| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.06.2013, 18:38
| #1 | |
 |  TR/Crypt.XPACK.Gen entfernen? Hallo, liebes Trojaner-Board Team. Vorab: ich kenn mich leider nicht wirklich gut aus. Im laufe des Tages erschienen auf einmal ständig Fehlermeldungen... Zitat:
Als infizierte Dateien wurden macromedia.exe und shell.exe im Windows Ordner angezeigt. Doch die lassen sich nicht wirklich löschen. Im abgesicherten Modus hat antivir dann nichts gefunden? Mein PC läuft seitdem sehr langsam und einige Programme funktionieren nicht mehr bzw. nur teilweise... Antivir hab ich danach noch mehrmals gestartet aber das wird immer vor Abschluss beendet... scheint auch infiziert zu sein... Hoffe ihr könnt mir weiterhelfen  |
|
02.06.2013, 18:44
| #2 |
| /// Malware-holic   | TR/Crypt.XPACK.Gen entfernen? Hi,
__________________da dein Threadtitel auf einen Fund hindeutet, schau mal in Avira nach. http://www.trojaner-board.de/125889-...en-posten.html dann: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
02.06.2013, 19:24
| #3 |
| | TR/Crypt.XPACK.Gen entfernen? Danke für die schnelle Antwort.
__________________Avira: Code:
ATTFilter Exportierte Ereignisse:
02.06.2013 19:09 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:29 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:29 [Scanner] Malware gefunden
Die Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
02.06.2013 18:25 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:25 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:25 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:25 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:25 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:24 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:24 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:24 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
02.06.2013 18:13 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:13 [Scanner] Malware gefunden
Die Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57d9c239.qua'
verschoben!
02.06.2013 18:13 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:13 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.06.2013 18:13 [Guard] Malware gefunden
In der Datei 'C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
OTL: Code:
ATTFilter OTL logfile created on: 02.06.2013 19:55:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,93 Gb Total Physical Memory | 4,19 Gb Available Physical Memory | 70,66% Memory free 11,86 Gb Paging File | 9,79 Gb Available in Paging File | 82,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,95 Gb Total Space | 156,99 Gb Free Space | 34,43% Space Free | Partition Type: NTFS Drive D: | 456,46 Gb Total Space | 456,36 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 537,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.02 19:48:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe PRC - [2013.06.02 18:13:40 | 000,055,808 | ---- | M] (Systemt) -- C:\Users\Andi\AppData\Roaming\WindowsFiles\shell.exe PRC - [2013.06.02 18:13:40 | 000,055,808 | ---- | M] (Systemt) -- C:\Users\Andi\AppData\Roaming\WindowsFiles\macromedia.exe PRC - [2013.05.15 12:38:24 | 001,298,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2013.05.15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2013.03.28 13:17:07 | 000,460,800 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\scvhost.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.01.08 16:04:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.04 18:19:02 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe PRC - [2011.06.28 14:51:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 10:41:02 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2010.07.12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2009.12.22 19:28:16 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.12.22 19:11:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.14 03:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2013.03.28 13:17:07 | 000,460,800 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\scvhost.exe MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.02.08 06:46:14 | 000,013,824 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libblkmaker-0.1-0.dll MOD - [2013.02.08 06:46:14 | 000,013,312 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libblkmaker_jansson-0.1-0.dll MOD - [2013.02.08 06:45:46 | 000,228,352 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libcurl-4.dll MOD - [2013.02.08 06:45:46 | 000,092,672 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\pdcurses.dll MOD - [2013.02.08 06:45:46 | 000,088,576 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\zlib1.dll MOD - [2013.02.08 06:45:46 | 000,052,736 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libjansson-4.dll MOD - [2012.05.04 18:19:02 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe MOD - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.17 23:56:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2013.05.14 23:07:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.08 16:04:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.12.04 11:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2012.06.23 17:49:24 | 000,087,040 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher) SRV - [2012.05.04 18:19:02 | 000,274,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.06.28 14:51:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 10:41:02 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 14:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64) SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.08.29 12:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2011.08.29 12:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2011.08.29 12:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2011.08.29 12:42:56 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2011.06.28 14:51:46 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 14:51:46 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.23 12:32:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.10.09 08:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2009.10.29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=17361010m316pe445v175w55n1u66q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{A8FBE34E-DD17-4EA0-ACCD-D117B91B5728}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{DACD25BC-236D-4B89-9EE5-BC671D95C65D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.07 17:58:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.17 23:56:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.21 21:17:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.17 23:56:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.21 21:17:32 | 000,000,000 | ---D | M] [2010.10.22 16:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions [2013.06.02 19:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\2ugod16k.default\extensions [2013.05.08 23:03:19 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\2ugod16k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.31 21:23:19 | 000,002,306 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\2ugod16k.default\searchplugins\askcomsearch.xml [2013.05.26 20:12:41 | 000,006,503 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\2ugod16k.default\searchplugins\babylon.xml [2013.05.26 20:12:45 | 000,001,294 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\2ugod16k.default\searchplugins\delta.xml [2013.05.17 23:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.17 23:56:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.17 23:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.05.17 23:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.17 23:56:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [brah] C:\Users\Andi\AppData\Roaming\brah\sit.bat () O4 - HKCU..\Run: [Google Search] C:\ProgramData\Google Search0\fbdlfpvew.exe (DT Soft Ltd TechSmith Corporation) O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [Winlogon] C:\Users\Andi\AppData\Roaming\Microsoft\winlogon.exe () O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.exe.vbs () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F89BF63-2803-4BCB-AF41-68CD6077C6F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6347442B-F633-488F-93AA-1FAF15DD314C}: NameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{124634cf-6d0f-11e2-8808-001f3f0ef86c}\Shell - "" = AutoRun O33 - MountPoints2\{124634cf-6d0f-11e2-8808-001f3f0ef86c}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{124634eb-6d0f-11e2-8808-001f3f0ef86c}\Shell - "" = AutoRun O33 - MountPoints2\{124634eb-6d0f-11e2-8808-001f3f0ef86c}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{12463524-6d0f-11e2-8808-001f3f0ef86c}\Shell - "" = AutoRun O33 - MountPoints2\{12463524-6d0f-11e2-8808-001f3f0ef86c}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{48d3a27d-dde3-11df-9f39-90fba6858649}\Shell - "" = AutoRun O33 - MountPoints2\{48d3a27d-dde3-11df-9f39-90fba6858649}\Shell\AutoRun\command - "" = K:\pushinst.exe O33 - MountPoints2\{a39d3ede-dd25-11df-b3aa-90fba6858649}\Shell - "" = AutoRun O33 - MountPoints2\{a39d3ede-dd25-11df-b3aa-90fba6858649}\Shell\AutoRun\command - "" = K:\pushinst.exe O33 - MountPoints2\{c09202a9-8a27-11e2-a723-001f3f0ef86c}\Shell - "" = AutoRun O33 - MountPoints2\{c09202a9-8a27-11e2-a723-001f3f0ef86c}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{c09202b8-8a27-11e2-a723-001f3f0ef86c}\Shell - "" = AutoRun O33 - MountPoints2\{c09202b8-8a27-11e2-a723-001f3f0ef86c}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 19:47:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe [2013.06.02 19:13:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.06.02 19:13:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.06.02 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar [2013.06.02 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2013.06.02 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2013.06.02 18:13:36 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\WindowsFiles [2013.06.02 18:07:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Google Search0 [2013.06.02 18:07:37 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\brah [2013.05.26 20:12:54 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.26 20:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.26 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\BabSolution [2013.05.26 20:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.26 20:12:28 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Babylon [2013.05.26 20:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.26 20:12:22 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\OpenCandy [2013.05.26 20:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.26 20:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.18 23:20:25 | 000,000,000 | ---D | C] -- C:\Users\Andi\Desktop\emulator [2013.05.17 23:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.02 19:48:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe [2013.06.02 19:29:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 19:29:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 19:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.02 19:21:48 | 000,001,045 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013.06.02 19:21:34 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.02 19:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 19:21:11 | 479,510,527 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 19:07:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.31 23:12:03 | 000,000,043 | ---- | M] () -- C:\Users\Andi\Desktop\pixel.gif [2013.05.26 14:04:36 | 001,642,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.26 14:04:36 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.26 14:04:36 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.26 14:04:36 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.26 14:04:36 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 15:06:23 | 000,011,420 | ---- | M] () -- C:\Users\Andi\Desktop\Lebenslauf.pdf [2013.05.21 21:17:32 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.05.18 19:28:32 | 003,234,573 | ---- | M] () -- C:\Users\Andi\Desktop\I've Seen Hell North And South.mp3 [2013.05.18 18:28:56 | 001,361,890 | ---- | M] () -- C:\Users\Andi\Desktop\lol.png [2013.05.16 09:10:07 | 000,373,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.10 12:24:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.10 12:24:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 18:13:46 | 000,001,045 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2013.05.31 23:12:03 | 000,000,043 | ---- | C] () -- C:\Users\Andi\Desktop\pixel.gif [2013.05.22 15:06:23 | 000,011,420 | ---- | C] () -- C:\Users\Andi\Desktop\Lebenslauf.pdf [2013.05.18 19:28:04 | 003,234,573 | ---- | C] () -- C:\Users\Andi\Desktop\I've Seen Hell North And South.mp3 [2013.05.18 18:28:56 | 001,361,890 | ---- | C] () -- C:\Users\Andi\Desktop\lol.png [2013.05.10 12:24:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.10 12:24:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.28 11:37:44 | 000,005,703 | ---- | C] () -- C:\Users\Andi\AppData\Local\recently-used.xbel [2012.10.12 17:01:09 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.31 19:24:30 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.31 19:24:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.07 20:25:04 | 000,000,092 | ---- | C] () -- C:\Users\Andi\AppData\Local\fusioncache.dat [2010.10.31 14:19:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.23 17:03:34 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.11.20 21:29:57 | 000,000,000 | -HSD | M] -- C:\Users\Andi\AppData\Roaming\.# [2013.05.26 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\BabSolution [2013.05.26 20:12:28 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Babylon [2013.06.02 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\brah [2012.12.18 12:29:56 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Carbon [2011.12.28 18:02:59 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite [2013.05.26 20:12:22 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DVDVideoSoft [2012.07.24 20:46:35 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.24 01:09:15 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Fatshark [2013.04.01 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Firefly Studios [2010.12.23 17:08:26 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\GetRightToGo [2012.05.08 02:15:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\gtk-2.0 [2012.12.31 02:33:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Highresolution Enterprises [2012.01.25 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Leadertech [2011.01.21 19:47:54 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\LolClient [2012.05.29 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\LolClient2 [2011.05.20 23:42:42 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\NoNameScript [2013.05.26 20:12:22 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OpenCandy [2012.09.18 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OpenOffice.org [2010.10.22 17:03:08 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Opera [2012.05.31 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Origin [2013.01.24 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ProtectDisc [2013.02.02 10:11:22 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Telefónica [2011.02.10 19:05:22 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Trillian [2013.06.02 13:19:52 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TS3Client [2012.03.05 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ubisoft [2012.05.03 15:15:18 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Wacom [2012.05.03 15:15:34 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2013.06.02 19:09:10 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\WindowsFiles ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.21 16:50:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.04.10 20:27:36 | 000,000,000 | -H-D | M] -- C:\AcerSW [2012.08.30 14:53:27 | 000,000,000 | ---D | M] -- C:\AMD [2010.04.10 20:06:47 | 000,000,000 | ---D | M] -- C:\book [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.21 16:48:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.03.23 16:47:21 | 000,000,000 | ---D | M] -- C:\Intel [2013.02.10 17:52:18 | 000,000,000 | ---D | M] -- C:\Larian Studios [2010.03.24 03:16:06 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.10.21 16:50:03 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.13 23:03:29 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.02 19:07:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.02 18:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.21 16:48:17 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.21 16:48:18 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.16 03:20:06 | 000,000,000 | ---D | M] -- C:\Riot Games [2010.11.30 14:33:55 | 000,000,000 | ---D | M] -- C:\RocWorks [2013.06.02 19:59:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.03.16 12:13:29 | 000,000,000 | ---D | M] -- C:\UserData [2010.10.21 16:48:32 | 000,000,000 | R--D | M] -- C:\Users [2013.06.02 18:30:42 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.22 17:18:09 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.10.22 17:18:09 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.10.12 17:25:00 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.10.06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.10.06 08:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.10.06 08:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2009.10.06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: IASTOR.SYS > [2009.10.13 20:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b02a0635da01252b\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2013.06.02 18:07:31 | 000,204,288 | ---- | M] () MD5=49584C1F368FF344E3433E4C0DC4818A -- C:\Users\Andi\AppData\Roaming\Microsoft\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.05.03 15:14:43 | 000,000,002 | ---- | M] () -- C:\Users\Andi\.bdockinstall.log [2013.06.02 20:12:59 | 002,883,584 | -HS- | M] () -- C:\Users\Andi\ntuser.dat [2013.06.02 20:12:59 | 000,262,144 | -HS- | M] () -- C:\Users\Andi\ntuser.dat.LOG1 [2010.10.21 16:48:32 | 000,000,000 | -HS- | M] () -- C:\Users\Andi\ntuser.dat.LOG2 [2010.10.21 16:59:38 | 000,065,536 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.10.21 16:59:38 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.10.21 16:59:38 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.10.23 00:40:48 | 000,065,536 | -HS- | M] () -- C:\Users\Andi\ntuser.dat{a8c5734b-ddcb-11df-842e-90fba6858649}.TM.blf [2010.10.23 00:40:48 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\ntuser.dat{a8c5734b-ddcb-11df-842e-90fba6858649}.TMContainer00000000000000000001.regtrans-ms [2010.10.23 00:40:48 | 000,524,288 | -HS- | M] () -- C:\Users\Andi\ntuser.dat{a8c5734b-ddcb-11df-842e-90fba6858649}.TMContainer00000000000000000002.regtrans-ms [2010.10.21 16:48:33 | 000,000,020 | -HS- | M] () -- C:\Users\Andi\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4D066AD2 < End of report > |
|
02.06.2013, 19:26
| #4 |
| | TR/Crypt.XPACK.Gen entfernen? Zuviele Zeichen^^ Extras: Code:
ATTFilter OTL Extras logfile created on: 02.06.2013 19:55:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,93 Gb Total Physical Memory | 4,19 Gb Available Physical Memory | 70,66% Memory free
11,86 Gb Paging File | 9,79 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 156,99 Gb Free Space | 34,43% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 456,36 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 537,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08412BC6-91C9-4F6E-A15A-C933849FA828}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23B927FE-C571-4329-AAF7-6CBE2029E8E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A4A0362-E28F-41E2-80FB-886E141997D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B421F5D-25D0-4618-97C7-296638498457}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{36CB6D98-F812-4E5D-93BC-E06B8CA7D4B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5B519082-6F8A-48B8-B5BE-2B1C31A83FEE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5C4C2E35-6F5E-42F3-8596-3849ABF89BA5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6C9200BF-48BC-42BA-8D37-4DE3BEFCC5A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{765DD4BF-DCB3-4A9D-A844-96C09A280FEB}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{7C3E0DF9-F7D1-4C78-9FF5-1A731036F5B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FCF49CB-A084-4860-9A95-BA0A02C43D76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A21F3A61-E06C-46A4-9E2C-8450ACB05F3C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A4A97EDB-BDA6-4841-9FB9-40F11C38DC4C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A9C9CD3D-C2AF-4925-A334-4A6D67C51FB2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B63E5BB2-5AAE-491E-8087-96124CFF8A80}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{C9610268-79AD-41B9-8FC5-42E55C5D65A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CBB9F2F8-4ACC-4866-B771-BE1DF23F6CAC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D03720ED-3504-4FD3-A800-4980F9894335}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E4BA1847-9A59-4E73-BAF9-43DEF868802D}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{E89B273A-F88F-410A-A945-A9F2D709186D}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{F443BC4F-EDA2-4BAF-A725-9ADDA01AB766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F75EBC05-5E0B-4AAE-83E7-5366D0A4EF67}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00373A18-DE48-4F45-9AFD-CE02720E298E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{038CF94D-FF10-40D1-BB6F-11588D8D57D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{05A32EBC-083B-44FA-827D-2A9B5E3E12D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{06E1447C-8112-45D8-930B-F52ED82E6281}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{070D7A4E-A4A1-4440-AA8A-A5FA1BFAFF98}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{07D5A35A-AC3A-47C5-A6F7-EF59982D05C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{0B6515ED-375D-4CBE-AC52-04DB8845BCA9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{0CE173C0-475B-43F8-9C69-F48F181483C6}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{0E603D99-A1EA-44AC-8566-6DF585B743F4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1257BB35-D536-4BD8-ADF6-6B3DBC3D32F7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{12EC5982-1D71-4A78-9C3C-21EAE6EF3DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{1432CF5E-179C-446F-B646-B4AC186D0C78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{15979CD4-B801-4910-94DA-30E644611632}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{168E4668-B7F4-4F38-B89A-C8C7852BD2A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{183DEC9A-0878-483B-94A0-AF5848E1D481}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{197C04DA-502E-4D59-9846-E1AC5EE645F4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{19CDCA32-DA79-49A0-9141-C93AF8A4B4DB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{1C81882E-5CA8-4F20-BAC5-52D7A92CA36A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{213E721A-B99C-42DB-8A0F-C520783298A9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2295B025-605E-4D67-AABD-49CD80D9D355}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{2297DE4A-E5FC-4B28-B8CE-3F63F6EC4CB6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{2387D9F3-AFE4-410F-B2A6-C296EA544F01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{256B1BBF-0AE2-40F9-8933-C0B1E494DF2B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{2698E3DA-B0C6-42DC-8245-3F626F8F3CFE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{26FE113D-4AA7-4BFF-BB6D-4FAB93B4FFDE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{27E52F8C-5D71-4EE1-B2F8-3ED2C54B5E5F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2AACD4FC-61E9-45CE-90B7-62C9A0F7A3F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{2C771F99-DB74-4612-8240-25692F5DA898}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E759874-2C48-4D7C-9025-2BB759144A71}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{30089CB7-65B5-4E2B-8C4E-659CA8D1B203}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{308AF72A-7BB5-4C53-877A-3E47437BEB2A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{331FF484-2216-4CAB-B709-AA9A54AEDBF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{334F8B54-4BB6-4C61-AA69-34EAC81A368F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{336C7A7D-B166-484A-B66F-4F82369F35FB}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{35CBC5CD-7E75-432E-B53A-90D95BA00CB8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3785C240-526D-4751-8486-08796F83C92D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3B275AD1-A760-4BFA-AD7C-989F5AC96671}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3B86AE73-F901-48F1-8553-2B5F430B2855}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{3C59C3EB-4EA4-476D-919A-4439575003C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{41824B1C-3C76-4BA5-969A-75F101D6E41A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4288421A-6D1C-49F6-A447-EB28D7266961}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{472C7011-08E9-4EC8-9CF9-F63E38C964D0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{487AA946-6E10-40A2-A2F8-15BCB8B778D1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4ABFED31-0527-40FB-A96D-E191E9ED1D35}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{51370311-CA54-4FF6-9123-87F2B2E9C7A4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{5156C165-F77E-4E42-BE2B-95CAF8AA90E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{5543897C-9D57-4890-97D7-3C6AC3CED888}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{580F30B5-AF69-4CF2-9193-2CAECF4BA76E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{599F3EB4-0678-4786-91B1-D87DDFEBA3E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{5DB141F3-7FEE-4132-A08A-9A1B984EFF1A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{5E00EA31-7791-4AC5-97FF-F2755A8D72D5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5F08DB5E-15B5-4D2D-BE2F-96888630D1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{60C3F988-04C3-4D1A-8447-B7C41EF6A46F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{618EE5E7-6390-4249-AD0F-99618C6A8A2F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{64F709E1-4B65-46B5-9609-9E652EE9ACDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{665D135A-A0C0-49DC-A4E2-C23BB89AA41D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{67B09D28-9A4D-4E26-9A30-EEDB63A7FD26}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{67DB179D-3181-449D-80DA-318BEF94506F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{69D4F5D2-E437-4C70-A6E1-3933255DA7C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6D731B9C-266E-493B-88E9-84D5CE728828}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{6E198E28-596F-49B6-85A9-3B3AB51C392B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{75121043-83B9-4C6F-8AED-7B4BBD3CDDB3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{7CFEEDFD-DCC9-4D6A-9EA3-A5FCD3FAB8F7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7EF686C3-CC45-4D46-989E-645D448D6CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{7F397C04-011E-4168-B5F6-B2EE16BF65EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{7FD00CB3-1E47-4611-8CA3-E9AD5692AD56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{815A18B8-2F80-498D-B334-EB37C9FD21CE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{818EF55F-7567-422C-A698-156EAC8E9789}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{84319AC2-D112-477A-9C36-D3CFDEE3AD6A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{85FAC8A1-C37D-42A4-937F-6A7BEE78E0B5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{87CC950C-384C-4C5B-B56D-C064ED58F286}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{8E954B0D-2A66-4C70-B972-63CD2B1E29BF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{8F37FEC8-388D-4185-ADE5-3C631DEE15AB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9330762C-CBBD-47EE-9976-DEA0D56DAF90}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{93D60DF9-2AA1-4AFF-BCAF-74032697B8CF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{940E5EC4-C539-4C62-ACA4-F8CF2BAEB356}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{94A9B05A-7BAE-4FC4-87E7-80771FBC08FB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{98E05966-811D-410F-92EA-D09441A3605D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{9AA324BE-AB3F-49D7-914B-C37515905065}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9B012EE9-C0F6-4E64-B75E-CE2D02E3496E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{9BC2C196-FCBD-4B9E-8BAF-37BB5A123716}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{9D0D0D68-700A-4C83-A1F0-106E66C695A5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{9FD9D73D-7344-4524-B8CA-CF58A79733F8}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{A1B8353B-1B2B-415F-AF4A-F5116582269F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{A2D6B627-8FB3-4183-A414-00246CA7D65C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{A302EA04-21FA-42BC-B98F-FDF1EADE94A4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A517837A-2629-44A0-82A5-12DDBA465A33}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{A5339ACC-D81D-4EED-A445-CFE1B4A71F9C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{A5D37B36-54D4-42AC-BAF8-219CAE980D1D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{AA4F016D-4532-4714-9BC1-FE1584BA3429}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{AC4CAD73-73BF-452F-A824-461472B6735E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ADD61728-CE82-4920-9CF1-0F62A272EFDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{AE313E21-BE6A-4531-A392-506634AD19E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{B021482D-0FEB-4EDA-BFDC-E813FE94DEC7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{B0746AE1-2FC7-429B-A1BB-3B06986FA4E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{B13F69D2-A421-46E8-B173-31C3BDB17D07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4DF4F62-638F-4BC7-B19E-8D74FD445F63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{B529A1E0-AC08-4157-873C-99DAFA58DA96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{B6300ABD-C4E8-4DFD-8D24-64DD979AF62A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{B630A88F-7E41-4E16-8CB1-8B24A0D79B89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B661CEA8-BEAB-46C7-9F4C-AB84E14B37A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{B6F7B4C4-93BD-45BB-99F5-16DD246CF4F5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{B76738BC-6EE3-48F3-A5D5-D112B7BD253C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C3ECAB0A-D9A9-4E4C-AD2C-CE701FE3BD7B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{C4B14EB4-3867-44D1-80C1-0FA8FAF6C88A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6918033-4127-4113-B3B8-EB5EDC7CD651}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C6E3DDBC-80E6-4DF8-8199-1BDD60198687}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{C71F67F7-5417-4DA6-B512-A6FBC1C8560F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{C7549585-AA1B-40C1-BCD2-36CF981313D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{CC1D1D28-844F-4244-ABD1-742486653557}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D0A5D877-BA87-429F-9F0D-0260C07C5B86}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{D71D9DE2-61E4-4FA2-AAC1-812661B542B1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{D7442AE3-FA8A-4D53-9625-6BE66FF11753}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D76219CB-6103-4B7C-939F-194458B6716B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D78236A6-26B1-4A2C-AC97-E1A79AEF5F94}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D87F0CF5-1DE9-441E-B5B5-7A336CE13172}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{D93C3134-A527-49B1-A1FF-F50C652AD003}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{D99997C8-A6C0-4AE3-8D15-2091D4203EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{D9A9EF98-9B70-49B3-A7B8-2E284471591F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\psyko996\counter-strike source\hl2.exe |
"{DE23B0E2-480B-4ACF-B766-22F1FF96FBDA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{DECEBF0E-9068-474A-B750-C3C0A1747A94}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{DFE9E162-3FA9-4C1C-858C-75D4300EC0A0}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{E559F7E0-5F11-43EB-AFDA-6806EC411931}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{E82C8D9F-8AF9-4163-B4B3-45CD4895FB23}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EBA19D32-8A96-48DB-9D6B-1576F3D40B71}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ECA2C8FD-96FD-459D-AEF1-8738C630B16F}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{EED261C1-96FC-4582-8C41-600874822331}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{EF45271D-35BC-43AD-88CB-71DEAE658307}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{F301FB96-6DF5-4666-8363-484F4D4E27AD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F58F0E1B-BEBC-4534-A0A6-63E8AFEB3786}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{F6A17365-7AA6-4DCF-A382-132E1F2627BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{FBF4A99C-86A2-4B2E-8518-41AA297A2F95}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FDA22761-B918-4F8B-9BC1-338EB29BBDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\psyko996\counter-strike source\hl2.exe |
"{FFC691EA-A005-4C1A-8B4B-34D98459990B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"TCP Query User{01DD7917-9DB8-46EA-82D7-8C797F44E7EA}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{071A7FA1-9C07-4712-BBF6-186947BD0A33}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{09217A0C-7B65-4A77-B5F6-836797DAD5B0}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{0DC1F961-7C3A-40A3-8944-4526206A09E3}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{10003087-B4B7-4510-9BE4-F0BD0CD25663}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{116A8B74-FA63-48E8-8603-E06D36A5444E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{17079116-8104-4DBF-8478-EAA5B9421F0A}C:\users\andi\desktop\zsnesw\zsnesw.exe" = protocol=6 | dir=in | app=c:\users\andi\desktop\zsnesw\zsnesw.exe |
"TCP Query User{24602C6F-C7D3-4FDD-9F1E-2569CA2B2A93}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{2D8AB496-84DC-40A6-8D82-63C1B018AE4A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{31A17576-D41A-44E2-82C0-8C719D08517D}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{36740421-7C08-403F-9DB3-64D5900E06B4}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{37D87A4A-2AFF-4154-8A32-8A77CBEF43AB}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{3C2C04C7-CE2F-4465-B76C-E943BA11C2DC}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{3CB1D239-97E5-497F-85BF-C41A98384E01}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{453A8C55-0860-4EB7-88A5-44ED56EE3B8C}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{511D0B74-77E4-4F41-AA0F-2B9623F0E406}C:\users\andi\downloads\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=c:\users\andi\downloads\bmoworld\bomberman.exe |
"TCP Query User{521C1380-462D-4988-B920-645449EF2185}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{521E8CF0-36F9-48F1-A377-7A2EABAF04FE}C:\program files (x86)\steam\steamapps\psyko996\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\psyko996\counter-strike source\hl2.exe |
"TCP Query User{663DCDB3-4D2E-4FB4-A339-DCC6DF3EBB04}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{676CCE1C-04DB-4B05-A3A6-69F98765F8C8}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{679E2F0D-67CC-4725-9265-58F0263FD96D}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{68DC267D-BD26-40F7-BA9D-4B7A44621E44}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{6FF06D41-868B-468D-BDA3-2135E8E7A8EE}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"TCP Query User{70039DB6-9A0F-43EA-800E-4E97251A29F7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{72F74839-6A51-43E3-9D26-91BBAA534699}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7847ED84-ED64-4E4D-8145-CBB78EA19905}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{79167F09-FDB3-4441-8A21-BD35D745BC91}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{7F0666C2-D26E-47F6-8100-D452481E3959}C:\users\andi\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\andi\downloads\maestia-downloader.exe |
"TCP Query User{82512878-2939-4880-8B8A-93DDF27AC6CD}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{835F145B-A1BF-4360-932A-71E708C1A55D}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{86BD4F49-6501-4BD0-90F3-57A79F019381}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{8902977C-C948-4F5B-82E2-C5B6926011F5}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{8EEB050C-9D6E-4552-9623-1413DD2B646D}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{934791A0-878E-4962-8E4C-690965DF72CB}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{94945F5F-A9ED-498C-AB83-819D959DBD42}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{9B826FA8-A584-4182-83C3-1ABA074D9894}C:\users\andi\downloads\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\andi\downloads\ptr-installer-de_de.exe |
"TCP Query User{9C9D5557-B486-435A-95A4-52EBCD744CF9}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{A68F72C4-CCD9-4A2A-91FA-CED6E82E82DC}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{ADAC20A0-7F1B-4F19-B4AB-F8AFCD6D947A}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe |
"TCP Query User{AEDDD700-DC9D-4600-A73D-0970000A65D9}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{B2918535-177C-4489-8D5E-B93A78F8386B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{B4071A30-71A5-4DD4-AD4E-376EC9C7708F}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{C23DCC69-257D-4841-BBCB-70061ACE4D44}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{CB696733-42ED-4A99-AD87-7BD32D468002}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{CBC09B6B-DD12-4E8C-9CF0-80BAB22BA84B}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{D02C2DB4-C073-4215-B0EF-13FDF96956F8}C:\users\andi\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\andi\appdata\local\temp\gw2.exe |
"TCP Query User{D21D0CCE-C36C-4078-8A38-536F152E6509}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{D314C5C8-6F8C-48E7-A61B-D34274574A3F}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
"TCP Query User{D405201A-8913-4A5D-A996-61ECCBD2B1D2}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{D4833DDB-AC25-4E3B-BD78-7385FEC899E0}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{EBD3F6F0-A40F-4745-B67B-AACE3BE6AF06}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"TCP Query User{F2627E08-AB1C-4030-9E3E-C2DD140156DF}C:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{F26CAEB8-0352-4109-9355-C60EF01F8606}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{F9D9358D-6B3F-4DBF-B47B-DC4657AD9636}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{FAA9D69C-FCC7-4701-A5BE-9481CD347A74}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
"UDP Query User{06780E43-D772-4D95-876A-14E22D1C66D9}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{0A80982E-FAD2-4333-A329-98BFF2AFB84B}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{0C938431-9897-4FBC-8D07-E2C2A0F79A5E}C:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{0F7A295F-577C-4F6E-8117-0C8FE4D3F45A}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{1505479D-E659-49C9-9471-E561BE5AC146}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{17E38ADF-AD2B-48CF-B75C-5D57323ECE2C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{1B474BF5-9053-4D4C-BA4C-CB4EA7B8A2A1}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{1B6A3E72-6539-427B-8C81-6ED6EE5DD4DE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{30E6BE93-B939-42EB-86AB-8D87338B2BF1}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{31164C8F-47AD-406B-9D6E-C30CD2C92788}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{3C3E78DE-9C3B-4E55-A0BA-8128343134CC}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{3F5D1630-C55D-4501-AC57-8B1C68A017CC}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{438A7E22-5FDE-4286-9BF5-9BEEA8D24302}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{4D5A490E-D295-4B23-9B0D-5A59A8920B5D}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{522355D2-E918-490B-8724-696893500A5E}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{532FA0EA-A8D0-4433-95D5-D402EEFC962E}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{588B6846-EA90-4CE8-A014-FC97C68380FD}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
"UDP Query User{5C50BF6B-9608-454C-A116-02FBCB512C58}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{5C5EF047-9198-472B-9C5A-9C004969DE48}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{5FD5F076-4CCF-4469-AACE-FC9BDF38572B}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"UDP Query User{67B5AE59-7D88-420A-A9DE-D01C76681CDC}C:\users\andi\downloads\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\andi\downloads\ptr-installer-de_de.exe |
"UDP Query User{6D84D405-266B-4D0C-A958-F19159C60FCE}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{6FD6C0EC-3ED0-46FD-8BB2-274ACD08D830}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{707F7806-8C91-420B-B4EB-F63B6EBA5C1D}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{7C919105-77FB-47F4-8587-DACF5B09E2AC}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{7E85214C-8ABC-499A-AF1C-063F17D8F7CC}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{82257CC7-123B-4120-A743-0619F5EDC852}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{83E8C0E6-78F7-4A75-9D87-9AD8AF643398}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe |
"UDP Query User{84174B4E-4731-415E-8370-CC3DB7B3648E}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{8AEB0C9F-0A37-43B8-A5DA-3C6B8C89943F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{94117DC8-FD70-4DA6-B92F-BBCCC42B4CA5}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{9944AE1F-04BA-4B14-82AA-4A4C55767335}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{A40858DC-61FC-412A-8AD1-1B2EEC2E261F}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{A5DA15D9-FD76-4202-A3A8-31EB392C898E}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{B2F65895-8C50-4E9E-8FD9-488D6C10F98E}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"UDP Query User{B879F112-BBA9-4A1E-A8CB-646C8BF503E3}C:\users\andi\downloads\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=c:\users\andi\downloads\bmoworld\bomberman.exe |
"UDP Query User{BC56871C-6C5B-4A03-B5A0-02F677137557}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"UDP Query User{C053AB29-4FA0-4AD0-A6DA-FE8D1C525095}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{C487A7E0-3F3C-4085-AEFC-B0FDB4069F09}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{C55B3AAE-640B-49AC-8137-3B7E5DEA7075}C:\users\andi\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\andi\downloads\maestia-downloader.exe |
"UDP Query User{CAA29EB3-BDD1-45DD-9291-52C4C38884AD}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{CB6EDC4C-1B8E-4E9C-9299-D00C20F5BAEA}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{CEA76D63-FDE2-4C37-B7D7-1EF33E53E57F}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{D2462853-9580-41D8-B995-FBE54FB54CEC}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{D61FF6AD-A291-4384-8365-ACA5ADEF1B40}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{D73FD21F-7359-451B-A67C-FC4534C2035D}C:\users\andi\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\andi\appdata\local\temp\gw2.exe |
"UDP Query User{DE81F753-9036-4891-B93A-A4A5622D24C1}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{E095612F-9002-4661-825B-7AFC9537566B}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{E2FA709D-C128-437A-9C88-8080B5D40D17}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{E3F9B049-AF07-4810-9734-FAA92F7F2BF1}C:\users\andi\desktop\zsnesw\zsnesw.exe" = protocol=17 | dir=in | app=c:\users\andi\desktop\zsnesw\zsnesw.exe |
"UDP Query User{E8304E9A-D4E8-42BF-9962-68C839FE7650}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{EC3DE70F-7211-4B8C-9739-779765B415B5}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
"UDP Query User{EDCF7C7B-BA71-4951-9D0D-9CAC3DD191EF}C:\program files (x86)\steam\steamapps\psyko996\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\psyko996\counter-strike source\hl2.exe |
"UDP Query User{F29D3D62-AF2D-4E80-BBF3-6C88497380CE}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"UDP Query User{F992CD84-9E47-4E3B-B8DC-4ABED9F7BD1A}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Corel Painter 12
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0838FACF-AB67-4AB7-B09A-3FC1809AED34}" = Painter 12 - FR
"{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Painter 12 - Setup Files
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{1BF97502-21C5-429B-9B5B-8F560BE91348}" = Corel Painter 12 - IPM
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{42CD49CD-4B05-4A2D-8FD1-E37CC9315FA5}" = Painter 12 - Core
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690C091A-E12C-469E-91C0-7BECCD698187}" = Painter 12 - Corex64
"{77013803-5BA9-4C8A-BFC4-99AE7151C4B7}" = Painter 12 - EN
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97759DE4-0A6A-4ACF-A511-4DA791BEAA1A}" = Painter 12 - Content
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{E187937F-E3D5-45F7-BA33-1FC7CBF91640}" = Painter 12 - IT
"{E664F998-3760-4B30-AEF0-BB624C498870}" = Painter 12 - DE
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Pen Tablet Driver" = Bamboo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = Catalyst Control Center
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA5091B-CD1D-43DA-A0E0-A93A85E3D555}" = YTD Toolbar v7.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9BE645-3EF8-335D-9A7C-77F2A8689C5E}_is1" = Beyond Divinity
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2010
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9278c4eb-1dfd-44ec-a0bb-3696f36a2767}_is1" = Divine Divinity
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f174fe50-f02d-4952-a49d-bae9bf7d488a}" = Nero 9 Essentials
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Bamboo Dock" = Bamboo Dock
"CDCE6956-DCDC-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - Developer's Cut
"delta" = Delta toolbar
"Diablo III" = Diablo III
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"Identity Card" = Identity Card
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"o2DE" = Mobile Connection Manager
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 206500" = AirMech
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 42170" = Krater
"Steam App 47410" = Stronghold Kingdoms
"Steam App 550" = Left 4 Dead 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Uplay" = Uplay
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"X-Mouse Button Control" = X-Mouse Button Control 2.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NoNameScript" = NoNameScript
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2012 15:16:09 | Computer Name = Andi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.06.2012 15:36:08 | Computer Name = Andi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.06.2012 11:19:25 | Computer Name = Andi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.06.2012 11:19:25 | Computer Name = Andi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.06.2012 11:36:51 | Computer Name = Andi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.06.2012 13:49:36 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 03.06.2012 13:50:03 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2012 13:50:03 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2012 13:50:03 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2012 13:50:03 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 02.06.2013 13:14:22 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 13:14:22 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 13:14:22 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 13:14:22 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 13:14:24 | Computer Name = Andi-PC | Source = DCOM | ID = 10005
Description =
Error - 02.06.2013 13:14:24 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 13:14:24 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 13:15:36 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.06.2013 13:21:59 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
UI Assistant Service erreicht.
Error - 02.06.2013 13:21:59 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UI Assistant Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
02.06.2013, 19:40
| #5 |
| /// Malware-holic | TR/Crypt.XPACK.Gen entfernen? Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.exe.vbs
()
O4 - HKCU..\Run: [Winlogon] C:\Users\Andi\AppData\Roaming\Microsoft\winlogon.exe ()
Google Search0\fbdlfpvew.exe (DT Soft Ltd TechSmith Corporation)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Google Search] C:\ProgramData\Google Search0\fbdlfpvew.exe (DT Soft Ltd TechSmith Corporation)
O4 - HKCU..\Run: [brah] C:\Users\Andi\AppData\Roaming\brah\sit.bat ()
PRC - [2013.06.02 18:13:40 | 000,055,808 | ---- | M] (Systemt) -- C:\Users\Andi\AppData\Roaming\WindowsFiles\shell.exe
PRC - [2013.06.02 18:13:40 | 000,055,808 | ---- | M] (Systemt) -- C:\Users\Andi\AppData\Roaming\WindowsFiles\macromedia.exe
PRC - [2013.03.28 13:17:07 | 000,460,800 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\scvhost.exe
MOD - [2013.03.28 13:17:07 | 000,460,800 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\scvhost.exe
MOD - [2013.02.08 06:46:14 | 000,013,824 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libblkmaker-0.1-0.dll
MOD - [2013.02.08 06:46:14 | 000,013,312 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libblkmaker_jansson-0.1-0.dll
MOD - [2013.02.08 06:45:46 | 000,228,352 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libcurl-4.dll
MOD - [2013.02.08 06:45:46 | 000,088,576 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\zlib1.dll
MOD - [2013.02.08 06:45:46 | 000,052,736 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\brah\libjansson-4.dll
:files
C:\Users\Andi\AppData\Roaming\WindowsFiles
C:\Users\Andi\AppData\Roaming\brah
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.06.2013, 20:00
| #6 |
| | TR/Crypt.XPACK.Gen entfernen?Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk moved successfully.
C:\Users\Andi\AppData\Roaming\WindowsFiles\usft_ext.exe.vbs moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon deleted successfully.
C:\Users\Andi\AppData\Roaming\Microsoft\winlogon.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Search deleted successfully.
C:\ProgramData\Google Search0\fbdlfpvew.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\brah deleted successfully.
C:\Users\Andi\AppData\Roaming\brah\sit.bat moved successfully.
No active process named shell.exe was found!
No active process named macromedia.exe was found!
No active process named scvhost.exe was found!
========== FILES ==========
C:\Users\Andi\AppData\Roaming\WindowsFiles\shel folder moved successfully.
C:\Users\Andi\AppData\Roaming\WindowsFiles\min folder moved successfully.
C:\Users\Andi\AppData\Roaming\WindowsFiles\macro folder moved successfully.
Folder move failed. C:\Users\Andi\AppData\Roaming\WindowsFiles scheduled to be moved on reboot.
C:\Users\Andi\AppData\Roaming\brah folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Andi
->Temp folder emptied: 68225617 bytes
->Temporary Internet Files folder emptied: 23723492 bytes
->Java cache emptied: 5657327 bytes
->FireFox cache emptied: 84606022 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 60743 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 401462 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5956796 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 282997 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304499 bytes
RecycleBin emptied: 533044 bytes
Total Files Cleaned = 221,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06022013_205305
Files\Folders moved on Reboot...
C:\Users\Andi\AppData\Roaming\WindowsFiles folder moved successfully.
C:\Users\Andi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
edit: seit dem Neustart bisher keine Fehlermeldungen! |
|
02.06.2013, 20:02
| #7 |
| /// Malware-holic | TR/Crypt.XPACK.Gen entfernen? Danke. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.06.2013, 20:07
| #8 |
| | TR/Crypt.XPACK.Gen entfernen? 5 Objekte gefunden. Code:
ATTFilter 21:04:03.0142 4988 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:04:03.0231 4988 ============================================================
21:04:03.0231 4988 Current date / time: 2013/06/02 21:04:03.0231
21:04:03.0231 4988 SystemInfo:
21:04:03.0231 4988
21:04:03.0231 4988 OS Version: 6.1.7601 ServicePack: 1.0
21:04:03.0231 4988 Product type: Workstation
21:04:03.0231 4988 ComputerName: ANDI-PC
21:04:03.0231 4988 UserName: Andi
21:04:03.0231 4988 Windows directory: C:\Windows
21:04:03.0231 4988 System windows directory: C:\Windows
21:04:03.0231 4988 Running under WOW64
21:04:03.0231 4988 Processor architecture: Intel x64
21:04:03.0231 4988 Number of processors: 4
21:04:03.0231 4988 Page size: 0x1000
21:04:03.0231 4988 Boot type: Normal boot
21:04:03.0231 4988 ============================================================
21:04:04.0366 4988 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:04.0400 4988 ============================================================
21:04:04.0400 4988 \Device\Harddisk0\DR0:
21:04:04.0400 4988 MBR partitions:
21:04:04.0400 4988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
21:04:04.0400 4988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
21:04:04.0400 4988 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
21:04:04.0400 4988 ============================================================
21:04:04.0430 4988 C: <-> \Device\Harddisk0\DR0\Partition2
21:04:04.0547 4988 D: <-> \Device\Harddisk0\DR0\Partition3
21:04:04.0547 4988 ============================================================
21:04:04.0547 4988 Initialize success
21:04:04.0547 4988 ============================================================
21:04:08.0056 3404 Deinitialize success
Code:
ATTFilter 21:04:24.0206 4444 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:04:24.0293 4444 ============================================================
21:04:24.0293 4444 Current date / time: 2013/06/02 21:04:24.0293
21:04:24.0294 4444 SystemInfo:
21:04:24.0294 4444
21:04:24.0294 4444 OS Version: 6.1.7601 ServicePack: 1.0
21:04:24.0294 4444 Product type: Workstation
21:04:24.0294 4444 ComputerName: ANDI-PC
21:04:24.0294 4444 UserName: Andi
21:04:24.0294 4444 Windows directory: C:\Windows
21:04:24.0294 4444 System windows directory: C:\Windows
21:04:24.0294 4444 Running under WOW64
21:04:24.0294 4444 Processor architecture: Intel x64
21:04:24.0294 4444 Number of processors: 4
21:04:24.0294 4444 Page size: 0x1000
21:04:24.0294 4444 Boot type: Normal boot
21:04:24.0294 4444 ============================================================
21:04:24.0605 4444 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:24.0639 4444 ============================================================
21:04:24.0639 4444 \Device\Harddisk0\DR0:
21:04:24.0639 4444 MBR partitions:
21:04:24.0639 4444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
21:04:24.0639 4444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
21:04:24.0639 4444 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
21:04:24.0639 4444 ============================================================
21:04:24.0696 4444 C: <-> \Device\Harddisk0\DR0\Partition2
21:04:24.0697 4444 D: <-> \Device\Harddisk0\DR0\Partition3
21:04:24.0697 4444 ============================================================
21:04:24.0697 4444 Initialize success
21:04:24.0697 4444 ============================================================
21:05:01.0847 4700 ============================================================
21:05:01.0847 4700 Scan started
21:05:01.0847 4700 Mode: Manual; SigCheck; TDLFS;
21:05:01.0847 4700 ============================================================
21:05:02.0087 4700 ================ Scan system memory ========================
21:05:02.0087 4700 System memory - ok
21:05:02.0087 4700 ================ Scan services =============================
21:05:02.0247 4700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:05:02.0397 4700 1394ohci - ok
21:05:02.0437 4700 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
21:05:02.0447 4700 AAV UpdateService - ok
21:05:02.0497 4700 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.PDFTransformer.Site License.3.0 C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
21:05:02.0567 4700 ABBYY.Licensing.PDFTransformer.Site License.3.0 - ok
21:05:02.0627 4700 [ 6CE02D42183CDF31315F208AE35F153F ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
21:05:02.0657 4700 acedrv11 - ok
21:05:02.0697 4700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:05:02.0717 4700 ACPI - ok
21:05:02.0757 4700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:05:02.0827 4700 AcpiPmi - ok
21:05:02.0937 4700 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:05:02.0967 4700 AdobeFlashPlayerUpdateSvc - ok
21:05:03.0027 4700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:05:03.0057 4700 adp94xx - ok
21:05:03.0097 4700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:05:03.0127 4700 adpahci - ok
21:05:03.0167 4700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:05:03.0187 4700 adpu320 - ok
21:05:03.0207 4700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:05:03.0347 4700 AeLookupSvc - ok
21:05:03.0437 4700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:05:03.0497 4700 AFD - ok
21:05:03.0537 4700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:05:03.0547 4700 agp440 - ok
21:05:03.0567 4700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:05:03.0617 4700 ALG - ok
21:05:03.0637 4700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:05:03.0647 4700 aliide - ok
21:05:03.0687 4700 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:05:03.0777 4700 AMD External Events Utility - ok
21:05:03.0777 4700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:05:03.0797 4700 amdide - ok
21:05:03.0857 4700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:05:03.0877 4700 AmdK8 - ok
21:05:04.0077 4700 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:05:04.0357 4700 amdkmdag - ok
21:05:04.0387 4700 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:05:04.0417 4700 amdkmdap - ok
21:05:04.0437 4700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:05:04.0457 4700 AmdPPM - ok
21:05:04.0487 4700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:05:04.0497 4700 amdsata - ok
21:05:04.0527 4700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:05:04.0547 4700 amdsbs - ok
21:05:04.0567 4700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:05:04.0577 4700 amdxata - ok
21:05:04.0647 4700 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:05:04.0657 4700 AntiVirSchedulerService - ok
21:05:04.0677 4700 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:05:04.0697 4700 AntiVirService - ok
21:05:04.0737 4700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:05:04.0897 4700 AppID - ok
21:05:04.0937 4700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:05:05.0007 4700 AppIDSvc - ok
21:05:05.0067 4700 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:05:05.0117 4700 Appinfo - ok
21:05:05.0177 4700 [ 4DC94A65D374B6892A54A3D707FA52BE ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
21:05:05.0207 4700 Application Updater - ok
21:05:05.0247 4700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:05:05.0257 4700 arc - ok
21:05:05.0267 4700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:05:05.0287 4700 arcsas - ok
21:05:05.0407 4700 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:05:05.0427 4700 aspnet_state - ok
21:05:05.0447 4700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:05:05.0537 4700 AsyncMac - ok
21:05:05.0597 4700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:05:05.0607 4700 atapi - ok
21:05:05.0657 4700 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:05:05.0687 4700 AtiHDAudioService - ok
21:05:05.0707 4700 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:05:05.0727 4700 AtiHdmiService - ok
21:05:05.0757 4700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:05:05.0827 4700 AudioEndpointBuilder - ok
21:05:05.0837 4700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:05:05.0877 4700 AudioSrv - ok
21:05:05.0937 4700 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:05:05.0967 4700 avgntflt - ok
21:05:06.0007 4700 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:05:06.0027 4700 avipbb - ok
21:05:06.0057 4700 [ D1A9AE485FFF7C72CA50D8949B2210B9 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
21:05:06.0067 4700 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
21:05:06.0067 4700 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
21:05:06.0087 4700 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
21:05:06.0097 4700 avmeject - ok
21:05:06.0147 4700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:05:06.0237 4700 AxInstSV - ok
21:05:06.0277 4700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:05:06.0347 4700 b06bdrv - ok
21:05:06.0377 4700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:05:06.0417 4700 b57nd60a - ok
21:05:06.0457 4700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:05:06.0517 4700 BDESVC - ok
21:05:06.0537 4700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:05:06.0607 4700 Beep - ok
21:05:06.0677 4700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:05:06.0737 4700 BFE - ok
21:05:06.0777 4700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:05:06.0847 4700 BITS - ok
21:05:06.0877 4700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:05:06.0917 4700 blbdrive - ok
21:05:06.0937 4700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:05:06.0957 4700 bowser - ok
21:05:06.0967 4700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:05:07.0037 4700 BrFiltLo - ok
21:05:07.0047 4700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:05:07.0067 4700 BrFiltUp - ok
21:05:07.0097 4700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:05:07.0127 4700 Browser - ok
21:05:07.0257 4700 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
21:05:07.0347 4700 BrowserProtect - ok
21:05:07.0367 4700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:05:07.0427 4700 Brserid - ok
21:05:07.0447 4700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:05:07.0477 4700 BrSerWdm - ok
21:05:07.0497 4700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:05:07.0537 4700 BrUsbMdm - ok
21:05:07.0547 4700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:05:07.0567 4700 BrUsbSer - ok
21:05:07.0577 4700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:05:07.0597 4700 BTHMODEM - ok
21:05:07.0617 4700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:05:07.0657 4700 bthserv - ok
21:05:07.0667 4700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:05:07.0747 4700 cdfs - ok
21:05:07.0807 4700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:05:07.0847 4700 cdrom - ok
21:05:07.0897 4700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:05:07.0937 4700 CertPropSvc - ok
21:05:07.0957 4700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:05:07.0997 4700 circlass - ok
21:05:08.0017 4700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:05:08.0027 4700 CLFS - ok
21:05:08.0087 4700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:05:08.0117 4700 clr_optimization_v2.0.50727_32 - ok
21:05:08.0147 4700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:05:08.0167 4700 clr_optimization_v2.0.50727_64 - ok
21:05:08.0227 4700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:05:08.0247 4700 clr_optimization_v4.0.30319_32 - ok
21:05:08.0287 4700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:05:08.0307 4700 clr_optimization_v4.0.30319_64 - ok
21:05:08.0327 4700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:05:08.0337 4700 CmBatt - ok
21:05:08.0347 4700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:05:08.0357 4700 cmdide - ok
21:05:08.0397 4700 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:05:08.0427 4700 CNG - ok
21:05:08.0437 4700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:05:08.0457 4700 Compbatt - ok
21:05:08.0487 4700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:05:08.0537 4700 CompositeBus - ok
21:05:08.0557 4700 COMSysApp - ok
21:05:08.0567 4700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:05:08.0587 4700 crcdisk - ok
21:05:08.0617 4700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:05:08.0687 4700 CryptSvc - ok
21:05:08.0727 4700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:05:08.0787 4700 DcomLaunch - ok
21:05:08.0817 4700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:05:08.0867 4700 defragsvc - ok
21:05:08.0897 4700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:05:08.0937 4700 DfsC - ok
21:05:08.0997 4700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:05:09.0047 4700 Dhcp - ok
21:05:09.0067 4700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:05:09.0107 4700 discache - ok
21:05:09.0137 4700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:05:09.0157 4700 Disk - ok
21:05:09.0167 4700 DNIMp50a64 - ok
21:05:09.0167 4700 DNISp50a64 - ok
21:05:09.0197 4700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:05:09.0247 4700 Dnscache - ok
21:05:09.0277 4700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:05:09.0327 4700 dot3svc - ok
21:05:09.0357 4700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:05:09.0397 4700 DPS - ok
21:05:09.0417 4700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:05:09.0447 4700 drmkaud - ok
21:05:09.0477 4700 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:05:09.0507 4700 DXGKrnl - ok
21:05:09.0547 4700 [ 52A482DC61F24B498C8268866B90BB44 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
21:05:09.0567 4700 e1kexpress - ok
21:05:09.0567 4700 EagleX64 - ok
21:05:09.0587 4700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:05:09.0647 4700 EapHost - ok
21:05:09.0707 4700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:05:09.0827 4700 ebdrv - ok
21:05:09.0847 4700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:05:09.0897 4700 EFS - ok
21:05:09.0967 4700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:05:10.0037 4700 ehRecvr - ok
21:05:10.0057 4700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:05:10.0117 4700 ehSched - ok
21:05:10.0137 4700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:05:10.0167 4700 elxstor - ok
21:05:10.0187 4700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:05:10.0217 4700 ErrDev - ok
21:05:10.0257 4700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:05:10.0307 4700 EventSystem - ok
21:05:10.0367 4700 [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
21:05:10.0417 4700 ewusbnet - ok
21:05:10.0447 4700 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:05:10.0487 4700 ew_hwusbdev - ok
21:05:10.0497 4700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:05:10.0547 4700 exfat - ok
21:05:10.0587 4700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:05:10.0637 4700 fastfat - ok
21:05:10.0687 4700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:05:10.0747 4700 Fax - ok
21:05:10.0767 4700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:05:10.0787 4700 fdc - ok
21:05:10.0797 4700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:05:10.0867 4700 fdPHost - ok
21:05:10.0887 4700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:05:10.0937 4700 FDResPub - ok
21:05:10.0967 4700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:05:10.0977 4700 FileInfo - ok
21:05:10.0987 4700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:05:11.0037 4700 Filetrace - ok
21:05:11.0047 4700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:05:11.0077 4700 flpydisk - ok
21:05:11.0127 4700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:05:11.0157 4700 FltMgr - ok
21:05:11.0227 4700 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:05:11.0287 4700 FontCache - ok
21:05:11.0337 4700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:05:11.0357 4700 FontCache3.0.0.0 - ok
21:05:11.0367 4700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:05:11.0387 4700 FsDepends - ok
21:05:11.0417 4700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:05:11.0427 4700 Fs_Rec - ok
21:05:11.0467 4700 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:05:11.0487 4700 fvevol - ok
21:05:11.0517 4700 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
21:05:11.0577 4700 FWLANUSB - ok
21:05:11.0597 4700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:05:11.0607 4700 gagp30kx - ok
21:05:11.0647 4700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:05:11.0727 4700 gpsvc - ok
21:05:11.0797 4700 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
21:05:11.0837 4700 Greg_Service - ok
21:05:11.0887 4700 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:05:11.0897 4700 gupdate - ok
21:05:11.0947 4700 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:05:11.0957 4700 gupdatem - ok
21:05:12.0007 4700 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:05:12.0027 4700 hamachi - ok
21:05:12.0137 4700 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:05:12.0217 4700 Hamachi2Svc - ok
21:05:12.0237 4700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:05:12.0287 4700 hcw85cir - ok
21:05:12.0347 4700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:05:12.0387 4700 HdAudAddService - ok
21:05:12.0417 4700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:05:12.0447 4700 HDAudBus - ok
21:05:12.0477 4700 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:05:12.0487 4700 HECIx64 - ok
21:05:12.0507 4700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:05:12.0537 4700 HidBatt - ok
21:05:12.0537 4700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:05:12.0567 4700 HidBth - ok
21:05:12.0567 4700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:05:12.0587 4700 HidIr - ok
21:05:12.0617 4700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:05:12.0667 4700 hidserv - ok
21:05:12.0667 4700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:05:12.0687 4700 HidUsb - ok
21:05:12.0717 4700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:05:12.0787 4700 hkmsvc - ok
21:05:12.0817 4700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:05:12.0867 4700 HomeGroupListener - ok
21:05:12.0917 4700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:05:12.0957 4700 HomeGroupProvider - ok
21:05:12.0987 4700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:05:13.0007 4700 HpSAMD - ok
21:05:13.0047 4700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:05:13.0117 4700 HTTP - ok
21:05:13.0167 4700 [ C2212C930D7A6CC21972B9882683D271 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:05:13.0217 4700 huawei_enumerator - ok
21:05:13.0267 4700 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:05:13.0317 4700 hwdatacard - ok
21:05:13.0347 4700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:05:13.0367 4700 hwpolicy - ok
21:05:13.0407 4700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:05:13.0427 4700 i8042prt - ok
21:05:13.0467 4700 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:05:13.0487 4700 IAANTMON - ok
21:05:13.0497 4700 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:05:13.0517 4700 iaStor - ok
21:05:13.0547 4700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:05:13.0577 4700 iaStorV - ok
21:05:13.0627 4700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:05:13.0647 4700 idsvc - ok
21:05:13.0677 4700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:05:13.0687 4700 iirsp - ok
21:05:13.0737 4700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:05:13.0797 4700 IKEEXT - ok
21:05:13.0867 4700 [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:05:13.0907 4700 IntcAzAudAddService - ok
21:05:13.0927 4700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:05:13.0937 4700 intelide - ok
21:05:13.0957 4700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:05:13.0977 4700 intelppm - ok
21:05:14.0007 4700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:05:14.0067 4700 IPBusEnum - ok
21:05:14.0107 4700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:14.0187 4700 IpFilterDriver - ok
21:05:14.0217 4700 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:05:14.0277 4700 iphlpsvc - ok
21:05:14.0297 4700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:05:14.0317 4700 IPMIDRV - ok
21:05:14.0337 4700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:05:14.0397 4700 IPNAT - ok
21:05:14.0427 4700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:05:14.0447 4700 IRENUM - ok
21:05:14.0477 4700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:05:14.0487 4700 isapnp - ok
21:05:14.0527 4700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:05:14.0537 4700 iScsiPrt - ok
21:05:14.0567 4700 [ 75DDB94A2A24F9F7037D10A2DDA06D36 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
21:05:14.0577 4700 JRAID - ok
21:05:14.0597 4700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:05:14.0617 4700 kbdclass - ok
21:05:14.0657 4700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:05:14.0697 4700 kbdhid - ok
21:05:14.0717 4700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:05:14.0727 4700 KeyIso - ok
21:05:14.0767 4700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:05:14.0777 4700 KSecDD - ok
21:05:14.0787 4700 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:05:14.0807 4700 KSecPkg - ok
21:05:14.0817 4700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:05:14.0867 4700 ksthunk - ok
21:05:14.0897 4700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:05:14.0937 4700 KtmRm - ok
21:05:14.0997 4700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:05:15.0077 4700 LanmanServer - ok
21:05:15.0127 4700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:05:15.0187 4700 LanmanWorkstation - ok
21:05:15.0217 4700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:05:15.0297 4700 lltdio - ok
21:05:15.0327 4700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:05:15.0367 4700 lltdsvc - ok
21:05:15.0407 4700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:05:15.0437 4700 lmhosts - ok
21:05:15.0517 4700 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:05:15.0527 4700 LMS ( UnsignedFile.Multi.Generic ) - warning
21:05:15.0527 4700 LMS - detected UnsignedFile.Multi.Generic (1)
21:05:15.0557 4700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:05:15.0587 4700 LSI_FC - ok
21:05:15.0587 4700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:05:15.0607 4700 LSI_SAS - ok
21:05:15.0607 4700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:05:15.0617 4700 LSI_SAS2 - ok
21:05:15.0627 4700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:05:15.0637 4700 LSI_SCSI - ok
21:05:15.0687 4700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:05:15.0767 4700 luafv - ok
21:05:15.0827 4700 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:05:15.0857 4700 LVRS64 - ok
21:05:15.0977 4700 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:05:16.0057 4700 LVUVC64 - ok
21:05:16.0087 4700 [ 035C83CD72E06C47000793D32B1A642D ] massfilter C:\Windows\system32\drivers\massfilter.sys
21:05:16.0137 4700 massfilter - ok
21:05:16.0217 4700 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
21:05:16.0237 4700 McAfee SiteAdvisor Service - ok
21:05:16.0267 4700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:05:16.0317 4700 Mcx2Svc - ok
21:05:16.0317 4700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:05:16.0337 4700 megasas - ok
21:05:16.0347 4700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:05:16.0357 4700 MegaSR - ok
21:05:16.0407 4700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:05:16.0447 4700 MMCSS - ok
21:05:16.0467 4700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:05:16.0517 4700 Modem - ok
21:05:16.0547 4700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:05:16.0577 4700 monitor - ok
21:05:16.0617 4700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:05:16.0627 4700 mouclass - ok
21:05:16.0657 4700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:05:16.0687 4700 mouhid - ok
21:05:16.0727 4700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:05:16.0747 4700 mountmgr - ok
21:05:16.0807 4700 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:05:16.0817 4700 MozillaMaintenance - ok
21:05:16.0837 4700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:05:16.0857 4700 mpio - ok
21:05:16.0867 4700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:05:16.0907 4700 mpsdrv - ok
21:05:16.0957 4700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:05:17.0047 4700 MpsSvc - ok
21:05:17.0077 4700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:05:17.0117 4700 MRxDAV - ok
21:05:17.0147 4700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:17.0177 4700 mrxsmb - ok
21:05:17.0217 4700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:17.0237 4700 mrxsmb10 - ok
21:05:17.0247 4700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:17.0267 4700 mrxsmb20 - ok
21:05:17.0297 4700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:05:17.0317 4700 msahci - ok
21:05:17.0347 4700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:05:17.0357 4700 msdsm - ok
21:05:17.0367 4700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:05:17.0397 4700 MSDTC - ok
21:05:17.0427 4700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:05:17.0467 4700 Msfs - ok
21:05:17.0487 4700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:05:17.0537 4700 mshidkmdf - ok
21:05:17.0557 4700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:05:17.0577 4700 msisadrv - ok
21:05:17.0607 4700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:05:17.0647 4700 MSiSCSI - ok
21:05:17.0647 4700 msiserver - ok
21:05:17.0667 4700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:05:17.0717 4700 MSKSSRV - ok
21:05:17.0737 4700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:17.0787 4700 MSPCLOCK - ok
21:05:17.0787 4700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:05:17.0837 4700 MSPQM - ok
21:05:17.0877 4700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:05:17.0887 4700 MsRPC - ok
21:05:17.0907 4700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:05:17.0917 4700 mssmbios - ok
21:05:17.0927 4700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:05:17.0977 4700 MSTEE - ok
21:05:17.0997 4700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:05:18.0007 4700 MTConfig - ok
21:05:18.0017 4700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:05:18.0027 4700 Mup - ok
21:05:18.0067 4700 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:05:18.0077 4700 mwlPSDFilter - ok
21:05:18.0077 4700 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:05:18.0087 4700 mwlPSDNServ - ok
21:05:18.0097 4700 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:05:18.0107 4700 mwlPSDVDisk - ok
21:05:18.0157 4700 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:05:18.0167 4700 MWLService - ok
21:05:18.0207 4700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:05:18.0257 4700 napagent - ok
21:05:18.0287 4700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:05:18.0317 4700 NativeWifiP - ok
21:05:18.0357 4700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:05:18.0387 4700 NDIS - ok
21:05:18.0407 4700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:05:18.0457 4700 NdisCap - ok
21:05:18.0497 4700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:18.0547 4700 NdisTapi - ok
21:05:18.0587 4700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:18.0617 4700 Ndisuio - ok
21:05:18.0657 4700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:18.0717 4700 NdisWan - ok
21:05:18.0757 4700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:05:18.0837 4700 NDProxy - ok
21:05:18.0927 4700 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:05:18.0957 4700 Nero BackItUp Scheduler 4.0 - ok
21:05:18.0977 4700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:05:19.0017 4700 NetBIOS - ok
21:05:19.0047 4700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:05:19.0097 4700 NetBT - ok
21:05:19.0107 4700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:05:19.0117 4700 Netlogon - ok
21:05:19.0147 4700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:05:19.0197 4700 Netman - ok
21:05:19.0227 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:19.0247 4700 NetMsmqActivator - ok
21:05:19.0247 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:19.0257 4700 NetPipeActivator - ok
21:05:19.0277 4700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:05:19.0337 4700 netprofm - ok
21:05:19.0357 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:19.0367 4700 NetTcpActivator - ok
21:05:19.0367 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:19.0377 4700 NetTcpPortSharing - ok
21:05:19.0397 4700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:05:19.0417 4700 nfrd960 - ok
21:05:19.0457 4700 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:05:19.0507 4700 NlaSvc - ok
21:05:19.0527 4700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:05:19.0567 4700 Npfs - ok
21:05:19.0577 4700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:05:19.0627 4700 nsi - ok
21:05:19.0637 4700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:05:19.0677 4700 nsiproxy - ok
21:05:19.0747 4700 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:05:19.0817 4700 Ntfs - ok
21:05:19.0857 4700 [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:05:19.0867 4700 NTI IScheduleSvc - ok
21:05:19.0887 4700 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
21:05:19.0897 4700 NTIDrvr - ok
21:05:19.0907 4700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:05:19.0957 4700 Null - ok
21:05:19.0997 4700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:05:20.0027 4700 nvraid - ok
21:05:20.0067 4700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:05:20.0077 4700 nvstor - ok
21:05:20.0117 4700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:05:20.0137 4700 nv_agp - ok
21:05:20.0187 4700 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:05:20.0217 4700 odserv - ok
21:05:20.0247 4700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:05:20.0267 4700 ohci1394 - ok
21:05:20.0287 4700 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:05:20.0307 4700 ose - ok
21:05:20.0337 4700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:05:20.0387 4700 p2pimsvc - ok
21:05:20.0417 4700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:05:20.0447 4700 p2psvc - ok
21:05:20.0487 4700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:05:20.0507 4700 Parport - ok
21:05:20.0557 4700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:05:20.0587 4700 partmgr - ok
21:05:20.0607 4700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:05:20.0647 4700 PcaSvc - ok
21:05:20.0667 4700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:05:20.0677 4700 pci - ok
21:05:20.0717 4700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:05:20.0737 4700 pciide - ok
21:05:20.0757 4700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:05:20.0777 4700 pcmcia - ok
21:05:20.0797 4700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:05:20.0817 4700 pcw - ok
21:05:20.0847 4700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:05:20.0917 4700 PEAUTH - ok
21:05:21.0027 4700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:05:21.0077 4700 PerfHost - ok
21:05:21.0157 4700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:05:21.0297 4700 pla - ok
21:05:21.0347 4700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:05:21.0407 4700 PlugPlay - ok
21:05:21.0447 4700 PnkBstrA - ok
21:05:21.0467 4700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:05:21.0507 4700 PNRPAutoReg - ok
21:05:21.0537 4700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:05:21.0547 4700 PNRPsvc - ok
21:05:21.0577 4700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:05:21.0637 4700 PolicyAgent - ok
21:05:21.0667 4700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:05:21.0717 4700 Power - ok
21:05:21.0757 4700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:05:21.0807 4700 PptpMiniport - ok
21:05:21.0837 4700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:05:21.0867 4700 Processor - ok
21:05:21.0897 4700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:05:21.0937 4700 ProfSvc - ok
21:05:21.0957 4700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:05:21.0977 4700 ProtectedStorage - ok
21:05:22.0017 4700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:05:22.0097 4700 Psched - ok
21:05:22.0167 4700 [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:05:22.0187 4700 PSI_SVC_2_x64 - ok
21:05:22.0227 4700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:05:22.0277 4700 ql2300 - ok
21:05:22.0287 4700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:05:22.0307 4700 ql40xx - ok
21:05:22.0337 4700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:05:22.0367 4700 QWAVE - ok
21:05:22.0387 4700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:05:22.0407 4700 QWAVEdrv - ok
21:05:22.0417 4700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:05:22.0477 4700 RasAcd - ok
21:05:22.0507 4700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:05:22.0547 4700 RasAgileVpn - ok
21:05:22.0567 4700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:05:22.0607 4700 RasAuto - ok
21:05:22.0637 4700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:22.0687 4700 Rasl2tp - ok
21:05:22.0717 4700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:05:22.0767 4700 RasMan - ok
21:05:22.0787 4700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:22.0837 4700 RasPppoe - ok
21:05:22.0867 4700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:05:22.0917 4700 RasSstp - ok
21:05:22.0947 4700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:05:22.0997 4700 rdbss - ok
21:05:23.0017 4700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:05:23.0037 4700 rdpbus - ok
21:05:23.0037 4700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:23.0097 4700 RDPCDD - ok
21:05:23.0117 4700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:05:23.0167 4700 RDPENCDD - ok
21:05:23.0187 4700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:05:23.0227 4700 RDPREFMP - ok
21:05:23.0257 4700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:05:23.0307 4700 RDPWD - ok
21:05:23.0357 4700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:05:23.0367 4700 rdyboost - ok
21:05:23.0397 4700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:05:23.0427 4700 RemoteAccess - ok
21:05:23.0447 4700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:05:23.0507 4700 RemoteRegistry - ok
21:05:23.0537 4700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:05:23.0567 4700 RpcEptMapper - ok
21:05:23.0577 4700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:05:23.0607 4700 RpcLocator - ok
21:05:23.0647 4700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:05:23.0717 4700 RpcSs - ok
21:05:23.0727 4700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:05:23.0787 4700 rspndr - ok
21:05:23.0807 4700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:05:23.0817 4700 SamSs - ok
21:05:23.0847 4700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:05:23.0867 4700 sbp2port - ok
21:05:23.0877 4700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:05:23.0927 4700 SCardSvr - ok
21:05:23.0947 4700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:05:23.0997 4700 scfilter - ok
21:05:24.0037 4700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:05:24.0087 4700 Schedule - ok
21:05:24.0117 4700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:05:24.0147 4700 SCPolicySvc - ok
21:05:24.0177 4700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:05:24.0227 4700 SDRSVC - ok
21:05:24.0257 4700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:05:24.0307 4700 secdrv - ok
21:05:24.0317 4700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:05:24.0367 4700 seclogon - ok
21:05:24.0397 4700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:05:24.0447 4700 SENS - ok
21:05:24.0467 4700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:05:24.0527 4700 SensrSvc - ok
21:05:24.0537 4700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:05:24.0557 4700 Serenum - ok
21:05:24.0557 4700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:05:24.0587 4700 Serial - ok
21:05:24.0617 4700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:05:24.0637 4700 sermouse - ok
21:05:24.0667 4700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:05:24.0717 4700 SessionEnv - ok
21:05:24.0767 4700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:05:24.0817 4700 sffdisk - ok
21:05:24.0817 4700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:05:24.0887 4700 sffp_mmc - ok
21:05:24.0897 4700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:05:24.0947 4700 sffp_sd - ok
21:05:24.0967 4700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:05:24.0987 4700 sfloppy - ok
21:05:25.0017 4700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:05:25.0077 4700 SharedAccess - ok
21:05:25.0107 4700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:05:25.0147 4700 ShellHWDetection - ok
21:05:25.0167 4700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:05:25.0177 4700 SiSRaid2 - ok
21:05:25.0187 4700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:05:25.0197 4700 SiSRaid4 - ok
21:05:25.0267 4700 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:05:25.0297 4700 SkypeUpdate - ok
21:05:25.0297 4700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:05:25.0357 4700 Smb - ok
21:05:25.0387 4700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:05:25.0417 4700 SNMPTRAP - ok
21:05:25.0437 4700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:05:25.0447 4700 spldr - ok
21:05:25.0477 4700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:05:25.0527 4700 Spooler - ok
21:05:25.0637 4700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:05:25.0797 4700 sppsvc - ok
21:05:25.0817 4700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:05:25.0897 4700 sppuinotify - ok
21:05:25.0947 4700 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
21:05:25.0947 4700 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
21:05:25.0957 4700 sptd ( LockedFile.Multi.Generic ) - warning
21:05:25.0957 4700 sptd - detected LockedFile.Multi.Generic (1)
21:05:25.0987 4700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:05:26.0047 4700 srv - ok
21:05:26.0067 4700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:05:26.0107 4700 srv2 - ok
21:05:26.0127 4700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:05:26.0157 4700 srvnet - ok
21:05:26.0187 4700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:05:26.0247 4700 SSDPSRV - ok
21:05:26.0257 4700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:05:26.0297 4700 SstpSvc - ok
21:05:26.0337 4700 Steam Client Service - ok
21:05:26.0367 4700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:05:26.0377 4700 stexstor - ok
21:05:26.0437 4700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:05:26.0477 4700 stisvc - ok
21:05:26.0497 4700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:05:26.0507 4700 swenum - ok
21:05:26.0527 4700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:05:26.0587 4700 swprv - ok
21:05:26.0647 4700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:05:26.0727 4700 SysMain - ok
21:05:26.0747 4700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:05:26.0767 4700 TabletInputService - ok
21:05:26.0957 4700 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
21:05:27.0137 4700 TabletServicePen - ok
21:05:27.0187 4700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:05:27.0237 4700 TapiSrv - ok
21:05:27.0267 4700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:05:27.0297 4700 TBS - ok
21:05:27.0357 4700 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:05:27.0417 4700 Tcpip - ok
21:05:27.0447 4700 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:05:27.0487 4700 TCPIP6 - ok
21:05:27.0517 4700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:05:27.0537 4700 tcpipreg - ok
21:05:27.0557 4700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:05:27.0597 4700 TDPIPE - ok
21:05:27.0617 4700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:05:27.0647 4700 TDTCP - ok
21:05:27.0697 4700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:05:27.0757 4700 tdx - ok
21:05:27.0787 4700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:05:27.0797 4700 TermDD - ok
21:05:27.0827 4700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:05:27.0887 4700 TermService - ok
21:05:27.0957 4700 [ 46B389E1A1C8E66D877402FC0821A371 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
21:05:27.0987 4700 TGCM_ImportWiFiSvc - ok
21:05:28.0007 4700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:05:28.0057 4700 Themes - ok
21:05:28.0087 4700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:05:28.0147 4700 THREADORDER - ok
21:05:28.0197 4700 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
21:05:28.0207 4700 TouchServicePen - ok
21:05:28.0217 4700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:05:28.0267 4700 TrkWks - ok
21:05:28.0327 4700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:05:28.0407 4700 TrustedInstaller - ok
21:05:28.0437 4700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:28.0477 4700 tssecsrv - ok
21:05:28.0527 4700 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:05:28.0577 4700 TsUsbFlt - ok
21:05:28.0627 4700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:05:28.0667 4700 tunnel - ok
21:05:28.0677 4700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:05:28.0697 4700 uagp35 - ok
21:05:28.0717 4700 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
21:05:28.0727 4700 UBHelper - ok
21:05:28.0767 4700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:05:28.0817 4700 udfs - ok
21:05:28.0877 4700 [ C46C4BE1BAB0F0669F6C21151BBDA557 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
21:05:28.0907 4700 UI Assistant Service - ok
21:05:28.0937 4700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:05:28.0947 4700 UI0Detect - ok
21:05:28.0977 4700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:05:28.0987 4700 uliagpkx - ok
21:05:29.0027 4700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:05:29.0057 4700 umbus - ok
21:05:29.0087 4700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:05:29.0127 4700 UmPass - ok
21:05:29.0217 4700 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:05:29.0247 4700 UMVPFSrv - ok
21:05:29.0347 4700 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:05:29.0447 4700 UNS ( UnsignedFile.Multi.Generic ) - warning
21:05:29.0447 4700 UNS - detected UnsignedFile.Multi.Generic (1)
21:05:29.0497 4700 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:05:29.0507 4700 Updater Service - ok
21:05:29.0537 4700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:05:29.0597 4700 upnphost - ok
21:05:29.0657 4700 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:05:29.0687 4700 usbaudio - ok
21:05:29.0727 4700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:29.0747 4700 usbccgp - ok
21:05:29.0777 4700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:05:29.0807 4700 usbcir - ok
21:05:29.0817 4700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:05:29.0837 4700 usbehci - ok
21:05:29.0877 4700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:05:29.0907 4700 usbhub - ok
21:05:29.0937 4700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:05:29.0947 4700 usbohci - ok
21:05:29.0977 4700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:05:30.0007 4700 usbprint - ok
21:05:30.0057 4700 [ B5E6C4F280EBF0B16F74A5B415F2E0DF ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
21:05:30.0077 4700 USBS3S4Detection - ok
21:05:30.0097 4700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:30.0127 4700 USBSTOR - ok
21:05:30.0127 4700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:05:30.0157 4700 usbuhci - ok
21:05:30.0187 4700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:05:30.0247 4700 UxSms - ok
21:05:30.0257 4700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:05:30.0277 4700 VaultSvc - ok
21:05:30.0297 4700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:05:30.0317 4700 vdrvroot - ok
21:05:30.0347 4700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:05:30.0417 4700 vds - ok
21:05:30.0437 4700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:30.0457 4700 vga - ok
21:05:30.0467 4700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:05:30.0547 4700 VgaSave - ok
21:05:30.0587 4700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:05:30.0607 4700 vhdmp - ok
21:05:30.0637 4700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:05:30.0647 4700 viaide - ok
21:05:30.0667 4700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:05:30.0677 4700 volmgr - ok
21:05:30.0717 4700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:05:30.0727 4700 volmgrx - ok
21:05:30.0747 4700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:05:30.0757 4700 volsnap - ok
21:05:30.0777 4700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:05:30.0787 4700 vsmraid - ok
21:05:30.0847 4700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:05:30.0967 4700 VSS - ok
21:05:30.0987 4700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:05:31.0007 4700 vwifibus - ok
21:05:31.0057 4700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:05:31.0097 4700 W32Time - ok
21:05:31.0127 4700 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
21:05:31.0137 4700 wacommousefilter - ok
21:05:31.0157 4700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:05:31.0177 4700 WacomPen - ok
21:05:31.0227 4700 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
21:05:31.0247 4700 wacomvhid - ok
21:05:31.0287 4700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:05:31.0357 4700 WANARP - ok
21:05:31.0357 4700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:05:31.0387 4700 Wanarpv6 - ok
21:05:31.0447 4700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:05:31.0537 4700 wbengine - ok
21:05:31.0557 4700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:05:31.0577 4700 WbioSrvc - ok
21:05:31.0607 4700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:05:31.0647 4700 wcncsvc - ok
21:05:31.0657 4700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:05:31.0707 4700 WcsPlugInService - ok
21:05:31.0767 4700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:05:31.0787 4700 Wd - ok
21:05:31.0837 4700 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:05:31.0877 4700 Wdf01000 - ok
21:05:31.0887 4700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:05:31.0977 4700 WdiServiceHost - ok
21:05:31.0987 4700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:05:32.0007 4700 WdiSystemHost - ok
21:05:32.0027 4700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:05:32.0057 4700 WebClient - ok
21:05:32.0067 4700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:05:32.0127 4700 Wecsvc - ok
21:05:32.0137 4700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:05:32.0197 4700 wercplsupport - ok
21:05:32.0217 4700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:05:32.0257 4700 WerSvc - ok
21:05:32.0277 4700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:05:32.0307 4700 WfpLwf - ok
21:05:32.0327 4700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:05:32.0337 4700 WIMMount - ok
21:05:32.0357 4700 WinDefend - ok
21:05:32.0377 4700 WinHttpAutoProxySvc - ok
21:05:32.0407 4700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:05:32.0467 4700 Winmgmt - ok
21:05:32.0527 4700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:05:32.0657 4700 WinRM - ok
21:05:32.0717 4700 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:05:32.0757 4700 WinUsb - ok
21:05:32.0807 4700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:05:32.0857 4700 Wlansvc - ok
21:05:32.0977 4700 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:05:33.0057 4700 wlidsvc - ok
21:05:33.0077 4700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:05:33.0087 4700 WmiAcpi - ok
21:05:33.0117 4700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:05:33.0137 4700 wmiApSrv - ok
21:05:33.0147 4700 WMPNetworkSvc - ok
21:05:33.0157 4700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:05:33.0187 4700 WPCSvc - ok
21:05:33.0217 4700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:05:33.0267 4700 WPDBusEnum - ok
21:05:33.0297 4700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:05:33.0337 4700 ws2ifsl - ok
21:05:33.0357 4700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:05:33.0387 4700 wscsvc - ok
21:05:33.0387 4700 WSearch - ok
21:05:33.0447 4700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:05:33.0557 4700 wuauserv - ok
21:05:33.0597 4700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:05:33.0647 4700 WudfPf - ok
21:05:33.0677 4700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:33.0707 4700 WUDFRd - ok
21:05:33.0737 4700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:05:33.0757 4700 wudfsvc - ok
21:05:33.0797 4700 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:05:33.0847 4700 WwanSvc - ok
21:05:33.0917 4700 [ 19FFB0CB63955A425AAC2A4B19D93AA2 ] XMouseButton Launcher C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
21:05:33.0937 4700 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - warning
21:05:33.0937 4700 XMouseButton Launcher - detected UnsignedFile.Multi.Generic (1)
21:05:33.0997 4700 [ F14C9B3A8DF6E21F83AC63FA1ADC6D51 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
21:05:34.0047 4700 ZTEusbmdm6k - ok
21:05:34.0067 4700 [ F14C9B3A8DF6E21F83AC63FA1ADC6D51 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
21:05:34.0077 4700 ZTEusbnmea - ok
21:05:34.0097 4700 [ F14C9B3A8DF6E21F83AC63FA1ADC6D51 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
21:05:34.0107 4700 ZTEusbser6k - ok
21:05:34.0137 4700 ================ Scan global ===============================
21:05:34.0157 4700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:05:34.0187 4700 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:05:34.0187 4700 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:05:34.0227 4700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:05:34.0257 4700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:05:34.0257 4700 [Global] - ok
21:05:34.0257 4700 ================ Scan MBR ==================================
21:05:34.0267 4700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:05:34.0547 4700 \Device\Harddisk0\DR0 - ok
21:05:34.0547 4700 ================ Scan VBR ==================================
21:05:34.0547 4700 [ EE3A95752D5CEB6260A355551DDAD892 ] \Device\Harddisk0\DR0\Partition1
21:05:34.0557 4700 \Device\Harddisk0\DR0\Partition1 - ok
21:05:34.0577 4700 [ EA051BC9BBA5ACB205AA04793067E4BA ] \Device\Harddisk0\DR0\Partition2
21:05:34.0577 4700 \Device\Harddisk0\DR0\Partition2 - ok
21:05:34.0597 4700 [ 8C7C62EC2CBA5E6A4F9B9276E3F87DEF ] \Device\Harddisk0\DR0\Partition3
21:05:34.0597 4700 \Device\Harddisk0\DR0\Partition3 - ok
21:05:34.0597 4700 ============================================================
21:05:34.0597 4700 Scan finished
21:05:34.0597 4700 ============================================================
21:05:34.0607 5884 Detected object count: 5
21:05:34.0607 5884 Actual detected object count: 5
21:05:49.0347 5884 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:49.0347 5884 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:49.0347 5884 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:49.0347 5884 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:49.0357 5884 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:05:49.0357 5884 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:05:49.0357 5884 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:49.0357 5884 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:49.0357 5884 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:49.0357 5884 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:56.0267 5508 Deinitialize success
|
|
02.06.2013, 20:34
| #9 |
| /// Malware-holic | TR/Crypt.XPACK.Gen entfernen? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.06.2013, 20:50
| #10 |
| | TR/Crypt.XPACK.Gen entfernen?Code:
ATTFilter ComboFix 13-06-02.02 - Andi 02.06.2013 21:38:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6071.3966 [GMT 2:00]
ausgeführt von:: c:\users\Andi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Andi\AppData\Local\assembly\tmp
c:\users\Andi\AppData\Roaming\.#
c:\users\Andi\AppData\Roaming\mIRC\logs\status.log
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-02 bis 2013-06-02 ))))))))))))))))))))))))))))))
.
.
2013-06-02 19:46 . 2013-06-02 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-02 18:53 . 2013-06-02 18:57 -------- d-----w- C:\_OTL
2013-06-02 17:13 . 2013-06-02 17:13 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-06-02 17:13 . 2013-06-02 17:13 -------- d-----w- c:\windows\SysWow64\Extensions
2013-06-02 17:07 . 2013-06-02 17:07 -------- d-----w- c:\program files (x86)\YTD Toolbar
2013-06-02 17:07 . 2013-06-02 17:07 -------- d-----w- c:\program files (x86)\Application Updater
2013-06-02 17:07 . 2013-06-02 17:07 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2013-06-02 16:07 . 2013-06-02 18:53 -------- d-sh--w- c:\programdata\Google Search0
2013-06-02 16:07 . 2013-06-02 19:45 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{951B204A-1C00-4FE6-9D5D-6DE874875326}\offreg.dll
2013-05-31 20:45 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{951B204A-1C00-4FE6-9D5D-6DE874875326}\mpengine.dll
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\programdata\BrowserProtect
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\users\Andi\AppData\Roaming\BabSolution
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\program files (x86)\Delta
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\users\Andi\AppData\Roaming\Babylon
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\programdata\Babylon
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-05-26 18:12 . 2013-05-26 18:12 -------- d-----w- c:\users\Andi\AppData\Roaming\OpenCandy
2013-05-15 19:57 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-10 20:02 . 2013-05-10 20:02 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-05-10 20:02 . 2013-05-10 20:02 -------- d-----w- c:\windows\system32\wbem\en-US
2013-05-10 10:23 . 2013-05-10 10:23 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 22:49 . 2010-10-23 10:38 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 21:07 . 2012-10-12 15:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 21:07 . 2011-05-17 11:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-11-06 10:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 11:43 . 2013-04-30 11:43 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 19:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 19:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 19:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 19:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 19:57 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 19:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:56 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-28 15:57 . 2013-03-28 15:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-28 15:57 . 2012-08-31 19:22 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-28 15:57 . 2011-02-17 20:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 12:09 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:08 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:09 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:09 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:08 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:08 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-05-15 10:38 1353536 ----a-w- c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll" [2013-05-15 1353536]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-12-22 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-12-22 181480]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2012-05-04 156448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-05-15 1298240]
.
c:\users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261249~1.132\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-03-20 14120]
R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-08-29 11776]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-23 834544]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2013-05-15 806776]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-22 2787280]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-12-04 103472]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2012-05-04 274208]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-06-23 87040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-03-20 460800]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-09 85504]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 21:07]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 15:18]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-22 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Andi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: Interfaces\{6347442B-F633-488F-93AA-1FAF15DD314C}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\2ugod16k.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 9a48cf0a000000000000001f3f0ef86c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15851
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.520:12
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121562&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-mIRC - c:\users\Andi\Desktop\mIRC\uninstall.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3759406579-1889805495-2431686303-1000\Software\SecuROM\License information*]
"datasecu"=hex:b1,95,72,3b,bf,09,7e,3b,f4,a4,a1,94,ea,4c,43,14,88,2d,e2,36,16,
97,7f,1e,cb,3e,d5,36,3c,91,c4,41,06,e0,61,69,23,c4,0e,1c,59,68,0f,08,36,28,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-02 21:48:42
ComboFix-quarantined-files.txt 2013-06-02 19:48
.
Vor Suchlauf: 14 Verzeichnis(se), 168.628.056.064 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 168.455.020.544 Bytes frei
.
- - End Of File - - CAF665BCDB75AE31379236A15D7E916B
|
|
02.06.2013, 23:24
| #11 |
| /// Malware-holic | TR/Crypt.XPACK.Gen entfernen? Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 14:44
| #12 |
| | TR/Crypt.XPACK.Gen entfernen?Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Andi :: ANDI-PC [Administrator] 03.06.2013 13:38:55 mbam-log-2013-06-03 (13-38-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 477959 Laufzeit: 1 Stunde(n), 28 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 9 C:\_OTL\MovedFiles.zip (Trojan.Bitcoin) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\brah\chp.exe (Trojan.Bitcoin) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\brah\scvhost.exe (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\WindowsFiles\macromedia.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\WindowsFiles\miner.dll (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\WindowsFiles\shell.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\WindowsFiles\macro\macromedia.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\WindowsFiles\min\miner.dll (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06022013_205305\C_Users\Andi\AppData\Roaming\WindowsFiles\shel\shell.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
03.06.2013, 14:51
| #13 |
| /// Malware-holic | TR/Crypt.XPACK.Gen entfernen? Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.06.2013, 15:21
| #14 |
| | TR/Crypt.XPACK.Gen entfernen?Code:
ATTFilter 1&1 Surf-Stick 11.03.2013 1.0.0.2 unnötig ABBYY PDF Transformer 3.0 ABBYY 24.03.2010 3.00.145.7091 unnötig Acer Arcade Deluxe CyberLink Corp. 10.04.2010 102MB 3.2.7222 unbekannt Acer Backup Manager NewTech Infosystems 23.03.2010 226MB 2.0.2.19 unbekannt Acer eRecovery Management Acer Incorporated 23.03.2010 4.05.3005 unbekannt Acer Registration Acer Incorporated 10.04.2010 1.02.3006 unbekannt Acer ScreenSaver Acer Incorporated 10.04.2010 1.02.0722 unbekannt Acer Updater Acer Incorporated 23.03.2010 1.01.3017 unbekannt Acrobat.com Adobe Systems Incorporated 23.03.2010 1,60MB 1.6.65 notwendig Adobe AIR Adobe Systems Incorporated 03.05.2012 2.6.0.19140 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.04.2010 10.0.32.18 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.05.2013 6,00MB 11.7.700.202 notwendig Adobe Reader 9.5.5 MUI Adobe Systems Incorporated 21.05.2013 657MB 9.5.5 notwendig Age of Empires II: HD Edition 02.05.2013 unnötig AION Free-To-Play Gameforge 05.03.2012 22,6MB 2.70.0000 notwendig AirMech 17.12.2012 unnötig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 01.04.2013 26,3MB 8.0.903.0 unbekannt Apple Software Update Apple Inc. 23.03.2010 2,15MB 2.1.1.116 unnötig Avira AntiVir Personal - Free Antivirus Avira GmbH 31.10.2012 69,3MB 10.2.0.719 notwendig AVM FRITZ!WLAN AVM Berlin 22.10.2010 notwendig Bamboo Wacom Technology Corp. 03.05.2012 5.2.5-5 unnötig Bamboo Dock Wacom Co., Ltd. 03.05.2012 4.0 unnötig Beyond Divinity 10.02.2013 1,59GB 1.0.7 unnötig Brockhaus multimedial 2010 wissenmedia GmbH 23.03.2010 799MB 12.00.0000 unbekannt BrowserProtect Bit89 Inc 26.05.2013 unbekannt Call of Duty: Black Ops II 07.01.2013 unnötig Call of Duty: Black Ops II - Multiplayer 07.01.2013 unnötig Call of Duty: Black Ops II - Zombies 07.01.2013 unnötig CCleaner Piriform 24.05.2013 4.02 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 09.01.2013 181MB 12.0.6612.1000 notwendig Corel Painter 12 Corel Corporation 30.12.2012 480MB 12.0.1.914 notwendig Counter-Strike: Global Offensive Valve 02.04.2013 unnötig Counter-Strike: Source Valve 13.11.2012 unnötig Delta toolbar Delta 26.05.2013 1.8.21.5 unnötig Diablo III Blizzard Entertainment 01.06.2013 1.0.8.16603 notwendig Divine Divinity 08.02.2013 2,36GB 1.0.7 unnötig Divinity II - Developer's Cut Larian 13.02.2013 1.4 unnötig DriverTuner 3.1.0.0 LionSea SoftWare 30.08.2012 24,7MB 3.1.0.0 unbekannt Empires Dawn of the Modern World 20.01.2011 unnötig Fallout 3 Bethesda Softworks 22.10.2010 1.00.0000 unnötig Far Cry 3 Ubisoft 08.01.2013 1.04 unnötig Free YouTube to MP3 Converter version 3.12.2.430 DVDVideoSoft Ltd. 26.05.2013 77,5MB 3.12.2.430 notwendig GIMP 2.8.2 The GIMP Team 12.11.2012 234MB 2.8.2 unnötig Guild Wars 2 NCsoft Corporation, Ltd. 28.08.2012 notwendig Hotkey Utility Acer Incorporated 10.04.2010 1.00.3004 unbekannt HUAWEI DataCard Driver 4.20.12.00 Huawei technologies Co., Ltd. 02.02.2013 4.20.12.00 unnötig Identity Card Acer Incorporated 10.04.2010 1.00.3002 notwendig Intel(R) Management Engine Components Intel Corporation 10.04.2010 6.0.0.1179 notwendig Intel® Matrix Storage Manager Intel Corporation 10.04.2010 notwendig Java 7 Update 17 Oracle 28.03.2013 129MB 7.0.170 notwendig JMicron JMB36X Driver JMicron Technology Corp. 23.03.2010 1.00.0000 unbekannt Krater 23.12.2012 unnötig L.A. Noire Rockstar Games 22.01.2013 1.00.0000 unnötig League of Legends Riot Games 16.03.2012 1.02.0000 notwendig Left 4 Dead 2 Valve 28.10.2012 unnötig Logitech Webcam-Software Logitech Inc. 25.01.2012 2.30 notwendig LogMeIn Hamachi LogMeIn, Inc. 02.04.2013 2.1.0.294 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 03.06.2013 19,2MB 1.75.0.1300 notwendig McAfee SiteAdvisor McAfee, Inc. 07.02.2013 3.6.187 unnötig McAfee SiteAdvisor McAfee, Inc. 06.11.2010 3.1.1.119 unnötig Microsoft .NET Framework 1.1 07.02.2011 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.10.2010 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.10.2010 2,93MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 02.04.2013 51,9MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 02.04.2013 10,6MB 4.0.30319 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 06.05.2011 31,3MB 3.5.88.0 unbekannt Microsoft Games for Windows Marketplace Microsoft Corporation 06.05.2011 6,03MB 3.5.50.0 n unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 26.11.2011 7,95MB 14.0.5130.5003 notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 01.03.2012 12.0.6612.1000 notwendig Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 01.03.2012 12.0.6612.1000 notwendig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.01.2013 41,5MB 12.0.6612.1000 notwendig Microsoft Office Suite Activation Assistant Microsoft Corporation 23.03.2010 8,36MB 2.9 notwendig Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.04.2010 1,72MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.01.2012 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.59193 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 02.11.2010 200KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 16.05.2011 598KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.09.2012 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 31.10.2010 596KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.04.2011 594KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 02.05.2013 13,8MB 10.0.40219 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 02.05.2013 15,0MB 10.0.40219 unbekannt Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Corporation 02.05.2013 20,5MB 11.0.51106.1 unbekannt Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Corporation 02.05.2013 17,4MB 11.0.51106.1 unbekannt Microsoft Works Microsoft Corporation 10.10.2012 1,18GB 9.7.0621 unbekannt Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 02.04.2013 8,03MB 4.0.20823.0 unbekannt mIRC mIRC Co. Ltd. 28.01.2011 7.17 unnötig Mobile Connection Manager Mobile Connection Manager 02.02.2013 unbekannt Mozilla Firefox 21.0 (x86 de) Mozilla 18.05.2013 48,9MB 21.0 notwendig Mozilla Maintenance Service Mozilla 18.05.2013 333KB 21.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 23.10.2010 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.10.2010 1,33MB 4.20.9876.0 unbekannt MySQL Connector/ODBC 5.1 MySQL AB 22.10.2010 7,09MB 5.1.5 unbekannt MyWinLocker Egis Technology Inc. 23.03.2010 47,9MB 3.1.76.0 unbekannt NC Launcher (GameForge) NCsoft 05.03.2012 notwendig NCsoft Launcher NCsoft 20.11.2010 1.5.7.0 notwendig Nero 9 Essentials Nero AG 23.03.2010 unnötig NoNameScript Regroup Esports A/S 28.01.2011 4.2 unnötig Norton Online Backup Symantec 23.03.2010 2,09MB 1.2.0.36 unnötig NVIDIA PhysX NVIDIA Corporation 13.02.2013 119MB 9.09.0428 notwendig OpenOffice.org 3.4.1 Apache Software Foundation 18.09.2012 331MB 3.41.9593 notwendig Opera 12.00 Opera Software ASA 26.06.2012 12.00.1467 unnötig Origin Electronic Arts, Inc. 31.05.2012 8.6.0.357 unnötig Pando Media Booster Pando Networks Inc. 15.03.2012 5,46MB 2.6.0.6 unbekannt ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 24.01.2013 11.0.0.12 unbekannt PunkBuster Services Even Balance, Inc. 08.01.2013 0.993 unbekannt QuickTime Apple Inc. 23.03.2010 74,3MB 7.60.92.0 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10.04.2010 6.0.1.5969 notwendig Rockstar Games Social Club Rockstar Games 22.01.2013 1.0.0.0 unnötig Skype Click to Call Skype Technologies S.A. 29.02.2012 12,6MB 5.9.9216 notwendig Skype™ 6.3 Skype Technologies S.A. 20.05.2013 21,1MB 6.3.107 notwendig StarCraft II Blizzard Entertainment 03.02.2013 1.0.0.15405 unnötig Steam Valve Corporation 05.01.2012 35,4MB 1.0.0.0 notwendig Stronghold Crusader Extreme Firefly Studios 25.01.2013 1.20.0000 unnötig Stronghold Kingdoms Firefly Studios Ltd 01.04.2013 unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 09.04.2013 3.0.10.1 notwendig Terraria 02.04.2013 unnötig The Elder Scrolls V: Skyrim Bethesda Game Studios 05.01.2012 unnötig The Witcher 2 CD Projekt Red 05.03.2012 1.00.0000 unnötig Trillian Toolbar Ask.com 10.02.2011 2,56MB 1.9.1.0 unnötig Ubisoft Game Launcher UBISOFT 05.03.2012 1.0.0.0 unnötig Uninstall 1.0.0.1 08.11.2010 10,5MB unbekannt Uplay Ubisoft 08.01.2013 2.0 unnötig Warcraft III 21.10.2010 unnötig Warcraft III: All Products 23.10.2010 unnötig WebTablet FB Plugin Wacom Technology Corp. 03.05.2012 2.0.0.1 unbekannt WebTablet IE Plugin Wacom Technology Corp. 03.05.2012 1.1.0.12 unbekannt WebTablet Netscape Plugin Wacom Technology Corp. 03.05.2012 1.1.0.10 unbekannt Welcome Center Acer Incorporated 10.04.2010 1.00.3008 unbekannt Winamp Nullsoft, Inc 22.10.2010 5.581 notwendig Windows Live Essentials Microsoft Corporation 10.04.2010 14.0.8089.0726 unbekannt Windows Live ID Sign-in Assistant Microsoft Corporation 17.11.2010 10,0MB 6.500.3165.0 unbekannt Windows Live Sync Microsoft Corporation 10.04.2010 2,79MB 14.0.8089.726 unbekannt Windows Live-Uploadtool Microsoft Corporation 10.04.2010 224KB 14.0.8014.1029 unbekannt WinRAR 23.10.2010 notwendig World of Warcraft Blizzard Entertainment 24.05.2013 14,2GB 5.3.0.16992 notwendig World of Warcraft Beta Blizzard Entertainment 16.08.2012 5.0.4.15972 notwendig World of Warcraft Public Test Blizzard Entertainment 28.09.2011 0.0.0.0 notwendig X-Mouse Button Control 2.5 Highresolution Enterprises 31.12.2012 2.5 unnötig YouTube Downloader 3.4 BienneSoft 14.11.2011 unnötig YTD Toolbar v7.1 Spigot, Inc. 02.06.2013 25,0MB 7.1 unnötig |
|
03.06.2013, 16:46
| #15 |
| /// Malware-holic | TR/Crypt.XPACK.Gen entfernen? deinstaliere: 1&1 ABBYY Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Age AirMech Bamboo : beide Beyond Brockhaus BrowserProtect Call of Duty: alle Counter-Strike: beide Delta Divine Divinity DriverTuner Empires Fallout Far Cry GIMP HUAWEI Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Krater L.A Left 4 LogMeIn McAfee : beide mIRC Nero NoNameScript Norton Opera Origin Rockstar StarCraft Stronghold beide Terraria The Elder The Witcher Trillian Ubisoft Uplay Warcraft beide Windows Live : alle von dir nicht verwendeten. X-Mouse YouTube YTD Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TR/Crypt.XPACK.Gen entfernen? |
| .dll, abgesicherten, antivir, computer, dateien, entfernen, ergebnis, erneut, erschienen, funktionieren, gestartet, infizierte, installieren, langsam, modus, nicht mehr, nichts, ordner, problem, programm, programme, schei, sehr langsam, tr/crypt.xpack.ge, tr/crypt.xpack.gen, windows, wirklich |
WARNUNG an die MITLESER: 
