599C2E5FFCA0E783AF9EDE2E ] vidsflt61 C:\Windows\system32\DRIVERS\vsflt61.sys
19:38:03.0743 2600 vidsflt61 - ok
19:38:03.0771 2600 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:38:03.0792 2600 vmbus - ok
19:38:03.0804 2600 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:38:03.0851 2600 VMBusHID - ok
19:38:03.0893 2600 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:38:03.0911 2600 volmgr - ok
19:38:03.0936 2600 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:38:03.0967 2600 volmgrx - ok
19:38:03.0996 2600 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:38:04.0019 2600 volsnap - ok
19:38:04.0149 2600 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:38:04.0224 2600 vsmraid - ok
19:38:04.0458 2600 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:38:04.0543 2600 VSS - ok
19:38:04.0571 2600 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:38:04.0632 2600 vwifibus - ok
19:38:04.0663 2600 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:38:04.0704 2600 vwififlt - ok
19:38:04.0730 2600 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:38:04.0798 2600 W32Time - ok
19:38:04.0848 2600 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:38:04.0889 2600 WacomPen - ok
19:38:04.0930 2600 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:38:04.0998 2600 WANARP - ok
19:38:05.0013 2600 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:38:05.0059 2600 Wanarpv6 - ok
19:38:05.0126 2600 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:38:05.0185 2600 wbengine - ok
19:38:05.0211 2600 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:38:05.0261 2600 WbioSrvc - ok
19:38:05.0303 2600 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:38:05.0332 2600 wcncsvc - ok
19:38:05.0369 2600 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:38:05.0411 2600 WcsPlugInService - ok
19:38:05.0455 2600 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
19:38:05.0470 2600 Wd - ok
19:38:05.0530 2600 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:38:05.0588 2600 Wdf01000 - ok
19:38:05.0621 2600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:38:05.0668 2600 WdiServiceHost - ok
19:38:05.0677 2600 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:38:05.0703 2600 WdiSystemHost - ok
19:38:05.0733 2600 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:38:05.0816 2600 WebClient - ok
19:38:05.0831 2600 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:38:05.0886 2600 Wecsvc - ok
19:38:05.0918 2600 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:38:05.0951 2600 wercplsupport - ok
19:38:05.0981 2600 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:38:06.0051 2600 WerSvc - ok
19:38:06.0074 2600 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:38:06.0115 2600 WfpLwf - ok
19:38:06.0131 2600 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:38:06.0149 2600 WIMMount - ok
19:38:06.0232 2600 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:38:06.0298 2600 WinDefend - ok
19:38:06.0320 2600 WinHttpAutoProxySvc - ok
19:38:06.0421 2600 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:38:06.0458 2600 Winmgmt - ok
19:38:06.0521 2600 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:38:06.0617 2600 WinRM - ok
19:38:06.0685 2600 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:38:06.0724 2600 WinUsb - ok
19:38:06.0785 2600 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:38:06.0877 2600 Wlansvc - ok
19:38:06.0935 2600 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:38:06.0950 2600 wlcrasvc - ok
19:38:07.0084 2600 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:38:07.0194 2600 wlidsvc - ok
19:38:07.0250 2600 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:38:07.0333 2600 WmiAcpi - ok
19:38:07.0390 2600 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:38:07.0472 2600 wmiApSrv - ok
19:38:07.0551 2600 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:38:07.0654 2600 WMPNetworkSvc - ok
19:38:07.0698 2600 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:38:07.0756 2600 WPCSvc - ok
19:38:07.0788 2600 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:38:07.0881 2600 WPDBusEnum - ok
19:38:07.0909 2600 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:38:07.0973 2600 ws2ifsl - ok
19:38:08.0002 2600 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:38:08.0043 2600 wscsvc - ok
19:38:08.0051 2600 WSearch - ok
19:38:08.0160 2600 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:38:08.0264 2600 wuauserv - ok
19:38:08.0309 2600 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:38:08.0329 2600 WudfPf - ok
19:38:08.0362 2600 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:08.0418 2600 WUDFRd - ok
19:38:08.0472 2600 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:38:08.0500 2600 wudfsvc - ok
19:38:08.0530 2600 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:38:08.0607 2600 WwanSvc - ok
19:38:08.0661 2600 ================ Scan global ===============================
19:38:08.0705 2600 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:38:08.0750 2600 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
19:38:08.0783 2600 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
19:38:08.0821 2600 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:38:08.0841 2600 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:38:08.0862 2600 [Global] - ok
19:38:08.0863 2600 ================ Scan MBR ==================================
19:38:08.0875 2600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:38:09.0229 2600 \Device\Harddisk0\DR0 - ok
19:38:09.0230 2600 ================ Scan VBR ==================================
19:38:09.0246 2600 [ C82E428528DA4AF7A913CCFD480FB521 ] \Device\Harddisk0\DR0\Partition1
19:38:09.0247 2600 \Device\Harddisk0\DR0\Partition1 - ok
19:38:09.0290 2600 [ DCF173BB3FEC0C9357D53C3568AEBD8E ] \Device\Harddisk0\DR0\Partition2
19:38:09.0293 2600 \Device\Harddisk0\DR0\Partition2 - ok
19:38:09.0343 2600 [ 1FE7E639C9C985F5F7C85AE89E7C2712 ] \Device\Harddisk0\DR0\Partition3
19:38:09.0351 2600 \Device\Harddisk0\DR0\Partition3 - ok
19:38:09.0352 2600 ============================================================
19:38:09.0352 2600 Scan finished
19:38:09.0352 2600 ============================================================
19:38:09.0403 2932 Detected object count: 0
19:38:09.0403 2932 Actual detected object count: 0
|
|
06.01.2013, 19:40
| #10 | |
| /// Malware-holic | 10 Viruse bei Avira in Quarantäne gefunden. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 20:31
| #11 |
| | 10 Viruse bei Avira in Quarantäne gefunden. C:\Combofix.txt exestiert nicht sonder nur ein "Ordner" mit den Namen Combofix |
|
06.01.2013, 20:32
| #12 |
| /// Malware-holic | 10 Viruse bei Avira in Quarantäne gefunden. dan poste halt das log, welches automatisch geöffnet wurde. Könnte auch auf c: als log.txt liegen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 20:34
| #13 |
| | 10 Viruse bei Avira in Quarantäne gefunden. Achja ich wollte mal Fragen obs normal ist das Combofix sich aufhängt?? weil es hat sich vorhin aufgehangen.. |
|
06.01.2013, 20:36
| #14 |
| /// Malware-holic | 10 Viruse bei Avira in Quarantäne gefunden. ne, bei welchem Programm ist es schon normal, dass es sich aufhängt? Versuche den Scan erneut, falls es nicht klappt, starte neu, drücke f8, wähle abgesicherter Modus mit Netzwerk, und melde dich in deinem Konto an, versuche es da erneut.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 16:41
| #15 |
| | 10 Viruse bei Avira in Quarantäne gefunden. Hi markusg sorry das ich nicht ein paar Tage online war ich konnte nicht an den Laptop da ich sehr sehr viel arbeiten musste. Hier das Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-16.01 - Win7 16.01.2013 16:26:49.2.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2043.1153 [GMT 1:00]
ausgeführt von:: c:\users\Win7\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-16 bis 2013-01-16 ))))))))))))))))))))))))))))))
.
.
2013-01-15 13:43 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C668D19-C6E6-4249-A27A-17158AC5355C}\mpengine.dll
2013-01-09 11:13 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 11:13 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 11:13 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 11:13 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-07 19:51 . 2013-01-15 16:35 -------- d-----w- c:\users\Win7\AppData\Roaming\.minecraft
2013-01-07 19:33 . 2013-01-07 19:34 -------- d-----w- c:\users\Win7\AppData\Roaming\minecraft
2013-01-06 17:30 . 2013-01-06 17:30 -------- d-----w- c:\program files\Common Files\Java
2013-01-06 17:29 . 2013-01-06 17:29 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-04 18:49 . 2013-01-04 18:49 -------- d-----w- c:\program files\Common Files\Skype
2013-01-04 18:49 . 2013-01-04 18:49 -------- d-----r- c:\program files\Skype
2012-12-21 14:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 14:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 17:41 . 2012-04-28 20:56 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 17:41 . 2012-04-28 20:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-06 17:29 . 2012-05-08 06:28 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-06 17:29 . 2012-05-08 06:11 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-29 15:06 . 2012-12-08 13:41 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-11-29 15:06 . 2012-12-08 14:33 29536 ----a-w- c:\windows\system32\uxtuneup.dll
2012-11-29 15:06 . 2012-12-08 13:41 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-11-21 22:38 . 2012-11-21 16:20 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-21 22:32 . 2012-11-21 16:20 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-11-21 22:19 . 2012-11-21 16:33 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-11-21 17:35 . 2012-11-21 16:21 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-21 17:28 . 2012-11-21 16:21 138056 ----a-w- c:\users\Win7\AppData\Roaming\PnkBstrK.sys
2012-11-21 16:20 . 2012-11-21 16:20 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-11-09 04:42 . 2012-12-13 12:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 12:30 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-21 13:45 . 2012-05-08 05:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-03 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17878704]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-12-16 15:52 403616 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-10-09 09:53 4441920 ----a-w- c:\users\Win7\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 20:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2012-04-24 17:57 2783040 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMgr]
2012-10-16 08:31 168264 ----a-w- c:\users\Win7\AppData\Roaming\DataMgr\datamgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2012-11-25 00:45 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Protector]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TU]
2012-10-28 08:54 133536 ----a-w- c:\users\Win7\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Imizadluo"=c:\users\Win7\AppData\Roaming\Arvuqy\keac.exe
"IExplorer Util"=c:\users\Win7\AppData\Roaming\ie_util.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files\Common Files\Acronis\Agent\agent.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 DMS;Acronis Disk Management Service;c:\program files\Acronis\DiskDirectorAdvanced\mms.exe [x]
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S3 k57nd60x;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 14:45 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:41]
.
2013-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1702810392-1778331535-792018659-1000Core.job
- c:\users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-03 21:46]
.
2013-01-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1702810392-1778331535-792018659-1000UA.job
- c:\users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-03 21:46]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-21 13:32]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-21 13:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848&SSPV=IEOB18
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Win7\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\ku1pvkdl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=
FF - prefs.js: browser.search.selectedEngine - FBDownloader Search
FF - prefs.js: browser.startup.homepage - hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=
FF - ExtSQL: 2012-12-08 14:39; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - ExtSQL: 2012-12-08 14:40; {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}; c:\users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\ku1pvkdl.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b46f210e000000000000001f16c630b4&q=
FF - user.js: extensions.BabylonToolbar.id - b46f210e000000000000001f16c630b4
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15665
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.814:44
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{553318DA-D010-469E-84B1-496563CAE1BF} - (no file)
AddRemove-Lieferwagen-Simulator 2010_is1 - c:\program files\Lieferwagen-Simulator 2010\unins000.exe
AddRemove-{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1 - c:\program files\Der Planer 4\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1702810392-1778331535-792018659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1702810392-1778331535-792018659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-16 16:33:49
ComboFix-quarantined-files.txt 2013-01-16 15:33
.
Vor Suchlauf: 11 Verzeichnis(se), 179.268.292.608 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 178.885.513.216 Bytes frei
.
- - End Of File - - D45E6A0B796DF1C2A308A923C0BC028C
Schonmal danke für die Hilfe. MfG walid |
|
| Themen zu 10 Viruse bei Avira in Quarantäne gefunden. |
| avira, gefunde, helft, heute, länger, quarantäne, viruse |
