| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 4 Funde u.a. HTML/Infected.WebPage.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
29.01.2012, 10:42
| #1 |
 |  4 Funde u.a. HTML/Infected.WebPage.Gen2 Hallo liebe Community, ich habe mich hier angemeldet, weil mein Avira Free Antivirus 4 Funde angezeigt hat. Avira sollte auf dem neuesten Stand sein, es läd fast täglich Updates herunter. Ich Arbeite mit Windows 7 Home Premium mit automatischen Updates. Zum Glück habe ich bisher keine "komischen" Symptome bei meinem Rechner entdeckt. Bisher läuft alles wie immer ohne Probleme. Nur da ich öffters mal Homebanking mache und auch im Internet Bestellungen durchführe, würde ich gerne auf Nummer sicher gehen. Beginne mit der Desinfektion: D:\GAMERPC\Backup Set 2012-01-02 100253\Backup Files 2012-01-02 100253\Backup files 5.zip [FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a69a699.qua' verschoben! D:\GAMERPC\Backup Set 2012-01-02 100253\Backup Files 2012-01-02 100253\Backup files 32.zip [FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52fe8938.qua' verschoben! D:\GAMERPC\Backup Set 2012-01-02 100253\Backup Files 2012-01-02 100253\Backup files 12.zip [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Downloader.BEO [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00a1d3d1.qua' verschoben! D:\Downloads-neu\Zotero_win32.zip [FUND] Enthält Erkennungsmuster der Adware ADWARE/Agent.Gabaeth [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '66899c6a.qua' verschoben! Sie wurden in Quarantäne gesteckt und nun würde ich gerne um Rat fragen, wie ich sie entgültig entfernen kann und wie schlimm es insgesamt um meinen PC steht. Schritt 1 mit defogger - Disable - durchgeführt Schritt 2 mit OTL - durchgeführt OTL.txt Code:
ATTFilter OTL logfile created on: 29.01.2012 10:21:33 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = Y:\Benutzer-Sarah 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 72,04% Memory free 7,94 Gb Paging File | 5,97 Gb Available in Paging File | 75,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 540,88 Gb Total Space | 484,30 Gb Free Space | 89,54% Space Free | Partition Type: NTFS Drive D: | 491,34 Gb Total Space | 357,26 Gb Free Space | 72,71% Space Free | Partition Type: NTFS Drive Y: | 390,62 Gb Total Space | 268,99 Gb Free Space | 68,86% Space Free | Partition Type: NTFS Drive Z: | 440,17 Gb Total Space | 173,24 Gb Free Space | 39,36% Space Free | Partition Type: NTFS Computer Name: GAMERPC | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe PRC - [2011.08.13 13:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe PRC - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.05.21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe PRC - [2010.03.06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe ========== Modules (No Company Name) ========== MOD - [2011.12.31 00:01:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2011.12.31 00:01:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011.11.19 11:40:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.11.19 11:40:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll MOD - [2011.11.19 11:40:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\89933ca5a3d6ecfddac2f276746e939e\IAStorUtil.ni.dll MOD - [2011.11.19 11:40:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.11.19 11:40:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.11.19 11:40:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.11.19 11:40:21 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.11.19 11:40:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.11.19 11:40:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MOD - [2011.09.15 08:06:40 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService) SRV - [2011.02.15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.06.02 12:11:24 | 000,380,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe -- (SynoDrService) SRV - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.12.09 19:08:45 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.15 08:06:33 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.15 08:06:33 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.07.20 13:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2011.07.20 13:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3) DRV:64bit: - [2011.06.16 17:10:20 | 000,310,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2011.06.16 17:10:20 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.21 20:28:38 | 000,176,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2011.05.21 20:28:28 | 000,230,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.05.19 14:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2011.05.10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.03.17 21:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011.03.17 21:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.02.18 07:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.04.17 18:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3) DRV:64bit: - [2010.04.17 18:11:50 | 000,044,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3) DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:64bit: - [2010.04.06 13:12:00 | 000,450,048 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187) DRV:64bit: - [2010.02.26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132) DRV:64bit: - [2010.01.20 14:48:56 | 000,332,688 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID) DRV:64bit: - [2009.07.14 19:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts) DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts) DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial) DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV:64bit: - [2007.01.19 02:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.31 12:36:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.26 17:49:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M] [2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2011.10.07 18:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} [2012.01.29 09:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions [2012.01.06 15:44:13 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\foxmarks@kei.com [2011.12.14 00:22:50 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\My-Translator@eugenche.com [2011.12.31 12:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.31 12:36:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.31 12:36:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.31 12:36:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.31 12:36:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.31 12:36:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.31 12:36:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.31 12:36:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort14reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.) O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0B9852-81DA-4368-8F04-48EAB596BC8B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell - "" = AutoRun O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell - "" = AutoRun O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.29 10:16:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe [2012.01.29 00:31:53 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\MSC CR [2012.01.26 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync [2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync [2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes [2012.01.21 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology Data Replicator 3 [2012.01.15 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Western Digital [2012.01.10 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt [2012.01.10 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2012.01.10 18:39:46 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.01.10 18:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2012.01.09 20:32:52 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\Remus [2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JezSoft [2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes Folder Watch [2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology [2012.01.03 19:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology [2012.01.01 19:45:17 | 000,000,000 | ---D | C] -- C:\iPod Photo Cache ========== Files - Modified Within 30 Days ========== [2012.01.29 10:11:17 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable [2012.01.29 09:43:29 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 09:43:29 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 09:34:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000UA.job [2012.01.29 09:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.29 01:07:18 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.29 01:07:18 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.29 01:07:18 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.29 01:07:18 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.29 01:07:18 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.29 00:31:08 | 000,002,677 | ---- | M] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk [2012.01.28 19:34:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000Core.job [2012.01.28 10:20:34 | 3197,820,928 | -HS- | M] () -- C:\hiberfil.sys [2012.01.26 21:04:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.24 22:25:33 | 000,001,344 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.01.24 22:20:21 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\PureSync.lnk [2012.01.21 12:38:41 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk [2012.01.14 21:14:14 | 000,000,045 | -H-- | M] () -- Y:\PP11Thumbs.ptn2 [2012.01.14 21:13:59 | 000,192,524 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn [2012.01.14 21:13:59 | 000,000,316 | -H-- | M] () -- Y:\Benutzer-Sarah\maxdesk.ini2 [2012.01.14 21:13:59 | 000,000,237 | -H-- | M] () -- Y:\Benutzer-Sarah\.ppinfocache [2012.01.14 21:13:59 | 000,000,103 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2 [2012.01.14 21:13:45 | 000,192,488 | -H-- | M] () -- Y:\PP11Thumbs.ptn [2012.01.14 21:13:45 | 000,000,111 | -H-- | M] () -- Y:\maxdesk.ini2 [2012.01.14 21:13:34 | 033,411,726 | ---- | M] () -- Y:\Konzip teil 2.pdf [2012.01.10 18:51:08 | 1073,741,824 | ---- | M] () -- Y:\Sarah_TC.ct [2012.01.10 18:39:47 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.01.09 20:37:20 | 000,000,202 | -H-- | M] () -- Y:\.ppinfocache [2012.01.09 20:36:29 | 003,117,289 | ---- | M] () -- Y:\Scan_Doc0004.pdf [2012.01.03 21:31:00 | 006,437,392 | ---- | M] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf [2012.01.03 19:35:19 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2011.12.31 19:51:27 | 000,205,224 | ---- | M] () -- Y:\Benutzer-Sarah\star-T.jpg [2011.12.30 20:11:47 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2012.01.29 10:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable [2012.01.29 10:10:21 | 000,050,477 | ---- | C] () -- Y:\Benutzer-Sarah\Defogger.exe [2012.01.28 10:37:07 | 000,080,384 | ---- | C] () -- Y:\Benutzer-Sarah\MBRCheck.exe [2012.01.26 21:04:39 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.21 12:38:41 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk [2012.01.14 21:13:59 | 000,000,316 | -H-- | C] () -- Y:\Benutzer-Sarah\maxdesk.ini2 [2012.01.14 21:13:59 | 000,000,237 | -H-- | C] () -- Y:\Benutzer-Sarah\.ppinfocache [2012.01.14 21:13:59 | 000,000,103 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2 [2012.01.14 21:13:55 | 000,192,524 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn [2012.01.14 21:11:42 | 033,411,726 | ---- | C] () -- Y:\Konzip teil 2.pdf [2012.01.10 18:50:59 | 1073,741,824 | ---- | C] () -- Y:\Sarah_TC.ct [2012.01.10 18:39:47 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2012.01.09 20:37:20 | 000,000,202 | -H-- | C] () -- Y:\.ppinfocache [2012.01.09 20:37:19 | 000,000,111 | -H-- | C] () -- Y:\maxdesk.ini2 [2012.01.09 20:36:22 | 000,000,045 | -H-- | C] () -- Y:\PP11Thumbs.ptn2 [2012.01.09 20:36:06 | 003,117,289 | ---- | C] () -- Y:\Scan_Doc0004.pdf [2012.01.09 20:35:43 | 000,192,488 | -H-- | C] () -- Y:\PP11Thumbs.ptn [2012.01.08 11:57:56 | 000,002,677 | ---- | C] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk [2012.01.03 21:30:59 | 006,437,392 | ---- | C] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf [2012.01.03 19:32:31 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2011.12.31 19:51:25 | 000,205,224 | ---- | C] () -- Y:\Benutzer-Sarah\star-T.jpg [2011.11.16 19:40:19 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.16 12:04:57 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp [2011.10.08 17:44:41 | 000,241,149 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.09.28 12:49:18 | 000,186,848 | ---- | C] () -- C:\Windows\SysWow64\WinService.exe [2011.08.13 13:13:10 | 000,034,481 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.01.14 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.oit [2011.10.16 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.20 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1 [2011.10.07 18:09:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\conkeror.mozdev.org [2012.01.28 10:21:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox [2012.01.24 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jumping Bytes [2011.10.06 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech [2011.10.07 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\lingDIALOG [2011.09.28 14:11:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mirabyte [2011.11.16 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nuance [2011.09.28 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Opera [2011.10.07 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ProtectDISC [2011.10.07 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird [2012.01.10 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt [2011.12.20 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Wacom [2011.12.20 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011.11.16 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Zeon [2012.01.06 11:23:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:FD9CE1F3 < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.01.2012 10:21:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = Y:\Benutzer-Sarah
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 72,04% Memory free
7,94 Gb Paging File | 5,97 Gb Available in Paging File | 75,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 540,88 Gb Total Space | 484,30 Gb Free Space | 89,54% Space Free | Partition Type: NTFS
Drive D: | 491,34 Gb Total Space | 357,26 Gb Free Space | 72,71% Space Free | Partition Type: NTFS
Drive Y: | 390,62 Gb Total Space | 268,99 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive Z: | 440,17 Gb Total Space | 173,24 Gb Free Space | 39,36% Space Free | Partition Type: NTFS
Computer Name: GAMERPC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.30
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{153F529B-694F-44D7-8C90-E9036281B3E9}" = PureSync
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92C742-08BE-9C7A-DF0C-3E1CD06C46C2}" = Sumo Paint Bamboo 2.2
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{450C790A-8C60-4B3D-887E-2124AC823D6D}" = iTunesFolderWatch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9607BFD6-A6D4-43C0-8D7B-3D0F84C7EC58}" = Growl iTunes Plug-in
"{960CE333-260D-4887-9785-57E2EEFA287D}" = Nuance PaperPort 14
"{9AC5BB16-8C22-4D5C-9A07-9196183B50C9}_is1" = mirabyte Web Architect 9.5.5
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bamboo Dock" = Bamboo Dock
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1" = Sumo Paint Bamboo 2.2
"Drakensang_is1" = Drakensang
"Grammatiktrainer 5.0 Englisch" = Langenscheidt Grammatiktrainer 5.0 Englisch
"InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (3.1.8)" = Mozilla Thunderbird (3.1.8)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Blender" = PDF Blender
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PureSync" = PureSync 3.5.0
"Synology Assistant" = Synology Assistant (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.01.2012 20:04:20 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10016
Error - 16.01.2012 20:04:21 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.01.2012 20:04:21 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
Error - 16.01.2012 20:04:21 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
Error - 16.01.2012 20:04:22 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.01.2012 20:04:22 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
Error - 16.01.2012 20:04:22 | Computer Name = GamerPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
Error - 17.01.2012 14:42:55 | Computer Name = GamerPC | Source = TabletServicePen | ID = 1
Description =
Error - 17.01.2012 14:43:04 | Computer Name = GamerPC | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2012 18:15:33 | Computer Name = GamerPC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.01.2012 08:13:57 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 20.01.2012 02:50:14 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
TabletServicePen erreicht.
Error - 20.01.2012 02:50:14 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TabletServicePen" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 24.01.2012 16:18:33 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
TabletServicePen erreicht.
Error - 24.01.2012 16:18:33 | Computer Name = GamerPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TabletServicePen" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 24.01.2012 17:10:23 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
Error - 24.01.2012 17:12:04 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
Error - 24.01.2012 17:12:41 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
Error - 24.01.2012 17:12:55 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
Error - 24.01.2012 17:13:03 | Computer Name = GamerPC | Source = DCOM | ID = 10016
Description =
< End of report >
Würde mich über Hilfe freuen mfg Manyra Geändert von Manyra (29.01.2012 um 10:47 Uhr) Grund: Rechtschreibung :) |
|
29.01.2012, 20:07
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 4 Funde u.a. HTML/Infected.WebPage.Gen2Zitat:
__________________ |
|
29.01.2012, 22:11
| #3 |
| | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Also Zotero ist ein Programm das ich für die Literaturrecherche für mein Studium nutze.
__________________Ich nutze auf meinem Arbeitsrechner aber eine ältere Version, die ein Firefox addon ist. Auf meinem PC zuhause hab ich es nicht installiert und ich hatte mir überlegt, ob ich die neue Standalone Version ausprobiere. Da sie aber nicht mit der älteren Firefox-Addon-Version kompatibel ist, habe ich sie nicht installiert. Die Installationsdatei für die Standaloneversion liegt daher ungenutzt im Download-Ordner. Sie kann eigentlich nur von der Zotero-Webseite stammen. Bleiben noch die beiden anderen Funde: HTML/Infected.WebPage.Gen2 JS/Downloader.BEO Mit dem ersten scheinen noch andere Probleme zu haben, aber zu dem Downloader.BEO habe fast nichts gefunden. Es sieht so aus, als ob noch mehrere mit dieser Datei Probleme hatten. Im Zotero-Forum wird über das Problem diskutiert Warum findet Avira eigentlich Funde in Backups und nicht auf dem eigentlichen Rechner, wo sie sich ja befinden müssten. Das sind übrigens ältere Backups, da ich damals noch keine externe Festplatte dafür hatte. |
|
30.01.2012, 10:21
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.01.2012, 08:37
| #5 |
| | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Hallo cosinus, bin heute Nacht deiner Anleitung gefolgt und habe nun die Logfiles. Malwarebytes zeigte keinen Fund Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.30.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sarah :: GAMERPC [Administrator] Schutz: Aktiviert 30.01.2012 21:15:38 mbam-log-2012-01-30 (21-15-38).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 601362 Laufzeit: 2 Stunde(n), 41 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=48568caa9e73a842b18242981c3bfbd5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-31 03:21:47
# local_time=2012-01-31 04:21:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 9298357 9298357 0 0
# compatibility_mode=5893 16776574 100 94 37652136 79600586 0 0
# compatibility_mode=8192 67108863 100 0 3957 3957 0 0
# scanned=411100
# found=2
# cleaned=0
# scan_time=9371
C:\Users\Sarah\AppData\Local\Mozilla\Firefox\Profiles\g2eyt7oz.default\Cache\9\BF\51F5Ad01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
D:\Downloads-neu\pinboard10_wordpress-template.zip PHP/Kryptik.AB trojan (unable to clean) 00000000000000000000000000000000 I
mfg Manyra |
|
31.01.2012, 09:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ --> 4 Funde u.a. HTML/Infected.WebPage.Gen2 |
|
31.01.2012, 21:13
| #7 |
| | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Das war mein erster Scann mit Malwarebytes. Es gibt 3 txt-Dateien bei den Logdateien. Die kann ich dir nochmal hier einfügen. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.30.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sarah :: GAMERPC [Administrator] Schutz: Aktiviert 30.01.2012 21:15:38 mbam-log-2012-01-30 (21-15-38).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 601362 Laufzeit: 2 Stunde(n), 41 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 2012/01/31 01:35:55 +0100 GAMERPC Sarah MESSAGE Stopping IP protection
2012/01/31 01:36:17 +0100 GAMERPC Sarah MESSAGE IP Protection stopped
2012/01/31 06:22:57 +0100 GAMERPC Sarah MESSAGE Executing scheduled update: Daily
2012/01/31 06:23:55 +0100 GAMERPC Sarah MESSAGE Starting database refresh
2012/01/31 06:23:55 +0100 GAMERPC Sarah MESSAGE Scheduled update executed successfully: database updated from version v2012.01.30.03 to version v2012.01.31.02
2012/01/31 06:23:56 +0100 GAMERPC Sarah MESSAGE Database refreshed successfully
2012/01/31 21:04:44 +0100 GAMERPC Sarah MESSAGE Starting protection
2012/01/31 21:04:46 +0100 GAMERPC Sarah MESSAGE Protection started successfully
2012/01/31 21:04:49 +0100 GAMERPC Sarah MESSAGE Starting IP protection
2012/01/31 21:04:50 +0100 GAMERPC Sarah MESSAGE IP Protection started successfully
2012/01/31 21:08:55 +0100 GAMERPC Sarah MESSAGE Starting database refresh
2012/01/31 21:08:55 +0100 GAMERPC Sarah MESSAGE Stopping IP protection
2012/01/31 21:09:18 +0100 GAMERPC Sarah MESSAGE IP Protection stopped
2012/01/31 21:09:19 +0100 GAMERPC Sarah MESSAGE Database refreshed successfully
2012/01/31 21:09:19 +0100 GAMERPC Sarah MESSAGE Starting IP protection
2012/01/31 21:09:20 +0100 GAMERPC Sarah MESSAGE IP Protection started successfully
Code:
ATTFilter 2012/01/30 21:13:36 +0100 GAMERPC Sarah MESSAGE Starting protection
2012/01/30 21:13:37 +0100 GAMERPC Sarah MESSAGE Protection started successfully
2012/01/30 21:13:40 +0100 GAMERPC Sarah MESSAGE Starting IP protection
2012/01/30 21:13:41 +0100 GAMERPC Sarah MESSAGE IP Protection started successfully
2012/01/30 21:26:34 +0100 GAMERPC Sarah MESSAGE Executing scheduled update: Daily
2012/01/30 21:26:35 +0100 GAMERPC Sarah MESSAGE Database already up-to-date
|
|
31.01.2012, 21:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2012, 22:58
| #9 |
| | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Okay hab den OTL Quick Scan gemacht und dazu den von dir geposteten Code in das Feld von den Benutzerdefinierten Scans/Fixes eingefügt. Die OTL.txt befindet sich im Anhang, da sie das maximale Limit an Zeichen bei weitem überschreitet. |
|
01.02.2012, 10:59
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4 Funde u.a. HTML/Infected.WebPage.Gen2Zitat:
Du musst den Scripttext den ich geopstet habe bei OTL reinkopieren aber drfst doch kein Logfile da selbst reinstellen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2012, 08:56
| #11 |
| | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Da hab ich mich ja ganz schön blöd angestellt  Heute versuche ich es mal vor der Arbeit und ausgeschlafen. Hier kommt nun die OTL.txt nach dem Scan mit dem Scripttext von dir. Code:
ATTFilter OTL logfile created on: 02.02.2012 08:40:45 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = Y:\Benutzer-Sarah 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,09% Memory free 7,94 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 540,88 Gb Total Space | 483,18 Gb Free Space | 89,33% Space Free | Partition Type: NTFS Drive D: | 491,34 Gb Total Space | 357,26 Gb Free Space | 72,71% Space Free | Partition Type: NTFS Drive Y: | 390,62 Gb Total Space | 268,64 Gb Free Space | 68,77% Space Free | Partition Type: NTFS Drive Z: | 440,17 Gb Total Space | 173,12 Gb Free Space | 39,33% Space Free | Partition Type: NTFS Computer Name: GAMERPC | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.12 17:57:30 | 000,837,696 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\PureSync\PureSyncTray.exe PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe PRC - [2011.08.13 13:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe PRC - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.05.21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe PRC - [2010.03.06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe ========== Modules (No Company Name) ========== MOD - [2011.12.31 00:01:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2011.12.31 00:01:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011.11.19 11:40:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.11.19 11:40:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll MOD - [2011.11.19 11:40:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\89933ca5a3d6ecfddac2f276746e939e\IAStorUtil.ni.dll MOD - [2011.11.19 11:40:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.11.19 11:40:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.11.19 11:40:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.11.19 11:40:21 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.11.19 11:40:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.11.19 11:40:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.27 04:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MOD - [2011.09.15 08:06:40 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.08.13 13:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService) SRV - [2011.02.15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.06.02 12:11:24 | 000,380,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe -- (SynoDrService) SRV - [2010.05.10 11:14:16 | 000,186,848 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.09 19:08:45 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.15 08:06:33 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.15 08:06:33 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.07.20 13:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2011.07.20 13:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3) DRV:64bit: - [2011.06.16 17:10:20 | 000,310,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2011.06.16 17:10:20 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.21 20:28:38 | 000,176,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB) DRV:64bit: - [2011.05.21 20:28:28 | 000,230,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.05.19 14:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2011.05.10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.03.17 21:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011.03.17 21:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.02.18 07:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.04.17 18:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3) DRV:64bit: - [2010.04.17 18:11:50 | 000,044,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3) DRV:64bit: - [2010.04.13 14:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:64bit: - [2010.04.13 14:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2010.04.13 14:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:64bit: - [2010.04.06 13:12:00 | 000,450,048 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187) DRV:64bit: - [2010.02.26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.28 11:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132) DRV:64bit: - [2010.01.20 14:48:56 | 000,332,688 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.15 11:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID) DRV:64bit: - [2009.07.14 19:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.22 17:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.22 17:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2008.05.22 17:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.02.20 16:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts) DRV:64bit: - [2008.02.20 16:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts) DRV:64bit: - [2008.02.20 16:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial) DRV:64bit: - [2007.10.12 02:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV:64bit: - [2007.01.19 02:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.31 12:36:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.26 17:49:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 17:51:41 | 000,000,000 | ---D | M] [2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2011.10.07 18:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.10.07 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} [2012.01.29 09:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions [2012.01.06 15:44:13 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\foxmarks@kei.com [2011.12.14 00:22:50 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\g2eyt7oz.default\extensions\My-Translator@eugenche.com [2011.12.31 12:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.31 12:36:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.31 12:36:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.31 12:36:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.31 12:36:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.31 12:36:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.31 12:36:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.31 12:36:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort14reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.) O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0B9852-81DA-4368-8F04-48EAB596BC8B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell - "" = AutoRun O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell - "" = AutoRun O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk - C:\PROGRA~2\NETGEAR\WG111v2\WG111v2.exe - () MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: PaperPortAnywhere - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort Anywhere\PaperPortAnywhere.exe (OfficeDrop) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.31 22:28:48 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\Archiv [2012.01.31 01:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.31 01:38:04 | 002,322,184 | ---- | C] (ESET) -- Y:\Benutzer-Sarah\esetsmartinstaller_enu.exe [2012.01.30 21:11:44 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2012.01.30 21:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.30 21:11:37 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.30 21:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.30 21:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.30 21:06:07 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- Y:\Benutzer-Sarah\mbam-setup-1.60.0.1800.exe [2012.01.29 10:16:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- Y:\Benutzer-Sarah\OTL.exe [2012.01.29 00:31:53 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\MSC CR [2012.01.26 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.26 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync [2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync [2012.01.24 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes [2012.01.21 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology Data Replicator 3 [2012.01.15 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Western Digital [2012.01.10 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt [2012.01.10 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2012.01.10 18:39:46 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.01.10 18:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2012.01.09 20:32:52 | 000,000,000 | ---D | C] -- Y:\Benutzer-Sarah\Remus [2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JezSoft [2012.01.08 11:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes Folder Watch [2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2012.01.03 19:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology [2012.01.03 19:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology ========== Files - Modified Within 30 Days ========== [2012.02.02 08:39:11 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000UA.job [2012.02.02 08:33:19 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.02 08:33:19 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.02 08:25:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.02 08:25:06 | 3197,820,928 | -HS- | M] () -- C:\hiberfil.sys [2012.01.31 22:50:01 | 000,028,023 | ---- | M] () -- Y:\Benutzer-Sarah\OTL.zip [2012.01.31 06:39:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488404166-3565964607-2528217831-1000Core.job [2012.01.30 21:11:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.30 21:10:12 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.30 21:10:12 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.30 21:10:12 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.30 21:10:12 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.30 21:10:12 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.30 21:05:06 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- Y:\Benutzer-Sarah\mbam-setup-1.60.0.1800.exe [2012.01.29 10:11:17 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable [2012.01.29 00:31:08 | 000,002,677 | ---- | M] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk [2012.01.26 21:04:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.24 22:25:33 | 000,001,344 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.01.24 22:20:21 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\PureSync.lnk [2012.01.21 12:38:41 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk [2012.01.14 21:14:14 | 000,000,045 | -H-- | M] () -- Y:\PP11Thumbs.ptn2 [2012.01.14 21:13:59 | 000,192,524 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn [2012.01.14 21:13:59 | 000,000,316 | -H-- | M] () -- Y:\Benutzer-Sarah\maxdesk.ini2 [2012.01.14 21:13:59 | 000,000,237 | -H-- | M] () -- Y:\Benutzer-Sarah\.ppinfocache [2012.01.14 21:13:59 | 000,000,103 | -H-- | M] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2 [2012.01.14 21:13:45 | 000,192,488 | -H-- | M] () -- Y:\PP11Thumbs.ptn [2012.01.14 21:13:45 | 000,000,111 | -H-- | M] () -- Y:\maxdesk.ini2 [2012.01.14 21:13:34 | 033,411,726 | ---- | M] () -- Y:\Konzip teil 2.pdf [2012.01.10 18:51:08 | 1073,741,824 | ---- | M] () -- Y:\Sarah_TC.ct [2012.01.10 18:39:47 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2012.01.10 18:39:46 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.01.09 20:37:20 | 000,000,202 | -H-- | M] () -- Y:\.ppinfocache [2012.01.09 20:36:29 | 003,117,289 | ---- | M] () -- Y:\Scan_Doc0004.pdf [2012.01.03 21:31:00 | 006,437,392 | ---- | M] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf [2012.01.03 19:35:19 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk ========== Files Created - No Company Name ========== [2012.01.31 22:50:01 | 000,028,023 | ---- | C] () -- Y:\Benutzer-Sarah\OTL.zip [2012.01.30 21:11:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.29 10:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable [2012.01.29 10:10:21 | 000,050,477 | ---- | C] () -- Y:\Benutzer-Sarah\Defogger.exe [2012.01.28 10:37:07 | 000,080,384 | ---- | C] () -- Y:\Benutzer-Sarah\MBRCheck.exe [2012.01.26 21:04:39 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.21 12:38:41 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk [2012.01.14 21:13:59 | 000,000,316 | -H-- | C] () -- Y:\Benutzer-Sarah\maxdesk.ini2 [2012.01.14 21:13:59 | 000,000,237 | -H-- | C] () -- Y:\Benutzer-Sarah\.ppinfocache [2012.01.14 21:13:59 | 000,000,103 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn2 [2012.01.14 21:13:55 | 000,192,524 | -H-- | C] () -- Y:\Benutzer-Sarah\PP11Thumbs.ptn [2012.01.14 21:11:42 | 033,411,726 | ---- | C] () -- Y:\Konzip teil 2.pdf [2012.01.10 18:50:59 | 1073,741,824 | ---- | C] () -- Y:\Sarah_TC.ct [2012.01.10 18:39:47 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2012.01.09 20:37:20 | 000,000,202 | -H-- | C] () -- Y:\.ppinfocache [2012.01.09 20:37:19 | 000,000,111 | -H-- | C] () -- Y:\maxdesk.ini2 [2012.01.09 20:36:22 | 000,000,045 | -H-- | C] () -- Y:\PP11Thumbs.ptn2 [2012.01.09 20:36:06 | 003,117,289 | ---- | C] () -- Y:\Scan_Doc0004.pdf [2012.01.09 20:35:43 | 000,192,488 | -H-- | C] () -- Y:\PP11Thumbs.ptn [2012.01.08 11:57:56 | 000,002,677 | ---- | C] () -- C:\Users\Public\Desktop\iTunes Folder Watch (Manual).lnk [2012.01.03 21:30:59 | 006,437,392 | ---- | C] () -- Y:\Benutzer-Sarah\Syno_UsersGuide_NAServer_deu.pdf [2012.01.03 19:32:31 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2011.11.16 19:40:19 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.16 12:04:57 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp [2011.10.08 17:44:41 | 000,241,149 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.09.28 12:49:18 | 000,186,848 | ---- | C] () -- C:\Windows\SysWow64\WinService.exe [2011.08.13 13:13:10 | 000,034,481 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.01.14 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.oit [2011.10.16 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.20 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1 [2011.10.07 18:09:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\conkeror.mozdev.org [2012.02.02 08:25:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox [2012.01.24 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jumping Bytes [2011.10.06 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech [2011.10.07 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\lingDIALOG [2011.09.28 14:11:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mirabyte [2011.11.16 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nuance [2011.09.28 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Opera [2011.10.07 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ProtectDISC [2011.10.07 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird [2012.01.10 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt [2011.12.20 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Wacom [2011.12.20 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011.11.16 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Zeon [2012.01.06 11:23:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.14 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\.oit [2011.10.02 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Adobe [2011.12.27 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Apple Computer [2011.10.15 10:53:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Avira [2011.10.16 10:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.20 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\com.sumopaint.bamboo.E63110E28E55D139F7D67D94E57B73BDB07BA618.1 [2011.10.07 18:09:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\conkeror.mozdev.org [2012.02.02 08:25:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox [2011.11.16 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FLEXnet [2011.10.08 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\HP [2012.01.01 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\HpUpdate [2011.09.28 12:02:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Identities [2011.09.28 12:49:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\InstallShield [2011.09.28 12:02:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Intel Corporation [2012.01.24 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Jumping Bytes [2011.10.06 13:09:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech [2011.10.07 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\lingDIALOG [2011.10.06 12:26:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Logishrd [2011.10.06 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Logitech [2011.09.28 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Macromedia [2012.01.30 21:11:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2010.11.21 08:00:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Media Center Programs [2012.01.01 18:21:59 | 000,000,000 | --SD | M] -- C:\Users\Sarah\AppData\Roaming\Microsoft [2011.09.28 14:11:43 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mirabyte [2011.09.28 12:20:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla [2011.11.16 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nuance [2011.09.28 21:29:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\NVIDIA [2011.09.28 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Opera [2011.10.07 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ProtectDISC [2011.10.07 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Thunderbird [2012.01.10 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt [2011.10.01 13:27:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\vlc [2011.12.20 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Wacom [2011.12.20 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011.12.20 20:10:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WTablet [2011.11.16 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.12.20 20:21:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Sarah\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.10.06 13:09:27 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.12.24 22:51:11 | 000,010,134 | R--- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b8d31a7001998667\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.09.15 08:06:33 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.09.15 08:06:33 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2009.07.14 02:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\scrrun.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:FD9CE1F3 < End of report > |
|
02.02.2012, 16:27
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell - "" = AutoRun
O33 - MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\Shell\AutoRun\command - "" = J:\AutoRun.exe
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:FD9CE1F3
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2012, 09:37
| #13 |
| | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Den Fix hab ich durchgeführt. Nachdem OTL fertig war, wurde ein Neustart nötig. Dabei ist Windwos beim Abmelden hängen geblieben. Nachdem der Abmeldebildschirm 5 min zu sehen war und der Rechner auch keine Arbeitsgeräusche gemacht hat, habe ich ihn manuel ausgeschalten. Er fuhr danach wieder normal hoch, nur mit dem Hinweis, dass Windows nicht richtig beendet wurde. Habe ihn im normalen Modus gestartet. Nach dem Hochfahren wurde die neu OTL.txt angezeigt Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09471378-3f72-11e1-b442-6c626d3b67fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09471378-3f72-11e1-b442-6c626d3b67fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09471378-3f72-11e1-b442-6c626d3b67fb}\ not found.
File "L:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904bc750-e9c1-11e0-b33b-6c626d3b67fb}\ not found.
File J:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:FD9CE1F3 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Sarah
->Temp folder emptied: 265251073 bytes
->Temporary Internet Files folder emptied: 234542330 bytes
->Java cache emptied: 22548025 bytes
->FireFox cache emptied: 1056224354 bytes
->Google Chrome cache emptied: 13554609 bytes
->Opera cache emptied: 924445 bytes
->Flash cache emptied: 81464 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196073176 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 17580832470 bytes
Total Files Cleaned = 18.473,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02032012_090809
Files\Folders moved on Reboot...
C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
03.02.2012, 12:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2012, 10:16
| #15 |
| | 4 Funde u.a. HTML/Infected.WebPage.Gen2 Endlich Wochenende TDSSKiller von Kaspersky habe ich nach deiner Anleitung durchgeführt und es gab keine Funde. Code:
ATTFilter 10:12:15.0190 4036 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:12:15.0378 4036 ============================================================
10:12:15.0378 4036 Current date / time: 2012/02/04 10:12:15.0378
10:12:15.0378 4036 SystemInfo:
10:12:15.0378 4036
10:12:15.0378 4036 OS Version: 6.1.7601 ServicePack: 1.0
10:12:15.0378 4036 Product type: Workstation
10:12:15.0378 4036 ComputerName: GAMERPC
10:12:15.0378 4036 UserName: Sarah
10:12:15.0378 4036 Windows directory: C:\Windows
10:12:15.0378 4036 System windows directory: C:\Windows
10:12:15.0378 4036 Running under WOW64
10:12:15.0378 4036 Processor architecture: Intel x64
10:12:15.0378 4036 Number of processors: 4
10:12:15.0378 4036 Page size: 0x1000
10:12:15.0378 4036 Boot type: Normal boot
10:12:15.0378 4036 ============================================================
10:12:16.0133 4036 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:12:16.0154 4036 \Device\Harddisk0\DR0:
10:12:16.0154 4036 MBR used
10:12:16.0154 4036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x439C3000
10:12:16.0195 4036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x439C4000, BlocksNum 0x30D3F000
10:12:16.0195 4036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x74703800, BlocksNum 0x3D6AF000
10:12:16.0195 4036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xB1DB3000, BlocksNum 0x37054800
10:12:16.0387 4036 Initialize success
10:12:16.0387 4036 ============================================================
10:12:56.0737 2908 ============================================================
10:12:56.0737 2908 Scan started
10:12:56.0737 2908 Mode: Manual; SigCheck; TDLFS;
10:12:56.0737 2908 ============================================================
10:12:57.0052 2908 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
10:12:57.0231 2908 1394ohci - ok
10:12:57.0338 2908 acedrv11 (894ea27aaadbb8792ab67a767bd5df62) C:\Windows\system32\drivers\acedrv11.sys
10:12:57.0651 2908 acedrv11 - ok
10:12:57.0734 2908 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:12:57.0753 2908 ACPI - ok
10:12:57.0774 2908 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:12:57.0906 2908 AcpiPmi - ok
10:12:57.0970 2908 adp3132 (132190688d8e51d61f88a150d7df9fb4) C:\Windows\system32\drivers\adp3132.sys
10:12:57.0992 2908 adp3132 - ok
10:12:58.0017 2908 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:12:58.0037 2908 adp94xx - ok
10:12:58.0071 2908 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:12:58.0086 2908 adpahci - ok
10:12:58.0109 2908 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:12:58.0121 2908 adpu320 - ok
10:12:58.0210 2908 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:12:58.0306 2908 AFD - ok
10:12:58.0338 2908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:12:58.0371 2908 agp440 - ok
10:12:58.0402 2908 ahcix64s (af53917d9741a84627fa689ea622558a) C:\Windows\system32\drivers\ahcix64s.sys
10:12:58.0419 2908 ahcix64s - ok
10:12:58.0445 2908 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:12:58.0457 2908 aliide - ok
10:12:58.0494 2908 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\drivers\amdhub30.sys
10:12:58.0507 2908 amdhub30 - ok
10:12:58.0515 2908 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:12:58.0527 2908 amdide - ok
10:12:58.0588 2908 amdide64 (d52a2e98c5eeff88ced28793b6b04d84) C:\Windows\system32\drivers\amdide64.sys
10:12:58.0598 2908 amdide64 - ok
10:12:58.0623 2908 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:12:58.0691 2908 AmdK8 - ok
10:12:58.0700 2908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:12:58.0747 2908 AmdPPM - ok
10:12:58.0782 2908 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:12:58.0800 2908 amdsata - ok
10:12:58.0825 2908 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:12:58.0844 2908 amdsbs - ok
10:12:58.0908 2908 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:12:58.0922 2908 amdxata - ok
10:12:58.0954 2908 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\drivers\amdxhc.sys
10:12:58.0971 2908 amdxhc - ok
10:12:58.0999 2908 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\drivers\amd_sata.sys
10:12:59.0030 2908 amd_sata - ok
10:12:59.0052 2908 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\drivers\amd_xata.sys
10:12:59.0063 2908 amd_xata - ok
10:12:59.0146 2908 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:12:59.0279 2908 AppID - ok
10:12:59.0331 2908 arc (d73aad4946051d074909fdfd34d94c7b) C:\Windows\system32\drivers\arc.sys
10:12:59.0339 2908 arc - ok
10:12:59.0356 2908 arcsas (46e8c3eb03224a1e55c6f0c100a9d2cc) C:\Windows\system32\drivers\arcsas.sys
10:12:59.0365 2908 arcsas - ok
10:12:59.0385 2908 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\drivers\asmthub3.sys
10:12:59.0393 2908 asmthub3 - ok
10:12:59.0422 2908 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\drivers\asmtxhci.sys
10:12:59.0435 2908 asmtxhci - ok
10:12:59.0472 2908 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:12:59.0614 2908 AsyncMac - ok
10:12:59.0675 2908 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:12:59.0690 2908 atapi - ok
10:12:59.0743 2908 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
10:12:59.0760 2908 avgntflt - ok
10:12:59.0842 2908 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
10:12:59.0858 2908 avipbb - ok
10:12:59.0884 2908 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:12:59.0894 2908 avkmgr - ok
10:13:00.0001 2908 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:13:00.0054 2908 b06bdrv - ok
10:13:00.0126 2908 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:13:00.0198 2908 b57nd60a - ok
10:13:00.0263 2908 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:13:00.0322 2908 Beep - ok
10:13:00.0378 2908 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:13:00.0463 2908 blbdrive - ok
10:13:00.0512 2908 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:13:00.0633 2908 bowser - ok
10:13:00.0702 2908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:13:00.0758 2908 BrFiltLo - ok
10:13:00.0806 2908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:13:00.0826 2908 BrFiltUp - ok
10:13:00.0870 2908 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:13:00.0942 2908 Brserid - ok
10:13:00.0962 2908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:13:01.0014 2908 BrSerWdm - ok
10:13:01.0028 2908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:13:01.0122 2908 BrUsbMdm - ok
10:13:01.0185 2908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:13:01.0211 2908 BrUsbSer - ok
10:13:01.0253 2908 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:13:01.0277 2908 BTHMODEM - ok
10:13:01.0326 2908 busenum (fc278504bfa3ac7e9ed92359d0ee7282) C:\Windows\system32\DRIVERS\busenum.sys
10:13:01.0337 2908 busenum - ok
10:13:01.0350 2908 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:13:01.0418 2908 cdfs - ok
10:13:01.0434 2908 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:13:01.0482 2908 cdrom - ok
10:13:01.0492 2908 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:13:01.0519 2908 circlass - ok
10:13:01.0552 2908 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:13:01.0570 2908 CLFS - ok
10:13:01.0611 2908 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:13:01.0641 2908 CmBatt - ok
10:13:01.0658 2908 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:13:01.0671 2908 cmdide - ok
10:13:01.0697 2908 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:13:01.0732 2908 CNG - ok
10:13:01.0774 2908 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:13:01.0789 2908 Compbatt - ok
10:13:01.0818 2908 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:13:01.0882 2908 CompositeBus - ok
10:13:01.0907 2908 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:13:01.0922 2908 crcdisk - ok
10:13:01.0991 2908 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:13:02.0071 2908 DfsC - ok
10:13:02.0119 2908 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:13:02.0162 2908 discache - ok
10:13:02.0209 2908 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:13:02.0226 2908 Disk - ok
10:13:02.0300 2908 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:13:02.0339 2908 Dot4 - ok
10:13:02.0358 2908 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:13:02.0375 2908 Dot4Print - ok
10:13:02.0404 2908 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:13:02.0434 2908 dot4usb - ok
10:13:02.0480 2908 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:13:02.0504 2908 drmkaud - ok
10:13:02.0538 2908 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:13:02.0569 2908 DXGKrnl - ok
10:13:02.0633 2908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:13:02.0693 2908 ebdrv - ok
10:13:02.0737 2908 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:13:02.0763 2908 elxstor - ok
10:13:02.0792 2908 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:13:02.0819 2908 ErrDev - ok
10:13:02.0856 2908 EtronHub3 (3663291d0d26001a2bb67678ab61d14c) C:\Windows\System32\Drivers\EtronHub3.sys
10:13:02.0925 2908 EtronHub3 - ok
10:13:02.0947 2908 EtronXHCI (744420d6c062c38f7361870f010d6d4b) C:\Windows\System32\Drivers\EtronXHCI.sys
10:13:02.0970 2908 EtronXHCI - ok
10:13:03.0000 2908 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:13:03.0060 2908 exfat - ok
10:13:03.0098 2908 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:13:03.0137 2908 fastfat - ok
10:13:03.0170 2908 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:13:03.0207 2908 fdc - ok
10:13:03.0258 2908 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:13:03.0274 2908 FileInfo - ok
10:13:03.0285 2908 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:13:03.0337 2908 Filetrace - ok
10:13:03.0354 2908 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:13:03.0363 2908 flpydisk - ok
10:13:03.0394 2908 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:13:03.0418 2908 FltMgr - ok
10:13:03.0438 2908 FLxHCIc (e35f19855192d025da41e8dfa318206a) C:\Windows\system32\drivers\FLxHCIc.sys
10:13:03.0472 2908 FLxHCIc - ok
10:13:03.0519 2908 FLxHCIh (bbbd5d42d8cb3ad0f43f7bc4db92eb5e) C:\Windows\system32\drivers\FLxHCIh.sys
10:13:03.0594 2908 FLxHCIh - ok
10:13:03.0610 2908 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:13:03.0623 2908 FsDepends - ok
10:13:03.0650 2908 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:13:03.0662 2908 fssfltr - ok
10:13:03.0698 2908 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:13:03.0710 2908 Fs_Rec - ok
10:13:03.0733 2908 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:13:03.0749 2908 fvevol - ok
10:13:03.0789 2908 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:13:03.0805 2908 gagp30kx - ok
10:13:03.0844 2908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:13:03.0856 2908 GEARAspiWDM - ok
10:13:03.0877 2908 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:13:03.0924 2908 hcw85cir - ok
10:13:03.0957 2908 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:13:04.0002 2908 HdAudAddService - ok
10:13:04.0031 2908 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:13:04.0065 2908 HDAudBus - ok
10:13:04.0086 2908 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:13:04.0116 2908 HidBatt - ok
10:13:04.0136 2908 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:13:04.0159 2908 HidBth - ok
10:13:04.0193 2908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:13:04.0214 2908 HidIr - ok
10:13:04.0256 2908 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:13:04.0319 2908 HidUsb - ok
10:13:04.0361 2908 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:13:04.0377 2908 HpSAMD - ok
10:13:04.0400 2908 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:13:04.0471 2908 HTTP - ok
10:13:04.0492 2908 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:13:04.0498 2908 hwpolicy - ok
10:13:04.0541 2908 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:13:04.0580 2908 i8042prt - ok
10:13:04.0601 2908 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
10:13:04.0621 2908 iaStor - ok
10:13:04.0670 2908 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:13:04.0694 2908 iaStorV - ok
10:13:04.0715 2908 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:13:04.0729 2908 iirsp - ok
10:13:04.0769 2908 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
10:13:04.0808 2908 Impcd - ok
10:13:04.0894 2908 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
10:13:04.0943 2908 IntcAzAudAddService - ok
10:13:04.0964 2908 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:13:04.0972 2908 intelide - ok
10:13:05.0017 2908 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:13:05.0044 2908 intelppm - ok
10:13:05.0083 2908 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:13:05.0124 2908 IpFilterDriver - ok
10:13:05.0136 2908 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:13:05.0180 2908 IPMIDRV - ok
10:13:05.0197 2908 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:13:05.0241 2908 IPNAT - ok
10:13:05.0295 2908 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:13:05.0372 2908 IRENUM - ok
10:13:05.0392 2908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:13:05.0406 2908 isapnp - ok
10:13:05.0445 2908 ISASerial (ac45d94185cf67267d06bf2f45e9e31e) C:\Windows\system32\drivers\ISASerial.sys
10:13:05.0508 2908 ISASerial - ok
10:13:05.0559 2908 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:13:05.0581 2908 iScsiPrt - ok
10:13:05.0594 2908 JRAID (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\drivers\jraid.sys
10:13:05.0603 2908 JRAID - ok
10:13:05.0643 2908 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:13:05.0658 2908 kbdclass - ok
10:13:05.0681 2908 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:13:05.0711 2908 kbdhid - ok
10:13:05.0753 2908 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:13:05.0770 2908 KSecDD - ok
10:13:05.0794 2908 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:13:05.0814 2908 KSecPkg - ok
10:13:05.0830 2908 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:13:05.0885 2908 ksthunk - ok
10:13:05.0970 2908 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:13:05.0985 2908 LHidFilt - ok
10:13:06.0016 2908 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:13:06.0089 2908 lltdio - ok
10:13:06.0099 2908 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:13:06.0106 2908 LMouFilt - ok
10:13:06.0136 2908 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:13:06.0145 2908 LSI_FC - ok
10:13:06.0159 2908 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:13:06.0168 2908 LSI_SAS - ok
10:13:06.0180 2908 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:13:06.0189 2908 LSI_SAS2 - ok
10:13:06.0204 2908 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:13:06.0213 2908 LSI_SCSI - ok
10:13:06.0238 2908 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:13:06.0276 2908 luafv - ok
10:13:06.0344 2908 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:13:06.0355 2908 MBAMProtector - ok
10:13:06.0386 2908 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
10:13:06.0395 2908 MBfilt - ok
10:13:06.0414 2908 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:13:06.0429 2908 megasas - ok
10:13:06.0446 2908 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:13:06.0468 2908 MegaSR - ok
10:13:06.0490 2908 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:13:06.0528 2908 Modem - ok
10:13:06.0563 2908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:13:06.0594 2908 monitor - ok
10:13:06.0611 2908 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:13:06.0626 2908 mouclass - ok
10:13:06.0656 2908 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:13:06.0701 2908 mouhid - ok
10:13:06.0736 2908 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:13:06.0748 2908 mountmgr - ok
10:13:06.0763 2908 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:13:06.0781 2908 mpio - ok
10:13:06.0798 2908 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:13:06.0850 2908 mpsdrv - ok
10:13:06.0872 2908 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:13:06.0899 2908 MRxDAV - ok
10:13:06.0951 2908 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:13:07.0055 2908 mrxsmb - ok
10:13:07.0075 2908 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:13:07.0099 2908 mrxsmb10 - ok
10:13:07.0107 2908 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:13:07.0119 2908 mrxsmb20 - ok
10:13:07.0130 2908 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:13:07.0138 2908 msahci - ok
10:13:07.0155 2908 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:13:07.0165 2908 msdsm - ok
10:13:07.0186 2908 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:13:07.0250 2908 Msfs - ok
10:13:07.0281 2908 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:13:07.0329 2908 mshidkmdf - ok
10:13:07.0350 2908 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:13:07.0358 2908 msisadrv - ok
10:13:07.0395 2908 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:13:07.0418 2908 MSKSSRV - ok
10:13:07.0430 2908 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:13:07.0476 2908 MSPCLOCK - ok
10:13:07.0488 2908 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:13:07.0545 2908 MSPQM - ok
10:13:07.0566 2908 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:13:07.0580 2908 MsRPC - ok
10:13:07.0601 2908 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:13:07.0606 2908 mssmbios - ok
10:13:07.0635 2908 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:13:07.0663 2908 MSTEE - ok
10:13:07.0685 2908 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:13:07.0700 2908 MTConfig - ok
10:13:07.0751 2908 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\drivers\ASACPI.sys
10:13:07.0762 2908 MTsensor - ok
10:13:07.0798 2908 MtsHID (07ad6825d5c658595cab7f8f5849401c) C:\Windows\system32\drivers\MtsHID.sys
10:13:07.0810 2908 MtsHID - ok
10:13:07.0819 2908 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:13:07.0833 2908 Mup - ok
10:13:07.0839 2908 mv91cons (3f70e83c6a9f617d649a82149d337724) C:\Windows\system32\drivers\mv91cons.sys
10:13:07.0846 2908 mv91cons - ok
10:13:07.0861 2908 mv91xx (611ebe534df049ad9413552fa81ecf75) C:\Windows\system32\drivers\mv91xx.sys
10:13:07.0894 2908 mv91xx - ok
10:13:07.0932 2908 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:13:07.0968 2908 NativeWifiP - ok
10:13:08.0042 2908 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:13:08.0073 2908 NDIS - ok
10:13:08.0108 2908 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:13:08.0152 2908 NdisCap - ok
10:13:08.0173 2908 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:13:08.0317 2908 NdisTapi - ok
10:13:08.0352 2908 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:13:08.0377 2908 Ndisuio - ok
10:13:08.0400 2908 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:13:08.0436 2908 NdisWan - ok
10:13:08.0460 2908 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:13:08.0495 2908 NDProxy - ok
10:13:08.0524 2908 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:13:08.0588 2908 NetBIOS - ok
10:13:08.0608 2908 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:13:08.0631 2908 NetBT - ok
10:13:08.0688 2908 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:13:08.0703 2908 nfrd960 - ok
10:13:08.0711 2908 NmPar - ok
10:13:08.0718 2908 nmserial - ok
10:13:08.0733 2908 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:13:08.0776 2908 Npfs - ok
10:13:08.0818 2908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:13:08.0877 2908 nsiproxy - ok
10:13:08.0927 2908 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:13:08.0967 2908 Ntfs - ok
10:13:08.0979 2908 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:13:09.0014 2908 Null - ok
10:13:09.0062 2908 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:13:09.0140 2908 nusb3hub - ok
10:13:09.0163 2908 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:13:09.0234 2908 nusb3xhc - ok
10:13:09.0246 2908 nvamacpi (7fd5c060cb907489a5702f628226f54a) C:\Windows\system32\drivers\NVAMACPI.sys
10:13:09.0258 2908 nvamacpi - ok
10:13:09.0297 2908 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
10:13:09.0314 2908 NVHDA - ok
10:13:09.0545 2908 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:13:09.0683 2908 nvlddmkm - ok
10:13:09.0744 2908 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:13:09.0763 2908 nvraid - ok
10:13:09.0779 2908 nvrd64 (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\drivers\nvrd64.sys
10:13:09.0796 2908 nvrd64 - ok
10:13:09.0813 2908 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\drivers\nvsmu.sys
10:13:09.0825 2908 nvsmu - ok
10:13:09.0847 2908 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:13:09.0866 2908 nvstor - ok
10:13:09.0903 2908 nvstor64 (05de5dc43afe6cab78f9c7ca044cbcbe) C:\Windows\system32\drivers\nvstor64.sys
10:13:09.0923 2908 nvstor64 - ok
10:13:09.0966 2908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:13:09.0984 2908 nv_agp - ok
10:13:10.0006 2908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:13:10.0029 2908 ohci1394 - ok
10:13:10.0076 2908 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:13:10.0107 2908 Parport - ok
10:13:10.0129 2908 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:13:10.0145 2908 partmgr - ok
10:13:10.0179 2908 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:13:10.0197 2908 pci - ok
10:13:10.0250 2908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:13:10.0263 2908 pciide - ok
10:13:10.0304 2908 PciIsaSerial (d7c203015e2c2a2eac8dacef156d8dc3) C:\Windows\system32\drivers\PciIsaSerial.sys
10:13:10.0374 2908 PciIsaSerial - ok
10:13:10.0395 2908 PciPPorts (088b509b2f35a3cee00ac0e0bc4c5bed) C:\Windows\system32\drivers\PciPPorts.sys
10:13:10.0447 2908 PciPPorts - ok
10:13:10.0457 2908 PciSPorts (7f97cdd5e91fc73da2b01344957aa058) C:\Windows\system32\drivers\PciSPorts.sys
10:13:10.0498 2908 PciSPorts - ok
10:13:10.0537 2908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:13:10.0559 2908 pcmcia - ok
10:13:10.0583 2908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:13:10.0598 2908 pcw - ok
10:13:10.0661 2908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:13:10.0745 2908 PEAUTH - ok
10:13:10.0794 2908 PPorts (14c04684a25c221ebe2105d169b4b6ff) C:\Windows\system32\drivers\PPorts.sys
10:13:10.0808 2908 PPorts - ok
10:13:10.0835 2908 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:13:10.0900 2908 PptpMiniport - ok
10:13:10.0921 2908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:13:10.0937 2908 Processor - ok
10:13:10.0960 2908 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:13:10.0991 2908 Psched - ok
10:13:11.0026 2908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:13:11.0057 2908 ql2300 - ok
10:13:11.0082 2908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:13:11.0093 2908 ql40xx - ok
10:13:11.0100 2908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:13:11.0113 2908 QWAVEdrv - ok
10:13:11.0133 2908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:13:11.0157 2908 RasAcd - ok
10:13:11.0189 2908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:13:11.0229 2908 RasAgileVpn - ok
10:13:11.0247 2908 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:13:11.0273 2908 Rasl2tp - ok
10:13:11.0288 2908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:13:11.0343 2908 RasPppoe - ok
10:13:11.0385 2908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:13:11.0425 2908 RasSstp - ok
10:13:11.0441 2908 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:13:11.0470 2908 rdbss - ok
10:13:11.0488 2908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:13:11.0506 2908 rdpbus - ok
10:13:11.0517 2908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:13:11.0539 2908 RDPCDD - ok
10:13:11.0554 2908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:13:11.0585 2908 RDPENCDD - ok
10:13:11.0624 2908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:13:11.0646 2908 RDPREFMP - ok
10:13:11.0669 2908 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:13:11.0696 2908 RDPWD - ok
10:13:11.0737 2908 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:13:11.0759 2908 rdyboost - ok
10:13:11.0778 2908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:13:11.0825 2908 rspndr - ok
10:13:11.0910 2908 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:13:11.0932 2908 RTL8167 - ok
10:13:11.0984 2908 RTL8187 (d4af0298e0031aeed81b241ff56e95d1) C:\Windows\system32\DRIVERS\wg111v2.sys
10:13:12.0025 2908 RTL8187 - ok
10:13:12.0041 2908 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:13:12.0059 2908 sbp2port - ok
10:13:12.0079 2908 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:13:12.0127 2908 scfilter - ok
10:13:12.0181 2908 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
10:13:12.0193 2908 SCMNdisP - ok
10:13:12.0225 2908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:13:12.0265 2908 secdrv - ok
10:13:12.0309 2908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:13:12.0336 2908 Serenum - ok
10:13:12.0370 2908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:13:12.0402 2908 Serial - ok
10:13:12.0419 2908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:13:12.0446 2908 sermouse - ok
10:13:12.0474 2908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:13:12.0492 2908 sffdisk - ok
10:13:12.0499 2908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:13:12.0523 2908 sffp_mmc - ok
10:13:12.0536 2908 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:13:12.0564 2908 sffp_sd - ok
10:13:12.0572 2908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:13:12.0592 2908 sfloppy - ok
10:13:12.0629 2908 Si3124r5 (da492c8305434ec6f9bdd60c8b83b10e) C:\Windows\system32\drivers\Si3124r5.sys
10:13:12.0655 2908 Si3124r5 - ok
10:13:12.0681 2908 SiFilter (8d10887a1699cf61e74467694b929b09) C:\Windows\system32\drivers\SiWinAcc.sys
10:13:12.0692 2908 SiFilter - ok
10:13:12.0711 2908 SiRemFil (94e1eda9a0b305a67ee1bbd0a68ce21a) C:\Windows\system32\drivers\SiRemFil.sys
10:13:12.0722 2908 SiRemFil - ok
10:13:12.0757 2908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:13:12.0772 2908 SiSRaid2 - ok
10:13:12.0789 2908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:13:12.0803 2908 SiSRaid4 - ok
10:13:12.0824 2908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:13:12.0867 2908 Smb - ok
10:13:12.0893 2908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:13:12.0900 2908 spldr - ok
10:13:12.0922 2908 SPorts (739c2571867f351167d1d958990e9d84) C:\Windows\system32\drivers\SPorts.sys
10:13:12.0948 2908 SPorts - ok
10:13:12.0993 2908 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:13:13.0025 2908 srv - ok
10:13:13.0044 2908 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:13:13.0095 2908 srv2 - ok
10:13:13.0153 2908 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:13:13.0202 2908 srvnet - ok
10:13:13.0220 2908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:13:13.0250 2908 stexstor - ok
10:13:13.0262 2908 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:13:13.0308 2908 StillCam - ok
10:13:13.0333 2908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:13:13.0340 2908 swenum - ok
10:13:13.0471 2908 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:13:13.0528 2908 Tcpip - ok
10:13:13.0551 2908 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:13:13.0575 2908 TCPIP6 - ok
10:13:13.0595 2908 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:13:13.0629 2908 tcpipreg - ok
10:13:13.0650 2908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:13:13.0673 2908 TDPIPE - ok
10:13:13.0693 2908 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:13:13.0717 2908 TDTCP - ok
10:13:13.0753 2908 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:13:13.0778 2908 tdx - ok
10:13:13.0797 2908 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:13:13.0805 2908 TermDD - ok
10:13:13.0816 2908 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\Windows\system32\drivers\tihub3.sys
10:13:13.0825 2908 tihub3 - ok
10:13:13.0869 2908 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\Windows\system32\drivers\tixhci.sys
10:13:13.0892 2908 tixhci - ok
10:13:13.0925 2908 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
10:13:13.0936 2908 truecrypt - ok
10:13:13.0990 2908 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:13:14.0051 2908 tssecsrv - ok
10:13:14.0073 2908 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:13:14.0134 2908 TsUsbFlt - ok
10:13:14.0143 2908 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:13:14.0166 2908 TsUsbGD - ok
10:13:14.0226 2908 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:13:14.0291 2908 tunnel - ok
10:13:14.0299 2908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:13:14.0309 2908 uagp35 - ok
10:13:14.0332 2908 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:13:14.0374 2908 udfs - ok
10:13:14.0424 2908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:13:14.0438 2908 uliagpkx - ok
10:13:14.0454 2908 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:13:14.0500 2908 umbus - ok
10:13:14.0537 2908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:13:14.0569 2908 UmPass - ok
10:13:14.0618 2908 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:13:14.0673 2908 USBAAPL64 - ok
10:13:14.0702 2908 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:13:14.0732 2908 usbccgp - ok
10:13:14.0741 2908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:13:14.0797 2908 usbcir - ok
10:13:14.0830 2908 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:13:14.0877 2908 usbehci - ok
10:13:14.0920 2908 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:13:14.0961 2908 usbhub - ok
10:13:14.0981 2908 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:13:15.0009 2908 usbohci - ok
10:13:15.0022 2908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:13:15.0076 2908 usbprint - ok
10:13:15.0150 2908 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:13:15.0171 2908 usbscan - ok
10:13:15.0209 2908 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:13:15.0273 2908 USBSTOR - ok
10:13:15.0295 2908 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:13:15.0323 2908 usbuhci - ok
10:13:15.0383 2908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:13:15.0397 2908 vdrvroot - ok
10:13:15.0407 2908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:13:15.0425 2908 vga - ok
10:13:15.0444 2908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:13:15.0472 2908 VgaSave - ok
10:13:15.0491 2908 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:13:15.0504 2908 vhdmp - ok
10:13:15.0525 2908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:13:15.0533 2908 viaide - ok
10:13:15.0545 2908 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:13:15.0561 2908 volmgr - ok
10:13:15.0584 2908 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:13:15.0602 2908 volmgrx - ok
10:13:15.0622 2908 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:13:15.0635 2908 volsnap - ok
10:13:15.0657 2908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:13:15.0668 2908 vsmraid - ok
10:13:15.0714 2908 VUSB3HUB (5be34bfade20ff6c154b4663605b6212) C:\Windows\system32\drivers\ViaHub3.sys
10:13:15.0765 2908 VUSB3HUB - ok
10:13:15.0785 2908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:13:15.0850 2908 vwifibus - ok
10:13:15.0918 2908 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:13:15.0951 2908 vwififlt - ok
10:13:15.0988 2908 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:13:16.0034 2908 vwifimp - ok
10:13:16.0082 2908 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:13:16.0092 2908 wacommousefilter - ok
10:13:16.0101 2908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:13:16.0134 2908 WacomPen - ok
10:13:16.0204 2908 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
10:13:16.0214 2908 wacomvhid - ok
10:13:16.0239 2908 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:13:16.0297 2908 WANARP - ok
10:13:16.0333 2908 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:13:16.0364 2908 Wanarpv6 - ok
10:13:16.0390 2908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:13:16.0398 2908 Wd - ok
10:13:16.0419 2908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:13:16.0461 2908 Wdf01000 - ok
10:13:16.0491 2908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:13:16.0514 2908 WfpLwf - ok
10:13:16.0561 2908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:13:16.0575 2908 WIMMount - ok
10:13:16.0618 2908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:13:16.0628 2908 WmiAcpi - ok
10:13:16.0666 2908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:13:16.0699 2908 ws2ifsl - ok
10:13:16.0760 2908 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:13:16.0811 2908 WSDPrintDevice - ok
10:13:16.0850 2908 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:13:16.0901 2908 WudfPf - ok
10:13:16.0948 2908 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:13:16.0989 2908 WUDFRd - ok
10:13:17.0000 2908 xhcdrv (109b6f1888845661d19b7a458776d5d1) C:\Windows\system32\drivers\xhcdrv.sys
10:13:17.0044 2908 xhcdrv - ok
10:13:17.0067 2908 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:13:17.0185 2908 \Device\Harddisk0\DR0 - ok
10:13:17.0188 2908 Boot (0x1200) (a3e6a8ec4d921066e565a49dd844cc22) \Device\Harddisk0\DR0\Partition0
10:13:17.0189 2908 \Device\Harddisk0\DR0\Partition0 - ok
10:13:17.0202 2908 Boot (0x1200) (ffa48af3a7600d8c9a6fe9c09ad1c272) \Device\Harddisk0\DR0\Partition1
10:13:17.0222 2908 \Device\Harddisk0\DR0\Partition1 - ok
10:13:17.0281 2908 Boot (0x1200) (9469f3b95b96002b518172b48223e13c) \Device\Harddisk0\DR0\Partition2
10:13:17.0282 2908 \Device\Harddisk0\DR0\Partition2 - ok
10:13:17.0303 2908 Boot (0x1200) (4d4ac8e7fb5d78f4b060bfbc8cdb906f) \Device\Harddisk0\DR0\Partition3
10:13:17.0304 2908 \Device\Harddisk0\DR0\Partition3 - ok
10:13:17.0305 2908 ============================================================
10:13:17.0305 2908 Scan finished
10:13:17.0305 2908 ============================================================
10:13:17.0317 5600 Detected object count: 0
10:13:17.0317 5600 Actual detected object count: 0
|
|
| Themen zu 4 Funde u.a. HTML/Infected.WebPage.Gen2 |
| 7-zip, alternate, antivirus, autorun, avira, bho, bingbar, bonjour, desktop, document, entfernen, error, firefox, flash player, frage, google chrome, helper, home, install.exe, intranet, logfile, microsoft office word, mozilla thunderbird, netgear, nvidia update, officejet, plug-in, realtek, registry, rundll, scan, security, senden, software, synology, tablet, updates, usb 2.0, version=1.0, webcheck, windows, windows 7 home, windows 7 home premium, zeon/pdf |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
