Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.10.2012, 15:41   #1
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Gestern bekam ich zum ersten Mal die Meldung, das Avira Antivir 2012 Premium o.g. Virus oder Trojaner gefunden hat ('C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe). Das System war extrem langsam und ein arbeiten damit nicht mehr möglich (schreibe jetzt im abgesicherten Modus von Windows 7 64Bit).

Auf anderen Internetseiten habe ich schon gesucht und diverse Scans mit anderen Virenscannern versucht, aber bin zu keinem Ergebnis gekommen, System immer noch langsam, Antivir findet ihn immer wieder aufs Neue.

Ich versuche jetzt Eure Anleitung zu befolgen un bedanke mich schon mal im Voraus für Eure Mühen :-)

Alt 14.10.2012, 15:47   #2
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Sorry - die anderen Virenscanner waren Malwarebytes - Logfile finde ich nicht mehr (kann ich ja schnell wiederholen) und Combofix (Logfile im Anhang)
Angehängte Dateien
Dateityp: txt ComboFix.txt (26,8 KB, 191x aufgerufen)
__________________


Alt 24.10.2012, 10:17   #3
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Hi,

Freund der Sonne, wer hat dir geraten Combofix laufen zu lassen?

Das Tool ist tricky und sollte nur eingesetzt werden wenn die Seuche Oberkante Gehäuse überläuft .

Erstmal:

Alle Logfiles bitte in den Thread posten, nix anhängen, das macht das Auswerten schwerer, und Anhänge laden kann ich von Arbeit aus eh nicht.

Dann folge mal dem Guide der hier im Unterforum gepostet ist und lass OTL und Co laufen, poste die Logfiles.

Dann bitte mal zu www.virustotal.com navigieren und die angemeckerte Datei
Zitat:
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
Scannen lassen. Link zum Ergebnis hier posten, irgendwie geh ich ja stark von einem Fehlalarm aus
__________________
__________________

Alt 24.10.2012, 12:46   #4
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Tja, wer war das? Jedenfalls niemand von dieser Seite hier :-)
Fehlalarm wäre ja schön, aber das System läuft ja auch nicht mehr, bzw. ist so extrem langsam, dass es nicht zu bedienen ist (außer im abgesicherten Modus).

Also nun mal die Log-Files.
OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.10.2012 16:24:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 66,02% Memory free
7,36 Gb Paging File | 6,21 Gb Available in Paging File | 84,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 23,40 Gb Free Space | 23,96% Space Free | Partition Type: NTFS
Drive D: | 262,91 Gb Total Space | 32,72 Gb Free Space | 12,44% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 30,66 Gb Free Space | 31,39% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (lxdw_device) -- C:\Windows\SysNative\lxdwcoms.exe ( )
SRV:64bit: - (lxdwCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (QPCopyEngine) -- C:\Programme\Iomega\QuikProtect\QpMonitor.exe ()
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (lxdwCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe ()
SRV - (lxdw_device) -- C:\Windows\SysWOW64\lxdwcoms.exe ( )
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Prosieben) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (QsFsFltr) -- C:\Windows\SysNative\drivers\QsFsFltr.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (arcvad_ds2dhw) -- C:\Windows\SysNative\drivers\ArcVad.sys (ArcSoft, Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\drivers\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\drivers\ifsmount.sys (Stephan Schreiber)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD B4 8C 9D 34 7E CD 01  [binary data]
IE - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "88.152.38.215"
FF - prefs.js..network.proxy.ftp_port: 27306
FF - prefs.js..network.proxy.gopher: "88.152.38.215"
FF - prefs.js..network.proxy.gopher_port: 27306
FF - prefs.js..network.proxy.http: "88.152.38.215"
FF - prefs.js..network.proxy.http_port: 27306
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "88.152.38.215"
FF - prefs.js..network.proxy.socks_port: 27306
FF - prefs.js..network.proxy.ssl: "88.152.38.215"
FF - prefs.js..network.proxy.ssl_port: 27306
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Musik\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Video\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\Video\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 22:29:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 18:38:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.15 02:21:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 22:29:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 18:38:34 | 000,000,000 | ---D | M]
 
[2010.03.24 12:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.24 12:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.12 18:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions
[2010.11.19 15:32:18 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.07 21:00:41 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions\foxmarks@kei.com
[2012.07.29 12:30:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.12 18:42:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010.11.20 19:13:25 | 000,001,330 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\searchplugins\wikipedia-en.xml
[2010.06.15 22:44:45 | 000,001,032 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\searchplugins\wikipedia-eng.xml
[2012.09.08 14:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.22 13:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.08 14:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GäB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZFTV7Y7.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\USERS\GäB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZFTV7Y7.DEFAULT\EXTENSIONS\FOXMARKS@KEI.COM
[2012.07.29 22:29:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.03.11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.03.11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.03.11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010.03.11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012.10.12 18:37:20 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.03.11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012.02.26 11:31:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.26 11:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.26 11:31:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 11:31:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 11:31:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 11:31:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\Musik\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\Video\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\G\u00E4b\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: English vocabulary = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj\0.5_0\
 
O1 HOSTS File: ([2012.10.14 14:44:03 | 000,443,614 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15263 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe ()
O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [QuiKProtect] C:\Programme\Iomega\QuikProtect\startQuikProtect.exe (Iomega Corporation - An EMC Company)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark 7600 Series] C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{078F42BC-98E7-4511-A7C5-537B5AA19713}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2C5616-5C43-470B-80A6-9E60872340C8}: DhcpNameServer = 192.168.1.16 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A623A17F-27B7-4B2A-A369-7552616D3C44}: NameServer = 192.168.10.110 10.11.12.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B21750F8-7F59-4989-8F3A-AF32C839854D}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C143D9C4-A6CE-4F7C-9668-5857FE5FEBE7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C259A953-8775-40CF-A4B2-6E58EADC43DE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.14 16:04:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.14 14:46:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.14 14:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.14 14:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.10.14 14:15:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.14 13:56:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.14 13:56:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.14 13:56:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.14 13:56:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.14 13:55:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.14 10:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Max Secure
[2012.10.14 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Max Secure Software
[2012.10.14 10:28:23 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Downloads
[2012.10.14 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.10.13 22:01:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.10.13 22:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.12 18:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 16:04:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.14 16:04:17 | 000,000,214 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.14 15:53:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 15:53:10 | 2962,403,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 15:18:51 | 000,211,194 | ---- | M] () -- C:\Users\***\Documents\cc_20121014_151840.reg
[2012.10.14 14:51:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.14 14:46:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.14 14:44:03 | 000,443,614 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.14 14:11:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121014-144403.backup
[2012.10.14 13:54:04 | 000,418,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.14 01:10:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.13 18:03:48 | 000,016,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 18:03:48 | 000,016,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 18:38:18 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.10.12 18:37:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.10.07 13:42:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.07 13:42:53 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 13:42:53 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.07 13:42:53 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 13:42:53 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.30 15:52:42 | 000,325,552 | ---- | M] () -- C:\test.xml
[2012.09.29 13:07:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
 
========== Files Created - No Company Name ==========
 
[2012.10.14 16:04:17 | 000,000,214 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.14 15:18:49 | 000,211,194 | ---- | C] () -- C:\Users\***\Documents\cc_20121014_151840.reg
[2012.10.14 13:56:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.14 13:56:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.14 13:56:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.14 13:56:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.14 13:56:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.12 18:38:18 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.08.11 15:55:23 | 000,000,000 | ---- | C] () -- C:\Users\***\Tatort-Tatort-4431345-Tatort.asx.asf
[2011.11.03 18:58:22 | 000,000,029 | ---- | C] () -- C:\Windows\AVFTP.INI
[2011.09.06 22:32:21 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.04.28 12:29:11 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011.03.20 17:22:09 | 000,007,680 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.09 01:24:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.08.05 20:42:39 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.04.20 19:51:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.24 10:27:12 | 000,011,659 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.10.17 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7600 Series
[2012.09.08 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.02.21 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\App Launcher Gadget
[2010.06.12 07:08:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2011.01.23 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aWARemote
[2012.04.15 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2010.07.25 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.10.14 01:06:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Desktopicon
[2012.10.14 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.10.14 15:17:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.01.27 21:16:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2012.10.14 10:29:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.02.25 23:27:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.10.09 22:43:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabIt - x
[2011.09.06 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.03.24 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HyperLyrics
[2011.09.30 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2010.10.19 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2011.02.06 13:32:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexmark Productivity Studio
[2012.09.08 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.03.25 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2010.11.21 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook
[2011.04.27 23:58:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH
[2010.03.24 10:27:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2011.07.16 13:22:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2010.09.18 00:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpeedProject
[2012.09.23 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2010.03.25 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings
[2010.03.24 12:59:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.03.24 11:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toolbars
[2010.03.24 12:18:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2010.06.10 16:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.10.18 09:54:53 | 000,000,000 | ---D | M] -- C:\Users\SYSTEM\AppData\Roaming\7600 Series
[2010.10.18 09:54:45 | 000,000,000 | ---D | M] -- C:\Users\SYSTEM\AppData\Roaming\Coverpgs
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 24.10.2012, 12:47   #5
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Und nun noch Extras:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.10.2012 16:24:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 66,02% Memory free
7,36 Gb Paging File | 6,21 Gb Available in Paging File | 84,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 23,40 Gb Free Space | 23,96% Space Free | Partition Type: NTFS
Drive D: | 262,91 Gb Total Space | 32,72 Gb Free Space | 12,44% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 30,66 Gb Free Space | 31,39% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0245A3EA-67CF-4D95-B3A0-C0AD06305796}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{060ECB99-1453-4B5F-B93B-0E1C1C7FDF8F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{07D6B5E6-E357-414E-9474-74EA2CD033B4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{100F0A6E-8E3E-402F-9130-C7D2DE58AB20}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{14B657CA-9079-4B28-8367-0F27AB5CECC9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1A8543C1-6C1C-4A4B-8CBC-54EDE0D3513E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1DF70B10-6C71-4E69-8E59-FDA25AB67623}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{3B5F8E7E-9AEC-4511-B12D-9333B0B4F94C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4007863C-4B63-492C-ACD4-FC842BB0A22D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4666D27D-5800-4577-B040-5FC42569EC6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4714C22C-FA5E-4333-A6B2-4AABB1CAE31C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{56066768-B1FB-480B-9969-120A73F07D52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57925D15-8F03-4FC9-BFD8-9DC3601C1A4A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{70F127E4-10A4-447E-A07D-E259D6052202}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{71239D9D-3FF6-4418-BD75-DE7A2AB082D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{761E6D7E-5C81-4CFA-B375-FA13F8EE7CE2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{779460E8-09C4-4738-84FB-D1C28E74F933}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{77A3DC3B-4FD9-4A31-907A-95D156736609}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{811846C3-85BF-4F85-92F7-27699F73AA67}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8AC55A1D-74C0-4C25-97EF-8AC6327235EE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8BDF2D61-D265-46C8-BE95-C87D8CCE64BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9955093F-2BC4-4413-B167-0917F4A24AD3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9A515D46-1029-4EAD-AC8B-BB2A3D5B26C4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9C6D0A7B-3A30-4C67-BC10-5A1BBD8D380D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9DD5DB32-67FF-4651-9B0A-72D27B188D54}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A22924DA-A967-483C-A54C-ECF05E8DC704}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A337C06F-56C0-48C2-B934-D4C4E292377F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A6E700C6-E7C8-4B6A-A02E-02BAB367D499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7A2B11E-E8CB-4765-B874-09DD2165757D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A7B07599-5349-4B86-B4A2-EC48E4A5968B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A819A900-6B77-4BE7-B4B6-26140B9E8C90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A943E4C1-730C-4331-81B6-5E6DF5411E50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A976DE59-18F3-4445-BC39-3397ACF95ACB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B6F59B67-896F-408E-B4B1-09ECF72EF378}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA5B802F-F769-4C3D-9762-F632D5286EAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA8EE8E1-B322-4462-B2A5-A1DDADC49916}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BB7E9523-1CC2-4065-A75C-F0AEEEDA73CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BEF508DE-0BBE-49DD-ADA5-AEA8E426B334}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CE87CBA0-2247-41EE-9063-0A2273B5160D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D4F181E4-95E1-45E8-9C4F-E821C2075350}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DC580C80-9577-4A0E-86A4-624EC66B3EA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E8AACBC0-79F6-4365-B78D-0A4B8B5DB15F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{E8E20A8D-570E-4EE1-B771-71DD82A695B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F688EC91-6183-4221-A830-F7259C1AC7B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9B4F660-5F59-4831-AE0A-76218C5618C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FB4A10F7-2539-48BF-A977-EF7B48C68A8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027D1FE9-DA7B-457F-9D1C-59CFB7919DBD}" = protocol=6 | dir=out | app=system | 
"{07F74171-55E3-4F2B-92A1-68814DEAAE19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0855927A-D10A-4A05-BA2B-A2437647FD32}" = dir=in | app=c:\windows\syswow64\lxdwcoms.exe | 
"{093EA3EC-17F4-4D90-BD26-96B637E188A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0DFEDA18-4D1F-4FB0-8242-B4A0D1273285}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{1189F97A-BAE7-4B9C-9913-83779BC49329}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{149A2E76-967F-40CD-8EDD-7430DF3ED803}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\74xwjq68.nqr\hkg59egy.zj9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{1A40E8AC-D284-452B-B1C5-ABE7EEA1F5A5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2620F896-30D7-4741-AF34-642DDDE581CD}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{2808DBBF-895C-43CB-9231-1A238F40D67D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{28C36165-7ECB-45BF-94E1-81D669672CC7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2A353EC8-6E69-4889-8EBB-DC72CD6BB9B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EFFCDD6-7325-47CB-AA9D-286E75EE5AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3107568D-986D-4D3E-A131-DEF2F76E179A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31F36408-F3D6-40A1-ACF5-D55036CB5374}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\74xwjq68.nqr\hkg59egy.zj9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{3337D0C5-DC87-4EBB-B5D8-13C3EF012F5B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{341A61EA-727B-4FBB-98F0-2E192DC4A032}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{358C76FF-7F08-4F30-9284-0284D70BA98C}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | 
"{36B6C420-9721-4027-B9E3-492659B44E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe | 
"{36D12B5B-E090-4E87-952E-D9C4880B295E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{39279280-25BC-42AD-8D02-FF55324AF69A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | 
"{3D1A5F48-E78A-4B01-B399-D0F7DCB61B41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4243D3ED-9CC5-40A0-9726-D789B9C3EFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{431A0E90-4982-46DE-9620-5BD6795CC11B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4429085A-FAB8-4042-BB1E-62D756A2EA79}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{47D82D6F-BF32-4BA1-8FA9-653E4C92C72F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{49883CFC-8E91-4F74-8A09-EE112B60B821}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | 
"{4A471F09-BC64-4481-B16A-9D00617E5577}" = dir=in | app=c:\program files (x86)\musik\itunes\itunes.exe | 
"{56C63711-BB3C-46FD-A5FD-F39AAD1B9369}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe | 
"{5B24B454-02EB-4A6C-BE75-432349ABC4EA}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{5E9E211E-8E63-4DEA-999D-B20710CDFF19}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{5F478360-9F0B-44BB-BF18-DD8A781DDF22}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | 
"{62F752B2-3E1A-44A3-BCB5-08F82F949E81}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{635F529D-DFC1-4357-8B63-88108A06BA37}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{6378E584-1E7C-48B5-9643-D93C68599CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe | 
"{6DED6A6E-DFCC-49A2-94BD-2D921D30E744}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{6EF90DC8-67FA-4C0C-AD57-0B4B79B62B54}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
"{6FC6D03A-683F-4305-AE70-80CE0169CA8A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | 
"{725E6D79-1D3B-4DBF-99CB-528042436F44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{7CC7CDCB-9509-449F-A167-FEF3C727A345}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{809A9674-0B5C-4D9D-9CDF-6568536495FF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{80B18E15-5056-4671-985D-86D39638C3BB}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe | 
"{8491793B-2BAB-460D-95DD-2F07C697B00E}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
"{907FC80A-8EF0-42FF-9784-321C2DD74FBF}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwtime.exe | 
"{95A4333E-6ED5-4BFE-B09C-5ACE8C300F95}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9618FBEA-ED52-48F3-B83C-529A7D255DCE}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{9B9B8847-51D9-475D-B290-0CBF4824FB00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9D19234A-AAB0-45D6-8494-D979245C15CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E53371E-9C6D-433E-A674-033492BEEF33}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | 
"{A8B5B774-5863-4AC4-956E-EBD90DC9DB30}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B057F1AB-5F45-4790-B907-DC3EF8DA8849}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B0D80835-0522-47CB-815D-11DDCF19D6A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B15F7E57-6488-4B6A-942F-51D8E9E1A0F2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B4367343-A457-471E-987F-1D161F3CF79F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4B567BD-6C53-4E50-8DBE-A020AFE9F1E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6BF42C5-196D-4B17-97D5-CBAAF3EA81F3}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | 
"{BA76486E-908A-4F28-AEC3-026FA4FBB25B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BB471DD6-13C2-4260-8CF1-D3F6F9D24E42}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BBFF0D87-FAC3-4642-BBF0-73CFE1714B26}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{BD8D427B-C72E-4469-951A-693EF3430C2B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C5252F9D-59D3-461E-AAEF-4ECACFBF9F0B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C790B834-F062-4DEB-BAA4-1B4C2D7702E9}" = dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{CA20B504-1AB0-4DF9-9E9A-A073129D9E32}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CD0CB228-DE18-4C9C-A270-6E82687CC986}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CF944670-EBED-4C59-B8B5-36AC1F0A798C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D11F1D14-06E0-4AEE-906C-6CCEA1B6DD24}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{D3C75C56-3EEA-4C61-8CC7-BA3860A15AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D47B3D96-A3DD-42A8-9DAD-680CC0203805}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D66CCB05-E60F-4A93-B3E5-0A9C07FFABA5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe | 
"{D6A23277-121B-4501-B6B9-727770145079}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe | 
"{DAAF6702-3341-4F46-A263-9901EC7F0815}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DB9C5586-7198-4C8E-9158-6E4906D2D89B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD34FCD2-965C-4248-AFF3-C14796E52331}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | 
"{DE166F96-4C28-4944-BD29-D3EB1BBE38DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DF35103C-3A01-4B9C-B41E-E11E21885C2A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe | 
"{E26C8EBC-18F7-47A9-BDA9-5068916683D3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe | 
"{E3414D1C-DFE3-4C65-9755-CA4C63A3F31D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{E487F33D-B4C2-4393-A187-B50421755758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EA401A53-D12A-4653-890F-DC85085A68D1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC49A501-6FB5-4398-95FE-B9696D5C7FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{EFEADD8E-641F-4B9C-BD06-EA775034094F}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | 
"{F071CFC5-F85E-4869-ADA0-068BE50C2E03}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F11826FE-AD32-4881-9387-31BD536BC37F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3DE867F-E89D-428D-AB56-E799499BD632}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F52BFE01-560B-49A3-A987-B4C854B9F333}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F5B53877-AD8D-4CDA-83DB-BC06D3527EE6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F76402F6-E367-4036-8DD8-A1A4F585D9B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7E7E10E-4055-482C-B1D0-860CD1982162}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | 
"TCP Query User{09BDCCA4-4684-4657-A576-F737AA947065}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{0F5EEF14-C34B-483A-90FF-0B7FF758E745}C:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | 
"TCP Query User{304B19C8-5667-4F73-BB2E-8E74092C9851}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{31D7C01E-6504-474F-960D-803A5F7965AA}D:\spiele\aoe3\age3.exe" = protocol=6 | dir=in | app=d:\spiele\aoe3\age3.exe | 
"TCP Query User{4B1C689C-573F-4848-A4CD-A89BBA9A9C8E}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | 
"TCP Query User{7CAFD7BF-8DB9-4EEE-867A-B8451B09C438}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | 
"TCP Query User{7ECD72C8-7277-43E1-91B3-C2A20B2D9BB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{7F1B342E-E0B8-4B73-A8B8-F1F98668A29C}C:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
"TCP Query User{8640951A-CA00-401D-B047-7CE3FE3A5176}C:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"TCP Query User{970289F9-A86D-4118-ADF1-936CD662EC1F}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=6 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | 
"TCP Query User{A191FF4B-46DA-463E-A42A-258B98AE6D9E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{AEB076B7-4088-4FB9-A0D6-1DD5586F98B0}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe | 
"TCP Query User{B9CBAF66-78E7-4580-B879-4BB87B207B21}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{BE9649F0-4F71-4754-94AD-C802F23BCB2A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{BF06E6CF-8C15-4A4A-8F82-650E39DA1353}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{C5BF5B43-C216-4D85-800C-0B33EC862F16}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | 
"TCP Query User{D3679C79-F6B3-40B6-8406-F29DB7438D65}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{E06EED5D-A405-4960-B846-BB34BD4A621C}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{E096AC02-98F1-4945-9597-217FD9FDFA4C}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | 
"TCP Query User{E65363A0-DEC3-4B15-AF14-7FBA3C0D258A}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=6 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | 
"UDP Query User{258731C5-2922-44CF-8DEC-EBCE12D59A87}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe | 
"UDP Query User{30610D84-8C0A-4E9D-AA28-6EBD69EA721E}C:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | 
"UDP Query User{32F9BBA6-4FF4-4811-93FE-96C181EFBD58}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | 
"UDP Query User{44DA9DA5-8FA6-464D-A9EE-A9CBA3CBE2E9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{54D2BE1C-DCE8-483D-9E87-E8A5C5818F8B}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | 
"UDP Query User{716BE8E3-7AE6-4250-8D50-45555968F71E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{745749C9-9381-4110-ABE3-83B3607F221E}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{7DC0880E-F67C-404E-99A8-211A4418E19D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{864837DE-6AA1-41D7-BB91-19F79BAF39D8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8C7F3C17-343E-45C0-A311-BBB907B63984}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{933C4824-260A-449B-B3F7-003D346D9B8D}C:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 
"UDP Query User{934393F0-1089-45C2-BE5F-62B7B11EF3C3}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=17 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | 
"UDP Query User{BDDD9402-3A98-4864-A993-59C148AEA86E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{C3B81534-D0E1-4BAB-8589-FE596E5261CB}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{C83B30D5-32B8-43D2-B323-40CABBEDF2E8}D:\spiele\aoe3\age3.exe" = protocol=17 | dir=in | app=d:\spiele\aoe3\age3.exe | 
"UDP Query User{D23D0AC2-A120-4951-BC8D-453F9ED8E7AC}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D300C333-55CE-4026-BCC8-064B1D12B906}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | 
"UDP Query User{D7C996C8-CD79-4098-9782-24F8F452791F}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=17 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | 
"UDP Query User{DF850844-9550-4908-A6DC-FF7064E3D034}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | 
"UDP Query User{E2DFD86C-8310-42F2-9343-59392C45F99D}C:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect (64-Bit)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_MODEM_HDA_HSF" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CyberGhost VPN_is1" = CyberGhost VPN
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008
"Lexmark 7600 Series" = Lexmark 7600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SpeedCommander 13 (x64)" = SpeedCommander 13 (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix Online Plug-in (Web)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{36E0CAAD-D410-4CA8-9AC0-BBE2691B4A19}" = calibre
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix Online Plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix Online Plug-in (DV)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8866BCB3-3818-4C66-83BC-92006B5EFE50}" = ArcSoft Magic-i Visual Effects 2
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E5F3D1E9-006E-4435-85D6-483B66376655}" = Citrix Online Plug-in (PNA)
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix Online Plug-in (HDX)
"{EC1AB9B4-349A-4542-A017-4038C299C226}" = Citrix Online Plug-in (SSON)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 10.2.3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"AmoK Playlist Copy" = AmoK Playlist Copy 2.04
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AVerMedia H968 Hybrid TV Tuner" = AVerMedia H968 Hybrid TV Tuner 2.0.64.13
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CitrixOnlinePluginFull" = Citrix Online Plug-in
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"Exifer_is1" = Exifer
"FileZilla Client" = FileZilla Client 3.5.3
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.7
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Incadia" = Incadia
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"JDownloader" = JDownloader
"KeePass Password Safe_is1" = KeePass Password Safe 1.18
"Logitech Media Server_is1" = Logitech Media Server 7.7.2
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3splt-gtk" = mp3splt-gtk
"Mp3tag" = Mp3tag v2.49b
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"Office14.STANDARD" = Microsoft Office Standard 2010
"OpenVPN" = OpenVPN 2.2.2
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"Steam App 8930" = Sid Meier's Civilization V
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3243947059-2110425545-4025674240-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.10.2012 12:01:30 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 13.10.2012 12:18:02 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 13.10.2012 12:19:40 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDaemon.exe, Version: 1.1.0.49, 
Zeitstempel: 0x4cc808ec  Name des fehlerhaften Moduls: ACDaemon.exe, Version: 1.1.0.49,
 Zeitstempel: 0x4cc808ec  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001af76  ID des fehlerhaften
 Prozesses: 0x10ac  Startzeit der fehlerhaften Anwendung: 0x01cda95e8a6182ec  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\ArcSoft\Connection 
Service\Bin\ACDaemon.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common
 Files\ArcSoft\Connection Service\Bin\ACDaemon.exe  Berichtskennung: c9862737-1551-11e2-9ff5-506313e3bddb
 
Error - 13.10.2012 19:08:06 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 13.10.2012 19:09:06 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDaemon.exe, Version: 1.1.0.49, 
Zeitstempel: 0x4cc808ec  Name des fehlerhaften Moduls: ACDaemon.exe, Version: 1.1.0.49,
 Zeitstempel: 0x4cc808ec  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001af76  ID des fehlerhaften
 Prozesses: 0x1168  Startzeit der fehlerhaften Anwendung: 0x01cda997b059adbb  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\ArcSoft\Connection 
Service\Bin\ACDaemon.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common
 Files\ArcSoft\Connection Service\Bin\ACDaemon.exe  Berichtskennung: fc49b780-158a-11e2-baa7-00231408de0c
 
Error - 14.10.2012 07:56:24 | Computer Name = Home | Source = VSS | ID = 18
Description = 
 
Error - 14.10.2012 07:56:24 | Computer Name = Home | Source = VSS | ID = 8193
Description = 
 
Error - 14.10.2012 07:56:24 | Computer Name = Home | Source = System Restore | ID = 8193
Description = 
 
Error - 14.10.2012 08:46:27 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 14.10.2012 08:47:48 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDaemon.exe, Version: 1.1.0.49, 
Zeitstempel: 0x4cc808ec  Name des fehlerhaften Moduls: ACDaemon.exe, Version: 1.1.0.49,
 Zeitstempel: 0x4cc808ec  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001af76  ID des fehlerhaften
 Prozesses: 0x318  Startzeit der fehlerhaften Anwendung: 0x01cdaa0a0e6b2526  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\ArcSoft\Connection 
Service\Bin\ACDaemon.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common
 Files\ArcSoft\Connection Service\Bin\ACDaemon.exe  Berichtskennung: 5b6f4e8a-15fd-11e2-b05b-0024be6a5ebb
 
[ System Events ]
Error - 14.10.2012 10:24:25 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.10.2012 10:26:00 | Computer Name = Home | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---


Link Virustotal:

https://www.virustotal.com/file/4f99c4913dcfe02b0783fd97f02558e4dd4d7c98553d95a8e26faaa0c0d67616/analysis/1351079492/

Hmmm, doch Fehlalarm?
Aber warum findet Antivir immer wieder denselben Virus und warum ist das System so elendig langsam?


Alt 24.10.2012, 13:16   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Grr, mein Arbeitsproxy sperrt die virustotal-seite. Wieviele Scanner haben bei der Datei angeschlagen?
__________________
--> TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden

Alt 24.10.2012, 13:27   #7
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Keiner, das ist ja das merkwürdige...

Habe soeben den verseuchten(?) Rechner normal gestartet. Das geht überhaupt nicht...
Sowohl Antivir, als auch Defender sind laut Wartungscenter ausgeschaltet. Jeder Klick dauert gefühlte 10 Minuten...

Konnte Antvir jetzt manuell starten, Defender lässt sich nicht starten.
UNS mit Antivir scannen lassen - keinen Virus entdeckt. Bin ein wenig ratlos.

Geändert von Arthur-D (24.10.2012 um 13:34 Uhr)

Alt 24.10.2012, 14:12   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2012, 14:34   #9
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Kann ich nicht durchlaufen lassen, ich bekomme immer einen Bluescreen.

Jetzt 3 x während es scannens - 2 x BAD-POOL-HEADER und 1 x CACHE-MANAGER.

Geändert von Arthur-D (24.10.2012 um 14:43 Uhr)

Alt 24.10.2012, 16:26   #10
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Und wenn Du die Frage nach der Avast-Engine mit nein beantwortest?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2012, 07:20   #11
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Nachdem ich die Frage einmal mit "ja" beantwortet habe, startet das Programm immer mit dem Avast Engine und fragt nicht mehr danach.
Wie deaktiviere ich das denn?

Alt 25.10.2012, 07:26   #12
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Lösch Aswmbr, dann das:


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2012, 07:42   #13
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Da bin ich auch schon drauf gekommen ;-)
Startet trotzdem mit Avast Engine. Keine Ahnung, wohin das Programm die Defintionen downloadet. Eine Suche nach "Avast" bringt auch keinen Erfolg...

Alt 25.10.2012, 07:57   #14
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Dann anders

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.10.2012, 08:26   #15
Arthur-D
 
TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Standard

TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden



Und wieder nichts gefunden...
Mich würde jetzt Deine Einschätzung interessieren. Können wir davon ausgehen, dass kein Trojaner/Virus auf dem System ist?
Auch wenn ich es merkwürdig finde, dass Antivir eine Bedrohung findet und gleichzeitig das System extrem langsam wird...
Ist der Aufwand jetzt noch weiter nach den Ursachen zu suchen, sehr viel größer, als eine Neuinstallation?

Mittlerweile denke ich dass das der elegantere Weg ist, auch wenn es ziemlich ärgerlich ist.


09:14:54.0009 0404 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:14:54.0430 0404 ============================================================
09:14:54.0430 0404 Current date / time: 2012/10/25 09:14:54.0430
09:14:54.0430 0404 SystemInfo:
09:14:54.0430 0404
09:14:54.0430 0404 OS Version: 6.1.7601 ServicePack: 1.0
09:14:54.0430 0404 Product type: Workstation
09:14:54.0430 0404 ComputerName: HOME
09:14:54.0430 0404 UserName: ***
09:14:54.0430 0404 Windows directory: C:\Windows
09:14:54.0430 0404 System windows directory: C:\Windows
09:14:54.0430 0404 Running under WOW64
09:14:54.0430 0404 Processor architecture: Intel x64
09:14:54.0430 0404 Number of processors: 4
09:14:54.0430 0404 Page size: 0x1000
09:14:54.0430 0404 Boot type: Safe boot with network
09:14:54.0430 0404 ============================================================
09:14:55.0054 0404 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:14:55.0054 0404 ============================================================
09:14:55.0054 0404 \Device\Harddisk0\DR0:
09:14:55.0054 0404 MBR partitions:
09:14:55.0054 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEE1000, BlocksNum 0x32800
09:14:55.0054 0404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF13800, BlocksNum 0xC34F0A4
09:14:55.0069 0404 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD2628E3, BlocksNum 0xC34F28D
09:14:55.0101 0404 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x195B1BAF, BlocksNum 0x20DD3092
09:14:55.0101 0404 ============================================================
09:14:55.0101 0404 C: <-> \Device\Harddisk0\DR0\Partition3
09:14:55.0132 0404 D: <-> \Device\Harddisk0\DR0\Partition4
09:14:55.0179 0404 E: <-> \Device\Harddisk0\DR0\Partition2
09:14:55.0179 0404 ============================================================
09:14:55.0179 0404 Initialize success
09:14:55.0179 0404 ============================================================
09:15:02.0199 1612 ============================================================
09:15:02.0199 1612 Scan started
09:15:02.0199 1612 Mode: Manual;
09:15:02.0199 1612 ============================================================
09:15:02.0417 1612 ================ Scan system memory ========================
09:15:02.0417 1612 System memory - ok
09:15:02.0417 1612 ================ Scan services =============================
09:15:02.0604 1612 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:15:02.0604 1612 1394ohci - ok
09:15:02.0776 1612 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:15:02.0776 1612 ACDaemon - ok
09:15:02.0807 1612 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:15:02.0823 1612 ACPI - ok
09:15:02.0870 1612 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:15:02.0870 1612 AcpiPmi - ok
09:15:03.0088 1612 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:15:03.0088 1612 AdobeFlashPlayerUpdateSvc - ok
09:15:03.0135 1612 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:15:03.0135 1612 adp94xx - ok
09:15:03.0166 1612 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:15:03.0166 1612 adpahci - ok
09:15:03.0182 1612 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:15:03.0182 1612 adpu320 - ok
09:15:03.0228 1612 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:15:03.0244 1612 AeLookupSvc - ok
09:15:03.0306 1612 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:15:03.0306 1612 AFD - ok
09:15:03.0338 1612 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:15:03.0338 1612 agp440 - ok
09:15:03.0369 1612 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:15:03.0369 1612 ALG - ok
09:15:03.0384 1612 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:15:03.0384 1612 aliide - ok
09:15:03.0400 1612 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:15:03.0400 1612 amdide - ok
09:15:03.0447 1612 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:15:03.0447 1612 AmdK8 - ok
09:15:03.0462 1612 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:15:03.0462 1612 AmdPPM - ok
09:15:03.0494 1612 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:15:03.0494 1612 amdsata - ok
09:15:03.0509 1612 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:15:03.0509 1612 amdsbs - ok
09:15:03.0540 1612 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:15:03.0540 1612 amdxata - ok
09:15:03.0665 1612 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
09:15:03.0665 1612 AntiVirMailService - ok
09:15:03.0759 1612 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:15:03.0759 1612 AntiVirSchedulerService - ok
09:15:03.0837 1612 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:15:03.0837 1612 AntiVirService - ok
09:15:03.0868 1612 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:15:03.0868 1612 AntiVirWebService - ok
09:15:03.0915 1612 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:15:03.0915 1612 AppID - ok
09:15:03.0930 1612 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:15:03.0930 1612 AppIDSvc - ok
09:15:03.0977 1612 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:15:03.0977 1612 Appinfo - ok
09:15:04.0071 1612 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:15:04.0086 1612 Apple Mobile Device - ok
09:15:04.0102 1612 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:15:04.0102 1612 AppMgmt - ok
09:15:04.0133 1612 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:15:04.0133 1612 arc - ok
09:15:04.0149 1612 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:15:04.0149 1612 arcsas - ok
09:15:04.0211 1612 [ 1CE3822B05A5E229286A15EA39369870 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:15:04.0227 1612 ArcSoftKsUFilter - ok
09:15:04.0274 1612 [ A1CE3ED832EF7C903ADA43A64356B76D ] arcvad_ds2dhw C:\Windows\system32\drivers\ArcVad.sys
09:15:04.0274 1612 arcvad_ds2dhw - ok
09:15:04.0289 1612 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:15:04.0289 1612 AsyncMac - ok
09:15:04.0305 1612 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:15:04.0305 1612 atapi - ok
09:15:04.0367 1612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:15:04.0367 1612 AudioEndpointBuilder - ok
09:15:04.0383 1612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:15:04.0383 1612 AudioSrv - ok
09:15:04.0445 1612 [ 23D28C00264E6540054750E55A210E99 ] AVer7231_x64 C:\Windows\system32\DRIVERS\AVer7231_x64.sys
09:15:04.0461 1612 AVer7231_x64 - ok
09:15:04.0539 1612 [ 3A1C747395DD86AAAEA320C28C2E3267 ] AVerRemote C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
09:15:04.0539 1612 AVerRemote - ok
09:15:04.0586 1612 [ 0DB0AB8415BFF81037981AF1D3BBBE97 ] AVerScheduleService C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
09:15:04.0586 1612 AVerScheduleService - ok
09:15:04.0664 1612 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:15:04.0664 1612 avgntflt - ok
09:15:04.0726 1612 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:15:04.0726 1612 avipbb - ok
09:15:04.0773 1612 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:15:04.0773 1612 avkmgr - ok
09:15:04.0835 1612 [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
09:15:04.0835 1612 avmaudio - ok
09:15:04.0882 1612 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:15:04.0882 1612 AxInstSV - ok
09:15:04.0913 1612 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:15:04.0913 1612 b06bdrv - ok
09:15:04.0929 1612 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:15:04.0944 1612 b57nd60a - ok
09:15:04.0960 1612 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:15:04.0960 1612 BDESVC - ok
09:15:04.0991 1612 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:15:04.0991 1612 Beep - ok
09:15:05.0054 1612 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:15:05.0069 1612 BFE - ok
09:15:05.0116 1612 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
09:15:05.0241 1612 BITS - ok
09:15:05.0256 1612 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:15:05.0256 1612 blbdrive - ok
09:15:05.0381 1612 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:15:05.0381 1612 Bonjour Service - ok
09:15:05.0428 1612 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:15:05.0428 1612 bowser - ok
09:15:05.0459 1612 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:15:05.0459 1612 BrFiltLo - ok
09:15:05.0490 1612 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:15:05.0490 1612 BrFiltUp - ok
09:15:05.0537 1612 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:15:05.0537 1612 BridgeMP - ok
09:15:05.0584 1612 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:15:05.0584 1612 Browser - ok
09:15:05.0615 1612 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:15:05.0615 1612 Brserid - ok
09:15:05.0646 1612 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:15:05.0662 1612 BrSerWdm - ok
09:15:05.0693 1612 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:15:05.0693 1612 BrUsbMdm - ok
09:15:05.0693 1612 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:15:05.0693 1612 BrUsbSer - ok
09:15:05.0740 1612 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:15:05.0740 1612 BthEnum - ok
09:15:05.0756 1612 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:15:05.0756 1612 BTHMODEM - ok
09:15:05.0771 1612 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:15:05.0771 1612 BthPan - ok
09:15:05.0834 1612 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:15:05.0834 1612 BTHPORT - ok
09:15:05.0865 1612 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:15:05.0865 1612 bthserv - ok
09:15:05.0912 1612 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:15:05.0927 1612 BTHUSB - ok
09:15:05.0958 1612 catchme - ok
09:15:05.0974 1612 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
09:15:05.0990 1612 CAXHWAZL - ok
09:15:06.0005 1612 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:15:06.0005 1612 cdfs - ok
09:15:06.0052 1612 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:15:06.0052 1612 cdrom - ok
09:15:06.0099 1612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:15:06.0099 1612 CertPropSvc - ok
09:15:06.0224 1612 [ 1EDBC1DBDEAAB7B185B4491BF6129701 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
09:15:06.0317 1612 CGVPNCliSrvc - ok
09:15:06.0333 1612 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:15:06.0333 1612 circlass - ok
09:15:06.0364 1612 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:15:06.0364 1612 CLFS - ok
09:15:06.0489 1612 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:15:06.0489 1612 clr_optimization_v2.0.50727_32 - ok
09:15:06.0551 1612 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:15:06.0551 1612 clr_optimization_v2.0.50727_64 - ok
09:15:06.0645 1612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:15:06.0754 1612 clr_optimization_v4.0.30319_32 - ok
09:15:06.0848 1612 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:15:06.0863 1612 clr_optimization_v4.0.30319_64 - ok
09:15:06.0879 1612 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:15:06.0879 1612 CmBatt - ok
09:15:06.0910 1612 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:15:06.0910 1612 cmdide - ok
09:15:06.0957 1612 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:15:06.0957 1612 CNG - ok
09:15:06.0988 1612 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:15:06.0988 1612 Compbatt - ok
09:15:07.0050 1612 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:15:07.0050 1612 CompositeBus - ok
09:15:07.0050 1612 COMSysApp - ok
09:15:07.0082 1612 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:15:07.0082 1612 crcdisk - ok
09:15:07.0128 1612 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:15:07.0128 1612 CryptSvc - ok
09:15:07.0175 1612 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:15:07.0191 1612 CSC - ok
09:15:07.0222 1612 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:15:07.0222 1612 CscService - ok
09:15:07.0284 1612 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
09:15:07.0284 1612 ctxusbm - ok
09:15:07.0331 1612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:15:07.0331 1612 DcomLaunch - ok
09:15:07.0362 1612 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:15:07.0362 1612 defragsvc - ok
09:15:07.0425 1612 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:15:07.0425 1612 DfsC - ok
09:15:07.0472 1612 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:15:07.0472 1612 Dhcp - ok
09:15:07.0503 1612 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:15:07.0503 1612 discache - ok
09:15:07.0518 1612 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:15:07.0518 1612 Disk - ok
09:15:07.0550 1612 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:15:07.0550 1612 Dnscache - ok
09:15:07.0612 1612 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:15:07.0612 1612 dot3svc - ok
09:15:07.0643 1612 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:15:07.0643 1612 DPS - ok
09:15:07.0690 1612 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:15:07.0690 1612 drmkaud - ok
09:15:07.0752 1612 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:15:07.0752 1612 DXGKrnl - ok
09:15:07.0799 1612 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:15:07.0799 1612 EapHost - ok
09:15:07.0893 1612 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:15:07.0940 1612 ebdrv - ok
09:15:07.0971 1612 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:15:07.0971 1612 EFS - ok
09:15:08.0002 1612 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:15:08.0018 1612 ehRecvr - ok
09:15:08.0033 1612 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:15:08.0049 1612 ehSched - ok
09:15:08.0064 1612 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:15:08.0080 1612 elxstor - ok
09:15:08.0096 1612 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:15:08.0096 1612 ErrDev - ok
09:15:08.0142 1612 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:15:08.0142 1612 EventSystem - ok
09:15:08.0205 1612 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:15:08.0205 1612 exfat - ok
09:15:08.0283 1612 [ A08ACAD7835C27415BAB7E5A16E78EEB ] Ext2fs C:\Windows\system32\DRIVERS\ext2fs.sys
09:15:08.0283 1612 Ext2fs - ok
09:15:08.0314 1612 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:15:08.0314 1612 fastfat - ok
09:15:08.0392 1612 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:15:08.0392 1612 Fax - ok
09:15:08.0423 1612 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:15:08.0423 1612 fdc - ok
09:15:08.0454 1612 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:15:08.0454 1612 fdPHost - ok
09:15:08.0470 1612 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:15:08.0470 1612 FDResPub - ok
09:15:08.0486 1612 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:15:08.0486 1612 FileInfo - ok
09:15:08.0501 1612 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:15:08.0501 1612 Filetrace - ok
09:15:08.0517 1612 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:15:08.0517 1612 flpydisk - ok
09:15:08.0548 1612 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:15:08.0548 1612 FltMgr - ok
09:15:08.0610 1612 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:15:08.0626 1612 FontCache - ok
09:15:08.0688 1612 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:15:08.0704 1612 FontCache3.0.0.0 - ok
09:15:08.0720 1612 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:15:08.0720 1612 FsDepends - ok
09:15:08.0751 1612 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:15:08.0751 1612 Fs_Rec - ok
09:15:08.0798 1612 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:15:08.0798 1612 fvevol - ok
09:15:08.0829 1612 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:15:08.0829 1612 gagp30kx - ok
09:15:08.0860 1612 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:15:08.0860 1612 GEARAspiWDM - ok
09:15:08.0922 1612 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:15:08.0938 1612 gpsvc - ok
09:15:09.0047 1612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:15:09.0047 1612 gupdate - ok
09:15:09.0078 1612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:15:09.0078 1612 gupdatem - ok
09:15:09.0125 1612 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:15:09.0125 1612 gusvc - ok
09:15:09.0156 1612 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:15:09.0156 1612 hcw85cir - ok
09:15:09.0203 1612 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:15:09.0203 1612 HdAudAddService - ok
09:15:09.0250 1612 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:15:09.0250 1612 HDAudBus - ok
09:15:09.0281 1612 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:15:09.0281 1612 HECIx64 - ok
09:15:09.0297 1612 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:15:09.0297 1612 HidBatt - ok
09:15:09.0312 1612 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:15:09.0328 1612 HidBth - ok
09:15:09.0344 1612 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:15:09.0344 1612 HidIr - ok
09:15:09.0375 1612 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
09:15:09.0375 1612 hidserv - ok
09:15:09.0406 1612 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:15:09.0406 1612 HidUsb - ok
09:15:09.0437 1612 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:15:09.0437 1612 hkmsvc - ok
09:15:09.0468 1612 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:15:09.0468 1612 HomeGroupListener - ok
09:15:09.0515 1612 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:15:09.0515 1612 HomeGroupProvider - ok
09:15:09.0562 1612 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:15:09.0562 1612 HpSAMD - ok
09:15:09.0640 1612 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
09:15:09.0656 1612 HsfXAudioService - ok
09:15:09.0687 1612 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:15:09.0718 1612 HSF_DPV - ok
09:15:09.0749 1612 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
09:15:09.0749 1612 HTCAND64 - ok
09:15:09.0812 1612 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:15:09.0812 1612 HTTP - ok
09:15:09.0843 1612 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:15:09.0843 1612 hwpolicy - ok
09:15:09.0874 1612 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:15:09.0874 1612 i8042prt - ok
09:15:09.0921 1612 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:15:09.0936 1612 iaStor - ok
09:15:10.0014 1612 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:15:10.0014 1612 IAStorDataMgrSvc - ok
09:15:10.0077 1612 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:15:10.0077 1612 iaStorV - ok
09:15:10.0139 1612 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:15:10.0155 1612 idsvc - ok
09:15:10.0170 1612 [ 4374219378FDCEC86F68CC2A103FA783 ] IfsMount C:\Windows\system32\DRIVERS\ifsmount.sys
09:15:10.0170 1612 IfsMount - ok
09:15:10.0358 1612 [ 2835C0808BA40FA8BC141E6015EB2414 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:15:10.0514 1612 igfx - ok
09:15:10.0545 1612 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:15:10.0545 1612 iirsp - ok
09:15:10.0592 1612 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:15:10.0607 1612 IKEEXT - ok
09:15:10.0638 1612 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:15:10.0638 1612 Impcd - ok
09:15:10.0732 1612 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:15:10.0748 1612 IntcAzAudAddService - ok
09:15:10.0794 1612 [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:15:10.0794 1612 IntcDAud - ok
09:15:10.0826 1612 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:15:10.0826 1612 intelide - ok
09:15:10.0872 1612 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:15:10.0872 1612 intelppm - ok
09:15:10.0888 1612 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:15:10.0888 1612 IPBusEnum - ok
09:15:10.0935 1612 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:15:10.0935 1612 IpFilterDriver - ok
09:15:10.0982 1612 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:15:10.0982 1612 iphlpsvc - ok
09:15:11.0028 1612 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:15:11.0044 1612 IPMIDRV - ok
09:15:11.0091 1612 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:15:11.0091 1612 IPNAT - ok
09:15:11.0200 1612 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:15:11.0216 1612 iPod Service - ok
09:15:11.0247 1612 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:15:11.0247 1612 IRENUM - ok
09:15:11.0294 1612 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:15:11.0294 1612 isapnp - ok
09:15:11.0325 1612 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:15:11.0340 1612 iScsiPrt - ok
09:15:11.0418 1612 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
09:15:11.0418 1612 ivusb - ok
09:15:11.0434 1612 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:15:11.0434 1612 kbdclass - ok
09:15:11.0481 1612 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:15:11.0481 1612 kbdhid - ok
09:15:11.0496 1612 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:15:11.0496 1612 KeyIso - ok
09:15:11.0543 1612 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:15:11.0543 1612 KSecDD - ok
09:15:11.0574 1612 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:15:11.0574 1612 KSecPkg - ok
09:15:11.0606 1612 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:15:11.0606 1612 ksthunk - ok
09:15:11.0668 1612 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:15:11.0668 1612 KtmRm - ok
09:15:11.0715 1612 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:15:11.0715 1612 L1C - ok
09:15:11.0762 1612 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:15:11.0762 1612 LanmanServer - ok
09:15:11.0808 1612 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:15:11.0824 1612 LanmanWorkstation - ok
09:15:11.0886 1612 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:15:11.0886 1612 lltdio - ok
09:15:11.0918 1612 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:15:11.0918 1612 lltdsvc - ok
09:15:11.0933 1612 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:15:11.0933 1612 lmhosts - ok
09:15:11.0996 1612 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:15:11.0996 1612 LMS - ok
09:15:12.0011 1612 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:15:12.0011 1612 LSI_FC - ok
09:15:12.0058 1612 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:15:12.0058 1612 LSI_SAS - ok
09:15:12.0074 1612 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:15:12.0074 1612 LSI_SAS2 - ok
09:15:12.0074 1612 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:15:12.0074 1612 LSI_SCSI - ok
09:15:12.0089 1612 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:15:12.0105 1612 luafv - ok
09:15:12.0183 1612 [ 0C4BC1D7DB00896EE53862FCF29E6B5C ] lxdwCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe
09:15:12.0183 1612 lxdwCATSCustConnectService - ok
09:15:12.0183 1612 lxdw_device - ok
09:15:12.0245 1612 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
09:15:12.0245 1612 massfilter - ok
09:15:12.0292 1612 MBAMProtector - ok
09:15:12.0323 1612 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:15:12.0323 1612 Mcx2Svc - ok
09:15:12.0339 1612 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:15:12.0339 1612 mdmxsdk - ok
09:15:12.0370 1612 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:15:12.0370 1612 megasas - ok
09:15:12.0386 1612 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:15:12.0401 1612 MegaSR - ok
09:15:12.0432 1612 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:15:12.0432 1612 MMCSS - ok
09:15:12.0464 1612 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:15:12.0464 1612 Modem - ok
09:15:12.0479 1612 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:15:12.0479 1612 monitor - ok
09:15:12.0526 1612 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:15:12.0526 1612 mouclass - ok
09:15:12.0542 1612 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:15:12.0542 1612 mouhid - ok
09:15:12.0573 1612 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:15:12.0573 1612 mountmgr - ok
09:15:12.0666 1612 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:15:12.0666 1612 MozillaMaintenance - ok
09:15:12.0713 1612 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:15:12.0713 1612 mpio - ok
09:15:12.0744 1612 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:15:12.0744 1612 mpsdrv - ok
09:15:12.0807 1612 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:15:12.0807 1612 MpsSvc - ok
09:15:12.0838 1612 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:15:12.0838 1612 MRxDAV - ok
09:15:12.0916 1612 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:15:12.0916 1612 mrxsmb - ok
09:15:12.0978 1612 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:15:12.0978 1612 mrxsmb10 - ok
09:15:12.0994 1612 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:15:12.0994 1612 mrxsmb20 - ok
09:15:13.0025 1612 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:15:13.0025 1612 msahci - ok
09:15:13.0056 1612 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:15:13.0056 1612 msdsm - ok
09:15:13.0072 1612 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:15:13.0072 1612 MSDTC - ok
09:15:13.0134 1612 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:15:13.0134 1612 Msfs - ok
09:15:13.0150 1612 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:15:13.0150 1612 mshidkmdf - ok
09:15:13.0197 1612 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:15:13.0197 1612 msisadrv - ok
09:15:13.0244 1612 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:15:13.0244 1612 MSiSCSI - ok
09:15:13.0244 1612 msiserver - ok
09:15:13.0275 1612 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:15:13.0275 1612 MSKSSRV - ok
09:15:13.0275 1612 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:15:13.0275 1612 MSPCLOCK - ok
09:15:13.0290 1612 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:15:13.0290 1612 MSPQM - ok
09:15:13.0337 1612 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:15:13.0337 1612 MsRPC - ok
09:15:13.0368 1612 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:15:13.0368 1612 mssmbios - ok
09:15:13.0400 1612 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:15:13.0400 1612 MSTEE - ok
09:15:13.0431 1612 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:15:13.0431 1612 MTConfig - ok
09:15:13.0446 1612 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:15:13.0446 1612 Mup - ok
09:15:13.0478 1612 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:15:13.0493 1612 napagent - ok
09:15:13.0524 1612 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:15:13.0524 1612 NativeWifiP - ok
09:15:13.0587 1612 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:15:13.0602 1612 NDIS - ok
09:15:13.0618 1612 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:15:13.0618 1612 NdisCap - ok
09:15:13.0634 1612 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:15:13.0634 1612 NdisTapi - ok
09:15:13.0665 1612 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:15:13.0680 1612 Ndisuio - ok
09:15:13.0712 1612 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:15:13.0712 1612 NdisWan - ok
09:15:13.0790 1612 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:15:13.0790 1612 NDProxy - ok
09:15:13.0821 1612 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:15:13.0821 1612 NetBIOS - ok
09:15:13.0852 1612 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:15:13.0868 1612 NetBT - ok
09:15:13.0883 1612 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:15:13.0883 1612 Netlogon - ok
09:15:13.0914 1612 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:15:13.0930 1612 Netman - ok
09:15:13.0961 1612 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:15:13.0961 1612 netprofm - ok
09:15:13.0992 1612 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:15:13.0992 1612 NetTcpPortSharing - ok
09:15:14.0164 1612 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
09:15:14.0336 1612 NETw5s64 - ok
09:15:14.0367 1612 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:15:14.0367 1612 nfrd960 - ok
09:15:14.0414 1612 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:15:14.0414 1612 NlaSvc - ok
09:15:14.0507 1612 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
09:15:14.0507 1612 NMSAccess - ok
09:15:14.0523 1612 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:15:14.0523 1612 Npfs - ok
09:15:14.0538 1612 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:15:14.0538 1612 nsi - ok
09:15:14.0554 1612 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:15:14.0554 1612 nsiproxy - ok
09:15:14.0632 1612 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:15:14.0648 1612 Ntfs - ok
09:15:14.0710 1612 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
09:15:14.0710 1612 NuidFltr - ok
09:15:14.0726 1612 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:15:14.0726 1612 Null - ok
09:15:14.0757 1612 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:15:14.0772 1612 nvraid - ok
09:15:14.0788 1612 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:15:14.0788 1612 nvstor - ok
09:15:14.0819 1612 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:15:14.0819 1612 nv_agp - ok
09:15:14.0835 1612 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:15:14.0835 1612 ohci1394 - ok
09:15:14.0928 1612 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
09:15:14.0928 1612 OpenVPNService - ok
09:15:15.0038 1612 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:15:15.0038 1612 ose - ok
09:15:15.0225 1612 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:15:15.0365 1612 osppsvc - ok
09:15:15.0396 1612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:15:15.0396 1612 p2pimsvc - ok
09:15:15.0428 1612 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:15:15.0443 1612 p2psvc - ok
09:15:15.0459 1612 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:15:15.0474 1612 Parport - ok
09:15:15.0521 1612 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:15:15.0521 1612 partmgr - ok
09:15:15.0552 1612 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:15:15.0552 1612 PcaSvc - ok
09:15:15.0599 1612 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:15:15.0615 1612 pci - ok
09:15:15.0630 1612 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:15:15.0630 1612 pciide - ok
09:15:15.0662 1612 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:15:15.0677 1612 pcmcia - ok
09:15:15.0693 1612 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:15:15.0708 1612 pcw - ok
09:15:15.0724 1612 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:15:15.0740 1612 PEAUTH - ok
09:15:15.0786 1612 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:15:15.0802 1612 PeerDistSvc - ok
09:15:15.0864 1612 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:15:15.0864 1612 PerfHost - ok
09:15:15.0958 1612 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:15:15.0974 1612 pla - ok
09:15:16.0052 1612 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:15:16.0052 1612 PlugPlay - ok
09:15:16.0161 1612 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
09:15:16.0286 1612 PMBDeviceInfoProvider - ok
09:15:16.0317 1612 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:15:16.0317 1612 PNRPAutoReg - ok
09:15:16.0332 1612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:15:16.0332 1612 PNRPsvc - ok
09:15:16.0410 1612 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:15:16.0410 1612 PolicyAgent - ok
09:15:16.0457 1612 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:15:16.0457 1612 Power - ok
09:15:16.0504 1612 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:15:16.0504 1612 PptpMiniport - ok
09:15:16.0535 1612 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:15:16.0535 1612 Processor - ok
09:15:16.0582 1612 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:15:16.0598 1612 ProfSvc - ok
09:15:16.0676 1612 [ 9CC2C93394241E602DA63826413055FF ] Prosieben C:\Program Files (x86)\maxdome\DCBin\DCService.exe
09:15:16.0691 1612 Prosieben - ok
09:15:16.0691 1612 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:15:16.0691 1612 ProtectedStorage - ok
09:15:16.0754 1612 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:15:16.0754 1612 Psched - ok
09:15:16.0816 1612 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:15:16.0832 1612 ql2300 - ok
09:15:16.0847 1612 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:15:16.0847 1612 ql40xx - ok
09:15:16.0956 1612 [ DE55B01FC317FB5EE2B6734C692C5A95 ] QPCopyEngine C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
09:15:16.0956 1612 QPCopyEngine - ok
09:15:17.0019 1612 [ FB67BE4E732EEA8E90DC9473B8D7E2AE ] QsFsFltr C:\Windows\system32\DRIVERS\QsFsFltr.sys
09:15:17.0019 1612 QsFsFltr - ok
09:15:17.0081 1612 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:15:17.0081 1612 QWAVE - ok
09:15:17.0097 1612 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:15:17.0097 1612 QWAVEdrv - ok
09:15:17.0190 1612 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
09:15:17.0190 1612 RapiMgr - ok
09:15:17.0222 1612 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:15:17.0222 1612 RasAcd - ok
09:15:17.0253 1612 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:15:17.0253 1612 RasAgileVpn - ok
09:15:17.0315 1612 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:15:17.0315 1612 RasAuto - ok
09:15:17.0346 1612 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:15:17.0346 1612 Rasl2tp - ok
09:15:17.0424 1612 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:15:17.0424 1612 RasMan - ok
09:15:17.0471 1612 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:15:17.0487 1612 RasPppoe - ok
09:15:17.0518 1612 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:15:17.0518 1612 RasSstp - ok
09:15:17.0565 1612 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:15:17.0565 1612 rdbss - ok
09:15:17.0596 1612 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:15:17.0596 1612 rdpbus - ok
09:15:17.0627 1612 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:15:17.0643 1612 RDPCDD - ok
09:15:17.0674 1612 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:15:17.0674 1612 RDPDR - ok
09:15:17.0736 1612 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:15:17.0736 1612 RDPENCDD - ok
09:15:17.0736 1612 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:15:17.0736 1612 RDPREFMP - ok
09:15:17.0783 1612 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:15:17.0783 1612 RDPWD - ok
09:15:17.0830 1612 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:15:17.0830 1612 rdyboost - ok
09:15:17.0861 1612 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:15:17.0861 1612 RemoteAccess - ok
09:15:17.0892 1612 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:15:17.0892 1612 RemoteRegistry - ok
09:15:17.0908 1612 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:15:17.0908 1612 RFCOMM - ok
09:15:17.0939 1612 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\DRIVERS\rimssne64.sys
09:15:17.0939 1612 rimspci - ok
09:15:18.0002 1612 [ AA7B4AC7CB1281349CD61DE067F00D5D ] risdsnpe C:\Windows\system32\DRIVERS\risdsne64.sys
09:15:18.0002 1612 risdsnpe - ok
09:15:18.0017 1612 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:15:18.0017 1612 RpcEptMapper - ok
09:15:18.0033 1612 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:15:18.0048 1612 RpcLocator - ok
09:15:18.0095 1612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:15:18.0095 1612 RpcSs - ok
09:15:18.0126 1612 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:15:18.0126 1612 rspndr - ok
09:15:18.0158 1612 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:15:18.0158 1612 s3cap - ok
09:15:18.0204 1612 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:15:18.0204 1612 SamSs - ok
09:15:18.0251 1612 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:15:18.0251 1612 sbp2port - ok
09:15:18.0267 1612 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:15:18.0282 1612 SCardSvr - ok
09:15:18.0314 1612 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:15:18.0314 1612 scfilter - ok
09:15:18.0360 1612 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:15:18.0376 1612 Schedule - ok
09:15:18.0423 1612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:15:18.0423 1612 SCPolicySvc - ok
09:15:18.0454 1612 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:15:18.0454 1612 sdbus - ok
09:15:18.0501 1612 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:15:18.0501 1612 SDRSVC - ok
09:15:18.0548 1612 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:15:18.0548 1612 secdrv - ok
09:15:18.0579 1612 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:15:18.0579 1612 seclogon - ok
09:15:18.0610 1612 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
09:15:18.0610 1612 SENS - ok
09:15:18.0641 1612 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:15:18.0641 1612 SensrSvc - ok
09:15:18.0657 1612 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:15:18.0657 1612 Serenum - ok
09:15:18.0688 1612 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:15:18.0688 1612 Serial - ok
09:15:18.0750 1612 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:15:18.0750 1612 sermouse - ok
09:15:18.0797 1612 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:15:18.0797 1612 SessionEnv - ok
09:15:18.0828 1612 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
09:15:18.0828 1612 SFEP - ok
09:15:18.0891 1612 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:15:18.0891 1612 sffdisk - ok
09:15:18.0891 1612 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:15:18.0906 1612 sffp_mmc - ok
09:15:18.0938 1612 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:15:18.0938 1612 sffp_sd - ok
09:15:18.0969 1612 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:15:18.0969 1612 sfloppy - ok
09:15:19.0047 1612 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:15:19.0047 1612 SharedAccess - ok
09:15:19.0094 1612 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:15:19.0094 1612 ShellHWDetection - ok
09:15:19.0140 1612 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:15:19.0140 1612 SiSRaid2 - ok
09:15:19.0156 1612 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:15:19.0156 1612 SiSRaid4 - ok
09:15:19.0234 1612 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:15:19.0234 1612 SkypeUpdate - ok
09:15:19.0250 1612 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:15:19.0250 1612 Smb - ok
09:15:19.0296 1612 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:15:19.0296 1612 SNMPTRAP - ok
09:15:19.0359 1612 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:15:19.0359 1612 spldr - ok
09:15:19.0406 1612 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:15:19.0406 1612 Spooler - ok
09:15:19.0530 1612 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:15:19.0577 1612 sppsvc - ok
09:15:19.0624 1612 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:15:19.0624 1612 sppuinotify - ok
09:15:19.0686 1612 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
09:15:19.0702 1612 sptd - ok
09:15:19.0749 1612 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:15:19.0764 1612 srv - ok
09:15:19.0796 1612 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:15:19.0796 1612 srv2 - ok
09:15:19.0858 1612 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:15:19.0858 1612 SrvHsfHDA - ok
09:15:19.0905 1612 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:15:19.0920 1612 SrvHsfV92 - ok
09:15:19.0967 1612 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:15:19.0983 1612 SrvHsfWinac - ok
09:15:20.0014 1612 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:15:20.0030 1612 srvnet - ok
09:15:20.0076 1612 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:15:20.0076 1612 SSDPSRV - ok
09:15:20.0092 1612 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:15:20.0092 1612 SstpSvc - ok
09:15:20.0154 1612 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
09:15:20.0154 1612 StarOpen - ok
09:15:20.0248 1612 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
09:15:20.0248 1612 StarWindServiceAE - ok
09:15:20.0310 1612 Steam Client Service - ok
09:15:20.0357 1612 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:15:20.0357 1612 stexstor - ok
09:15:20.0435 1612 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:15:20.0451 1612 stisvc - ok
09:15:20.0482 1612 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:15:20.0482 1612 storflt - ok
09:15:20.0544 1612 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
09:15:20.0544 1612 StorSvc - ok
09:15:20.0591 1612 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:15:20.0591 1612 storvsc - ok
09:15:20.0638 1612 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:15:20.0638 1612 swenum - ok
09:15:20.0700 1612 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:15:20.0700 1612 swprv - ok
09:15:20.0778 1612 [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:15:20.0778 1612 SynTP - ok
09:15:20.0966 1612 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:15:20.0997 1612 SysMain - ok
09:15:21.0075 1612 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:15:21.0075 1612 TabletInputService - ok
09:15:21.0215 1612 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
09:15:21.0215 1612 tap0901 - ok
09:15:21.0356 1612 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:15:21.0356 1612 TapiSrv - ok
09:15:21.0387 1612 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:15:21.0387 1612 TBS - ok
09:15:21.0465 1612 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:15:21.0480 1612 Tcpip - ok
09:15:21.0512 1612 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:15:21.0527 1612 TCPIP6 - ok
09:15:21.0558 1612 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:15:21.0558 1612 tcpipreg - ok
09:15:21.0590 1612 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:15:21.0590 1612 TDPIPE - ok
09:15:21.0636 1612 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:15:21.0636 1612 TDTCP - ok
09:15:21.0683 1612 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:15:21.0683 1612 tdx - ok
09:15:21.0714 1612 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:15:21.0714 1612 TermDD - ok
09:15:21.0761 1612 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:15:21.0761 1612 TermService - ok
09:15:21.0792 1612 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:15:21.0792 1612 Themes - ok
09:15:21.0824 1612 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:15:21.0824 1612 THREADORDER - ok
09:15:21.0839 1612 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
09:15:21.0839 1612 TPM - ok
09:15:21.0870 1612 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:15:21.0886 1612 TrkWks - ok
09:15:21.0933 1612 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:15:21.0933 1612 TrustedInstaller - ok
09:15:21.0964 1612 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:15:21.0964 1612 tssecsrv - ok
09:15:22.0042 1612 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:15:22.0042 1612 TsUsbFlt - ok
09:15:22.0089 1612 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:15:22.0089 1612 tunnel - ok
09:15:22.0120 1612 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:15:22.0120 1612 uagp35 - ok
09:15:22.0198 1612 [ C5DC368CCC2D539D9BB5CD9D774F8E73 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:15:22.0198 1612 uCamMonitor - ok
09:15:22.0245 1612 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:15:22.0245 1612 udfs - ok
09:15:22.0338 1612 [ 30B78A6296127B7A793CF42CA61B29B0 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
09:15:22.0338 1612 UI Assistant Service - ok
09:15:22.0354 1612 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:15:22.0354 1612 UI0Detect - ok
09:15:22.0401 1612 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:15:22.0401 1612 uliagpkx - ok
09:15:22.0432 1612 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:15:22.0448 1612 umbus - ok
09:15:22.0479 1612 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:15:22.0479 1612 UmPass - ok
09:15:22.0526 1612 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:15:22.0526 1612 UmRdpService - ok
09:15:22.0666 1612 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:15:22.0760 1612 UNS - ok
09:15:22.0806 1612 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:15:22.0822 1612 upnphost - ok
09:15:22.0884 1612 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:15:22.0884 1612 USBAAPL64 - ok
09:15:22.0947 1612 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:15:22.0947 1612 usbaudio - ok
09:15:22.0994 1612 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:15:22.0994 1612 usbccgp - ok
09:15:23.0009 1612 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:15:23.0009 1612 usbcir - ok
09:15:23.0040 1612 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:15:23.0040 1612 usbehci - ok
09:15:23.0087 1612 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:15:23.0087 1612 usbhub - ok
09:15:23.0103 1612 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:15:23.0103 1612 usbohci - ok
09:15:23.0134 1612 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:15:23.0134 1612 usbprint - ok
09:15:23.0165 1612 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:15:23.0181 1612 usbscan - ok
09:15:23.0212 1612 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:15:23.0212 1612 USBSTOR - ok
09:15:23.0243 1612 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:15:23.0243 1612 usbuhci - ok
09:15:23.0274 1612 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:15:23.0290 1612 usbvideo - ok
09:15:23.0321 1612 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
09:15:23.0337 1612 usb_rndisx - ok
09:15:23.0368 1612 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:15:23.0384 1612 UxSms - ok
09:15:23.0446 1612 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
09:15:23.0446 1612 VAIO Event Service - ok
09:15:23.0555 1612 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
09:15:23.0555 1612 VAIO Power Management - ok
09:15:23.0571 1612 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:15:23.0571 1612 VaultSvc - ok
09:15:23.0664 1612 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
09:15:23.0680 1612 VCService - ok
09:15:23.0727 1612 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:15:23.0727 1612 vdrvroot - ok
09:15:23.0774 1612 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:15:23.0774 1612 vds - ok
09:15:23.0820 1612 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:15:23.0820 1612 vga - ok
09:15:23.0836 1612 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:15:23.0836 1612 VgaSave - ok
09:15:23.0883 1612 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:15:23.0883 1612 vhdmp - ok
09:15:23.0914 1612 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:15:23.0914 1612 viaide - ok
09:15:23.0930 1612 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:15:23.0930 1612 vmbus - ok
09:15:23.0961 1612 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:15:23.0961 1612 VMBusHID - ok
09:15:24.0008 1612 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:15:24.0008 1612 volmgr - ok
09:15:24.0054 1612 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:15:24.0054 1612 volmgrx - ok
09:15:24.0070 1612 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:15:24.0086 1612 volsnap - ok
09:15:24.0117 1612 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:15:24.0117 1612 vsmraid - ok
09:15:24.0179 1612 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
09:15:24.0179 1612 VSNService - ok
09:15:24.0257 1612 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:15:24.0288 1612 VSS - ok
09:15:24.0304 1612 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:15:24.0304 1612 vwifibus - ok
09:15:24.0320 1612 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:15:24.0320 1612 vwififlt - ok
09:15:24.0351 1612 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:15:24.0351 1612 vwifimp - ok
09:15:24.0382 1612 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:15:24.0398 1612 W32Time - ok
09:15:24.0429 1612 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:15:24.0429 1612 WacomPen - ok
09:15:24.0476 1612 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:15:24.0476 1612 WANARP - ok
09:15:24.0476 1612 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:15:24.0476 1612 Wanarpv6 - ok
09:15:24.0554 1612 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:15:24.0569 1612 WatAdminSvc - ok
09:15:24.0616 1612 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:15:24.0632 1612 wbengine - ok
09:15:24.0663 1612 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:15:24.0663 1612 WbioSrvc - ok
09:15:24.0678 1612 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
09:15:24.0678 1612 WcesComm - ok
09:15:24.0725 1612 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:15:24.0741 1612 wcncsvc - ok
09:15:24.0756 1612 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:15:24.0772 1612 WcsPlugInService - ok
09:15:24.0803 1612 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:15:24.0803 1612 Wd - ok
09:15:24.0850 1612 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
09:15:24.0850 1612 WDC_SAM - ok
09:15:24.0897 1612 [ 334E5ED94D3FAFF3C44F4D36B1FE1C90 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
09:15:24.0897 1612 WDDMService - ok
09:15:24.0912 1612 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:15:24.0928 1612 Wdf01000 - ok
09:15:24.0944 1612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:15:24.0944 1612 WdiServiceHost - ok
09:15:24.0959 1612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:15:24.0959 1612 WdiSystemHost - ok
09:15:25.0084 1612 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
09:15:25.0162 1612 WDSmartWareBackgroundService - ok
09:15:25.0209 1612 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:15:25.0209 1612 WebClient - ok
09:15:25.0240 1612 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:15:25.0256 1612 Wecsvc - ok
09:15:25.0271 1612 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:15:25.0271 1612 wercplsupport - ok
09:15:25.0318 1612 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:15:25.0318 1612 WerSvc - ok
09:15:25.0349 1612 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:15:25.0349 1612 WfpLwf - ok
09:15:25.0380 1612 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:15:25.0380 1612 WIMMount - ok
09:15:25.0458 1612 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:15:25.0474 1612 winachsf - ok
09:15:25.0490 1612 WinDefend - ok
09:15:25.0505 1612 WinHttpAutoProxySvc - ok
09:15:25.0568 1612 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:15:25.0583 1612 Winmgmt - ok
09:15:25.0646 1612 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:15:25.0677 1612 WinRM - ok
09:15:25.0724 1612 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
09:15:25.0724 1612 WinUsb - ok
09:15:25.0755 1612 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:15:25.0770 1612 Wlansvc - ok
09:15:25.0802 1612 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:15:25.0802 1612 WmiAcpi - ok
09:15:25.0833 1612 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:15:25.0848 1612 wmiApSrv - ok
09:15:25.0880 1612 WMPNetworkSvc - ok
09:15:25.0895 1612 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:15:25.0895 1612 WPCSvc - ok
09:15:25.0926 1612 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:15:25.0942 1612 WPDBusEnum - ok
09:15:25.0958 1612 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:15:25.0958 1612 ws2ifsl - ok
09:15:25.0973 1612 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
09:15:25.0973 1612 wscsvc - ok
09:15:25.0973 1612 WSearch - ok
09:15:26.0114 1612 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:15:26.0145 1612 wuauserv - ok
09:15:26.0145 1612 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:15:26.0160 1612 WudfPf - ok
09:15:26.0192 1612 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:15:26.0192 1612 WUDFRd - ok
09:15:26.0223 1612 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:15:26.0223 1612 wudfsvc - ok
09:15:26.0254 1612 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:15:26.0332 1612 WwanSvc - ok
09:15:26.0379 1612 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
09:15:26.0379 1612 XAudio - ok
09:15:26.0457 1612 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:15:26.0457 1612 YahooAUService - ok
09:15:26.0488 1612 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:15:26.0488 1612 yukonw7 - ok
09:15:26.0550 1612 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:15:26.0566 1612 ZTEusbmdm6k - ok
09:15:26.0582 1612 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:15:26.0582 1612 ZTEusbnmea - ok
09:15:26.0613 1612 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:15:26.0613 1612 ZTEusbser6k - ok
09:15:26.0675 1612 ================ Scan global ===============================
09:15:26.0722 1612 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:15:26.0769 1612 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:15:26.0769 1612 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:15:26.0800 1612 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:15:26.0831 1612 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:15:26.0831 1612 [Global] - ok
09:15:26.0831 1612 ================ Scan MBR ==================================
09:15:26.0847 1612 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:15:27.0018 1612 \Device\Harddisk0\DR0 - ok
09:15:27.0018 1612 ================ Scan VBR ==================================
09:15:27.0018 1612 [ B98153EA356FE4E624853A293F441CC5 ] \Device\Harddisk0\DR0\Partition1
09:15:27.0018 1612 \Device\Harddisk0\DR0\Partition1 - ok
09:15:27.0018 1612 [ 25DC5C588F52549879ECBB6C471BAC3A ] \Device\Harddisk0\DR0\Partition2
09:15:27.0018 1612 \Device\Harddisk0\DR0\Partition2 - ok
09:15:27.0050 1612 [ 19A2586AB63E52E2F58E092B1F3633D6 ] \Device\Harddisk0\DR0\Partition3
09:15:27.0050 1612 \Device\Harddisk0\DR0\Partition3 - ok
09:15:27.0081 1612 [ CBF38A25AFFA73E0E24C483BDD2889CD ] \Device\Harddisk0\DR0\Partition4
09:15:27.0081 1612 \Device\Harddisk0\DR0\Partition4 - ok
09:15:27.0081 1612 ============================================================
09:15:27.0081 1612 Scan finished
09:15:27.0081 1612 ============================================================
09:15:27.0096 0936 Detected object count: 0
09:15:27.0096 0936 Actual detected object count: 0

Antwort

Themen zu TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden
abgesicherten, anleitung, antivir, avira, avira antivir, diverse, ergebnis, files, gesucht, intel, internetseite, langsam, meldung, modus, nicht mehr, scanner, seite, seiten, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, virenscanner, virus, windows, windows 7



Ähnliche Themen: TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden


  1. Fund TR/Crypt.XPACK.Gen2 durch Avira
    Log-Analyse und Auswertung - 25.11.2014 (32)
  2. Avira-Funde: TR/Drop.Vunop.1 und TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (13)
  3. TR/Crypt.XPACK.Gen2 von Antivir gefunden
    Log-Analyse und Auswertung - 29.10.2012 (3)
  4. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  5. Antivir hat den Trojaner :TR/Crypt.XPACK.Gen2 entdeckt. Was tun ?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  6. Avira Echtzeitscanner meldet TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (4)
  7. TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (1)
  8. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  9. 'TR/Crypt.XPACK.Gen2' [trojan] von Avira Antivir gefunden, taucht nach entfernen wieder auf
    Log-Analyse und Auswertung - 29.09.2011 (21)
  10. TR/Crypt.XPACK.Gen2, antivir kann ihn nicht beseitigen...
    Log-Analyse und Auswertung - 24.09.2011 (2)
  11. AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2011 (37)
  12. Avira AntiVir hat folgenden Fund: "TR/Crypt.XPACK.Gen2"
    Plagegeister aller Art und deren Bekämpfung - 04.03.2011 (0)
  13. AntiVir erkennt TR/Crypt.XPACK.Gen2 und 3 sowie Würmer
    Plagegeister aller Art und deren Bekämpfung - 31.01.2011 (53)
  14. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  15. TR/Crypt.XPACK.Gen2 gefunden - was nun?
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (16)
  16. Trojaner TR/Crypt.XPACK.Gen2 gefunden. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (1)
  17. TR/Crypt.Xpack.Gen2 Firefox und IE werden von Avira geblockt
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (12)

Zum Thema TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden - Gestern bekam ich zum ersten Mal die Meldung, das Avira Antivir 2012 Premium o.g. Virus oder Trojaner gefunden hat ('C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe). Das System war extrem langsam - TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.